Partner View

Protect and Optimize Exchange Environments

Paying close attention to the particulars of your e-mail boundary can save you a lot of security grief.

In a recent survey conducted by Osterman Research Inc., more than 60 percent of the 250 respondents identified growth in e-mail storage requirements and spam as two "very serious" issues facing their enterprises. These two problems directly impact server utilization, but Microsoft Exchange administrators can alleviate them by deploying a secure e-mail boundary.

Escalating volumes of spam and viruses, along with evolving threats such as spyware and phishing, pose serious challenges to the security and stability of groupware networks. Relying solely on Exchange's security capabilities to protect the e-mail network can seriously compromise security and significantly increase server load, limiting the number of users each server can support and increasing storage costs. A secure e-mail boundary help solve these problems, if it has the proper characteristics:

Robust Mail Transfer Agent (MTA) to manage traffic and ensure failover. The MTA must be capable of managing enterprise-level volume and support a wide range of security plug-ins, such as anti-spam and anti-virus solutions, policy management and authentication solutions.

Connection control for monitoring and regulating the connection. The standard attack profile for spammers is a mass-mail delivery, without message queuing. Rejecting connections with this profile dramatically reduces the number of messages entering the e-mail network. In addition, that step virtually eliminates targeted attacks like denial of service and address harvesting. By monitoring traffic connecting to an MTA and throttling back as needed, connection control protects Exchange environments from unwanted messages and malicious threats.

Flexible options for anti-spam and anti-virus filtering. Best practices dictate the use of multiple anti-virus solutions from different vendors. Enterprises should look for an anti-spam engine that receives both periodic and micro-updates to deal with the real-time flow and patterns of spam on the Internet. In addition, they should support policy enforcement to augment the engine's functionality.

This function gives the administrator the ability to block, delete and redirect specific messages based on patterns detected in their subject and/or message body.

Directory-driven e-mail security to validate recipients at the gateway. Using directories to validate recipients is no longer a luxury; it's a requirement. By using a secure, high-performance and messaging-specific LDAP directory server, enterprises can leverage directory data to reject invalid addresses at the Internet gateway before involving prior to resource-intensive routines such as scanning, mail store processing and storage. The result: fewer unwanted messages (a reduction of as much as 50 percent), optimized mail processing and routing, and reduced AS/AV filtering.

Authenticate senders to fight phishing, spoofing and fraud. After e-mails have survived the previous checks, it's time to determine where they're really coming from by using Sender Authentication. Most leading SMTP Gateway (MTA) solutions embed the latest Sender Authentication protocols.

Failover protection to enhance Exchange reliability. Groupware systems are preconfigured to bounce mail if they don't receive an immediate confirmation after recipient mail server failures. Rather than queue such messages on the server and load it with delivery re-tries, the optimal solution must possess the capability to queue and store messages in a separate MTA for later delivery.

A properly deployed secure e-mail boundary optimizes the performance and security of Exchange. The end result is a greater ROI on the entire messaging network through enhanced throughput and a reduction in messaging servers.

About the Author

Michael Donnelly is senior architect at Sendmail Inc., a Registered Member and a global provider of enterprise messaging solutions based in Emeryville, Calif.