How To Secure Your Own Mailserver

Taking full control over your online business is the most important reason why you may decide to run your own server on the internet.

On your own server you can provide secure mailboxes for all your staff and you can make sure that all email accounts you use for your business are protected from unauthorized access. While you'll be able to control what's going in and out, you will also have to guard your mailserver against attempts to misuse the service you are providing for your staff and customers.

Fortunately, with the use of proper encryption methods, running a secure mail server is not only feasible but a great asset of your online business. I will describe all aspects of the set-up here in detail.

Completing the preparations for a secure mailserver may seem complicated because there are a number of different pieces of software involved. But once you have understood why certain methods are in place and the set-up is complete, there's only very little maintenance to be done to keep your mailserver up and running, securely.

Certificates

All the different methods to secure your mailserver have one thing in common: they all use digital certificates. You may know these certificates from visiting websites with your browser. As it is very common to identify a web server by its name, with a certificate you can be sure that you actually are connected to the server with this name. But certificates can be issued for individuals too, so that users can identify themselves by using a certificate. If you don't know how to get such user certificates, don't worry they can be produced quite easily. But that's another story for a follow-up posting.

If you want to base your mailserver security on certificates, please contact me, I will provide them to you, if you need them for your business.

Organise Secure Access To Your Email

In this first part of the series, we try to establish a secure tunnel between our mailserver and the computer, we use to read our email. The tunnel does not only protect our email while travelling to our local computer. It also locks down our mailserver in a way that only users who can present a valid certificate, have access to their mailbox on the server.

Now we try to open up our mailserver to send out emails for us. But again, only our own staff who has a certificate that the mailserver accepts, can use it to send emails out into the internet. Spammers that try to abuse our mailserver will be thrown out with this setup, because they don't have one of our precious certificates.

What if our program on our computer does not support using certificates? No problem, we will show you a way to use any dumb mail program (the likes of Evolution) in a secure way.

If you like to employ these methods for your own business, I'll help you to make your own mail server as secure as possible. Don't hesitate to talk to me about your special requirements.