高可用性安全电子邮件系统研究与设计

上海交通大学硕士学位论文高可用性安全电子邮件系统研究与设计姓名：雷校勇申请学位级别：硕士专业：计算机软件与理论指导教师：陆朝俊2006010112006120220060120200601202Internet724365DNS/InternetDASNASSAN3ResearchandDesignontheHigh-availabilitySecureE-MailSystemAbstractAsthepopularizationofInternet,e-mailsaremoreandmorefrequentlyused,benefitingfromitshighefficiency,convenienceandlowcost.Ase-mailserversystems,itshouldcontinuslysuplyitsefficientserviceallthetime,butbasicservicesystemscantmeettheneeds.Manyfactorscaninducemalfunctionandfailure,forexample,powercut,softwareandhardwarefailure,networkblockorinterrupt,systemoverload,datastoragefailure,andsoon.Especiallye-mailsystemisoneofmayorsecuritytargets.Atthesametime,virusemailsandspamsarebringingendlesstroubletoInternetusers,networkadministratorsandInternetserviceproviders.Tomeetcontinualandefficientservice,wemustdesignahigh-availabilitysystem.Thisarticleareaimingatthispoint.Itwilldetailedlyresearchthetheoryandtechnologyofthehigh-availabilitysystems(includingthee-mailsystems).Thisarticleincludessixparts,whicharebasice-mailserversystem,e-mailsecurity,e-mailcontent-basedfiltration,servercredibilityandloadbalancing,highavailabilityofnetwork,highavailabilityofdatastorage.KeyWord:highavailability,securitye-mailsystem,e-mailcontent-basedfiltration,loadbalancing,credibilityofnetwork,datastorage71.1-MUAMTAMDAMUAMailUserAgent,MTAMailTransportAgent,MDAMailDeliveryAgent,MTA1.1.1MUAMUAMUAMTAMTAMTAMUAMTAMDAMDAMTAMTAMTAMTAMDA1.1MUAMTAMTAMTAMDASMTP1.1MTAMTA8MUAMTAMTAMUAMTAMTAMTAMTAMTAMDAMDAMDAMTAMTAMTADNSMTA1.1.2MUAMUAPOP3/IMAPPOP3/IMAP4MUAMUA1.2MUAPOP3/IMAPPOP3/IMAPWebWebMailPOP3/IMAPMTA1.21.3WebMailWebMailWebMail1.3WebMailWebMailWebMailWebMailSMTPMTAWebMailPOP3/IMAPPOP3/IMAP491.2RFC822(StandardForTheFormatOfARPAInternetTextMessages)MIME(MultipurposeInternetMailExtensions)SMTPSimpleMailTransferProtocolPOP3PostOfficeProtocol-Version3IMAP4InternetMessageAccessProtocol-Version4RFC822MIMEMUAMUAMTAMTAMTASMTPPOP3IMAP4MUAPOP3/IMAP4POP3/IMAP4POP3IMAP4MUA1.2.1RFC822/MIMERFC822InternetRFC822EnvelopeHeaderBodyRFC822RFC822MUADateResent-DateFromToCcBccResent-*MTAMTAReceivedRFC822Message-IDIn-Reply-ToReferrencesSubjectRFC822X-X-MailerMUAFromToDateSubjectRFC822InternetInternetInternetMIMERFC822RFC822MIMEASCIIMIMERFC822510InternetMIME5MIME-VersionMIMEContent-TypeMUAContent-Transfer-EncodingContent-IDMIMEContent-DescriptionMIMEContent-TypeMIMEContent-Type//MultipartContent-TypeboundaryMultipartMIMEquoted-printableradix-64quoted-printableASCII8radix-641.2.2SMTPFTP1980RFC772SMTPSMTPSimpleMailTransferProtocolSMTPSMTPDNSMUAMTATCPheloehloSMTP14SMTP48helo/ehlo:heloehloSMTPehlomailrcptrsetdatanoopvrfySMTPFTPSMTPFTP11SMTP31SMTP23SMTPSMTPSMTPehloSMTPLMTPMSASMTPLMTPLocalMailTransferProtocolSMTPMTAMDAMTAMDAMDAMDAMDAMDAMTADSNMDAMDADSNLMTPLMTPSMTPmailrcptdataLMTPSMTPLMTPheloehlolhloLMTPdataRCPTMTAMDAMDAMTAMDA1.2.3POP3POPIMAPPOPPOPIMAPIMAPPOPPOPPOP3POP3POPPOP3POP3POP3MUAPOP3POP3SMTPPOP3POP3SMTP12+OK+ERRPOP3.POP33POP3quitPOP3POP3USERPASSAPOPAPOPMD5MD5POP3noopstatlistretrtopdelersetPOP3uidlPOP3capa1.2.4IMAPIMAPPOP3POP3IMAPPOP3IMAPPOP3IMAPIMAPPOP3POP3POP3IMAPIMAPIMAPMIMEMIMEIMAPIMAPIMAP313IMAPIMAPUIDvalidity32IMAPIMAPDateSubjectIn-Reply-toMessage-IDMIMEMIMEIMAPcapabilityLoginlistcreatedeleterenamestatusselectexamineclosecopysearchfetchIMAPstoreexpungedeletedSMTPPOP3IMAP1997RFC2086IMAPIMAPACL1.3LDAPSASLSMTPPOP3IMAPSSL141.3.1LDAPLDAPLDAPLDAPSSLPGPS/MIMELDAPLDAPLightDirectoryAccessProtocolX.500X.500X.500ISOLDAPTCP/IPLDAPLDAPLDAP19931997LDAPV3LDAPV3LDAPLDAPLDAPLDAP()--DITDNRDNLDAPInternetAPI/SASLTLSReferralLDAPLDAPLDAPX.500DISPLDAPLDAPDUPLDAPLDAP1LDAPLDAPLDAPLDAPObjectClassObjectClassLDAPLDAPSchemaLDAPSchemaLDAPSchemaSchemaXMLXMLXMLDTDDOM15XMLLDAPSchemaSchemaLDAP2LDAPLDAPLDAPLDAPDNRDNDNRDNDNRDN3LDAPLDAP109LDAPLDAPLDAPStartTLSRFCLDAP4LDAPLDAPLDAPSASLSimpleAuthenticationandSecureLayerSASLLDAPSSLTLSLDAPSSL/TLSSSL/TLSPKIInternetLDAPStartTLSTLSTLSLDAPLDAPLDAPLDAPLDAPLDAPLDAPIPDNS161.3.2SASLSASLSimpleAuthenticationandSecurityLayerRFC2222SMTPPOP3IMAPSASLAPISASLAPISASLSASLSASLSASLIANA(IntemetAssignedNumberAuthority)SASLRFC1S/KeyOTPS/KeyRFC1760(S/Key-)OTPRFC2444(SASI)SASLOTPOTPRFC2243MD5SHA-lauthorizationidentityauthenticationidentity255ASCIIUTF-8ASCII0OTPOTPOTPSASL2CRAM-MD5CRAM-MD5SASLSASL,SASLRFC822msg-idMD5base643Kerberosv4Kerberos4GSS-API(GSS-API)GSS-APIKerberosV5GSS-APIRFC2078KerberosV4175EXTERNALSASLIPSecTLS1.3.3SSL1994NetscapeSSLSecureSocketLayerSSLv2SSLv3SSLv3.1(TLSv1.0)1995SSLv3SSLv2SSLv31996NetscapeSSLIETFIETFTLSSSLv3TLSv1.01999SSLv3.1SSLv3SSLTCP/IPHTTPSMTPTCP1.4HTTPLDAPIMAPTCP/IPSSLSSLSSLHTTPSMTPSSLTCPIP1.4SSLTCP/IP1.5SSLSSLrecordprotocol3handshakeprotocolchangecipherspacprotocolalertprotocol1.5SSL214MACMessageAuthenticationCodeMACMACSSL1.6SSLSSLSSLSSL18ClientHelloServerHelloCertificateServerKeyExchangeCertificateRequestServerHelloDoneCertificateClientKeyExchangeCertificateVerifyChangeCipherSpecFinishedFinishedChangeCipherSpecID1.6SSLSSLTCP/IPIANASSLSSLHTTPHTTPS443SSLSMTPSSMTP465SSLPOP3SPOP3995SSLIMAPIMAPS991SSLLDAPLDAPS636SMTPPOP3IMAPstartssl/starttslSSL1.4MTASMTPMDAPOP3IMAPWebM