Defending a Cheap Mail Server
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Defending a Cheap Mail Server

  1. #1
    Junior Member
    Join Date
    Apr 2005
    Posts
    18

    Defending a Cheap Mail Server

    I work for a small company that has their email services hosted by an online email provider (at a very cheap cost). I can access and manage all the mail accounts from a web interface and then configure Microsoft Outlook on all the desktops for users to send/receive mail, from the offsite mail server.

    The problem is the mail server that my company's email is hosted on has no type of virus or firewall protection. Basically it's wide open, the only feature I'm able to configure is a cheap spam filter. I spoke several times to this ISP and voiced my concerns about this problem and they are just now in the process of upgrading their services and offering some type of virus protection.

    Other than switching to a different mail provider (which I know the company may not do because they're cheap) what can you suggest as a good measure to effectively increase security when they download emails at their desktops via Outlook. Right now they are having all sorts of issues with spam, spyware, adware, and trojans. Are there any free gateway type of services that would provide a means to scan all email before it gets to my companies network or any utilities I can install on all the desktops to minimize these security threats. Any ideas please let me know, thanks!

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    http://www.barracudanetworks.com/

    I have a couple of small clients where we don't have our own server for each service (like you.)
    I have found one great (local) ISP/Mail host that uses the spam/antivirus/spyware firewall and we lease the service. (Part of the ISP/Mail cost). Never once had a problem on these networks.

    I have AV clients on the workstations themselves...
    Then for added protection against spyware... locked down workstations and blackhole dns.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    You've got your mail hosted externally... that's one thing, but what about the gathering of the mail. Instead of having the users Outlook connect directly to the external mail server, could you setup an internal mail server using say fetchmail with spamassassin and clamav and set it up to clean the mail and store it locally. You don't have to run a mail server, just setup an outbound connection from the internal server to the external host, have it check every 10 minutes or whatever, this way the users aren't all checking externally individually (if you pay for bandwidth it may save you money there). Setup your users Outlooks to access the internal machine. if you don't have a server lying around you may have to obtain one, but you wouldn't need very high requirements ( prolly anything newer than a 486 would handle the task for you) and a little bit of knowledge.

    peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Junior Member
    Join Date
    Apr 2005
    Posts
    18
    Very good tips thanks, I have the workstations locked down through group policy so the fetchmail and blackhole dns ideas will add an extra layer of defense, I'll check out barracuda as well. Also this mail server has been hacked recently (I suspect) the admin password was changed I didn't change it and neither did anyone else with access (only two other people) so there's no telling what kind of backdoors the attacker could have left. I had to call the ISP and have them reset the pwd and then I created a stronger password to help slow any attackers down a bit.

    I'm sure I can get a spare machine and setup an additional server I'll have to plan this out though of course. What version/flavor of Linux would you recommend running fetchmail on? One other question we don't have a very good firewall system at this site either what if I setup a linux firewall using IPchains, etc would that be enough or could it be configured to help protect the mail and internal network infrastucture?

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    www.mailarmory.com

    Will provide both spam and virus protection for a VERY low cost.

    If you check it out and have any questions, let me know, I use it.

  6. #6
    Junior Member
    Join Date
    Apr 2005
    Posts
    18
    Thanks chef! I'll look into this as well.

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    The latest version of McAfee has an incomming mail scanner applied at each desktop. Your local file system would then be covered as well.

    VirusScan 8.0i
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #8
    Junior Member
    Join Date
    Apr 2005
    Posts
    18
    I'm running Symantec AV 10 with the system center console so I can manage all my machines from one place. Version 10 is actually pretty good it includes tamper protection and so a virus can't totally disable SAV protection.

  9. #9
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    If you are running an active scanner locally then they should detect infected mail when it's executed. On a small network you have good visibility of whats going on so would imagine you would be ok.

    //EDIT without digging into the manual, which you can do The AV 10 read me indicates some e-mail integration:

    Internet E-mail Auto-Protect port changes are ignored
    -----------------------------------------------------
    The antivirus client Auto-Protect feature for Internet E-mail Advanced
    Options lets you change the ports for POP3 and SMTP. The defaults
    for these ports are 110 and 25. The antivirus client ignores
    changes to these defaults. This issue applies to all email
    programs that use POP3 and SMTP, including Microsoft Outlook.

    If you change these defaults with the antivirus client but your email
    program uses the defaults, Auto-Protect still scans for risks in your
    email traffic. If your email program does not use the defaults and
    you change the Auto-Protect ports to match the ports used by your
    email program, Auto-Protect does not scan for risks in your email
    traffic.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  10. #10
    Junior Member
    Join Date
    Apr 2005
    Posts
    18
    Yeah your right for the most part but what seems to be happening is spam email seems to be making its way back and forth through a bunch of my users computers. They are also afflicted with loads of trojans and spyware but this is probably from click happy Internet users.

    I'm in the process of rebuilding every machine on the network so I can start from a clean slate, this in combination with several tips above will help out a lot.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •