> Cover Story
the evils of e-mail
is billed as a productivity tool, but there are times when
it is difficult to decide whether it is supposed to work
for or against you. by Graeme K. Le Roux
first problem with e-mail is its unreliability. Frequently,
users don't get mail, can't read it and/or can't be certain
the mail got through, or the e-mail bounces back and is
flagged as undeliverable. Addressing these problems starts
with your Mail Exchange (MX) record; this is the DNS record
which tells other systems on the Internet or your internal
Intranet if you use a DNS service on it where to send
e-mail for a given domain.
In essence, an MX record is a list of mail server names
which other mail servers will try to send mail to, starting
at the top and working down. The first entry in an MX record
will be your primary mail server and the second will usually
be your ISP's mail server. This means that if someone sends
you e-mail, it will go to your mail server unless that server
is unreachable (Internet link down, mail server off-line
or busy, etc.), in which case it will go to your ISP's mail
server, which will eventually relay it to your server.
Your primary mail server's job is to send and receive external
e-mail and to forward e-mail between internal mail servers.
The primary mail server may also act as a translator between
Internet-based SMTP and proprietary internal systems like
MS Exchange or other standards-based system like a host-based
It is the secondary e-mail servers, which might be departmental
or site based, that host users' mailboxes. With this sort
of system design, both internal and external users will
always be able to send mail because there is always a place
to forward it, unless all secondary servers are disabled
an unlikely prospect.
Having multiple servers also reduces the processing load
on any one server and thus minimizes delivery delays. Secondary
servers can be set to provide automatic delivery acknowledgements.
Two other common e-mail problems are mail servers that place
a limit on message sizes and mail clients that cannot support
complex message formats. One way around this is to encourage
users to keep attachments under a megabyte in size, and
send multiple attachments separately. If users need to deal
with multiple attachments on a regular basis, then compression
software, like WinZip, can be used to reduce the bulk size.
To address format issues, stick to simple SMTP/MIME encoding
with either text or HTML formatted messages. In addition,
use a consistent
e-mail system for both servers and clients to eliminate
most of the problems resulting from users not being able
to read mail.
Enforcing security is the next biggest problem for
e-mail systems. Since e-mail provides a path for information
to leave your company en masse, the advantage of the system
design illustrated here is that the company's primary mail
server becomes a single point at which you can log all messages'
source, destination and content.
Logging won't stop users from compromising company information,
but it will allow you to do damage assessment and have some
idea of who sent what to whom. Publicizing the fact that
all e-mail is logged will also discourage users from using
e-mail for unauthorised propagation of sensitive, defamatory
or offensive information.
Your primary mail server is also the point at which you
deploy your virus wall, which checks all e-mail messages
against a database of virus patterns. It is important to
configure your virus wall to scan all mail messages whether
from external or internal sources. Further, having an infected
workstation send a virus to one of your clients could be
Nevertheless, no matter what measures you take, expect to
get a virus sometime, like when a virus is newer than your
virus definition file. Thus, besides ensuring regular virus
updates, what is also important is that you can isolate
and remove infections preferably without taking the entire
The procedure to kill an e-mail borne virus in the network
is described in the box. This procedure will work no matter
how badly infected your network is.
In addition, there are other configurations that can be
done to the e-mail system to help contain virus infections,
or at least slow them down. First of all set mail clients
such that they do not automatically execute attached files,
like VB scripts, and .exe files. Such files should be first
saved to disk and scanned. A policy that sets email clients
to prompt users to save the attachment before running them
can help reinforce this message. Another good practice is
to set applications, like MS Word, to prompt users before
In addition, set all your mail servers to delay forwarding
mail to the primary mail server every couple of hours rather
than immediately. This way, a virus which infects one of
your secondary mail servers will take between, say, two
and four hours depending on the delay you set to propagate
to another one. This gives you time to discover the virus
and stop propagation by shutting down your primary e-mail
Another security issue with e-mail is the fact that you
have to open a TCP/IP port to send and receive e-mail. Just
because SMTP uses TCP port 25 does not mean that a hacker
can't use the same port for something else. The only way
to directly stop this is to limit the SMTP command set which
your primary mail server will support.
Your primary mail server is the only server on your network
which should be able to communicate with the Internet via
SMTP. In fact if you use something like X.400 internally,
no other server or client should be able to communicate
via SMTP at all which is a very good reason to use such
Proxy-based firewalls guard against non-SMTP traffic on
any port designated as being for SMTP by examining each
packet's header and restricting the SMTP commands. But although
SMTP proxies work well, they are relatively slow and expensive.
On the other hand a filter-based firewall will restrict
access of packets with SMTP headers to designated mail ports.
In the configuration cited here, compromised access to the
primary mail server does not provide an intruder with access
to any other host on the network.
It may provide access to other mail servers but if you use,
say, X.400 internally this will not be the case as the primary
mail server's access will be restricted to the system interface
for a server's message store. In short, given a reasonable
level of host security, there is little an intruder might
gain from compromising a primary mail server.
Unauthorized SMTP relay is one risk. An intruder could enable
this feature and then hijack your server as a relay. But
remember you are logging all e-mail; you can set your log
utility to export logs, which means an intruder's every
action is recorded in a way which cannot be prevented or
The final group of problems is associated with handling
large numbers of e-mail on a daily basis. To address this,
choose a mail system which allows users to easily write
rules which automatically sort mail into separate folders
based on source, priority, or content.
Also, set individual folders to delete or archive (in searchable
databases for six months) e-mail on a monthly basis. This
will cut your storage overhead and make it easier for the
user to find current mail. Set your mail clients to present
new messages with a three-line preview, which can help users
decide what to do with messages more efficiently.
Another good practice is to learn to ignore mail while you
are doing something else. Disabling new mail audio warnings
and suggesting that users read mail only first thing in
the morning, after lunch and at the end of the day, can
help to reduce distractions. Introducing a delay into mail
forwarding will also help.
These simple steps will help your users avoid getting buried
by e-mail. You can also encourage users to forward mail
to an assistant when they are outstation,as well as set
automated out-of-office responses. Remember, e-mail is supposed
to help users not hinder them.
Graeme K. Le Roux is the director of Morsedawn (Australia),
a company which specializes in network design and consultancy
and writes for Network Computing-Asian Edition. He can be
reached at firstname.lastname@example.org
Send your feedback to email@example.com
kill a virus
object of this procedure is to stop an existing infection
by a new virus from spreading and to
eliminate it from a system with minimal disruption
to users' normal activity. Systems which allow
administrators to push virus updates down to
client PCs and additional server based anti-virus software
can substantially cut the time required for this procedure.
Internal firewalls which allow administrators to selectively
disable specific types of network traffic are also extremely
helpful in large systems. Assumptions: Mail system, anti-virus
software deployed on both the primary mail server (as a
virus wall) and on all PC clients; real-time scanning supported.
1) User reports a virus infection.
2) Disable mail transfer (receipt and forwarding) at primary
mail server. Inbound Internet mail is held by ISP's mail
server. Outgoing mail is held at secondary mail servers.
If the virus is of a type which can propagate via data files
then restrict access to data stores to read only. Users
can continue to work on local copies of files but can't
spread the virus further.
3) Get a virus pattern update from your vendor for both
the virus wall and client software. Note that while your
mail server is down, Web access need not be, although care
should be taken to ensure that users do not spread the virus
via Web-based e-mail accounts.
4) Apply the new virus patterns to your primary mail server
and enable internal mail transfer and mail forwarding to
the Internet. Do not accept inbound mail from the Internet
at this time.
5) Secondary mail servers will start to forward e-mail and
the new virus pattern will cause the virus wall to filter
infected e-mail, which will identify the secondary mail
servers which are infected.
6) Starting with the secondary mail server, which is sending
the most infected emails, shut the server down and flush
its e-mail queues.
7) Update the anti-virus software on this server's clients
and run a scan on all local files.
8) Enable the secondary mail server. Enable write access
to all network files.
9) Repeat from 6 for each secondary mail server.
10) Allow primary mail server to accept Internet mail.