ArgoSoft Pro Security

ArgoSoft Pro has a number of options to increase (or decrease) the security of your server. Before installing your server, you should read this section as well as the appropriate sections in the ArgoSoft documentation about security. It's imperative that you thoroughly understand how to secure your email server - otherwise, evil doers (spammers) will hijack it and use it to send thousands, tens of thousands or even millions of messages without your knowledge or permission. This will lead to your system being banned, which means your email will be blocked by many ISPs.

However, even before that, make sure your other security is in place. This means your operating system should be up-to-patch and all of the service packs installed, you should have a good firewall which is properly configured, and you should have your antivirus solution ready-to-go (it's not even an option anymore). An extremely secure email server is very insecure if there is no firewall, antivirus or if the operating system allows intruders to get to the server directly.

SMTP Authentication

SMTP AuthenticationBefore you do anything with ArgoSoft Pro get into administration mode. Select "SMTP Authentication" from the "Security" menu. Enable SMTP Authentication.

Do this without delay. Why? Because if you do not, your email server can be hijacked by spammers. This is called an open relay, and it can get your email server blacklisted. This is bad, because your messages will be prevented from being delivered to 30% or more of your recipients.

I also like to set the "Use POP3 User Names and Passwords" to make it easier to manage these things.

SMTP After POP

SMTP after POPAnother method (used separately or in conjunction with SMTP Authentication) is called SMTP After POP. What this does (if you turn it on) is automatically allow anyone who can log into the POP server portion of ArgoSoft Pro to receive email to also send email for a brief period of time (perhaps five minutes). This is as reliable as SMTP Authentication.

 

Sender Rules

Sender RulesYou can enable still more security by allowing relay (messages to be sent from the server) only if the Senders domain is local or if the sender has an account on the server. This is recommended, as it will prevent outside entities from sending via the server.

These methods are not exceptionally reliable, as they depend upon header fields within the email message, which are easily forged. They do, however, provide some slight additional security.

Filters

FiltersYou should examine your ArgoSoft Pro log files every once in a while (once a week is good). As you do, look for messages that you did not want, and note anything unique about them (including the TCP/IP address). I like to note web site URLs and email addresses.

Enter these unique bits of text (not the TCP/IP addresses - those are entered in a different place) in the Filters box. This will discard any messages which contain text matching those filters.

Note that these do not look for matching words - they are matching text of any kind. Thus, if you included "the" you would match "the", "theater" and "thesis". So be careful the strings are unique (that's why I stick to URLs in messages, such as the remove URL, that I don't want).

Note that messages filtered using this mechanism are bounced, which can confuse services such as Yahoo Egroups.

Attachment Filters

Attachment filtersArgoSoft Pro has the ability to discard messages which contain specific attachment file types. This is useful for eliminating, for example, executable files (which often contain viruses).

You can include wildcards (* and ?) to match different file types. For example, to match .EXE only, specify .EXE. To match any filetype beginning with E specify .E*, and to match anything beginning with E and ending with E, specify .E?E.

If the Message Size Limit is set to unlimited, then Attachment Filters are ignored.

Personally, I believe a good virus scanner (such as Norton Antivirus for SMTP Gateways) is a better way to remove viruses.

Address Verification

Address verificationThese options cause your server to validate email addresses. It is a way to cut down on spam and the like.

If you are running your own email server and own the domain name(s), then be sure that "Assume Blank MAIL FROM Address is Valid" is checked. Why? The email speciation RFC 1123 requires that a blank MAIL FROM be accepted. This is so that messages and complaints sent to the domain will be received even if the sender does not any usernames.

These options can cut down on spam, but the resources required per message increase substantially. If you receive lots of email messages you may find that your server gets overloaded.

Banned Addresses

Banned AddressesInevitably, there will be TCP/IP addresses from whom you are not interested in receiving email. You can identify these by examining your log files occasionally. Add those addresses to this screen.

The server will disconnect immediately from any attempt to connect from any of these addresses.

 

 

 

 

 

 

Trusted IP Addresses

Trusted IP AddressesThis is where you define those TCP/IP addresses that you trust. Messages sent from these TCP/IP addresses will be allowed to relay and will be sent without restriction (except for spam filtering, which is still performed).


Internet Tips Contents
404 Errors Advertising Autoresponse Awardmaster Basics Browsers Careers Chatting Disasters Domains Email Emoticons Ezines Free Stuff Fun Stuff FTP Graphics Homepages HTML Reference HTML Tutorial Interactive Legal Links Msg Boards Microsoft Money Multimedia Networks Newsgroups Newsletter Products RFC's Ringmaster Searches Security Sticky Sites Surfing TANSTAAFL Telnet Viral Webmaster Your System