Photo by jesse ramirez on Unsplash
Hardening mail servers, clients, and connections
Special Delivery
An admin faced with the task of building a new mail server setup will commonly feel slightly disoriented and even discouraged. However, today, a stable and reliable mail server can be operated on any popular Linux distribution – provided you know what you are doing. In this article, I list the basic considerations that play a role in securing mail servers or that relate to the IT environment.
Concerns
People around the world have been sending and receiving digital messages for more than 40 years now. And the success of email drew the interest of crooks and thieves. Suddenly, unwelcome advertising messages, fraud attempts, spoofed sender addresses, and many other dirty tricks began to flourish.
Since then, associations such as the Internet Engineering Task Force (IETF), which defines the standards for the Internet, have found themselves trapped in a kind of vicious circle. Time and time again they see themselves forced to extend the standards for email and add patches to iron out design flaws in the protocol with new technology. Simply abolishing the technology and replacing it with something completely new is not an option. A global changeover of this kind would be almost impossible to organize. Therefore, network users have to live with the disadvantages and various negative effects that come with email.
Some smaller companies outsource the problem to service providers such as Microsoft or Google, who now have huge amounts of experience in dealing with email. Other companies do not want to relinquish control of their data. For better or worse, they have no other option than to operate their own mail servers. Many an admin only realizes in the middle of the process that an ad hoc approach does not work; instead, it requires meticulous planning and perfect technical implementation. This approach applies all the more if the issue of email security is to be taken seriously.
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Secure email communication
DMARC combines the abilities of SPF and DKIM to safeguard and protect against spam and phishing and allows targeted configuration according to company policy. -
Spam protection using SpamAssassin
The intelligent, modular SpamAssassin email filter provides a variety of advanced tests for detecting unwanted junk email. -
Fast email server deployments with iRedMail
Setting up and maintaining an email service in the data center doesn't have to be a nightmare. The iRedMail open source solution lets you deploy a full-featured email server on a number of platforms in a matter of minutes. -
OpenSMTPD makes mail server configuration easy
The OpenBSD origins of the OpenSMTPD mail transfer agent makes SMTP easier to implement and manage and more secure. -
Email sender verification with DMARC
DMARC retrofits email with sender verification and thus provides a useful tool for fighting spam.