Best Linux email server practices is a vast topic because there is so much do be done. It is not possible to mention all the things you need to do in order to follow the best practices for a Linux mail server and this article definitely doesn't attempt to. Rather, here are just a few basic ideas.
Vendor-Specific Best Linux Email Server Practices
While there are many universal best Linux email server practices (as discussed in the next section), there are also vendor-specific best Linux email server practices you need to be familiar with if you want to configure and safely use a Linux mail server. This server could be Nginx, or PostFix, or any another Linux email server, including web based email Linux servers. In any case, what you need to do is read the documentation because this is the place where most of the tips and tricks are described.
Universal Best Linux Email Server Practices
With the clear understanding that it takes volumes of thick books to describe even only the most important best Linux email server practices, here are some very basic tips on what to do in order to make your Linux email server secure:
- Use SELinux. SELinux has many features you can use, so if it isn't installed and enabled by default, do it right away.
- Disable any modules you don't need. It is a universal security rule that any modules you don't need should be disabled, because this way you decrease the number of potential vulnerabilities. Linux email servers aren't an exception to this rule, so go on and disable any modules you don't need.
Enable a firewall. Having a firewall enabled is another basic security rule. When you enable your firewall, test if the firewall can be detected. Always enable only the ports you need. If you wonder which ports on a firewall to block, start with blocking all ports and proceed to open only the ports you need - (i.e. port 80, 443, 25, etc.) for the mail and network protocols your server will support.
- Always use antivirus and antimalware programs. Malware on Linux might be exotic but if your network is hybrid (i.e. you have Linux and Windows machines), then the risk for your Windows machines still exists. This is why you should always use antivirus and antimalware programs on your Linux system.
- Set a spam filter. Setting a spam filter is also an obvious security best practice. A spam filter decreases dramatically the amount of junk mail you get and this way your Linux email server processes a lighter load.
- Delete accounts quickly. If you have inactive accounts, don't keep them. For instance, when somebody leaves the company, delete his or her account right away.
- Get security plugins. Many of the best Linux email servers come with security plugins, addons, additional scripts, etc. Check what is available for your Linux email server and get it.
- Set low user account timeouts. It is best if you don't allow users to remain logged in at al,l but since this is impractical, your next best move is to set low timeouts.
- Require frequent password changes. Your users will hardly love you for making them change their passwords frequently, but since old passwords are a security risk, you need to set rules that make your users change their passwords regularly.
- Don't relay. Mail relay poses many risks for your Linux email server, so don't do it, unless you absolutely have to.
These best Linux email server practices are really very basic and each of them can be expanded a lot. Therefore, don't take for granted that if you follow these best practices, your Linux email server will become secure instantly – it won't! However, if you neglect these best Linux email server practices, then you may have no security at all.