Comments on How to Build an Effective Mail Server Defense
How to Build an Effective Mail Server Defense When speaking of mail server-related security, one tends to limit the issue to message applied security measures, and even more to Antivirus and Antispam protection. This is however only one stage in the more complex process of securing your server. This article aims at identifying and explaining all security layers, highly important when choosing a certain mail server and consequently when configuring and using it.
3 Comment(s)
Comments
Black lists may be either public (free of charge) or private and usually contain IP addresses of open-relay servers, open proxies and ISPs with no spam filtering. Your server needs to be set up such as to request such lists and not to accept connections initiated by IP addresses included in them. If one of your servers gets erroneously listed, to be removed from such a list, you might need to fill an online form, contact the list administrators or, in more severe situations, change your IP.
The end of this paragraph shows why the middle of this paragraph is incorrect. Blacklists are inaccurate and abusable, and contain a large number of false positives. Rejecting connections from IPs on a black lists means that you will (guaranteed) be blocking legitimate email from getting to recipients who want to receive it. Spamcop recommends that you flag emails from IPs on its list as suspicious, but make them available to the intended recipient so that they can look to see if it's something they want or not.
Mind you, rejecting connections to IPs will reduce the amount of spam that comes through your server. You can eliminate 100% of the spam coming through your server by rejecting all connections by exactly the same logic. If email is to have utility, spam-blocking efforts need to be balanced by a strong rejection of methods that produce unrecoverable false-positives. Even the most accurate methods will produce some false-positives, and there needs to be a way that those false-positives can be identified by a human and recovered.
While reading this I was wondering why anyone would use such an overly complicated setup (which has no clear security benefits BTW), until I realized that this "How-to" is just an advertisement for a particular piece of mail server software that just so happens to work this way.
Don't believe this howto - it is quite obviously astroturf.
I would like to get your suggestion in this case? I'm looking for best practices on how to secure email servers. I look forward to your response. Cheers!