Solved

What are the risk of having a mail server?

Posted on 2006-07-19
6
316 Views
Last Modified: 2010-08-05
My management would like to monitor our staff's email content and traffic, thus one of my suppliers proposed to setup a mail server in our office to cater for such purposes.  His proposal is to use Merak Mail Server.  Being a management team member, i would like to know what are the potential risks and dangers or hassles of accepting such proposal.  Our comapny currently has about 40+ internet users, mainly using internet for emails, VOIP, and net surfing.  We do not have IT personnel in our company and the email solution we are using currently is webmail.  At the moment, we only control our internet traffic using router software.  We are running on broadband and fixed IP.
0
Comment
Question by:ohjani
6 Comments
 
LVL 6

Expert Comment

by:Nzarth
ID: 17136746
Could be a few, but depends on your local law:

You may need to let your staff know that their email is being monitored.  What extent is it being monitored for? Can staff be sacked/disciplined for email inappropiate material?

As far as hosting your own mail server, it would be best if you limit the access to that box from the outside to just your mail provider (for example if you use SMTP then limit port 25 to your mail providers IP address.
0
 
LVL 32

Accepted Solution

by:
jhance earned 25 total points
ID: 17137149
First of all, I'd like to STRONGLY discourage you from using the Merak email server product regardless of whether or not you choose to proceed.  While this product looks good on paper (or a web page) it's, in my experience at least, a poorly implemented and even more poorly supported mess.

While not supported a lot better, the ALT-N MDaemon package at least works better.  But from my experience you'll get much better results and support if you go with MS Exchange or even Windows Server's in-the-box SMTP/POP3 servers.  

You could also scrap the idea of using Windows as an email host and simply use a Linux box as your email host.

But since you mentioned that you have no in-house IT support, I'd strongly recommend against hosting your own email server at all.  Of all the things you might do, this probably takes more admin support than anything else and you will be very dependent on the outside contractor to do anything and everything.

If I were your consultant, based on your size and network I'd probably be recommending an outside-hosted email solution.  These do not have to be webmail although most do offer a webmail option which is handy.

I also don't see why you need to host internally to get a handle on what employees are doing.  Just about any of the network monitoring tools or appliances will capture email and webmail traffic regardless of where it's hosted.
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17138824
In short you don't want to do this, and you will what to use http://postini.com/postini_solutions/smb_archive_manager.php  with your existing email server.

With 40 employees I don't think you will really get much ROI, by purchasing a server that has some hardware redundancy, Anti-Virus Email Softwrae, Operating System, Anti-Spam, and the monitoring and administration that it will take to patch and harden and maintain the email server.   you also stated that you are running off of broadband, if you connection goes down, generarlly so will your email server.

The Postini Solution requires your ISP to perform some configuration changes to first have the email sent to them for archiving, spam, anti-virus, etc purposes and then forwarded on to your normal and current mail server nothing to change, and all of your email will be archived and avalable to view at postini.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17142586
Yes, I would also suggest that you don't want your own mail server. Email is important enough and you are only asking for frequent downtime if you try to run it without competent local IT support.

Use one of the alternate suggestion already posted above.
0
 
LVL 1

Assisted Solution

by:masterhacker
masterhacker earned 25 total points
ID: 17291873
I agree a mail server is just asking for trouble.  I suggest going with software on each computer:

http://www.spectorcne.com/

You may not want to give anyone ideas though?
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now