77 lines
4.8 KiB
HTML
77 lines
4.8 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Control Post Office Protocol access" />
|
||
|
<meta name="abstract" content="To ensure the security of your server, you should control Post Office Protocol (POP) access." />
|
||
|
<meta name="description" content="To ensure the security of your server, you should control Post Office Protocol (POP) access." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzairplanseccontrol.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzairsmtppa.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="controlpopaccess" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Control Post Office Protocol access </title>
|
||
|
</head>
|
||
|
<body id="controlpopaccess"><a name="controlpopaccess"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Control Post Office Protocol access </h1>
|
||
|
<div><p>To ensure the security of your server, you should control Post
|
||
|
Office Protocol (POP) access.</p>
|
||
|
<p>If you want to allow POP clients to access your iSeries™ server, be aware of the following
|
||
|
security considerations:</p>
|
||
|
<ul><li>The POP mail server provides authentication for clients who attempt to
|
||
|
access their mailboxes. The client sends a user ID and password to the server. <div class="note"><span class="notetitle">Note:</span> The
|
||
|
password is sent in the clear and can be vulnerable.</div>
|
||
|
<div class="p">The POP mail
|
||
|
server verifies the user ID and password against the iSeries user profile and password for
|
||
|
that user. Because you do not have control over how the user ID and password
|
||
|
are stored on the POP client, you might want to create a special user profile
|
||
|
that has very limited authority on your iSeries server. To prevent anyone from
|
||
|
using the user profile for an interactive session, you can set the following
|
||
|
values in the user profile:<ul class="simple"><li>Set initial menu (INLMNU) to <samp class="codeph">*SIGNOFF</samp></li>
|
||
|
<li>Set initial program (INLPGM) to <samp class="codeph">*NONE</samp></li>
|
||
|
<li>Set limit capabilities (LMTCPB) to <samp class="codeph">*YES</samp></li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
</li>
|
||
|
<li>To prevent a malicious intruder from flooding your server with unwanted
|
||
|
objects, be sure that you have set adequate threshold limits for your auxiliary
|
||
|
storage pools (ASPs). The ASP storage threshold prevents your server from
|
||
|
stopping because the operating system does not have sufficient working space.
|
||
|
You can display and set the thresholds for ASPs by using either system service
|
||
|
tools (SST) or dedicated service tools (DST). </li>
|
||
|
<li>Although you need to ensure that your ASP threshold prevents your server
|
||
|
from being flooded, you also need to ensure that your iSeries server has adequate space to
|
||
|
properly store and deliver mail. If your server cannot deliver mail because
|
||
|
the iSeries server
|
||
|
does not have adequate storage for transient mail, this is an integrity problem
|
||
|
for your users. When system storage use is high, mail stops running. <div class="note"><span class="notetitle">Note:</span> Typically
|
||
|
storage space is not a significant problem. When a client receives mail, the iSeries server
|
||
|
deletes the mail from the server.</div>
|
||
|
</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzairplanseccontrol.htm" title="You should control who accesses your server through e-mail to protect your data from malicious attacks.">Control e-mail access</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzairsmtppa.htm" title="You can use simple steps to determine what is causing a problem with e-mail.">Determine problems with e-mail</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|