Secure email with IceWarp mail server 10
Ice Age
The IceWarp server [1], created by the company of the same name, offers not only an email feature, but also instant messaging, groupware functionality, a VoIP server, and a web interface for administrators and users. Anti-spam and anti-virus protection are also on board, and Outlook and various phone systems can be linked into the application as well. The manufacturer claims that more than 50,000 servers have been installed, serving more than 50 million users. The server offers most of the familiar features of Exchange Server. In other words, the IceWarp mail server is a direct competitor for Exchange or Lotus Notes.
IceWarp server is modular. Administrators can enable and configure individual functions separately, and the licensing model is also modular. Companies can thus exclude unnecessary functions and save on licensing fees.
Above all, the IceWarp mail server offers support for the SMTP and POP/IMAP protocols supported by all popular email clients, and the services can be encrypted with TLS and SSL. The server creates an archive of incoming and outgoing email that users can access and then protects the archived email against accidental deletion.
Configuration is handled in the management interface (Figure 1), and access is client based. IceWarp mail server also handles email attachments more intelligently than many other email systems.
Storing Attachments Locally
When a user sends an internal email with an attachment, the server stores the file locally and only sends a link. That is, when users send an email to multiple users, only one copy of the file is necessary. Access to the files is also possible via network shares or FTP, helping companies save space, especially where there are many large file attachments. In Exchange, on the other hand, the file is always stored in full in the user's mailbox, thus bloating what are already fairly fragile databases. Public folders can also be used with IceWarp. Access is either via Outlook, another client, or the built-in web client.
A real IceWarp advantage is its approach to data storage. Whereas Exchange uses the legacy Jet system for data storage, the IceWarp server relies on real database systems. You can connect Microsoft SQL Server, MySQL, or Oracle, and the server can communicate with clients via the licensed Exchange ActiveSync protocol. Thus, users generally do not need to change software or hardware and can continue to work with Outlook and their current smartphones. Other clients can connect without problem. The IceWarp mail server supports a variety of protocols and services.
Active Directory or LDAP
IceWarp server manages the user data in Active Directory, but it also supports OpenLDAP. Generally, user management is handled in IceWarp, but the server can read data from Active Directory if the administrator creates users. Although IceWarp is flexible, management with Exchange is easier: In Exchange, administrators only have one interface to manage users and email accounts, as well as a single directory service in the form of Active Directory. User accounts from Active Directory immediately become available on the mail server and can send and receive email and use instant messaging.
Like Exchange, IceWarp supports the use of rules. These can be set on the server side and bound to user email domains or entire groups. Of course, users can also set their own rules, although administrators can check user rules and disable them if necessary. Policies can also be deployed, but they are not as comprehensive as the ActiveSync or device policies in Exchange (Figure 2).
For example, you cannot define genuinely comprehensive settings and disable hardware or features on smartphones. However, admins can specify how secure user passwords need to be. The extended configuration for sending or relaying email is more extensive than in Exchange and, above all, more stable.
Because IceWarp supports many features and standards, many system services are used that can be monitored and disabled separately (Figure 3). The management console or the web interface provides an overview. Administrators can disable individual services, change settings, and adjust logging. In this way, you can also boost security by disabling unused system services. In our lab, the SMTP service occasionally hung and needed to be restarted. Some administrators therefore restart the service at regular intervals.
Instant Messaging, SMS, and VoIP
Beyond the mail functions, IceWarp also offers instant messaging and voice over IP (VoIP). For the chat feature, users can either turn to the locally installed client or use the web interface. The server saves the chat history so that it is available on all clients. The IM server can also access other systems on the Internet. For example, IceWarp supports ICQ, Google Talk, Yahoo, or Facebook chat. Administrators can define which networks to allow. The IM feature is based on XMPP (Jabber). Companies that use Exchange instead of IceWarp, in contrast, additionally need a Lync server.
Another feature of IceWarp mail server is a short message connector. Users can respond to text messages from cellphones via their email clients and receive text messages via the same route. Companies need a GSM modem to take advantage of this feature.
Users can also make VoIP calls via the web interface with the use of the Java client. In other words, users must have Java installed on the client and allow communication with the server. For VoIP, you can also deploy free SIP clients and commercial applications such as Bria by CounterPath [2].
Migration
In addition to the easy migration of POP-enabled email servers, the manufacturer also provides tools that enable administrators on Exchange Server or Kerio MailServer to migrate to IceWarp. IceWarp mail server is either managed in a Windows management console or via a web-based management interface, similar to Outlook Web Access in Exchange Server 2010. Command-line tools are also available for management. Unfortunately, the IceWarp mail server does not support PowerShell commands.
Like Exchange, IceWarp also supports autodiscovery for mail client configuration (Figure 4). Users need only enter their email address and password in the client. The appropriate application automatically sets up the connection to the server. This means users do not need to enter an IP address or server name to connect to the server. The autodiscovery feature can also be extended to smartphones. This function is configured in the management console.
Besides Outlook, users can work with other clients, like iCal, Thunderbird, Sunbird, or Novell Evolution. Because the server also supports CalDAV, WebDAV, and GroupDAV, companies have many options. IceWarp has licensed Exchange ActiveSync from Microsoft, which means all current types of smartphones, through Windows Phone 8, can be connected quickly and easily with the Microsoft protocol in the same way as with an Exchange server.
Besides the Exchange ActiveSync technology, the server supports the open source alternative, SyncML. As in Exchange, mobile devices can be deleted or locked out remotely via the server. The server includes a dedicated desktop client that works similar to Thunderbird (Figure 5).
All interfaces are translated into more than 20 languages, including English, French, German, Japanese, and Chinese. The web interface supports the right mouse button throughout and is largely intuitive.
Because many companies use Outlook, the manufacturer offers a tool with which the server can connect to Outlook. Outlook Sync works with current versions of Outlook and supports installation on Remote Desktop servers (terminal servers).
With the plugin, users can manage their email, appointments, contacts, tasks, notes, and journals directly in Outlook, but the data is stored on the server and thus also available for other clients (e.g., if users want to work with the web interface on the road). Synchronization between Outlook and the server runs automatically in the background. Users can also copy their own mailbox settings, office messages, rules, and sorting settings from Outlook using Outlook Sync.
Calendar, Contacts, Tasks, and Journals
Besides email, IM, text, and VoIP communication paths, the server also lets you manage appointments, schedule events, and reserve resources, just as in Exchange. Users can use tasks and notes on the IceWarp mail server. In addition to Outlook, the server also supports other clients (e.g., for FreeBusy or iMIP). Users can share their mailbox data with other users and assign rights, and IceWarp has a global address list like the one used in Exchange.
Anti-Spam and Anti-Virus Protection
The IceWarp server package also includes an anti-spam module, as well as anti-virus protection. Although Exchange also offers built-in anti-spam protection, it is not popular in the enterprise world and is rarely used without another solution on top. Unlike Exchange, IceWarp has an anti-virus solution based on the Kaspersky engine (Figure 6). Microsoft offers built-in anti-virus protection as of Exchange Server 2013.
Anti-virus protection is not free, though, and must be licensed. Companies that already use their own anti-virus gateways can buy the server without virus protection. For example, a license for 100 users without anti-virus costs about EUR 2,400; anti-spam and anti-virus protection puts the price up to EUR 3,100. These functions are managed directly in the management console; no separate tools are required.
The anti-spam module uses various technologies (Figure 7), such as the open source SpamAssassin software. If the server classifies an email message as spam, it puts it into the spam folder of the user's mailbox – clients can still access this folder – and the server automatically updates its definition files in the background.
IceWarp also has an integrated intrusion prevention solution that detects frequent attempts by email servers or users on the Internet to establish a connection. IceWarp can then block the IP addresses of the assumed attackers. The settings for this are already in place, but administrators can always make adjustments. Because the setup does not enable this protection by default, admins must invest in some manual work for optimal server protection.
Try and Buy
The manufacturer offers trial versions and installations on request. If you do not want to install a complete server, you can also test IceWarp in the cloud. The hosted model means that administrators do not have to worry about the server but can still manage the server via the web interface. An IceWarp server licensed for 15 users without built-in anti-spam and anti-virus protection will cost only about EUR 500.
Companies that opt for the cloud version can expect to pay a total of EUR 400 per month for a 100-user license. IceWarp support offers a guaranteed response time of 48 hours. However, faster response times are available for a surcharge. The manufacturer also provides a private forum. If you are looking for information about IceWarp server online, you will not find much.
Conclusions
The IceWarp mail server is a serious competitor for Exchange and other email systems. On the plus side are data storage on a genuine database server, space-saving handling of attachments, and support for popular formats for access to email and the like. The numerous protocols and functions and the modular design are also a plus. The integrated IM server and other functions, such as anti-spam and anti-virus protection, are sometimes better than those offered in Exchange, but they're not available for free. IceWarp comes with its own migration tools.
The server is an alternative for smaller environments. In the enterprise environment, integrating additional tools with Outlook or the use of multiple servers can cause some problems (e.g., if the SMTP service is overloaded). Because IceWarp is not particularly widespread, help with problems is difficult to find on the Internet, and administrators need to rely on proprietary support in case of problems. With a response time of 48 hours, the risk is that users will not be able to work with the mail system for two days, so before deployment, a company should first test exactly those functions they really need and then use only those functions.
If you are looking to purchase a new email server, IceWarp mail server is worthy of consideration; however, to my mind, it is hardly advisable to migrate an existing Exchange or Lotus infrastructure if the current environment works well. Some companies do not use IceWarp mail server as their main email server, but as a gateway between Exchange and the Internet. They thus take advantage of the security features and continue to use their existing email system.