If you are purchasing your own domain name to run a mail server at your office, the following are suggestions and resources to help you secure the server. With an unsecured server, a spammer would be able to send email through your server.
- Use a static IP and set up the reverse DNS (PTR records) correctly. Most mail servers perform a reverse IP lookup on the sending Mail Transfer Agent (MTA), which is your server IP. If no records are found, or the PTR does not match the domain name of the sending mail server, the mail may be rejected.
Example: Your mail server name is mail.mydomain.com and the IP is 192.168.0.5. The IP of 192.168.0.5 must point to the domain name of mail.mydomain.com.
- Never allow mail to be sent unless the sender validates themselves. This can be done by IP or by submitting a user name and password. The user name and password is preferable because an IP can change. If your network becomes infected with a mass mailing worm, the worm tries to send email using the SMTP settings on the infected computer. By requiring a user name and password, you may be able to stop this type of activity.
- Only allow mail to be sent through the server from internal IP addresses. If your associates need to send email from home, use a VPN to gain access to the network. After they validate using a user name and password, email can be sent.
- Log all transactions and offload the logs to a secure server. This helps track email that has been sent through the server. By offloading the logs to another server, a hacker would not have access to the logs. If the server is compromised, hackers usually change the logs to cover their tracks. Do not forget to use a date and time stamp for each transaction.
- Run anti-virus and anti-spam filters on the server as well as on your devices. This helps protect your network, and the anti-spam filters help reduce junk email from reaching your users.
- Complete updates and patch your mail server software.
- If possible, do not bounce messages back to the sender containing viruses or bad addresses. Instead, either delete or route the messages to a dummy account. This helps reduce the propagation of viruses and harvesting schemes. Most of the reply addresses contained in these emails are fake.