Security administrators put in considerable time setting up e-mail quarantines and checking on threats that have
been cordoned off. But that's too much work, according to senior vice president of Sendmail Inc., John Stormer, and J.F. Sullivan, Sendmail's director of product development.
In this FYI interview, Stormer and Sullivan provide an introduction to the aspects of commercial Sendmail that could make the traditionally time-consuming quarantining process much easier for administrators.
How do Microsoft Exchange users lessen the security threats of using that e-mail server?
John Stormer: I haven't run into many companies that are prepared to have Windows interfacing with the Internet. They tend to [lessen security threats by putting] Unix or Linux messaging security on the Internet as a wall to protect Exchange.
J.F. Sullivan: Almost all companies have some type of MTA in place today. Roughly a little more than half will have some type of directory-based infrastructure tied to that MTA to handle the routing of information.
How do most companies deal with suspected spam and viruses today?
Sullivan: Larger corporations seem to see quarantining functionality as a bothersome nuisance to have across thousands of users. We at Sendmail think that this will change in the upcoming year and years because quarantining as a function will be applied to a lot of other things other than just suspected spam e-mail.
Stormer: The quarantine in e-mail security is an evolving area that we think is undervalued today. Quarantines were first developed to isolate a virus or a suspected virus in the early stages of an outbreak. Quarantines are needed because you can't be sure if an anomaly is a virus until the anti-virus companies have gone through their whole cycle. Some companies put suspected spam in these quarantines and then have an administrator manage that inbox, sometimes simply by deleting the spam.
With Sendmail, quarantines can be managed by the end users, who look for messages that are suspected to be spam and delete them or manage them as they see fit.
From your description, it seems that quarantines are a very labor-intensive way to deal with spam and viruses. Is there an easier alternative?
Sullivan: You're right. Maintaining the inbox becomes problematic when you have thousand of users and have to maintain individual filters across every single desktop.
A number of our customers hold the user preferences for filtering individual e-mails per user at the infrastructure level. This means that if you want all messages whose spam score exceeds 90% to be sent to the quarantine, you can set a rule in the infrastructure itself and have that rule be executed for all e-mail destined to you. This process will take place long before it was actually ever scheduled for delivery into your in box.
Centrally storing quarantined messages in a routing infrastructure makes it much easier for the administrator to set policy around the handling of e-mail. Default conditions could be set for all messages coming underneath a certain usage style versus dealing with those messages for each individual.
Could rules be set, for example, about outgoing messages containing intellectual property?
Stormer: Yes, if they want to be cautious about intellectual property that is leaving the system, they might use Sendmail's quarantine facility to store messages from, say, employees in a particular engineering project, in a directory in a quarantine facility. An alert could notify the supervisor that there is a suspect message in an employee's box. Then, the supervisor can go to that quarantine folder, look at that message and see that it is fine to go out or not.
Used in this way, the quarantine becomes much more than a space for spam and virus; it becomes a critical part of a policy- enabled infrastructure.
So, is this message processing feature you've been discussing a proprietary one?
Stormer: The message processing platform, Mailstream Content Manager, is the proprietary application that sits on top of the open source sendmail MTA or a commercial, proprietary MTA. You might think of it as utility or a plug-in that integrates with a sendmail router.
If your enterprise is running open source and satisfied with the open source infrastructure, you can take advantage of Sendmail Mailstream Content Manager, have that intelligence layer for message processing and keep your open source MTA infrastructure.
Mailstream Content Manager does have an open frame work, a very open architecture which enables a mix-and-match, and an ability to plug in different content scanning technologies.
SearchEnterpriseLinux.com's FYI series of interviews and New Product How-tos are designed to introduce IT professionals to a product or technology. FYI Q&As and New Product How-tos can also serve as a reference for IT pros who need to describe products and technologies to co-workers, new hires and non-IT executives.