Zimbra Best Practices: Incoming Mail Protection

I believe that one of the most important aspects related to e-mail is security management, both in terms of possible attacks, such as malware or viruses, and in terms of “invasion” of junk mail, spam and so on. We have seen, on the user side, how to manage spam within the Zimbra webmail in this article. Here, however, we want to deepen the topic by going to take a look at the tools that you can use to be able to defend at best and manage incoming mail.

If for what concerns virus or malware attacks the choice falls on the different solutions on the market both open source, as for example ClamAV, and paid, for what concerns spam and security in general we can take advantage of various types of resources that we are going to see together.

Postscreen

Zimbra introduced Postscreen starting with version 8.7, as an additional anti-spam strategy. It provides an extra protection against mail server overload. By preventing spambots, postscreen leaves more SMTP server processes available for trusted clients, thus delaying the risk of server overload conditions. You can read more about it in this article: What Is Zimbra Postscreen?

To understand how it works we can figure out two typical scenarios:

  1. Without Postscreen: the first one is scenario without Postscreen, nor any other Anti-SPAM security. In this case we have bot and zombies talking with all the smtpd listeners that Zimbra is offering. This leads to the risk of a timeout error for good connections that find themselves having to wait for bots and zombies to finish
  2. With Postscreen: in a scenario with Postscreen, we have bot and zombies talking with it. In this case, Postscreen will do all the basic checks, and can deny the connection if the message is clearly from a bot or zombie. It will also move an email to the local anti virus if the connection is not in the temporary whitelist. Unlike the previous scenario, in this scenario good connections pass Postscreen security and go directly to talk to the smtp daemon.

To fully understand how to use and configure this feature I would like to refer you to the article: How To Use Zimbra Postscreen?

CBPolicyD

Policyd is an anti-spam policy daemon for Postfix. It is included as a part of the Zimbra package, but it is not enabled by default. You can learn how to enable and configure it by reading the following article: Enabling CBPolicyD WebUI

DKIM

DomainKeys Identified Mail (DKIM), is a method to combine the domain name and email, allowing a person or company to take responsibility for the email. It works through the use of a digital signature, tied to a domain name, for each sent email. This way you can verify that the email sent from a given domain is actually authorized by the owner. In Zimbra, DKIM can be used both to check incoming emails and to sign outgoing emails.

To learn how to configure SPF for incoming mails you can read this article: How To Configure Zimbra DKIM to Check Incoming Emails?

SPF

The Sender Policy Framework (SPF), is an email verification system, designed to avoid undesired emails using a spoofing system. The SPF record contains the information of only those mail servers that are authorized to send emails on behalf of your domain, while preventing spammers from spoofing it. This is possible through a comparison between the SPF record and the sender’s mail server information. If they do not match, the email will be identified as unauthorized and consequently sent to spam or totally rejected.

To learn how to configure SPF for incoming mails you can read this article: How To Configure Zimbra SPF to Check Incoming Emails?

Technical writer at Zextras. Linux and technology enthusiast. He describes himself as an atypical and polyhedric IT expert, thanks to a creative and open minded attitude, and to the experience gained over time as an IT technician, system engineer and developer.

Post your comment