Like all Security Gateway releases, the developers at MDaemon Technologies continue to add new customer requested features and enhancements to meet the latest email security and compliance needs for businesses, whether they're using cloud hosted or on-premise email servers. Here is a quick overview of just some of the latest features end users and IT administrators will find helpful. A more comprehensive list of all new features and enhancements can be viewed in the Security Gateway for Email Servers Release Notes.
Security Gateway’s Data Leak Prevention feature now includes a list of medical terms, with a pre-configured score assigned to each. Administrators can modify these scores, or add their own medical terms. Messages are scanned for matching terms and the sum of the scores for all terms found is calculated. The specified action (administrative quarantine, encrypt) is performed on messages for which the final score exceeds the defined threshold.
The new Change/Audit log allows administrators to review any changes to Security Gateway’s configuration settings, along with who made them.
Security Gateway’s archiving feature now includes the ability to export all archived messages for a domain and compress them into a .zip file that can be downloaded to the desktop.
SecurityGateway’s clustering service now supports active database replication for improved failover/redundancy. For additional details, please see the Security Gateway release notes.
The ability to run a custom process/script during message processing has been added. Administrators can specify an action based on the result of the script. For more information, please see the Security Gateway release notes.
Clustering allows multiple active Security Gateway servers to share a single database, and provides improved failover & redundancy to help protect businesses from unexpected service interruptions.
For added protection against unauthorized login, Security Gateway supports two-factor authentication. Administrators can enable two-factor authentication globally or per-domain.
Security Gateway can check a user’s password against a compromised password list from a third-party service, and then prevent users from using passwords found on the list. If a user’s password is present on the list it does not mean the account has been hacked. It means that someone somewhere has used the password before and it has appeared in a data breach. Published passwords can be used by hackers in dictionary attacks.
RequireTLS allows administrators to flag messages that must be sent using an encrypted (TLS) connection. Messages that cannot be sent via a TLS-encrypted connection will be bounced back to the sender rather than being sent without TLS. Like Strict Transport Security (STS), RequireTLS also protects against man-in-the-middle and encryption downgrade attacks.
MTA Strict Transport Security (MTA-STS) is a new internet standard that improves email security by requiring email to be sent to an authenticated server using good encryption between all connections through which the message passes. This helps prevent unauthorized message tampering while ensuring privacy and data integrity.
Mis-configured TLS settings can lead to undelivered email messages or delivery over unencrypted connections. To help alert administrators of potential issues, SMTP TLS Reporting can be used to alert administrators of TLS connectivity problems experienced by mail servers, gateways, or other applications used to send mail. When this feature is enabled, each day Security Gateway will send reports to all STS-enabled domains that it has sent (or attempted to send) mail to that day. Administrators can then use this information to take corrective action to secure their email communications.