To ensure the security of your server, you should control Post
Office Protocol (POP) access.
If you want to allow POP clients to access your iSeries™ server, be aware of the following
security considerations:
- The POP mail server provides authentication for clients who attempt to
access their mailboxes. The client sends a user ID and password to the server.
Note: The
password is sent in the clear and can be vulnerable.
The POP mail
server verifies the user ID and password against the iSeries user profile and password for
that user. Because you do not have control over how the user ID and password
are stored on the POP client, you might want to create a special user profile
that has very limited authority on your iSeries server. To prevent anyone from
using the user profile for an interactive session, you can set the following
values in the user profile:
- Set initial menu (INLMNU) to *SIGNOFF
- Set initial program (INLPGM) to *NONE
- Set limit capabilities (LMTCPB) to *YES
- To prevent a malicious intruder from flooding your server with unwanted
objects, be sure that you have set adequate threshold limits for your auxiliary
storage pools (ASPs). The ASP storage threshold prevents your server from
stopping because the operating system does not have sufficient working space.
You can display and set the thresholds for ASPs by using either system service
tools (SST) or dedicated service tools (DST).
- Although you need to ensure that your ASP threshold prevents your server
from being flooded, you also need to ensure that your iSeries server has adequate space to
properly store and deliver mail. If your server cannot deliver mail because
the iSeries server
does not have adequate storage for transient mail, this is an integrity problem
for your users. When system storage use is high, mail stops running.
Note: Typically
storage space is not a significant problem. When a client receives mail, the iSeries server
deletes the mail from the server.