Axigen comes with a full security feature set, guaranteeing secure reception, transit and delivery of email, as well as protection of your confidential data.
Incoming Security Options
Outgoing Security Options
Authentication / Encryption
Axigen server supports authentication, meaning it can be instructed to accept only connections/messages from authenticated entities. CRAM-MD5, LOGIN, PLAIN, DIGEST-MD5 and GSSAPI methods (in this order) are available for client authentication, reducing the risk of unauthorized connections.
SSL/TLS: All Axigen communication protocols can benefit from SSL/TLS technology which allows sending encrypted messages across networks and preventing plain text messages to be intercepted on the way from sender to recipient. This encryption method guarantees secure data transmission over networks.
Multi-layer access control (firewall-like rules)
Stopping spammers and preventing DOS attacks is one of the most important tasks of a mail server and the sooner the problem is identified in the mail stream , the better. This is why Axigen has a built in Firewall at the application (TCP listener) level that allows the administrator(s) to control connectivity parameters.
Furthermore, Administrators may define IP sets that have specific sets of such rules, applied with different priorities or IP sets whose connections are denied.
- rules set 1
- enabled / disabled
- priority: 2
- rules set 1
- enabled / disabled
- priority: 3
- enabled / disabled
- priority: 1
Flow control restrictions can be defined in addition to the access control rules, in order to prevent the server and storage overload, as well as protect the server from DDos attacks.
Restrict maximum simultaneous connections
Restrict the total number of simultaneous connections that a service may accept, the maximum number of simultaneous connection accepted from the same IP address in order to avoid attacks from a single IP. Additionally, privileged IP address groups (trusted servers) may have different connection limits policies.
Restrict maximum incoming connections rate
Restrict the total number of connection per time unit that a service may accept, the maximum number of connection per time unit accepted from the same IP address in order to avoid attacks from a single IP. Additionally, privileged IP address groups (trusted servers) may have different connection rate limits policies.
Selectively restrict maximum messages size
The server can be configured to accept different maximum messages sizes based on sender/sender domain, recipient/recipient domain, remote IP address, connection security, authentication level and other message or connection related parameters, ensuring a flexible protection for the queue and the storage (privileged users may have extended rights).
Sender validation (SPF compliant)
Axigen implements a standard-based SPF verification module for sender validation (if the remote domain is properly configured with SPF information).
This feature enables Axigen to automatically reject messages from unknown senders / IPs with a temporary error message. Unlike legitimate email servers, most spam sources will not try to resend the emails in question, thus reducing the amount of spam received by the Axigen server. Find out more about how Greylisting works in this dedicated article
Message integrity validation (DomainKeys compliant)
The messages' integrity may be checked if the originating server used DomainKeys to sign them; locally-originated messages may be signed by Axigen to allow validation by DomainKeys-compliant remote servers.
(Yahoo associates a higher spam score to unsigned messages.)
Blacklisting / Whitelisting
Permanently reject emails coming from untrusted senders - can be defined globally by the administrator (server level) and further refined by the users according to their personal needs (WebMail interface).
Administrators can also define Whitelists in order to permanently accept emails coming from trusted sources (such as business partners or remote offices).
Based on an IP-to-country database, administrators can block all emails coming from untrusted countries; alternatively they can accept emails coming exclusively from selected countries.
Administrators validate sender IPs against a selected list of DNSBLs (DNS Blacklists) in order to block emails; at the same time, they can also choose to skip this validation for custom defined IP Ranges. For increased protection, you can add Axigen's premium DNSBL & URIBL blacklist services.
Additional validations that can be run to reject spam are by checking the originating domain for MX entries and the originating IP for a reverse DNS entry.
The Axigen Advanced Filtering System allows the system administrator to define a set of filters and priorities at server, domain or user level, offering unparalleled flexibility to setup company security policies:
- Domain 1: filter with 2 AV and 1 ASPAM applications
- Domain 2: filter with only 1 AV
- General Manager: filter with 3 AV and 1 ASPAM applications
Embedded AntiVirus Protection - Axigen offers premium, scalable defense against Virus threats, by leveraging on Kaspersky Lab's advanced malware detection engine. *
Multiple AntiVirus & AntiSpam Filtering
Axigen offers support and currently integrates with 15 of the most powerful AntiVirus applications, among which Kaspersky, Symantec, F-Secure, Panda, McAfee, Nod 32, or Trend Micro.
Axigen Identity Confirmation © is basically the implementation of a Challenge / Response-based antispam method. It enables users to effectively block unwanted messages from reaching their inbox by intercepting incoming emails and requiring new / unknown senders to confirm their identity, while allowing legitimate communications to come through.
After applying the above mentioned antispam methods, the remaining traffic is further taken through a content filtering process (score based) & Bayesian filtering (through the included SpamAssassin). Administrators can set the thresholds over which the corresponding reject actions will be applied.
Embedded AntiSpam Protection - Axigen offers premium, scalable defense against Spam threats, by leveraging on Kaspersky Lab's advanced malware detection engine. *
Real Time AntiSpam Protection - To prevent Spam outbreaks the minute they occur, Axigen integrates Commtouch's award winning online service as an additional AntiSpam layer. *
Message Acceptance / Sending Policies (with expert-mode engine for acceptance rules)
- emails from impersonated users (authentication matching)
- emails from unauthenticated users
- emails suspicious to be spam (e.g. looping emails, emails with too large attachments and others)
Require validation for emails coming from unknown sources:
- emails coming from trusted sources (Whitelisting)
- secure connections only
Assign different outbound IP addresses to each domain; blacklisted IPs will only affect the associated domain, and not other domains operating on the same server.
- relay emails from domain 1 to route 1, using IP1
- relay emails from all other domains to route 2, using IP2
- specify a username/password authentication before routing emails
Built in DNS Cache
DNS query responses are cached; subsequent queries are resolved locally instead of being re-sent over the network.
Enforce user authentication on message submission and verify that the sender header matches the authentication credentials preventing impersonation attempts from local accounts.
Message and connection parameters for security policies (message size, anti-impersonation, SPF, access control, email address blacklisting / whitelisting, DNS checks, open relay blocking, etc):
- Originating host's IP, ports, greeting
- Originator's email address, domain or username
- Recipient email address, routing information
- Message size, headers, number of recipients
- Connection security level (SSL / non-SSL)
- Authentication information
- Session statistics (total mails sent, total size)
- SPF interrogation result; etc
Secure passwords enforcement
Define password strength policies (minimum password length, required sets of characters and so on), restricting the users from setting simple passwords.
*) Available as add-on