Should Mail Servers Keep "Office Hours?"
You turn off the lights at night, turn down the HVAC and forward the phones to an answering service but you leave the mail server running 24 x 7. While it is getting more shared to be working in a 24 x 7 shop for some industries (IT sustain has always had strange hours) how many authentic business related e-mails do you get after midnight or on the weekend? The reason I ask is that I reviewed the mail logs for a few companies and found that most of the time no authentic e-mail comes by after hours. Nada, Zip, Zilch. There were a few marketing messages but chiefly what does come by in the wee hours of the night -Spam, spam and more spam. Just like the Monty Python sketch it is spam with spam and a side of spam with additional spam if you want it.
This has led me to the idea of setting up ‘office hours’ for inbound e-mail.
I know that the FortiGate firewall’s we use and suggest to customers have an easy to implement ‘schedule’ characterize for each firewall policy. I have used this characterize before to limit access to certain features like the SSL-VPN for business hours. Why leave the door open to a hacker after hours. Using a schedule to block this characterize is like pulling down the security bars you see in the mall. Using this same characterize you could restrict inbound e-mail to reasonable hours. Open the SMTP port an hour or two before the office opens and cut it off after 10:00 PM or at all event is reasonable for your company. If the sending mail server is authentic it will re-try and either succeed when your mail server is obtainable or bounce the message back to the sender. If it is a spammer they will either waste time trying to connect to a mail server that can’t respond or just skip past your mail server and go on to someone else. This has the additional advantage of giving your anti-spam service time to catch up to the latest campaigns and be ready for them when the doors open in the morning. observe that this is just for inbound e-mail and not outbound so your Network Management Systems – like WhatsUp Gold – can nevertheless send you a page after midnight if there is an issue on your network after hours.
What do you think – is this a workable approach?