So you have been tasked with securing your organization’s email services.

There are quite a few guides available on the Internet and in different computer bookstores that can take you through the basics – and if you are ahead of the game you may have already done your homework. Continue reading Secure Your Desktop – Protect Your Email

Advanced persistent threats make email security a necessity

Most email administrators consider security to be a large part of what they do. With so many laws and regulations governing the storage, discovery and retrieval of email messages, security has become a second job to many.

Unfortunately, many administrators either forget, or simply aren’t aware, that securing email requires much more effort than hardening the email servers against attack. In order to fully protect your organization’s email and their contents the mailbox also needs to be defended. Especially when you consider how popular Advanced Persistent Threats are becoming with large cyber crime syndicates who use email not only as a way to harvest sensitive information, but also as a method of attack through phishing and social engineering. Continue reading Tips for Better Email Security

The Internet’s Request For Comment system may be one of the world’s best examples of rule by majority consent, as it is the de facto set of ‘laws’ for how the Internet (and all its associated protocols) works, and is essentially a collection of documents that ask the world ‘what do you think about this?’

With literally thousands of documents in the collection, defining standards, recommendations, best practices, and the occasional joke, anytime you want to know the why behind how something is done, you need look no further than the RFCs. While they are replicated on countless websites, the official repository is found at http://www.rfc-editor.org.

RFCs evolve over time, and earlier RFCs can (and often will) be superseded by newer ones. There are several RFCs that address how our email protocols and the associated DNS records should work, and as an email admin, you should be familiar with the lineage of all the major email RFCs. Even those which have been superseded usually contain useful information, as most new ones define enhancements to a protocol, as opposed to completely replacing it. Over 300 of the RFCs have something to do with email; fortunately you won’t need to know them all unless you want to program a new email application. Below you will find a summary of the seventeen RFCs that email admins should have at least a passing familiarity with, and links to the online documents should you wish to read further. All links will open in a new window/tab.

Continue reading 17 RFCs Every Email Admin should Know About

As promised, this article will continue highlighting some of the exploits that allow attackers to abuse a mail server running SMTP. In Part 1 we covered how buffer overflows can give an attacker escalated privileges and control of your server as well as how using commands to scan the server can provide a malicious hacker with plenty of useful information from your company’s email accounts.

However if email security were as simple as patching these two vulnerabilities then breaches like the one that effected Epsilon’s servers* may never have happened and the millions of compromised email address may at this time be safe.

Yet mail systems are compromised more often than we would like to think, and some of the following exploits may be the avenue of attack.

Continue reading Common SMTP Exploits – Part 2

Ever since the inclusion of SMTP-AUTH the Simple Mail Transport Protocol was thought to be on its way to a more secure messaging protocol and with Microsoft’s inclusion of Secure Password Authentication that addressed security issues with Microsoft mail clients mail administrators could easily be lulled into a sense of security that truthfully doesn’t exist.

Email security is much more than simply protecting credentials and authentication. Though most people associate an attack on an email server with private or confidential messages being compromised, the risks of running an email server are much greater than that.

As email is still one of the most widely used methods of business communication, attackers find this to be an attractive target. Not only because they want to see what is in your company’s emails, but because they know that 1) email can open the door to many other resources and 2) people tend to let their guard down when it comes to using email.

Below you will see some of the most commonly used attacks against SMTP servers over time. While some may no longer be an effective means of compromising a system or network, they do show the trends in exploits that attackers use and being aware of them will help keep you on your toes when it comes to securing your servers against vulnerabilities.

Continue reading Common SMTP Exploits – Part 1

In my previous post, “Reasons to Virtualize Your Email Servers – Part 1 of 2”, I enumerated three reasons for virtualizing email servers. There are many more reasons why administrators and organizations would want to virtualize their email servers that I will discuss now.

Here are three of those reasons which I discussed in my previous post on why administrators and organizations would want to virtualize their email servers:

1. Understand and learn a new technology.
2. Better use of resources.
3. Lower software licensing costs.Here then are five more reasons for companies and organizations to virtualize their email servers.
4. When your company virtualizes their email servers they are reducing the number of physical boxes that they have to keep and maintain. Email administrators often manage, and administer, other machines besides their email servers. And if your IT department runs as a profit and loss center then administrators should be very interested in reducing the number of boxes they have to administer if they know that they are going to benefit financially. When there are fewer boxes to maintain then your costs are lower. Fewer boxes mean lower cooling costs. Fewer boxes also mean lower power costs as well. Lower power and cooling costs is most likely a part of your company’s goals for a greener environment.
5. Virtual email servers also mean lower hardware costs. Having fewer hardware boxes obviously results in a lot of savings to your company and to your IT department. This can free up money to be used for new software tools or applications for IT administrators and email administrators to deploy within their environment as needed.
6. One of the biggest benefits that you get when you virtualize your email servers is that you – as an email administrator – get more flexibility when it comes to managing the resources that you need to get the best performance out of your email servers. A virtualized server can have resources dynamically added to their operating profile to accommodate unexpected spikes in utilization. Virtual CPUs, memory and even I/O adapters can be added or removed from your virtual email server’s operating profiles as needed. In some virtual environments it is even possible to define different profiles for the same virtual server such that an administrator can switch to whichever profile fits the resource needs of the current utilization rate. Having this flexibility to have a dynamic virtual server can be a great benefit to administrators especially for changing email server loads or when balancing the loads across multiple email servers is not possible. Simply change the amount of resources of the virtual email server to adjust for heavy or light workload requirements as needed.
7. Virtualization of email servers makes it possible to run different versions of Outlook or Exchange in different operating systems. Email administrators can even fine tune those email environments by specifying the different rev levels of the operating systems. Email administrators could test new versions of Outlook or Exchange Server on different virtual servers all within the same physical box. Then, when it is convenient for them, they could roll out the newer versions of Outlook or Exchange into their virtual production environment without needing to reload the OS or the email software onto a different physical box. Simply flip the software switch on their virtual email servers and they are now live in a much shorter amount of time than if they had needed to test, stage and go live on multiple physical boxes.
8. I’ve already discussed the savings in power and cooling that can be realized when going to a virtual email server environment. But there are other infrastructure advantages as well. The number of I/O adapters is reduced which also can reduce the amount of cables and switches that are needed in your data center thus further reducing your overall IT costs. Then there are rack space requirements that can also be reduced. And the assorted peripherals such as video, mouse and keyboards that are needed is also reduced in a virtual email server(s) environment.

In summary, it is very easy to see the advantages for moving your email servers to virtual email servers. The gains that can be realized in maximizing your resource utilization rates, flexible use of resources, operating costs and cost savings in hardware and software should be very easy for email administrators to demonstrate when presenting the virtual email servers advantage to upper management.

More and more companies are learning about virtualization technologies. And there are a lot of companies that have already gone from a dedicated server environment to a virtualized server setup in their data center.

Companies, IT directors, their staff and administrators are all considering the advantages and disadvantages of virtual server technology and whether it is the right choice for their company. There are many reasons to go to a virtual environment. And when going to a virtual environment a frequent question is which of our servers would benefit from being virtualized?

Email servers are great candidates for virtualization. If your organization is small then you are probably already running your email server or servers on small boxes with a certain amount of CPU, memory and disk drives. One of the parameters to look at when considering a virtual server is to ask the question: what is the current CPU utilization of my existing email server?

Typically, most data centers are running their email servers at anywhere from 20 to 25 percent of CPU utilization. If that is the case for your company, and you have other servers also running at 20 to 25 percent, or less, then you are a good candidate for an email server virtualization effort.

And what does it mean to virtualize my server? In short, a server virtualization means that we are consolidating one or more existing servers onto one physical frame or box. Each of the virtual servers gets their own allocation of virtual CPUs, memory, disk storage and I/O adapters. A combination of software and firmware performs the distribution and balancing of those resources among the virtual servers that have been defined on the physical frame or box. Usually a hypervisor is involved as a sort of traffic cop for distributing those resources.

Continue reading 3 Reasons to Virtualize Your Email Servers – Part 1 of 2

Most companies need an internal SMTP relay at some point. Whether this is for alerting systems, or the scan to email features of their printers, or the “phone home” capabilities many hardware systems offer, the ability for an internal device to send an email to both your internal systems, and out to the world is often needed, and frequently either over, or under engineered. 

Microsoft includes an SMTP service with all versions of the Windows operating system, and the SMTP service is perfect for the job of taking all the non-Exchange based emails in your company and passing them through a single point without having to pass them through your Exchange system unless they are destined for an internal mailbox.

I have seen companies establish dedicated servers, or purchase third party applications, for what is really a very light-weight task that can be added to any available file server or other server with minimal resources. Let’s look at how to add the service, how to configure the service, and some considerations for its use.

Continue reading Got relay? Using the Microsoft SMTP service

Like all servers, email servers are subject to heavy loads and when that happens the servers can slow down to a crawl. And if administrators are not monitoring the performance then they’ll be sure to find out about the slower performance issues from their users.

Email servers can slow down for many reasons such as increased traffic flow or attacks on the server. Sometime it is a result of increased spam messages. Administrators can use the Queue Viewer graphical user interface to view information about messages and various queues such as the delivery queue. Additionally the command line interface for Exchange server can also be used to pull out information. Actions such as modifying the status of queues and messages can be performed individually or in bulk. One or more objects can be selected to perform these actions on.

In Exchange server, queues are used to hold messages before further processing can occur. There are five queues that exist only on Hub Transport servers or Edge Transport servers. Each of these queues is used in the processing of email messages which flow through the server. The processing queues include the following:

• Mailbox delivery queue
• Poison message queue
• Remote delivery queue
• Submission queue
• Unreachable queue

The transport server processes the messages contained in the queues. And access to the message queues is performed by the Exchange Server using the Extensible Storage Engine (ESE) low-level APIs.

Continue reading Troubleshooting Message Queues

The worst possible time to define your uptime and availability requirements for an Exchange environment is when that environment is unavailable.  No email administrator wants to hear “We need this working within 2 hours” when they are looking at a dead server that is going to take all night to recover.

Uptime and availability should be defined within an SLA, or Service Level Agreement.  An Exchange Server SLA should exist in all organizations, even those that provide their own internal IT services.  The SLA is between the IT supplier or IT department and the rest of the business, and clearly defines what is an acceptable downtime or outage of the Exchange environment.

Why Are SLAs So Important?

The existence of an SLA supports many facets of the design and operation of the Exchange Server environment.

Budget – When a business defines their service level requirements they are making a commitment to providing the funds necessary to deliver those service levels.  An SLA is one of the best pieces of leverage the IT department has to secure those funds and implement an appropriate Exchange system.  Without the backing of an SLA the IT department may struggle to get approval for Enterprise server licensing, multiple servers for clustering, and other high availability components.

Server and Network Design – Exchange Server environments are designed to meet defined SLAs.  Certain uptime expectations can only be met with the right server design.  A business that is willing to go a day without email would not need the same infrastructure deployed as a bank that can’t go more than 15 minutes without email.  Clustering, redundancy, site-to-site failover, are all design points that would be included or excluded based on the SLA. Continue reading Exchange Server SLAs, and Why You Need One