• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 357
  • Last Modified:

What are the risk of having a mail server?

My management would like to monitor our staff's email content and traffic, thus one of my suppliers proposed to setup a mail server in our office to cater for such purposes.  His proposal is to use Merak Mail Server.  Being a management team member, i would like to know what are the potential risks and dangers or hassles of accepting such proposal.  Our comapny currently has about 40+ internet users, mainly using internet for emails, VOIP, and net surfing.  We do not have IT personnel in our company and the email solution we are using currently is webmail.  At the moment, we only control our internet traffic using router software.  We are running on broadband and fixed IP.
0
ohjani
Asked:
ohjani
2 Solutions
 
NzarthCommented:
Could be a few, but depends on your local law:

You may need to let your staff know that their email is being monitored.  What extent is it being monitored for? Can staff be sacked/disciplined for email inappropiate material?

As far as hosting your own mail server, it would be best if you limit the access to that box from the outside to just your mail provider (for example if you use SMTP then limit port 25 to your mail providers IP address.
0
 
jhanceCommented:
First of all, I'd like to STRONGLY discourage you from using the Merak email server product regardless of whether or not you choose to proceed.  While this product looks good on paper (or a web page) it's, in my experience at least, a poorly implemented and even more poorly supported mess.

While not supported a lot better, the ALT-N MDaemon package at least works better.  But from my experience you'll get much better results and support if you go with MS Exchange or even Windows Server's in-the-box SMTP/POP3 servers.  

You could also scrap the idea of using Windows as an email host and simply use a Linux box as your email host.

But since you mentioned that you have no in-house IT support, I'd strongly recommend against hosting your own email server at all.  Of all the things you might do, this probably takes more admin support than anything else and you will be very dependent on the outside contractor to do anything and everything.

If I were your consultant, based on your size and network I'd probably be recommending an outside-hosted email solution.  These do not have to be webmail although most do offer a webmail option which is handy.

I also don't see why you need to host internally to get a handle on what employees are doing.  Just about any of the network monitoring tools or appliances will capture email and webmail traffic regardless of where it's hosted.
0
 
DbergertCommented:
In short you don't want to do this, and you will what to use http://postini.com/postini_solutions/smb_archive_manager.php  with your existing email server.

With 40 employees I don't think you will really get much ROI, by purchasing a server that has some hardware redundancy, Anti-Virus Email Softwrae, Operating System, Anti-Spam, and the monitoring and administration that it will take to patch and harden and maintain the email server.   you also stated that you are running off of broadband, if you connection goes down, generarlly so will your email server.

The Postini Solution requires your ISP to perform some configuration changes to first have the email sent to them for archiving, spam, anti-virus, etc purposes and then forwarded on to your normal and current mail server nothing to change, and all of your email will be archived and avalable to view at postini.
0
 
r-kCommented:
Yes, I would also suggest that you don't want your own mail server. Email is important enough and you are only asking for frequent downtime if you try to run it without competent local IT support.

Use one of the alternate suggestion already posted above.
0
 
masterhackerCommented:
I agree a mail server is just asking for trouble.  I suggest going with software on each computer:

http://www.spectorcne.com/

You may not want to give anyone ideas though?
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now