Share this content on Facebook!
05 Oct 2016


 Avoid just as one Open Relay
 Use SMTP authentication
 Limit SMTP Connections
 Activate Reverse DNS
 Use DNSBL servers
 Activate SPF
 Enable Spam URI Realtime Block Lists
 Use at least 2 MX records for failover
 Maintain local IP blacklists
 Encrypt POP3 and IMAP Authentication

1. Don't be an empty Relay

Configure your mail relay parameter to become restrictive. You can specify which domains or IP addresses your mail server will relay mail for. Put simply, this parameter specifies to whom your SMTP protocol should forward mail. Misconfiguration of this option can harm you because spammers can use your mail server (and network resources) as being a gateway for spamming others, resu lting in your getting blacklisted.

2. Use SMTP Authentication for Access Control

SMTP Authentication forces those who use your server to get permission to send mail by first supplying a username and password. This helps in order to avoid open relay and abuse of the server. If configured the proper way, only known accounts will use your servers SMTP to send an e-mail. SMTP Authentication configuration is especially recommended once your mail server has a routed Internet protocol address.

3. Limit SMTP Connections

SMTP quantities of connections server should be on a protect your server against DoS attacks. These parameters depend on the specifications with the server hardware (memory, NIC bandwidth, CPU, etc.) and its particular nominal load per day. The principle parameters employed to handle connection limits include amount of connections, total number of simultaneous connections, and maximum connection rate. To keep up optimal values for these parameters may need refinement as time passes.

This may be worthwhile to mitigate spam floods and DoS attacks that target your network infrastructure.

4. Activate Reverse DNS

Most messaging systems use DNS lookups to ensure the use of the sender�s email domain before accepting a message. A reverse lookup can also be a fascinating option for battling bogus mail senders. Once Reverse DNS Lookup is activated, your SMTP verifies that this senders Internet protocol address matches the host and domain names that were submitted by the SMTP client within the EHLO/HELO command.

This is extremely valuable for blocking messages that fail the address matching test.

5. Use DNSBL servers to battle incoming email abuse

The most important configurations for shielding your email server is with DNS-based blacklists. Checking if the sender domain or IP is famous by DNSBL servers worldwide (e.g., Spamhaus, etc.), could lessen substantially the quantity of received spam. Activating this option and ultizing an optimal number of DNSBL servers will help reduce the effect of the unsolicited incoming email.

DNSBL servers list all known spammers IPs and domains for this specific purpose.

6. Activate Sender Policy Framework

Sender Policy Framework (SPF) is a technique employed to prevent spoofed sender addresses. Nowadays, nearly all abusive email messages carry fake sender addresses. The SPF check means that the sending MTA is able to send mail on the part of the sender�s website name. When SPF is activated on the server, the sending server�s MX record (the DNS Mail Exchange record) is validated before message transmission takes place.

7. Enable Spam URI Realtime Block Lists

Spam URI Realtime Block Lists (SURBL) detects unwanted email depending on invalid or malicious links within a message. Having SURBL filter helps you to protect users from malware and phishing attacks. Currently, don't assume all mail servers support SURBL. But if your messaging server does support it, activating it will raise your server security, as well as the security of one's entire network since a lot more than 50% of Internet security threats come from email content.

8. Have at least 2 MX records for failover

Developing a failover configuration is vital for availability. Having one MX record is never adequate to ensure a continuing flow of mail to a given domain, which is why it�s strongly recommended to set up no less than 2 MXs for each domain. Website is placed because primary, and the secondary can be used in the event the primary goes down unconditionally. This configuration is conducted for the DNS Zone level.

9. Maintain local IP blacklists to close spammers

Utilize a local IP blacklist on your email server to bar particular spammers who only target you. A list will set you back more maintenance resources and time. The worthiness is within the turnaround time and energy to stop unwanted Internet connections from bothering your messaging system.

10. Encrypt POP3 and IMAP Authentication

POP3 and IMAP connections weren't originally designed with safety in mind. Consequently, they are often used without strong authentication. It is a big weakness since users passwords are transmitted in clear text by your mail server, thus making them easy to get to to hackers and people with malicious intent. SSLTLS is the better known and easiest method to apply strong authentication; it can be widely used and considered reliable enough.


There isn't any comment in this page yet!

Do you want to be the first commenter?

New Comment

Full Name:
E-Mail Address:
Your website (if exists):
Your Comment:
Security code: