Mirapoint adds directory to email gateway
Local anti-spam checks mean less network load
Mirapoint has developed what it says is the first secure email gateway with a built-in directory and policy engine. According to the company, this increases security and lightens the load on the gateway because it no longer has to query the corporate directory server through the firewall for every incoming message.
The directory software is now a standard feature on Mirapoint's RazorGate appliances and will be a free upgrade to customers on support contracts, said Mike Dodson, the company's security accounts technical director.
He said that the Mirapoint directory software can copy email addresses and associated policies - but not more sensitive data such as passwords or user names - from a variety of LDAP servers, such as Active Directory, Domino or eDirectory. It also has features to detect and prevent directory harvesting, he added.
"Historically, the gateway would have a steady stream of traffic going back to the directory - checking for valid recipients, whether they can receive that type of attachment, and so on," he explained. "The problem is that spikes in email traffic are passed on to the directory servers.
"Also, email gateways are hardened, but if your gateway server were ever compromised, the attacker would be able to attack your directory. This way, the most they could get is a list of email addresses."
But doesn't the addition of policy enforcement increase the workload on the email appliance, reducing the amount of email it can handle? Dodson claimed not.
"Quite the opposite," he said. "Now when we query the directory it's process-to-process, not over the network, so it works in our favour. We actually get a marginal performance improvement."
He claimed that while the technology to replicate directory data is pretty standard in the metadata world, this is the first time it has been used in an email appliance.
The increasing importance of the directory in messaging means that Mirapoint's competitors are sure to follow suit, but Dodson suggested that integrating the replication technology and the directory into the email appliance, and providing the right management tools, would take them many months. ®
This is new?
The email systems from OpenWave (previously Software.com) have been able to use local LDAP directory cache servers for almost a decade now. I'm not convinced Mirapoint have come up with anything new.
Hardly an overhead
Hitting the AD for such information is hardly an overhead. If it is, they either have an elderly infrastructure or need to look at tackling spam off their network, rather than on this box once it's already within it.