Mail Server Server Security

Industrial Espionage, personal identity theft and commercial identity theft have reached pandemic proportions, making secure communication not just a priority, but a legal requirement in many industries.

 

IceWarp Merak Mail Server provides multiple levels of security on all communications ports. You're already aware that email communication is at the core of any modern business and secure communication is paramount . IceWarp provides you with key technologies that protect your communication from spam, viruses, spoofing, phishing, bombing, relaying, intrusions, compromised password and the array of ever growing attacks.

Data Encryption and Decryption

Passwords utilize RSA Public Encryption Keys employing asymmetric cryptography to protect all user login credentials. Secure Socket Layer encryption (SSL) on all traffic in and out of IceWarp Merak Mail Server stops sniffing and unauthorized tampering of communication in transit. IceWarp has the ability require sender authentication using public-private key combinations similar to PGP on the server-side and requires no additional software to be installed on end-user email clients.


IceWarps array of high security communication feature include:

  • SSL / TLS 128-bit encryption for all services and on all ports
  • Creation and Management of Digital Certificats
  • Secured Destination Support via forced SSL (force delivery only via SSL)
  • CRAM/Digest MD5 challenge response authentication, login, plain and POP-before-SMTP Authentication
  • Server-side message encryption using S/MIME
  • TCP/IP tunneling providing VPN-like communication

Password Protection

Unless prompted and directed to do so, the average user will not create strong passwords, compromising their security. That’s why IceWarp includes definable Password Generator. You can be assured that your users will create passwords that will successfully combat even the best dictionary attacks.

  • Comprehensive password, expiration and login policies
  • Built-in license generator and password validation
  • Ability to restrict login via IP restriction
  • Ability to change passwords via the POP3 protocol
  • Service authentication- support for superuser login syntax

Denial of Service Protection

With Advanced Rate Control, IceWarp gives you the ability to set limits on incoming and outgoing connections. You can set the Control according to the amount of data that is transferred over a defined period, and restrict simultaneously established sessions.


IceWarp can even check local senders for viruses and spam, and limit their daily email usage in the event of a compromised account.

IceWarp's Denal of Service Protection includes:

  • Service specific bandwidth throttling
  • Data and connection rate limitations
  • Service usage policy management
  • Traffic monitoring with alerts
  • Command monitoring
  • Service usage restrictions
  • Allow or ban host rules with host patterns

Anti-Bombing Protection

Bulk mail not only expends your system resources, it is also a security threat. Here too, IceWarp steps up, effectively preventing bulk mail through extensive session and protocol control policies. Weak or outdates SMTP protocols and other such features can be disabled, ensuring that your users’ email addresses aren’t stolen.

Our anti-bombing protection inclues:

  • Protocol policy and session control
  • Session inactivity timeout, Protocol response delay, Maximum bad command limitations, Maximum outstanding connection request limitations
  • Greylisting - Ability to perform a delay before processing an incoming SMTP connection
  • Ability to disable telnet session access
  • SMTP policies settings including disable EHLO, AUTH, EXPN & VRFY commands

Anti-Spoofing Protection

Phishing attacks usually succeed due to forged message headers. Not with IceWarp. IceWarp performs DNS checks to ensure that the message has arrived from a credible source. It can also validate the DNS of outgoing. Additionally the support of DomainKeys to identified email which was originally introduced by Yahoo!, ensures proper delivery to Yahoo and other servers supporting this standard.


IceWarp additionally supports:

  • DNS, MX, and A record authorization
  • rDNS validation
  • Sender Policy Frameword ( SPF ) and with SRS support
  • DKIM, DomainKeys and domain literals

Anti-Relaying Protection

IceWarp supports Closed Relay operation in order to prevent attacks. This ensures that your server is not hijacked and subsequently blacklisted.


In addition, you can set IceWarp to reject connections from open relay servers.

  • Closed relay operation mode except for Trusted IPs
  • Domain IP shielding via IP Binding
  • Non-authorized domain rejection
  • Hop count and number-of-recipients restrictions
  • DNSBL query capable
  • HELO-EHLO filtering

Intrusion Prevention

IceWarp's Intrusion Prevention system monitors attempts to deliver to unknown users, SMTP command abuse, attempts in sending of spam or to relaying without authentication

When a pre-defined threshold is reached IceWarp Intrusion Prevention automatically closes further sessions for a specified period of time or permanently blocks connections the hostil IP addresses.

  • Cross-session and cross-protocol monitoring
  • Management of intruders' IPs
  • Reasons for blocked hosts displayed
  • Helpful against spam and DoS attacks