E-mail appliances shore up security

E-mail gateway appliances have begun to replace message transfer agents at the edge of networks

Message transfer agents sit at the edge of networks and handle the flow of e-mail between the Internet and internal mail servers. However, MTAs pose security risks because they interact directly with the Internet, and the operating systems they run on have known vulnerabilities. It can take many days of work just to keep up with security patches for services available on an operating system, and maintaining MTA software only adds to the burden.

E-mail gateway appliances have begun to replace MTAs at the edge of networks. These appliances are turnkey hardware/software solutions that provide the same basic functions as MTAs. But with these devices, software not related to e-mail processing is stripped from the operating system. All ports that don’t pertain to e-mail are locked down, preventing the possibility of an attack on any open port. And all the software for MTA functionality and anti-virus, anti-spam and content filtering has been preconfigured and optimized.

When an incoming e-mail arrives at the gateway appliance, a number of security-based actions occur. The gateway imposes a security measure at the Simple Mail Transfer Protocol layer to verify the SMTP connection, and drop it if the intent seems fraudulent, is purposely deceptive or matches known spammer addresses.

The appliances do this by verifying a sender’s domain against DNS, looking for RFC compliance, requiring authentication and other protocol-based monitoring. This reduces the amount of bad or fraudulent e-mail that the appliances’ anti-virus, anti-spam and content-filtering engines will need to process.

Finally, the appliances integrate events that occur at the protocol level and share protocol-based information with the anti-virus and anti-spam engine to provide increased security, which is not possible with a piecemeal, homegrown solution.

The appliances then apply a content filter to the e-mail. Here, policies pre-defined by a system administrator trigger actions, including rejection, discarding, re-directing, quarantining, forwarding, excerpt forwarding, attachment removal, passing to additional policy filters and filing messages into specific mailboxes. Simplified management interfaces let administrators configure policies and actions.

After a message has been processed, an e-mail gateway appliance routes it to the final mail server or holding location. The appliance can use routing data from Lightweight Directory Access Protocol (LDAP), local routing tables or DNS. Decisions on routing are based on the delivery e-mail address or domains. An appliance processing inbound e-mail typically would use LDAP, a local routing table or domain-based routing to get the e-mail to the right mail server after filtering it. For e-mail going out to the Internet, routing typically is accomplished using DNS records.

E-mail gateway appliances provide an easy-to-use, easy-to-maintain and highly secure edge solution for e-mail filtering and delivery.

Chiu is senior product manager of Mirapoint. He can be reached at tchiu@mirapoint.com.