Here an e-mail firewall refers to an enhanced, firewall-oriented e-mail handling component on an Internet firewall system. A basic Internet firewall system generally controls what TCP/IP interactions are allowed between the external world, considered to be unsafe, and an internal, protected environment, considered to be safe. To be an e-mail firewall system, this system should also check and control the e-mail passing between the internal and external environments.

• An e-mail firewall can perform address transformations, converting external presentation addresses in messages incoming from the external world to actual internal addresses, and transforming internal addresses to external presentation addresses on messages outgoing to the external world. See Chapter 3 for a discussion of centralized naming in general, and Section 30.4.8.4 below for mention of special considerations on an e-mail firewall.
• An e-mail firewall can enforce restrictions on what messages are allowed in or out. See Section 30.4.5 below. In particular, an e-mail firewall can disallow certain sorts of message traffic, and can be configured to protect against denial of service attacks.
• An e-mail firewall can be set up to perform filtering on message content, e.g., limiting message size, or checking incoming binary attachments for viruses. See Section 30.4.7 below.
• An e-mail firewall is careful in what information it emits in response to external systems' possible probe attempts. See Section 30.4.8 below.
• And an e-mail firewall provides facilities for message logging and message traffic statistics. See Section 30.4.3.