Secure Email: STARTTLS and Policy Based Server Load Balancing

STARTTLS and Policy Based Server Load Balancing: A new standard in email communication

Two of the most known problems in corporate email infrastructure are email confidentiality and email spam (unwanted messages). The AX Series offers two technologies to solve these problems and reduce the cost of running a secure email infrastructure:

• Start Transport Layer Security (STARTTLS) email encryption services
• Policy-Based Server Load Balancing (PBSLB) to defeat spam

STARTTLS

SMTP, the email transport protocol, unlike its counterpart for the Web HTTP, has lacked widely adopted use of encryption for sensitive content, and hence confidentiality, opening up enterprise and government communications to unwanted disclosure.

Unlike HTTPS, which creates an encrypted connection at the start of a connection, STARTTLS is the command that initializes an SSL connection over the existing SMTP connection. However, like HTTPS this uses the familiar SSL (Secure Socket Layer) protocol thereafter.

With the AX Series SMTP STARTTLS, SSL encryption can be added quickly and easily. Some of the highlights and available control aspects include:

• Granular control of STARTTLS allowing required or optional use when clients connect
• Use of SSL templates for management simplicity
• Enabling or disabling of SMTP commands such as VRFY, EXPN, or TURN
• No changes to the back-end mail servers

As STARTTLS becomes the standard in email encryption, similar advantages to those required by HTTPS SSL offload are needed. With the AX Series, security and performance can be implemented, and for existing server based installations can be vastly increased.

PBSLB: Policy-Based Server Load Balancing

Anti-spam services today allow deep inspection into mail messages to determine if a particular message is spam. With the AX Series PBSLB service, the AX load balancer can become the first line of defense to augment and optimize these existing solutions. This is all in addition to providing load balancing to scale the email servers. For example:

• Drop/block spam at the load balancer
• Reduce traffic handled on load balanced servers and dedicated anti-spam appliances
• Eliminate unknown attacks from known bad hosts
• Ability to manually update addresses and subnets by administrators
• Ability to leverage publicly available lists of known spammers

Additional advanced processing capabilities include:

• Setting connection threshold for the client address to drop excessive connection requests
• Service group ID for specified client addresses that can be mapped to a service group, dropped, or reset

With black/white lists containing up to 8 million individual host addresses and up to 10,000 subnet addresses, PBSLB is highly scalable. Deploying an AX Series load balancer increases the security of the email servers behind it as well as reducing the volume of messages they need to process.