SmarterMail in Individual and Micro-business Deployments
Who Should Use This Document
This document is intended for use by individuals and micro-businesses as they develop an effective architecture for their SmarterMail system implementation. For best results, this document should be used in conjunction with the SmarterTools Knowledge Base.
Determining the Required Architecture
It is not unusual for a business to generate upwards of 50 legitimate mail messages, per employee, per day on average1. Considering the relative volume of spam and other abusive messages that are currently prevalent, the total number of messages processed per user/mailbox could easily exceed 250 per day2. Companies in technology, finance, and other communication-intensive industries might have much higher average email volumes. A tendency toward the prolific use of attachments and email graphics can also influence performance in mail environments. SmarterTools encourages readers to determine which architecture is right for them based upon anticipated email volume as opposed to head-count because email load is a far better predictor of server requirements than the number of mailboxes on a system.
SmarterMail is built around a fully scalable model, so moving from one architecture recommendation to another requires relatively simple enhancements or modifications that can yield significant increases in performance and volume capacity.
That said, the authors have chosen to divide their recommendations into three categories: individual and micro-business architectures, small to medium-sized business architectures, and high-volume deployment architectures. For the purposes of these recommendations:
- Individuals and micro-businesses shall be defined as mail environments with average email volumes of up to 25,000 messages per day (12,500 in/12,500 out). This infers a maximum of 100 mailboxes. Information regarding these architectures is available in this SmarterTools document.
- Small to medium-sized businesses shall be defined as mail environments with average email volumes of up to 400,000 messages per day (200,000 in/200,000 out). This infers a maximum of 1,600 mailboxes. Information regarding these architectures can be found in our Small to Medium-sized Business guide.
- High-volume deployments shall include ISPs, hosting companies, large businesses, and enterprise organizations with average email volumes numbering in the millions. This infers organizations with many thousands of mailboxes. Information regarding these architectures is available in our High Volume Deployments guide.
1Intel presentation, “IT Business Value”, 9-16-2005.
2Nearly 80% of email messages sent world-wide are spam….”; Deleting Spam Costs Business Billions, Information Management Journal, May/June 2005, Nikki Swartz
General Architecture
Small businesses generally have a single SmarterMail server that processes all mail for all users. This includes webmail client logins, antispam and antivirus protection, syncing of contacts, calendars, tasks and notes using a syncing protocol, and it can even include archiving, if necessary. Just remember: the more you add, the more you need in terms of processing power and memory. In addition, if the server processes large amounts of email, it may be necessary to add a larger hard drive, or even move from standard hard drive configuration, such as a SATA drive, to using a SSD. Here is what a standard Small Business Deployment looks like:
SmarterMail Primary Server
This server is the central data processor and repository of your client's email. Users connect to this server using POP and IMAP to receive email, and use SMTP to send email out. Webmail is also hosted on this server to help those without email client software. In addition, the SmarterMail server performs all spam-blocking and virus protection operations.
Hardware recommended in this configuration for individuals and micro-businesses includes:
- Dual-core processor
- 2+ GB of RAM
- Windows Server 2019, 64-bit is required
- 250GB SSD for your Operating System and data (NOTE: size is dependent on the number of users, data to store, etc.)
- 250GB 7200 RPM SATA drive for your Spool
A Note on the Spool
Nothing taxes hard drives more than an email server. Due to the nature of what a mail server does, i/o is a HUGE mitigating factor in terms of performance. This is because, generally, so many files are written to, and read from, the hard drive. As a result, even on small installations it's a good idea to keep your Spool -- the primary location where ALL messages go when they're sent or received -- on a drive that's separate from your operating system. The Spool folder, while crucial to a mail server working properly, can be relatively transitory -- moved, renamed and re-created, etc. as needed. However, your OS drive is not. In addition, as so many files are written to the Spool, the drive where the Spool is located should be defragged regularly.
Email Virtualization: VPS Environments
A virtual server environment is when one physical hardware device is partitioned so as to operate as two or more separate servers. SmarterMail can be deployed in all types of virtual server environments and has been tested with most major virtualization software (such as Hyper-V, VMware, Virtual Box, Virtuozzo and Zen). The most important factor of performance in a shared environment is the design and implementation of the storage network to ensure SmarterMail has enough IOP availability to the storage pool. Leveraging iSCSI with IO Multipathing is recommended over standard 1Gbe connections if fiber channel, or 10Gbe is unavailable.
Securing an Email Server
Backups, Policies, and Infrastructure
As the old saying goes: "Stuff Happens". And, it happens for any one of a number of reasons. As a result, email administrators need to ensure they have safeguards in place in order to be able to react (by being proactive) when these issues occur.
One of the most important things is to ensure you're backing up SmarterMail, from configuration information to domains and users. There are several ways you can do this, and several systems and services you can use. Below are a few knowledgebase articles that can help you plan how to backup SmarterMail.
- Backup and Restore SmarterMail
- Regularly Backup SmarterMail Using Robocopy
- Regularly Backup SmarterMail Using Hobocopy
- Restore a User's Account, Folders, or Emails
Of course, then there are backup and retention policies. With the many regulations and certifications out there, these will vary based on your business. However, having incremental, and complete, backups on a regular schedule can help ensure that, should a disk go bad, or if you run out of disk space, you will have relevant backups that can be used to restore SmarterMail, and the various domains and users, back up and running as quickly as possible.
Next, things like firewall protection needs to be considered, and locking down access to your mail server, especially if email is all the server is being used for. There are a few number of ports that need to be opened, and the rest could probably be disabled or otherwise locked down. The point is, there are a few things to consider when securing your SmarterMail server and keeping it protected. A good system admininstrator needs to look at all areas of access, and pontential points of exploaitation, and really lock them down. That starts with the design of your SmarterMail server (e.g., RAID options, disk types and sized, etc.) and then branches out from there.
General Security
SmarterMail's included antispam and antivirus measures will work perfectly fine for most small business installations. That said, they may need monitoring and scores adjusted as needed to ensure that the majority of spam your mail server receives is handled appropriately. In addition, it's recommended that greylisting is used. While this can impact the delivery of messages, it's a good way to prevent one-off spam messages from getting through. The unfortunate thing about spam is that there is no silver bullet: spam protection takes some time and diligence. However, having multiple layers of spam protection, like using the included antispam measures, greylisting and potentially adding in another antispam measure, is the best approach to keeping inboxes free from the clutter of unwanted email.
The nice thing is, if additional services are needed, they can be easily integrated into SmarterMail. That includes Cyren Premium Antispam and Zero-hour Antivirus, as well as any third-party services a business wants to implement. (E.g., SpamExperts.) In addition, SmarterMail runs well if other antivirus products are used on the server, such as AVG or Eset.
Regarding security, the default security settings will be fine for most small businesses. However, it's never a bad idea to implement good password policies and have IDS in place to ensure your mail server is at least protected. Other things, like throttling and more, can be put in place to ensure your mail server remains unaffected should issues occur, such as a mailbox becomes compromised. In these instances, throttling can keep that compromised account from blasting out emails that could get your mail server blacklisted.
Then there's putting things in place to help offer proof that an email is originating from the server it says it's coming from. These include DKIM, SPF and DMARC, which are all supported by SmarterMail. These, PLUS requiring SMTP authentication for your users, can help prevent mail from being blocked at the recipient's mail server.
SmarterMail in the Cloud
SmarterMail has been tested in Amazon EC2, Google Cloud, as well as Azure and functions as expected. One thing to take into consideration here is ordering the proper instance with adequate storage IOPS.
Please take into consideration, most cloud providers also restrict SMTP traffic.
With Amazon, you'll need to fill out a request form to remove e-mail sending limitations. This can be found here: https://aws.amazon.com/forms/ec2-email-limit-rdns-request
With Google Cloud, you'll need to leverage an Outbound gateway such as SendGrid. More information can be found here: https://cloud.google.com/compute/docs/tutorials/sending-mail/
Windows Azure does not place such restrictions when it comes to sending out over port 25 but do place restrictions on overall outgoing traffic and implement bandwidth throttling based on the size of your VM.
Note: If using Hyper-V, SmarterTools recommends attaching a physical network adapter from the Hyper-V host to the SmarterMail virtual machine instead of using the virtual network manager to create virtual LANs/bridges. This is because there is a risk of losing network access to all of the virtual machines if they are all tied to a single virtual network and a network-related issue occurs on one of the virtual machines. By allowing the SmarterMail virtual machine a dedicated physical connection, this risk can be eliminated.