M-Switch SMTPSMTP Message Transfer Agent (MTA)
M-Switch SMTP is a high-performance, versatile Message Transfer Agent (MTA) which can be deployed either to support local users or as a gateway, switching messages between other MTAs.
M-Switch SMTP is sold in two configurations:
- M-Switch SMTP: Gateway/Backbone. Can be used in any configuration for SMTP switching and message processing.
- M-Switch SMTP. An MTA used to support local mailboxes (e.g. using Isode's M-Box POP/IMAP Message Store) and giving access to SMTP networks for the use of these mailboxes.
Both configurations include ACP142 for use with Data Diodes and Military Messaging over SMTP for Military Messaging deployments, but not for deployment on constrained bandwidth networks (see M-Switch Constrained Network Server/Gateway for more information). In addition to core features, discussed on this page, the following add-ons are available for this product:
- M-Switch Encyption: Enabling message encryption and decryption capabilities (using STANAG 4406 Encryption for X.400 messages)
- M-Switch ACP127: Enabling message conversion to/from ACP127 and related protocols.
M-Switch SMTP is usually deployed in one of two ways; as a Boundary Messaging componant or to provide Mailbox Services.
In a boundary deployment, M-Switch SMTP provides application relay between a pair of organizations or domains. Typically two (or more) M-Switch SMTP servers will be used in an active/active configuration to ensure high availability. Key features of boundary messaging include:
- Security Label based Access Control and checking
- S/MIME digital signature signing & verification and encryption & decryption
- Message archive, audit and tracking
- Message content checking and conversion
- Message authorization and rule based routing and checking
- File Transfer By Email over networks and gateways that only allow email
A boundary switch may route internally to multiple departmental systems as shown above, and may perform address rewriting to provide a uniform external appearance. M-Switch can use LDAP to access multiple departmental directories in order to perform boundary address validation.
M-Switch is the message switching component of Isode's Internet Messaging. It is used in conjunction with M-Box, which provides message storage and access by POP and IMAP. The mailbox solution is useful for organizations and service providers, particularly where there are requirements for security.
Notable strengths of M-Switch SMTP are described below. Reasons why this product may be of particular interest include:
M-Switch products use Transport Layer Security (TLS) for data confidentiality and Simple Authentication and Security Layer (SASL) for authentication. SASL is also used to map simple identifiers onto directory names for authentication. A wide range of SASL authentication mechanisms are supported.
M-Switch products can check S/MIME signatures on message submission, to validate message integrity and origination. These checks are integrated with the authorization system, so messages can be controlled based on signature presence and validity. S/MIME Encryption is supported by M-Switch Encryption, which is a capability that may be added to all M-Switch products. You can read more about the security features common to all M-Switch products.
Authorization, Audit and Tracking
M-Switch provides rule based authorization based on a wide range of parameters. Messages may be archived, and details are recorded in an audit database. This facilitates flexible tracking based on message delivery and receipt.
The architecture of the Message Switch, the management tools, and directory based configuration combine to give a very high degree of deployment flexibility. This can be of particular importance in boundary situations, where complex mappings and checks are needed.
Excellent Scheduling and Operational Characteristics
The Queue Manager (QMGR) and channel architecture described below enables a sophisticated scheduling approach, which combined with the Message Switch's queue structure leads to a product which works exceedingly well in demanding operational environments. More details are given in the M-Switch Queue Manager page.
M-Switch SMTP provides a range of built in message format conversion capabilities, including S/MIME and Security Label handling and address mapping and redirects. It also enables customer provided message checking and conversion using the CCCP (Content Conversion and Checking Protocol).
Military Messaging over SMTP
A number of M-Switch SMTP Capabilities make it particularly suitable for Military Messaging, both boundary deployments and mailbox services, including:
- Advanced Message Tracking, as described in the white paper [Using Message Acknowledgements for Tracking, Correlation and Fire & Forget].
- Security Label Support following RFC 7444 (allowing extensible handling of security labels) in addition to S/MIME ESS.
- S/MIME Support for message signatures and encryption.
- Carrying military forms following MTF (Messaging Text Formats) including ADatP-3, USMTF and OTH-T Gold. M-Switch MIXER enables mapping of ADatP-3 to STANAG 4406.
- Flexible Authorization and Routing.
In addition M-Switch SMTP can support military messaging over SMTP as an alternative to (or complimentary to) military messaging using STANAG 4406, the NATO protocol based on X.400. Isode has developed a number of specifications in support for military messaging over SMTP, in particular:
- RFC 6477: Registration of Military Message Handling System (MMHS) header fields for use in Internet Mail. The M-Switch Message Profiler operates directly on RFC 6477 messages (as well as STANAG 4406 and ACP127).
- A standard for SMTP Priority (RFC 6710: Simple Mail Transfer Protocol Extension for Message Priorities) and an associated specification to support clients that do not have direct access to an MTA supporting RFC 6710 (RFC 6758: SMTP Priority Tunnelling).
M-Switch SMTP also supports CFTP (sometimes known as Battle Force Email/BFEM) for simple support of informal SMTP messaging for HF. Further information on Military Messaging can be found on the Military Email market page.
M-Switch SMTP uses directory based configuration, with configuration and user agent information stored in Isode's M-Vault directory. MConsole, Isode's management GUI for messaging, connects to the directory using an Isode Bind Profile, shared with Isode GUIs that access the directory. Multiple messaging configurations can be managed from MConsole.
MConsole also provides detailed operational monitoring of multiple M-Switch instances, providing operator functions which are a critical part of a managed messaging service including message tracking and queue monitoring. More information on SMTP Configuration Management and Operational Management can be found by following the links.