JP2007251242A - Program and system for mail server - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a means for storing and saving an electronic mail that an SMTP server receives into a database, filtering the content of the electronic mail to notify the result with an electronic mail, and certificating identity in the content of the database. <P>SOLUTION: In a program for a mail server for mounting SMTP, a received electronic mail is written into the database M for mails for storage via DBMS. By checking with a transmission rule in a predetermined database R for reference, the electronic mail is filtered for transmitting an electronic mail when the filtered electronic mail is against the transmission rule. Further, a message digest is generated for certificating the identity in the database of mails. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

The present invention relates to a mail server program that implements SMTP, which is one of the TCP / IP protocol groups, and a mail server computer system that executes the program.
Here, the TCP / IP protocol group refers to a protocol group for performing communication on the Internet defined in correspondence with all seven layers of the OSI reference model, and its specific specification is a serial number called RFC (Request For Communes). The specifications of SMTP (SIMPLE MAIL TRANSPORTER PROTOCOL, hereinafter the same) are defined in RFC821, 2821 and the like.

SMTP is one of the protocols corresponding to the upper layers (5th, 6th, and 7th layers) of the OSI reference model. In the layer configuration of the TCP / IP protocol group, it is located in the application layer. A protocol for sending and receiving emails in the environment.
Although it is currently extended to ESMTP (Extended SMTP), in this specification, this protocol is also referred to as SMTP.

  An SMTP server is a mail server program that implements SMTP, but an SMTP client (client program that implements SMTP. It is executed on a client terminal connected to a LAN, and requests the SMTP server to send an e-mail. ), Communicate with other SMTP servers or mail receiving servers (programs that receive e-mails from SMTP servers and deliver them to mailboxes, such as POP3 servers and IMAP servers), Send and receive e-mail.

As an example, a basic processing flow of an SMTP server that transmits an electronic mail from a client terminal on a LAN to the outside will be described with reference to FIG.
Here, “outside” means that a mail address other than its own domain is a destination, and in this case, the SMTP server is an SMTP client in relation to other SMTP servers. .

[Step 1]
Communication between the SMTP client of the client terminal on the LAN and the SMTP server is established, an EHLO command (or HERO command) is sent from the SMTP client, and then SMTP, in response to each of the MAIL, RCPT, and DATA sent commands The server responds and the email is received at the SMTP server.

In this step 1, the SMTP server that has received the EHLO command clears each buffer described below and a state variable indicating a processing state, and initializes an e-mail receiving process. Next, the MAIL command sent from the SMTP client is added with the source address, and the RCPT command is added with the destination address. The SMTP server that receives the MAIL command holds these addresses in the source buffer and the destination buffer, respectively. .
Further, the line data following the DATA command is determined as the main body of the e-mail, and the reception of the e-mail is completed when the line having only a period is received. The received main body is held in the mail data buffer.

The body of an e-mail usually consists of a header part and a body part attached with a file if necessary. The header part includes data such as a source address, a destination address, a title, a transmission date and time, and a message ID. Yes.
Here, the term “line” refers to a piece of data having the ASCII code CR + LF at the end, and the SMTP server recognizes the data from this code as one line and performs processing.

[Step 2]
The SMTP server inquires of the DNS server about the destination domain of the received e-mail, and acquires a global address corresponding to the domain.
[Step 3]
The received e-mail is transferred to the destination SMTP server which is the domain.

On the other hand, although not shown in the drawings, when receiving an e-mail from outside, an e-mail transferred from another SMTP server is received in the same procedure as in step 1 above, and the e-mail is received by a mail receiving server in the same domain. send mail.
The mail receiving server distributes this electronic mail to the corresponding mailbox according to the user name included in the destination address.
Each client terminal receives an electronic mail addressed to itself from the mailbox using a program in which a reception protocol (for example, POP3 or IMAP) is installed.

  Such an e-mail transmission / reception is performed in a network environment as shown in FIG. 2 as an example. FIG. 2 shows a case where an electronic mail is transmitted / received from a client terminal C connected to the LAN. The client terminal C connected to the LAN passes through the proxy server P to the LAN in the buffer zone DMZ. It is connected to the connected SMTP server device S and mail receiving server device T.

An arrow IN indicates a case where an e-mail is sent from the outside. The e-mail is delivered to the mailbox of the mail receiving server T via the SMTP server S, and each client terminal C sends an e-mail addressed to itself from the mailbox. Receive. An arrow OUT indicates a case where an electronic mail is transmitted from the client terminal C.
In FIG. 2, F is a firewall server, L is a router, D is a DNS server, and N is an Internet network.

As described above, the SMTP server itself receives an e-mail and transmits the e-mail according to a certain procedure in both cases of sending to the outside and receiving from the outside. It does not have a function to record and hold mail in an external storage medium.
JP 2004-289491 A JP 2004-44124 A RFC821 (SIMPLE MAIL TRANSPROTOCOL) RFC2821 (SIMPLE MAIL TRANSPROTOCOL)

At present, there is a remarkable transmission of information on the Internet. Information is disclosed and disclosed on the so-called WEB site and blog site to the general public, and information and messages are transmitted between specific individuals.・ E-mail is used for exchange.
Electronic mail is widely used not only for private use but also for business in companies because of its advantages such as the certainty of document contents and the ability to transmit information even in the absence of the other party.
Contrary to the convenience and simplicity of these information transmissions by e-mail, the record is left only at the LAN client terminal as the transmission source / destination, and can be easily deleted. Therefore, for example, it is easy to invite a situation in which confidential information of the company or the like is easily leaked outside the company, and no trace remains. Moreover, even if the contents remain, the rewriting of the contents can be easily performed without leaving a trace, so the credibility is inevitably low.

  In such a situation where e-mail is used for corporate operations, how companies manage confidential information related to internal operations and prevent leakage or leakage of such information, and the contents of e-mail For example, a means for proving in a subsequent lawsuit whether the content itself is received and transmitted is required.

There is also an invention to save and manage all e-mails in one mail server for this problem (see Patent Documents 1 and 2), but these gazettes show how to store and manage them. There is no technical description as to whether or not it will be realized, and it is inadequate, and a technology for guaranteeing the sameness of the contents of the e-mail has not been developed yet.
The present invention has been made to solve the above-described problems in an SMTP server.

The first invention is
In the SMTP server, the received e-mail is written and stored in a mail database via a database management system.

The present invention is characterized in that the contents of the e-mail are written and stored in a mail database before the e-mail is received and transmitted.
That is, before the e-mail is transmitted after the processing in step 1 is completed, at least the contents of the mail data buffer are read from the transmission source buffer, the destination buffer, and the mail data buffer, and this content is used as an argument to the database management system. The electronic mail is written and stored in the mail database by sending a write command to be executed.
The SMTP server does not have to wait for the actual writing to the mail database to be completed before sending the e-mail after the write command has been sent, but especially to ensure its write storage. For example, the transmission processing is executed after receiving a response of writing completion from the database management system.

Here, the data management system is a program that performs processing such as writing, referencing, and deleting data in the mail database, analyzing the write command sent from the SMTP server, and Writes the contents of the mail. Hereinafter, the database management system is referred to as DBMS.
Here, the file structure and file structure of the mail database are designed in advance.
The DBMS and the mail database do not need to operate on the same computer as the SMTP server, and may be on another terminal on the same LAN or on another LAN, for example.

The second invention is
In the SMTP server, the received e-mail is written and stored in the e-mail database via the DBMS, and the e-mail is filtered by collating with a reference database prepared in advance by an external filtering program. A mail server program characterized in that a mail filtering result is transmitted by an external mailing program.

Here, the external filtering program is a program that is started when the DBMS receives a write command, and compares the contents of the arguments of the write command or the contents of each buffer with the contents of the reference database prepared in advance, thereby The contents are inspected.
The reference database is composed of a file storing one or a plurality of filtering rules. If necessary, processing to be performed in case of conflicting with each rule, priority order of rule application, and the like are also stored.

If the received e-mail violates a rule, the filtering program starts up an external mailing program, and the necessary data such as the violated rule and the transmission source and destination are used as the main text. Send an e-mail to
In addition, if this SMTP server is designated as the transmission server in the transmission of the e-mail notifying the filtering result, the filtering result can be stored in the mail database together with the normal e-mail. Can be easily managed.

The SMTP server of the present invention may perform subsequent processing such as transmission of the e-mail without waiting for the completion of the processing of the filtering program described above. The processing is stopped until the execution of the external filtering program is completed at the time when the reception of is completed, the result of filtering returned from the external filtering program is waited, and the processing corresponding to the result is performed.
Specifically, for example, when a value indicating stop of transmission is returned as a result, the SMTP server ends the processing of the e-mail without transmitting the e-mail.

The third invention is
In the SMTP server system, the received e-mail is written and stored in a mail database on two or more external storage media via a database management system.

The system of the present invention comprises two or more physically separated external storage devices, and a plurality of external storage devices are used to construct a mail database having the same contents on two or more external storage media, respectively. It is characterized by being able to.
Specifically, there are a mirroring disk and a duplexing disk for simultaneously writing two hard disks connected to the same computer. In this case, data having the same content is written to the two external storage devices by a single write command.
Alternatively, a mail database having the same content can be constructed by sending a write command having the same content to two or more external storage devices connected to the computer.
These two or more external storage devices do not have to be connected to the same computer as the SMTP server, and may be connected to one or a plurality of computers connected to the same or different LANs. .
In the SMTP server system of the present invention configured as described above, since the mail database is multiplexed, high reliability can be obtained by holding the contents.

The fourth invention is
Writing to one of the two or more external storage media is stopped, a message digest of the external storage medium is generated, and the message digest is written and stored in an rewritable external storage medium. The mail server system according to the third aspect of the present invention.

Although all e-mails transmitted and received according to the first invention are written in the mail database, the system of the present invention is a mail server system that can guarantee the identity of the contents of the mail database at a certain point in time. An external storage device capable of recording in a non-rewritable manner together with the multiplexed external storage device is provided.
That is, writing to one of the multiplexed external storage media is stopped, a message digest is generated for all the files constituting the mail database on the medium that has stopped writing, and the message digest is rewritten. By writing and storing in an impossible external storage medium, the identity of the contents can be guaranteed.

Here, the message digest refers to a data string obtained by dividing data such as a file to be processed into a certain length and performing an operation on each divided data. The obtained data string becomes data with a smaller capacity that can verify the identity of the original data.
Specifically, for example, a message digest can be obtained by applying a hash function to the original data.
The obtained message digest is written and stored in a non-rewritable external storage medium such as a non-rewritable CD or DVD.
By simultaneously storing the non-rewritable external storage medium in which this message digest is written and the external storage medium in which the mail database is stored, the identity of the mail database at the time when the writing of the email is stopped Can be used, for example, to prove the authenticity of an email in a lawsuit.

  The SMTP server of the present invention can write and store all received e-mails in the mail database while the protocol is being executed. It can be easily constructed, can be filtered according to certain rules, and further provides a means to prove the identity of its contents by making this mail database a dual system Is something that can be done.

FIG. 3 is a block diagram showing the state of the main memory in the mail server system of the present invention in which the mail server program of the present invention is executed. S is the mail server program 1 of the present invention being executed as one process. It is a computer. The computer S is one node constituting the LAN. The LAN is connected to the Internet (not shown) via a router (not shown).
This mail server system is given a global Internet address.

Further, the relational DBMS 2 is simultaneously executed as another process in the computer S, and the DBMS 2 reads the external filtering program 3 into the main memory in advance at the time of activation.
H is a hard disk connected to the computer S, and stores a mail database M and a reference database R. Further, an external mailing program 4 is also stored.
The operation of this system will be described by taking as an example a case where an electronic mail is transmitted from the Internet.

  When the mail server program 1 receives an e-mail addressed to its own address as a domain from the Internet, the mail server program 1 is a buffer in which the contents of the e-mail are secured in the main memory in advance in the procedure of step 1 described above. The write reception process is completed in the area B. When the reception process is completed, the mail server program 1 reads the contents of the transmission source buffer, the destination buffer, and the mail data buffer from the buffer area B, analyzes the contents, and sends them to the DBMS 2 that is started up as an argument. On the other hand, a write command using an SQL statement is sent, and the process is stopped until a response is received from the external filtering program 3.

In the argument of the SQL statement, the file name to be written, the field name, etc., and the source address, destination address, transmission date / time, message ID, etc. and the mail text obtained by analyzing the contents of each buffer should be written Contains data.
Specifically, the mail server program 1 transmits the SQL statement to the port secured by the DBMS 2.
The DBMS 2 analyzes the received SQL sentence and writes the contents of the electronic mail in a corresponding file in the mail database. At the same time, the DBMS 2 starts the external filtering program 3 on the main memory with the execution of the write command as a trigger.

The external filtering program 3 compares both character strings to determine whether or not the e-mail violates the filtering rule, and whether or not each buffer content includes a character string that matches the inspection item in the reference database R. To verify. All the contents of the e-mail are verified, and if the comparison result is true, the process corresponding to the rule is performed, and if there is no conflict, the SMTP server 1 is notified only that the filtering process is completed.
In the corresponding processing, there are instructions for sending a warning e-mail addressed to the administrator and canceling the e-mail transmission to the mail server program 1.

When the transmission of the warning email is determined as the process corresponding to the conflicting rule, the external filtering program 3 starts by reading the external mailing program 4 from the hard disk H, and sends it to the administrator's mail address. A warning e-mail is sent with the contents of each buffer, the applied rules and the processing performed as the body.
In the case of this embodiment, the warning email is processed by the mail server program 1, so that the content of the warning email is also stored in the mail database M.
Further, when the rule for the process of canceling the transmission is violated, the warning electronic mail is transmitted, and an instruction to stop the transmission of the electronic mail is sent to the mail server program 1.
When there are two or more conflicts, the priority order determined for each rule is compared, and only the result of the higher priority order is notified.

Note that warning emails are likely to violate the rules, so in order to prevent infinite loops, for example, it is possible to send all emails whose destination is addressed to the administrator and whose sender is a specific character string. It is desirable to create a database.
Specifically, the notification to the mail server program 1 is performed by returning a value indicating suspension of transmission or other values to the port of the SMTP server 1.

The mail server program 1 continues processing according to the value returned from the external filtering program 3.
That is, in the case of a value for instructing to stop transmission, the process is terminated without transmitting the e-mail, and in the case of other values, the e-mail is transmitted to a mail receiving server (not shown) and the process is terminated. .

As described above, by using the SMTP server of the present invention, all mails received by the mail server can be stored and saved as a database, and by performing filtering according to certain rules, information leakage prevention, etc. Can be easily managed.
Furthermore, since a means for proving the content of an actually transmitted / received electronic mail in the case of a dispute in a later lawsuit or the like can be provided, the practicality in the electronic society is high.

An example of the basic processing flow performed by the SMTP server is shown. It is a conceptual diagram which shows the network environment where an email is transmitted / received. It is a block diagram which shows the structure of the main memory of this invention mail server system.

Explanation of symbols

1 Mail server program 2 Database management system 3 External filtering program 4 External mailing program M Mail database R Reference database S Computer

Claims (4)

  A mail server program for storing received e-mails in a mail database via a database management system in an SMTP server.   In the SMTP server, the received e-mail is written and stored in the e-mail database via the database management system, and the e-mail is filtered by collating with a reference database prepared in advance by an external filtering program. A mail server program, wherein the result of filtering the email is transmitted by an external mailing program.   In the SMTP server system, a received e-mail is written and stored in a mail database on two or more external storage media via a database management system. Writing to one of the two or more external storage media is stopped, a message digest of the external storage medium is generated, and the message digest is written and stored in an rewritable external storage medium. The mail server system according to claim 3.

Images