You turn off the lights at night, turn down the HVAC and forward the phones to an answering service but you leave the mail server running 24 x 7. While it is getting more shared to be working in a 24 x 7 shop for some industries (IT sustain has always had strange hours) how many authentic business related e-mails do you get after midnight or on the weekend? The reason I ask is that I reviewed the mail logs for a few companies and found that most of the time no authentic e-mail comes by after hours. Nada, Zip, Zilch. There were a few marketing messages but chiefly what does come by in the wee hours of the night -Spam, spam and more spam. Just like the Monty Python sketch it is spam with spam and a side of spam with additional spam if you want it.
This has led me to the idea of setting up ‘office hours’ for inbound e-mail.
I know that the FortiGate firewall’s we use and suggest to customers have an easy to implement ‘schedule’ characterize for each firewall policy. I have used this characterize before to limit access to certain features like the SSL-VPN for business hours. Why leave the door open to a hacker after hours. Using a schedule to block this characterize is like pulling down the security bars you see in the mall. Using this same characterize you could restrict inbound e-mail to reasonable hours. Open the SMTP port an hour or two before the office opens and cut it off after 10:00 PM or at all event is reasonable for your company. If the sending mail server is authentic it will re-try and either succeed when your mail server is obtainable or bounce the message back to the sender. If it is a spammer they will either waste time trying to connect to a mail server that can’t respond or just skip past your mail server and go on to someone else. This has the additional advantage of giving your anti-spam service time to catch up to the latest campaigns and be ready for them when the doors open in the morning. observe that this is just for inbound e-mail and not outbound so your Network Management Systems – like WhatsUp Gold – can nevertheless send you a page after midnight if there is an issue on your network after hours.
What do you think – is this a workable approach?