Securing Your Mail Server
Last Updated: Wed, 16 Nov 2016 > Related Articles
If you are running your own mail server at your office, here are guidelines and suggestions to help you keep it secure.
If you are going to purchase your own domain name and run a mail server at your office, here are some suggestions and some links to help you secure your mail server. With an unsecured server, a spammer would be able to send email through your server.
- Use a static IP and get the reverse DNS (PTR records) set up correctly. Most mail servers do a reverse IP lookup on the sending mail transfer agent (MTA), your server IP. If there are no records or the PTR does not match the domain name of the sending mail server, the mail maybe rejected.
Example: Your mail server name is mail.mydomain.com and the IP is 192.168.0.5. The IP of 192.168.0.5 must point to the domain name of mail.mydomain.com.
- Never allow email to be sent unless the sender validates themselves. This can either be by IP or by submitting a user name and password. The user name and password is preferable since an IP can change. If your network gets infected with a mass mailing worm, the worm will try and send the mail using the SMTP settings on the infected computer. By requiring a user name and password, you may be able to stop this type of activity.
- Only allow mail to be sent through the server from internal IP addresses. If your associates need to send mail from home, use a VPN to gain access to the network. After they validate themselves with a user name and password, the mail can be sent.
- Log all transactions and off load the logs to a secure server. This will help in tracking mail that has been sent through the server. By off loading the logs to another server a hacker will not have access to the logs. If the server is compromised, hackers will usually change the logs to cover their tracks. Do not forget to use a date and time stamp for each transaction.
- Run anti-virus and anti-spam filters on the server as well as the desktop. This will protect your network and your users will love the anti-spam filters.
- Patch your mail server software.
- If possible, do not bounce messages back to sender containing viruses or bad addresses. Either delete or route the messages to a dummy account. This will cut down the propagation of viruses and harvesting schemes. Most of the 'reply' addresses contained in these emails are fake.