User education – As the saying goes, "an ounce of prevention is worth a pound of cure." This is especially true when it comes to educating end users. Informing your users about common e-mail scams (such as phishing), and steps to take to help prevent virus outbreaks (like not opening attachments from strangers) will do more to help secure your environment than most of the other steps on this list. While it is nearly impossible to have every user follow best practices all the time, the more they know, the better off your network will be.

 

Antivirus – This step is so obvious and important that it almost goes without saying. You need to run some form of strong antivirus on your e-mail server. There are antivirus products available for mail systems of all sizes. Not only do you need filtering and detection software to scan messages, but you also need antivirus software that protects the server itself. Passing a mail with a virus to one of your e-mail clients can result in many of your desktops becoming infected, and the virus could also run a replication script that bounces huge amounts of mail through your mail server. That, in turn, could bring your network to a screeching halt.

 

SSL communication – Most major mail systems now allow you to use SSL connections between clients and the server. Not only is this worth doing if you are transmitting sensitive data, but since many e-mail clients now make the setup no more difficult than the non-SSL alternatives, it is recommended for all transmissions.

 

Only run the services you needOnly run the mail services you need for your environment. By not running services such as POP3 or IMAP, you can reduce the attack surface of your mail system, and thereby limit the number of things that could possibly be exploited.

 

Firewall Each of your mail servers should be secured by firewall technology. Whether behind a hardware firewall such as a Cisco PIX or locked down with a software firewall on the mail servers, it is imperative that all mail servers be protected. The bottom line is that you should only allow access to the ports that are required for the necessary mail functions. Most firewalls will even allow you to have different sets of ports open for internal versus external connections.

 

Secure SMTP relayAnother one of the most important steps you should do to lock down your mail servers is to secure the SMTP service. If you have an open SMTP relay on the Internet, your box will usually be quickly compromised by spammers. Also, having an open relay, whether it is exploited or not, is enough to land your mail servers and domains on many DNS blacklists, which can cause legitimate mail from your servers to be blocked by organizations that use blacklists to fight SPAM. Also, once you get on the black lists, it is very difficult (and time consuming) to be removed from them.

 

Anti-spam – Preventing unwanted junk mail from reaching your users’ mailboxes is one of the greatest challenges of any mail administrator. There are many ways to combat SPAM, though none of them are full proof. Using a DNSBL service such as SpamCop will save you from receiving mail from known open relays; however, it can also cause you to not receive wanted mail, if the sending mail server is on a blacklist because it is poorly configured. Keyword checking can also help eliminate and filter SPAM, although carefully choosing which words and phrases are blocked will be required to keep your false positives low. Bayesian database analysis will provide a great rate of return in SPAM filtering, if you invest sufficient time in developing a good repository of legitimate mail to feed it.

 

Sender Policy Framework – Sender Policy Framework is a new attempt to help prevent mail forgery, which could have important implications for SPAM and phishing. Currently, it is possible for anyone who can access (or create) an open SMTP server to send mail as if it was coming from someone else, or even from an entirely different domain. What SPF does is create a DNS record saying what IP addresses are valid SMTP servers for a specific domain. When a mail is received, your mail server can then do a SPF lookup to see if the mail came from a valid sending IP. The adoption of SPF will be reliant upon mail admins taking the initiative to set the records up.

E-mail infrastructure: Lock it down

Logging and trending Unless you know what your mail server normally does, you will never know when it does something abnormal. Keeping logs of server activity will allow you to create a baseline of normal activity at various times and days of the week. You can use this data to compare against the same times and days of the week in the future, either on a weekly or monthly basis. You can then use the data to see any growth (or shrinkage) in your mail usage. This will not only assist you in future planning, but will give you a baseline to investigate any strange spikes or drops in usage; possibly alerting you to improper use of your mail server infrastructure.

Password security – A user’s mailbox is only as secure as the password on the account associated with it. If users have weak passwords, then their mailboxes can be compromised. While that may not be a huge security threat to your network, it could compromise sensitive corporate information and allow an attacker to send false messages and misrepresent your company.

MR.B.