Best open source email security products

best open source email security 1

Email security

Email security is of paramount concern in any organization. A significant percentage of malware is delivered via email, on the premise that an unsuspecting user will open the message, allowing the malware payload onto the user’s machine. From there, malware can worm its way into the network and wreak various kinds of havoc, often undetected, sometimes for months or even years. We decided to review four open source products to see if they could deliver enterprise-grade security. The four products were CipherMail, MailScanner Scrollout F1 and hMailServer. Read the full review.

CipherMail email encryption gateway

CipherMail email encryption gateway

The community version of CipherMail is open source software that can be installed on most versions of Linux. It runs on Java and requires Postfix and Tomcat for the Web GUI. CipherMail focuses on a single function of the email process, namely encryption. The Web user interface has a modern look and is easy to navigate, but performance was a bit sluggish. CipherMail provides administrators with quite a bit of granular control, from general server settings down to how mail is handled for individual user accounts. CipherMail can encrypt/decrypt both incoming and outgoing emails. Although CipherMail provides a fairly narrow function in the email chain, it is one that can be very important, especially in environments where sensitive information needs to be protected and/or there are regulatory compliance concerns.

Scrollout F1 Anti-Spam Email Gateway

Scrollout F1 Anti-Spam Email Gateway

Scrollout F1 is an excellent choice for those seeking a solution with comparable features to MailScanner, but who may prefer a streamlined approach. Scrollout F1 is an open source email gateway that installs on Debian Linux and integrates with existing mail servers such as Lotus Domino, Postfix and Microsoft Exchange. Scrollout F1 can be installed with a few commands from the terminal or by using a pre-configured ISO. Scrollout F1 is primarily a gateway for incoming emails. Scrollout F1 uses a scoring system to determine if a message is spam. Administrators have granular control over this and other settings. In addition to spam and virus checking, Scrollout F1 provides black and white list options. One feature we particularly liked was the ability to manage emails by country. Also, there is a log and statistics presented in graph form. Overall we liked Scrollout F1 for its ease of installation and use. However, we found the Web interface a bit hard to read.

hMailServer

hMailServer

hMailServer is a free open source email server that has compelling security features and runs natively on Windows. Installation was straightforward. hMailServer is managed from a Windows program that runs from the desktop. The management console is somewhat austere and dated, but easy to navigate. hMailServer has several built-in spam protections and attempts to determine as early as possible in the process whether a message is spam or not, thereby conserving server resources. It uses a scoring system, where each spam checking method adds a value to an accumulating score that is used to determine how a message is handled. In addition to anti-spam features, hMailServer provides grey-listing and comes with built-in support for ClamAV, open source anti-virus. Another powerful feature is the ability to create VB scripts to perform certain tasks. We found hMailServer to be a good fit for those who need a Windows-based solution.

MailScanner Email

MailScanner Email

MailScanner is probably the better solution for those in a more enterprise like environment, as it can be installed on a broad selection of platforms and it has a bit more firepower than Scrollout F1. MailScanner is open source software released under GPL license that runs on most flavors of Linux and integrates with Linux-based email gateways. We installed MailScanner on an Ubuntu server, but this was not an easy task. As part of the install you can select to install a MTA such as Postfix or SendMail, there are also options to install SpamAssassin and ClamAV. MailScanner provides a ‘command center’ for other open source anti-spam and anti-virus tools as well as over 20 commercial offerings. We wish MailScanner had a better installation interface. However, once installed we liked how MailScanner provides great granularity for handling messages containing spam and also its ability to integrate with other products. The documentation, essentially a 400-page PDF book by the founder of MailScanner (Julian Field), is very comprehensive.