Secure mail server checklist


Setup of email server in Linux is simple, but your job does not end there. Customer had experiences where mail gateway has been misconfigured and has caused open relay for a spammer attack. Always pay extra careful attention when you deal with related internet services such as web and email.

1. MX record
The Mail Exchanger (MX) is critical to email related information in your DNS. The MX record tells the internet email servers how to handle the your email routing. If you host your own DNS server, please remember to add a MX record. You can perform a simple MX record test. Please change your internal dns server to an external dns server.

2. IP address
Use the mail security tool below to check your IP status:

http://www.mxtoolbox.com/SuperTool.aspx 

3. Open Relay
Open relay is a very serious email server configuration flaw. Open relay means you are trusting all people over the world to send/relay email from your server using your IP address. Open relay check tools are as below:

http://www.abuse.net/relay.html

4. Reverse DNS
Usually anti-spam applications check if you have a valid reverse DNS IP. If you are sending mail from a non reverse DNS IP mail server, your 'mail reputation' will be lower than those who have a valid reserve IP. You might not see the impact instantly, however, since it might have a consequence in the long run such as sending valid bulk emails that might get your IP blacklisted or dropped.

5. SPF DNS Record
Most anti-spam application / gateway applies a Sender Policy Framework (SPF) checking. This is an additonal layer of spam filtering, where it checks if the mail is genuinely from a domain. It is advised to include SPF record in your DNS. 

Was this answer helpful?

 Print this Article

Also Read

Use PING to find network problems

PING allows you to quickly verify the connectivity of your internet connection to the VPS server....

Make cPanel/WHM VPS more secure

Use secure passwords Insecure passwords are the most common security vulnerability for most...

Close an Open DNS

The terms Open and Closed are now used to describe DNS servers in the following context: Open...

Identify a DoS/DDoS attack

If your server appears pretty slow, there could be many things wrong such as poorly written...

Installing Rkhunter (Rootkit Hunter)

First download the latest stable version of Rkhunter tool:wget...