The Benefits of Mail Server - Essay Example

Mail Server About the E-Mail Server Program that stores and forwards Internet mail, according to Internet protocols such as IMAP, SMTP, or POP. Examples of mail servers on Macintosh are AppleShare IP Mail Server and Eudora Internet Mail Server (EIMS). Also the computer that a mail server program runs on. A Simple Mail Transfer Protocol (SMTP) server allows people in your business to receive their voice messages as e-mail attachments. You can configure an e-mail server that handles outgoing e-mail through an Internet e-mail service provider, which is often your ISP. What are the Benefits of Mail Server? Mail Server is a highly scalable, open standards-based solution for providing electronic mail and directory services. Whether you are a growing company, a very large enterprise, or a service provider handling messages for multiple companies, mail Server provides the flexibility to support your electronic messaging needs now and in the future. Open Standards The growing importance of electronic messages in business practices today requires that users have access to a wide range of Internet standards so that they can communicate seamlessly with others throughout the world. By supporting open standards, mail Server provides you and your users with the flexibility to choose how you want to communicate with each other and the rest of the world. mail Server supports a variety of open standards to provide its messaging, scheduling, and directory services. SMTP and MIME Simple Mail Transport Protocol (SMTP) is an established standard for mail exchange used by the Internet and other TCP/IP networks. The Multipurpose Internet Mail Extensions (MIME) expand the capabilities of SMTP to handle non-text messages and attachments including audio, video, and graphic files. LDAP Lightweight Directory Access Protocol (LDAP) is an open standards-based directory service protocol that runs over TCP/IP. Using an LDAP directory means that any LDAP-based client can access information in the directory, and your directory information can be easily synchronized with any other LDAP-compliant Directory IMAP4 and POP3 The Internet Message Access Protocol, Version 4 (IMAP4) and Post Office Protocol, Version 3 (POP3), are open Internet standards for retrieving mail from a server. With IMAP4 and POP3, any messaging client software can connect with any messaging server. These standards are independent of client and server platforms and operating systems. For example, UNIX client can receive mail from a Macintosh client through a Windows NT-based messaging server. When a POP3 client accesses the messaging server, the messages are downloaded from the server to the client machine. This essentially splits the message store between the server and client. This minimizes connection time, but limits mail accessibility to one client machine where the messages are stored after being downloaded. IMAP4 provides an alternative to POP3 by storing messages and folders on the server where they can be accessed from any machine using an IMAP4-compliant client. The user has complete control over managing and organizing the messages on the server. With POP3, users can keep messages on the server, but they cannot manage or organize them on the server. IMAP4 users also have the option of downloading folders to their machines so they can view messages offline. If they delete or move messages while offline, the changes are synchronized with the server when they reconnect. Mail Server System Overview Mail Server has three main components that you can put together in almost any configuration to design your system. These components are: Nodes A node is a unit of mail Server installation that includes a messaging store database instance and server processes. You can choose to have one or more nodes, depending on how many users you must support and the physical locations of those users. Multiple nodes generally exist on separate host machines, although they can be installed on the same host. Domains A domain is a logical grouping of directory information, such as users, with centralized administrative access through a configuration node. Domains define how directory information is made available to nodes. You can also use domains to support multiple Internet domain names, such as acme.com and acme-pro.com. If you only have one node, you can choose to have only one domain, or you can set up multiple domains on the node. If you have multiple nodes, you can have one or more domains that include one or more Nodes. Communities A community is a physical grouping of nodes where a direct SQLnet connection is available between every pair of nodes. Communities define how nodes communicate with each other through networking protocols like TCP/IP. If you only have one node, you will only have one community. If you have multiple nodes, you only need one community unless they use different networking protocols. Server Processes Handle Messages in the System Mail Server uses the following types of processes: n Messaging server processes which perform the basic Email Server functions. n Protocol server processes which route messages to clients using the specified protocol(s). n LDAP server processes which handle the synchronization of data between the Email Server directory and Oracle Internet Directory, or any other LDAP directory. n Gateway processes which route incoming messages to the Email Server database. Mail server security When speaking of mail server-related security, one tends to limit the issue to message applied security measures, and even more to Antivirus and Antispam protection. This is however only one stage in the more complex process of securing your server. This article aims at identifying and explaining all security layers, highly important when choosing a certain mail server and consequently when configuring and using it. We have chosen a multi-stage approach for your mail server securing procedure, each stage addressing one of the security layers we consider relevant: connection-related layer, protocol security, email control parameters (including Antivirus and Antispam applications), and the configuration and management layer (most likely to be affected by human errors). Mail Server Environment Overview The sections below describe security measures adapted to each layer of security: 1. Securing mail server connections When using a newly installed mail server, administrators should first make sure they use secure connections. There are two main possibilities to secure connections: encryption and firewall-like rules. Encoding methods have continuously been developed as the Internet has become the preferred medium for data transfers. The most commonly used encryption methods are SSL (Secure Sockets Layer) and TLS (Transport Layer Security). However, incorrect usage of encryption often leads to security breaches. Most common examples are web pages containing both secured and unsecured information or communications secured only after login via a plain login page. Firewall-like rules enforced at server level are recommended to backup an existing Firewall or replace it when one is not available. They can impose limitations both on established connections and on hosted traffic. We recommend creating allow/deny rules both globally (applied to all protocols and listeners) and specifically for each listener in order to prevent attacks such as DOS (Denial of service). 2. Securing mail server protocols After securing the first stage of an email transfer, the next action to take would be securing protocols. The recommended steps are to use multiple listeners for each interface and correlate them with certain allow and deny rules. Also, limiting the number of connection and authentication errors, the maximum number of commands or setting a time-out for your sessions can help protect your server from further DOS attacks. To further enhance protocol security, we recommend client control rules, based on the sender or receiver address and certain limitations regarding the number and size of email messages. Authentication is also highly important at protocol level. By implementing several authentication methods, either simple (plain, login, CRAM-MD5), or complex (GSSAPI, Kerberos), the mail server enhances communication security and is better equipped against attacks and unauthorized access. Other efficient protocol level solutions are making sure your mail server is RFC compliant and preventing email looping (a very simple method would be setting a maximum numbers of “Received” headers per email). 3. Securing email control parameters Apart from using different Antispam and Antivirus applications, there are further actions you should keep in mind where email control based security is concerned. One very handy option would be using gray lists. Gray listing is basically a request to have the email resent, after temporarily rejecting the email. The server saves in a list the sender IP and the recipient and returns a temporary error. All valid servers will then resend the emails, unlike spamming scripts. Please note however that many servers cannot differentiate at this time between a temporary and a permanent error. Host control is another easy way to ensure only valid emails are further processed by your mail server. Two well known methods are SPF (Sender Policy Framework) and DNS based black hole lists. SPF records are public details published by domains within DNS servers. Usually they point to and confirm the real addresses of domains. By using SPF checks, you can successfully prevent spam and back-scatter emails. Black lists may be either public (free of charge) or private and usually contain IP addresses of open-relay servers, open proxies and ISPs with no spam filtering. Your server needs to be set up such as to request such lists and not to accept connections initiated by IP addresses included in them. If one of your servers gets erroneously listed, to be removed from such a list, you might need to fill an online form, contact the list administrators or, in more severe situations, change your IP. A more complex authentication method is DKIM (Domain Keys Identified Mail Signature). Implemented by Yahoo and supported by Google, Cisco, Sendmail, PGP, DKIM has considerable chances of becoming the standard authentication method. The email header contains an encrypted signature and is in its turn encrypted, pointing to an encrypted key, published on DNS servers by the sending domain. The server processing the email will use this key to decode the email body. If the decryption is successful, then the email is valid. Relay rules can sometimes make the difference between a secured server and an unsecured one. Our first recommendation is to never accept open relaying, as it can easily get you black listed. Therefore you should implement a few relay rules, based on sender address/recipient address, or relay for authenticated users only. When selecting your mail server, you should make sure it has the following features: it allows creating relay rules, domain authentication is configurable, the sending interface is customizable, it supports SSL/TSL and different authentication methods and extensions. 4. Secure configuration and administration Configuration and administration are not commonly regarded as a security layer. However, the configurability features offered by the server and the actual configuration made by the user play a key part in securing your MTA. Firstly, the administrator should get acquainted to the solution, all its features and all its flaws, if any. The server executable file needs to support programming with no memory leaks, dropping root privileges (on Unices systems only), and blocking all access requests except those for public files. Access to the configuration file should be granted to the administrator only. Further more, the file should always be very specific, easy to understand and to modify, while all default values should be secure. For example, a default value allowing open relay would represent a major security flaw. Alternate administration modules (web interface, command line interface) should be provided for modifying the server configuration. It is also highly important that all connections to these modules are made through SSL. To make sure you securely access these modules, we recommend using a mail server with proprietary HTTP server and HTML-based scripting language. Our most complete security recommendation is implementing a “smart-hosting” system. Such a system consists of several mail servers installed on different machines, each performing a specific task. The server offering the best connection and protocol security should be focused on firewall protection. The second one should run email control parameters (including Antispam and Antivirus applications). The third one should be mainly focused on domain management. However, smart hosting might require more hardware and software resources than those available within your system. Smart Hosting Read More