On this page you'll find a general overview of M-Switch. On other pages you'll find information on:
- Architecture: Describes how M-Switch works and key capabilities
- Security: Looks at Security Labels, S/MIME, authorization and other security capabilities
- M-Switch Encryption: Describes the add-on capability providing message encryption
- Content Checking: Describes anti-virus, reputation, anti-spam, and content conversion
- Constrained Networks: Describes operation over Radio and Satcom networks
- ACP127: Conversion from SMTP to ACP127 text based organizational military messaging.
- Conformance: Sets out M-Switch’s conformance
- Distribution Lists: Describes support for Distribution Lists in M-Switch
- Management: Describes management capabilities for M-Switch
M-Switch has two basic deployment configurations described below: Boundary Messaging and Mailbox Services.
In a boundary deployment, M-Switch provides application relay between a pair of organizations or domains. Typically two (or more) M-Switch servers will be used in an active/active configuration to ensure high availability.
A summary of Boundary Messaging and the major benefits of a solution using M-Switch is given in the Boundary Messaging solutions page
Key features of boundary messaging include:
- Security Label based Access Control and checking.
- S/MIME digital signature signing and verification
- S/MIME encryption and decryption
- Message archive, audit and tracking
- Message content checking and conversion
- Message authorization and rule based routing and checking
- Anti-virus and reputation checking
- Interface to constrained networks, such as HF Radio and Satcom
- File Transfer By Email over networks and gateways that only allow email.
A boundary switch may route internally to multiple departmental systems as shown above, and may perform address rewriting to provide a uniform external appearance. M-Switch can use LDAP to access multiple departmental directories in order to perform boundary address validation.
M-Switch is the message switching component of Isode's Internet Messaging solution described in the Mailbox services page. It is used in conjunction with M-Box, which provides message storage and access by POP and IMAP. The mailbox solution is useful for organizations and service providers, particularly where there are requirements for security and support of mobile devices with open standards.
A number of M-Switch Capabilities make it particularly suitable for Military Messaging, both boundary deployments and mailbox services..
- Capabilities to operate over constrained networks including HF Radio further described in the M-Switch product description for constrained networks.
- It can be deployed as part of a system supporting Military Message Handling (MMHS) over SMTP as described in the whitepaper [Military Messaging (MMHS) over SMTP]. Full support for RFC 6477 military headers are provided.
- Advanced Message Tracking, as described in the white paper [Using Message Acknowledgements for Tracking, Correlation and Fire & Forget].
- Priority Handlingfollowing RFC 6710 is provided.
- Security Label Support following RFC 7444 (allowing extensible handling of security labels) in addition to S/MIME ESS.
- S/MIME Support for message signatures and encryption.
- Carrying military forms following MTF (Messaging Text Formats) including ADatP-3, USMTF and OTH-T Gold. MIXER mapping of ADatP-3 to STANAG 4406 is supported.
- Flexible Authorization and Routing.
- Conversion to STANAG 4406 messaging using MIXER and to ACP127 as described in the M-Switch ACP127 page.
Key Benefits of M-Switch SMTP
Notable strengths of M-Switch SMTP are described below. Reasons why this product may be of particular interest include:
Security Labels and S/MIME
M-Switch supports S/MIME digitally signed messages, and can verify inbound messages and sign outgoing messages. It can also handle Security Labels which are carried use S/MIME Extended Security Services (ESS). M-Switch gives Access Control checks associated with Security Clearance of channels, peer MTAs and users. It can also convert security labels with other formats, including support of FLOT (First Line of Text) labels.
S/MIME Encryption is supported by M-Switch Encryption, which is a capability that may be added to M-Switch
Authorization, Audit and Tracking
M-Switch provides rule based authorization based on a wide range of parameters. Messages may be archived, and details are recorded in an audit database. This facilitates flexible tracking based on message delivery and receipt. See [Using Message Acknowledgements for Tracking, Correlation and Fire & Forget].
The architecture of the Message Switch, the management tools, and directory based configuration combine to give a very high degree of customer flexibility. This can be of particular importance in boundary situations, where complex mappings and checks are needed.
Performance & Priority
M-Switch SMTP has very high throughput and low latency, handling messages according to priority (three level civilian or six level military).
Excellent scheduling and operational characteristics
The Queue Manager (QMGR) and channel architecture described below enables a sophisticated scheduling approach, which combined with the Message Switch's queue structure leads to a product which works exceedingly well in demanding operational environments. More details are given in the M-Switch Queue Manager page.
Mobile Messaging Support
M-Switch SMTP has very broad conformance for the SMTP family of standards in particular supports the Lemonade profile for mobile messaging. It is one of very few MTAs supporting “forward without download”.
LDAP directory based configuration
The Message Switch uses LDAP as its preferred configuration mechanism, which enables sharing of routing and configuration information, and flexible client/server management. Mailbox information is also held in LDAP directories, which can be integrated with an ISP provisioning system, or make use of existing (departmental) LDAP directories.
The product has a wide range of management features, including configuration, SNMP monitoring, distribution lists, content conversion, message tracking, statistics, quarantine management and address mapping control.
M-Switch supports DKIM and SPF reputation services, flexible anit-virus, anti-spam and dirty word checking.
Constrained Network Support, including HF Radio and Satcom
M-Switch provides optimized support for constrained networks, including HF Radio, faster Radio including VHF/UHF and Satcom. This includes operation over point to point and multicast networks and support of EMCON (Emission Control) where nodes are in radio silence.
M-Switch provides a range of built in message format conversion capabilities, including S/MIME and Security Label handling and address mapping and redirects. It also enables customer provided message checking and conversion using the CCCP (Content Conversion and Checking Protocol).
M-Switch provides a flexible directory based distribution list capability with comprehensive management and security capabilities.
File Transfer by Email
M-Switch provides easy support for transfer of files over email to one or more destinations. This works by applications simply copying files to and from directories. This can be useful to support file transfer over "email only" boundaries and file transfer over constrained networks.