Has multiple layer security built in at all levels of Message processing.
Authentication / Encryption
Server supports authentication, meaning it can be instructed to accept only
connections/messages from authenticated entities. CRAM-MD5, LOGIN, PLAIN,
DIGEST-MD5 and GSSAPI methods (in this order) are available for client
authentication, reducing the risk of unauthorized connections.
SSL/TLS: All communication protocols can benefit from SSL/TLS technology which allows sending encrypted messages across networks and preventing plain text messages to be intercepted on the way from sender to recipient. This encryption method guarantees secure data transmission over networks.
Multi-layer access control (firewall-like rules)
Stopping spammers and preventing DOS attacks is one of the most important tasks
of a mail server and the sooner the problem is identified in the mail stream ,
the better. This is why software has a built in Firewall at the application (TCP
listener) level that allows the administrator(s) to control connectivity
Furthermore, Administrators may define IP sets that have specific sets of such rules, applied with different priorities or IP sets whose connections are denied.
Flow control restrictions can be defined in addition to the access control rules, in order to prevent the server and storage overload, as well as protect the server from DDos attacks.
Restrict maximum simultaneous connections
Restrict the total number of simultaneous connections that a service may accept, the maximum number of simultaneous connection accepted from the same IP address in order to avoid attacks from a single IP. Additionally, privileged IP address groups (trusted servers) may have different connection limits policies.
Restrict maximum incoming connections rate
Restrict the total number of connection per time unit that a service may accept, the maximum number of connection per time unit accepted from the same IP address in order to avoid attacks from a single IP. Additionally, privileged IP address groups (trusted servers) may have different connection rate limits policies.
Selectively restrict maximum messages size
The server can be configured to accept different maximum messages sizes based on sender/sender domain, recipient/recipient domain, remote IP address, connection security, authentication level and other message or connection related parameters, ensuring a flexible protection for the queue and the storage (privileged users may have extended rights).
Sender validation (SPF compliant)
A standard-based SPF verification module for sender validation (if the remote domain is properly configured with SPF information) in impleented.
Message integrity validation (DomainKeys compliant)
The messages' integrity may be checked if the originating server used DomainKeys to sign them; locally-originated messages may be signed by Server to allow validation by DomainKeys-compliant remote servers.
(Yahoo associates a higher spam score to unsigned messages.)
Blacklisting / Whitelisting
Permanently reject emails coming from untrusted senders - can be defined globally by the administrator (server level) and further refined by the users according to their personal needs (WebMail interface).
Administrators can also define Whitelists in order to permanently accept emails coming from trusted sources (such as business partners or remote offices).
Based on an IP-to-country database, administrators can block all emails coming from untrusted countries; alternatively they can accept emails coming exclusively from selected countries.
Administrators validate sender IPs against a selected list of DNSBLs (DNS Blacklists) in order to block emails; at the same time, they can also choose to skip this validation for custom defined IP Ranges.
Additional validations that can be run to reject spam are by checking the originating domain for MX entries and the originating IP for a reverse DNS entry.
Advanced Filtering System allows the system administrator to define a set of filters and priorities at server, domain or user level, offering unparalleled flexibility to setup company security policies:
* Domain 1: filter with 2 AV and 1 ASPAM applications
* Domain 2: filter with only 1 AV
* General Manager: filter with 3 AV and 1 ASPAM applications
Identity Confirmation ? is basically the implementation of a Challenge / Response-based antispam method. It enables users to effectively block unwanted messages from reaching their inbox by intercepting incoming emails and requiring new / unknown senders to confirm their identity, while allowing legitimate communications to come through.
After applying the above mentioned antispam methods, the remaining traffic is further taken through a content filtering process (score based) & Bayesian filtering (through the included SpamAssassin). Administrators can set the thresholds over which the corresponding reject actions will be applied.
Commtouch Real Time AntiSpam Protection (available as Paid Add On for dedicated clients only)
Real Time AntiSpam Protection - To prevent Spam outbreaks the minute they occur, Software integrates Commtouch's award winning online service as an additional AntiSpam layer *
Message Acceptance / Sending Policies
(includes expert-mode engine for acceptance rules)
Assign different outbound IP addresses to each domain; blacklisted IPs will only affect the associated domain, and not other domains operating on the same server.
* relay emails from domain 1 to route 1, using IP1
* relay emails from all other domains to route 2, using IP2
* specify a username/password authentication before routing emails
Built in DNS Cache
DNS query responses are cached; subsequent queries are resolved locally instead of being re-sent over the network.
Enforce user authentication on message submission and verify that the sender header matches the authentication credentials preventing impersonation attempts from local accounts.
Message and connection parameters for security policies (message size, anti-impersonation, SPF, access control, email address blacklisting / whitelisting, DNS checks, open relay blocking, etc):
* Originating host's IP, ports, greeting
* Originator's email address, domain or username
* Recipient email address, routing information
* Message size, headers, number of recipients
* Connection security level (SSL / non-SSL)
* Authentication information
* Session statistics (total mails sent, total size)
* SPF interrogation result; etc
Secure passwords enforcement
Define password strength policies (minimum password length, required sets of characters and so on), restricting the users from setting simple passwords.