What are the risk of having a mail server?

Posted on 2006-07-19
Medium Priority
Last Modified: 2010-08-05
My management would like to monitor our staff's email content and traffic, thus one of my suppliers proposed to setup a mail server in our office to cater for such purposes.  His proposal is to use Merak Mail Server.  Being a management team member, i would like to know what are the potential risks and dangers or hassles of accepting such proposal.  Our comapny currently has about 40+ internet users, mainly using internet for emails, VOIP, and net surfing.  We do not have IT personnel in our company and the email solution we are using currently is webmail.  At the moment, we only control our internet traffic using router software.  We are running on broadband and fixed IP.
Question by:ohjani

Expert Comment

ID: 17136746
Could be a few, but depends on your local law:

You may need to let your staff know that their email is being monitored.  What extent is it being monitored for? Can staff be sacked/disciplined for email inappropiate material?

As far as hosting your own mail server, it would be best if you limit the access to that box from the outside to just your mail provider (for example if you use SMTP then limit port 25 to your mail providers IP address.
LVL 32

Accepted Solution

jhance earned 100 total points
ID: 17137149
First of all, I'd like to STRONGLY discourage you from using the Merak email server product regardless of whether or not you choose to proceed.  While this product looks good on paper (or a web page) it's, in my experience at least, a poorly implemented and even more poorly supported mess.

While not supported a lot better, the ALT-N MDaemon package at least works better.  But from my experience you'll get much better results and support if you go with MS Exchange or even Windows Server's in-the-box SMTP/POP3 servers.  

You could also scrap the idea of using Windows as an email host and simply use a Linux box as your email host.

But since you mentioned that you have no in-house IT support, I'd strongly recommend against hosting your own email server at all.  Of all the things you might do, this probably takes more admin support than anything else and you will be very dependent on the outside contractor to do anything and everything.

If I were your consultant, based on your size and network I'd probably be recommending an outside-hosted email solution.  These do not have to be webmail although most do offer a webmail option which is handy.

I also don't see why you need to host internally to get a handle on what employees are doing.  Just about any of the network monitoring tools or appliances will capture email and webmail traffic regardless of where it's hosted.

Expert Comment

ID: 17138824
In short you don't want to do this, and you will what to use http://postini.com/postini_solutions/smb_archive_manager.php  with your existing email server.

With 40 employees I don't think you will really get much ROI, by purchasing a server that has some hardware redundancy, Anti-Virus Email Softwrae, Operating System, Anti-Spam, and the monitoring and administration that it will take to patch and harden and maintain the email server.   you also stated that you are running off of broadband, if you connection goes down, generarlly so will your email server.

The Postini Solution requires your ISP to perform some configuration changes to first have the email sent to them for archiving, spam, anti-virus, etc purposes and then forwarded on to your normal and current mail server nothing to change, and all of your email will be archived and avalable to view at postini.
LVL 32

Expert Comment

ID: 17142586
Yes, I would also suggest that you don't want your own mail server. Email is important enough and you are only asking for frequent downtime if you try to run it without competent local IT support.

Use one of the alternate suggestion already posted above.

Assisted Solution

masterhacker earned 100 total points
ID: 17291873
I agree a mail server is just asking for trouble.  I suggest going with software on each computer:


You may not want to give anyone ideas though?

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Super Bowl is just days away. Millions of advertising dollars will be spent in just a few hours to drive people to websites around the globe. Optimizing your site in anticipation of a big event like this (and the traffic surges that follow) will…
In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question