|
 |
Each satellite is deliberately simple in design so as to ease deployment and management and to ensure that only the essential tasks are performed at the edge of the solution. The perimeter is protected by a single firewall, which also provides an IPSEC tunnel back to the core infrastructure. Behind the firewall there are two servers: a mail server and a scanning server. |
The mail server accepts mail on port 25 as normal, at which point the Checkbridge Mail Transport Agent (MTA) passes the email to the scanning server. The scanning server uses three separate scanners in parallel to examine the email and adds the result of the examination to the email header. The three virus scanners used by Border Scout are NOD32, produced by Eset, Trend Micro and ClamAV, an open source scanner. Definition files are updated automatically as soon as they are available. Multiple scanners are used to maximise the chance of a virus being caught by a signature-based scanner. The NOD32 scanner also provides Deep and Advanced Heuristics to stop unknown viruses. Spam is filtered using a combination of techniques implemented by Checkbridge (DNS blacklists, user defined black and white lists, mail volume based filters and distributed checksum clearing house) and a commercially available filter produced by Cloudmark, called Authority. The scanning server accepts the email, requests scanning from each filtering daemon and amends the header information accordingly, before passing the email back to the mail servers. The mail server examines the new header information and, depending on that information, delivers, drops or quarantines the email. Both servers log information, such as how the email was dealt with and why, for reporting purposes. The VPN between the core and the satellite is used for a number of purposes. User preferences are stored and amended on the core site, but pushed from the core to the satellites. Data is also sent back to the core from the satellite so that it's available for reporting purposes and so that email can be placed in quarantine. Mail is directed to a scanning site as a result of amendments made to the MX records for a particular domain. Multiple records ensure that traffic is directed to one of three sites, depending on which site is likely to provide the best performance. Such amendments are made when the service is initially configured and it will not be necessary to subsequently change them. In the event that a customer's inbound mail cannot be delivered due to the customer's email systems being unavailable the customer's email will be stored on Checkbridge infrastructure for a maximum of seven (7) days, or until the customer's email systems become available again. |
 |
|
|
© Checkbridge 2009 |