Email server lockdown: A basic security checklist

Your email server is the collaboration hub for your business, so the availability, integrity, and confidentiality of the information that flows through it is of paramount concern.

With that in mind, we’ve got a very basic security checklist here, although you can get more information on groupware security from CERT (Computer Emergency Response Team) and SANS (the SysAdmin, Audit, Network, Security) Institute.

Use antivirus software. This is an obvious one, of course, but a critical element. We prefer gateway antivirus that runs on separate hardware, because stopping the threat before it reaches your server makes the most sense.

Use anti-spam software. Spam not only wastes your employees' time but also wastes precious server resources and may even leave you open to a lawsuit. Again, we recommend a gateway solution – for more on this, check out: Tips on beating back the tide of spam emails.

Deploy your groupware server in the DMZ. Many viruses, blended threats, and attackers try to exploit email systems available to the worlds both outside and inside your company. Carefully configured firewall rules shield your server from the outside world and shield users from the server should it be compromised.

Limit the size of attachments. This is a simple way to prevent an “email bomb” – the repeated sending of a large email message – from taking down your system. Set the limit high enough so that it doesn't interfere with employees' work, but low enough so that you are protected.

Limit the size of user mailboxes. This helps prevent email bombs from using all of your hard drive space.

Disable all unnecessary services. Extraneous network applications running on groupware servers open security holes. Close them before they're exploited.

Minimise the number of administrators. And make sure their accounts use strong passwords.

Disable relaying. Most groupware servers will have SMTP relay off by default. But if they don't, your system could be exploited and used to send spam.

Monitor your system. If your system becomes sluggish, check the message queues. Is there a long list of emails from one sender (maybe even with a suspicious or spoofed address) clogging the inbound queue? Delete them and block the sender.

Read security bulletins such as www.securityfocus.com. Apply patches to both OS and groupware servers as soon as they’re released.

Perform regular backups. If you are attacked you can limit the impact on data loss and get back up and running again sooner.

Fight back! If you are subject to repeat attacks, then contact the ISP responsible for that range of IP addresses, the company whose network the address belongs to, and consider reporting the problem to the authorities.

Educate users. Last but far from least, teach your users what spam is and how they can try to avoid it by being selective about providing their email addresses. Teach them that email was not designed with security in mind – most email services store messages in plain text. A little education can go a long way.