Slashdot Mirror
Exchange Compatible Spam Filters?
DamienMcKenna asks: "At work our license for Symantec Brightmail is coming up for renewal and I'm looking for alternatives that will cooperate with Microsoft Exchange 2003. Brightmail hasn't worked consistently since we installed it last year, has a low success rate, the client plugin has been very unstable, and it takes up far too much server resources for what it does. Given that many of the appropriate software is not available for trial (you have to base decisions off their marketing materials), does anyone have recommendations on what to use instead? It must be Windows-based (UNIX/Linux/BSD is out of the question right now), and should have an easy to use administrative interface since not all of the IT staff are very technically minded. A working plugin for Outlook for client-level configuration would also be appreciated."
The company I used to work at used MailMarshal for their spam/virus filtering. The interface was pretty good, but there was no Bayesian filters, nor client-side plugins (though I don't really thing they are that much of a bonus). It was pretty easy on resources; the Poweredge server we had never seemed to have much of a problem, and it was running IIS and MSSQL at the same time (it was a smaller business).
This was several years ago, and all those things, including a web interface and quarantines were supposed to be in the next version (and they've gone through some two or three versions since then).
Might be worth checking out anyway.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
If your IT staff is not technically minded, you have bigger problems than SPAM. Maybe it's just me, but I was under the distinct impression that the foremost qualification necessary to join the IT staff of any self-respecting company is to be technically minded. What are those people doing there if they can't do their jobs?
What kind of a "company" is this? I guess it's too much to ask for a name.
Quality, performance, value; you get only two, and you don't always get to pick.
There are a number of companies that'll sell you a standalone device that filters spam. I think it's the only thing you might be qualified to use...
ASSP is an excellent, cross-platform, open source mail filter that is quite popular amongst my long-suffering Windows mail server admins. Perl-based and platform-agnostic it might be what you're looking for.
I've had good luck with ORFEE. After implementing the Greylist, our spam went down about 75%. I then blacklisted the remaining spam-sending networks (only if I knew we wouldn't need to mail them) and it has now been several weeks since I've received a single piece of spam.
It doesn't have an outlook plugin, but we haven't really needed one. It also has a trial version.
McAfee is what my company uses on our Exchange server. I'm a linux guy, so I'm familar SpamAssassin and I use SA on my linux mail servers. However, since SA isn't available for windows, I did some research and discovered that McAfee created a product call SpamKiller, which uses SpamAssassin as it's base, and they basically create hooks into Exchange for it. SpamAssassin is currently up to version 3.1.1, and from what I understand, the McAfee product is still using the 2.X base for their code, but it does work OK. SA does a slightly better job since it's more up to date, but with McAfee's nightly antivirus updates, you also get an updated spamfilter settings and code. I'd give it OK marks and definitely suggest using it:
p amkiller_mail_servers.html
http://www.mcafee.com/us/smb/products/anti_spam/s
While you said it should be Windows-based, I wanted to make sure you are aware that you *can* have a Linux/BSD/Mac server filter spam and keep your Exchange server. It would just be a gateway that receives your mail, runs filters, and then sends the messages along to your Exchange server. Just something to think about. It would also mean your filters would not break as you upgrade your software, since it would be a separate machine from the one that runs Exchange.
And it works great. It hasn't been worth replacing our old Exchange setup yet, so I set up a little box running exim that handles all the incoming connections and runs them through spamassassin and clamav before forwarding to Exchange.
The IMF which ships as a part of E2K3 SP1 and later works well, and has the advantage of being free with Exchange.
I'm not sure if it can run on windows it seems to be all pearl based includes spamassassin and virus scanning http://www.renaissoft.com/maia/
I'd rather have a bottle in front of me than a frontal lobotomy
Your best bet if you want to not care if it's Exchange or anything else, go for a gateway product.
1) If you want to house on site, then use this: Trend Micro InterScan Messaging Security Suite It runs on windows, and has a really good hit rate for SPAM and it's even better with viruses.
2) If you don't mind getting someone else to do it for you: MessageLabs Spam and Virus filtering
The IMSS solution I am not going to turn around to you and say that it's the absolute best thing on the face of the planet, as quite simply I just haven't seen something out there yet, that really makes me go WOW! It is however, a really good gateway product, and works extremely well, if nothing else, it's the pick of a bad bunch. It's very configurable, and in from my experiences with it, tends not to screw up. That's a pretty important factor for me.
The MessageLabs solution is another gateway solution. It's not housed by you, so it takes up no server resources on your part, and the solution is extremely redundant. Certainly a hell of a lot more than you are going to get paying for it yourself in most instances. Their virus and spam definitions are essentially second to none, and the rates of false positives I have seen for spam are very good as well. Their interface on their web site isn't exactly feature rich, in actual fact it really is quite sparse, but then it does cover the basics, and their retention times for bad mails are good too.
So for gateway products, these are what I am recommending to customers at the moment. I am tending to not push for server based (Exchange server / Information Store) AV as hardware is cheap and if it's not on there it can't cause you any problems. All this tied in with the fact that it doesn't scale leads me to think that it's not worth it. The other suggestion would be to run Exchange on port 26 and have this on port 25. That way it can be on the same box, but it shouldn't interfere with Exchange at all.
I have no idea what your discount schedule is for resellers, so I can't even get you indicitive pricing. I also don't know where you are, so that helps me even less.
Happy hunting!
Berny
Curiosity was framed; ignorance killed the cat. -- Author unknown
I was going to suggest something similar.
An opensource frontend (cluster if required) that acts as a gateway to your exchange backend.
This is exactly what my company does and it works very well. I have, infact, never recieved a single piece of spam. It can be configured to touch base with the exchange backend to insure a real account/group is on the recieving end and 550 anything else.
Most of them are either tied to sub-standard products, or cause more problems than they're worth
Go for one of the plethora of standalone appliances that go infront of exchange. Any of them will increase the security of the exchange system, and combat spam. Some even include per-user spam quarantines that the end-user can control through a simple web interface.
Read up on Exchange 2003 SP2. MS made significant security and spam related enhancements to Exchange 2003 with the release of that SP. There is plenty of info on Microsoft's Exchange site about SP2.
I'd also recommend looking at GFI MailEssentials. It's cheap (free in it's "cheapest" version), simple to install and configure, and can do a good job when configured properly. Several methods for defining spam are available in the product - blacklists/whitelists, Bayesian, others.
Finally, consider outsourcing the entire spam identification process. Postini, which I've used for years at various employers, rocks. Adminitration and all user level functions (approve/delete quarantined messages, whitelist/blacklist addresses or domains, etc.) are performed via web browser (works great with Firefox or IE). Users are given their own id/password and are notified via email when they have quarantined items (once per day). Postini also does basic antivirus scanning (via McAfee) and while that isn't adequate in itself for protecting your email environment from viruses, it does offer an extra layer of protection. It's relatively cheap as well. If you are a small company (100 users), I believe McAfee offers Postini services bundled with some of their products geared for small business.
...Or at least, most of it. We're implementing the "spam firewall" box option that has been the vogue for the last few years because our Exchange spam filter is, likewise, coming up for license renewal. The last straw for me was when it came to image-only spam--for about two dozen of my 300 users, it won't block it. But it does block it for SOME people... Irritating, and hard to explain to a sales manager in the field getting six of these penny-stock-scam messages per day. I even have one guy who gets some penny-stock image-only messages blocked, others not.
Our new plan is to filter on the spam firewall for viruses and spam, dropping messages with viruses immediately, and dropping spam with a very high and obvious spam score. Anything that isn't spam at this point gets forwarded to Exchange. Spam below a certain point gets pre-pended with "SPAM:" in the subject so it is automagically filed by the tier 2 spam-filter and routed to the SPAM folder in Outlook. Spam above our threshold will not be forrwarded to Exchange and gets dropped.
On Exchange, the tier 2 filter will route the SPAM: messages that made it (our precaution against false positives getting totally dropped) to the SPAM folder in Outlook. The tier 2 filter will also be looking for spam/viruses that somehow got missed at tier 1, or for if a client gets a virus and starts spewing junk we want to block (from inside the SPAM firewall...)
It is convoluted, but we are having performance issues with Exchange related to spam being "filtered" on the Exchange server. In the recent past we've seen a drastic increase in spam volume because our company has put up an e-commerce web-site, so we're attracting more traffic and attention to our domain. In our current configuration, because every message that got dropped entirely (viruses) still had to come into the store, then be moved, and deleted, all contributing to log growth, store growth (exchange stores go one direction) and performance degradation.
By filtering the most obviously unwanted messages before they hit the Exchange store we keep growth of the stores to a minimum, they don't get fragmented and bog-down to molasses as often, and the customers don't complain as much/ever about "Outlook is requesting data..." (Anybody with large exchange stores in their life knows about the molasses phase some stores go through, and the wonderful "Outlook is requesting data..." phenomenon.
Who did what now?
http://www.barracudanetworks.com/
Not to evangelize too much, but but I love my barracuda box. It's conceptually a linux box with spamassasin and some bayes stuff with a web interface. But its great, no per user licensing, active directory integration etc. (The AD stuff lets it tell if an email address exists in your organization or not before forwarding the message. If not, it just hangs up on the sender.)
It isn't 100%, at least the way I have it set up because we don't want false positives ever, and my users are far too dumb to navigate the quarantine box. Anyway, overall in my experience it has been a nice box. Oh yeah, and the reseller I used set us up with a try-before-you-buy type thing, probably others will do that too.
I use and recommend XWall for Exchange by DataEnter. Go to www.dataenter.at and check it out. There is a 30-day eval that you can download, and it is extremely cheap (something like $250 per server). It is basically a gateway product, so you only install it on your SMTP gateways. My company with 3 Exchange servers only has it installed on the single SMTP gateway server, so we only needed one license.
XWall does pretty much everything that you could want. It supports greylisting, blacklisting, whitelisting, multiple SLS and blackhole services, and you can make exceptions or additions to just about any filtering criteria. It also has plug-ins for anti-virus capability. It has a large number of heuristic detection settings that you can enable/disable individually, and it even supports bayesian filtering. It also lets you flag, forward to an admin, bounce, or blackhole suspicious email as needed. It's really about the most feature-complete spam filter I've ever seen, and since it runs on the gateway it doesn't slow down client-side operations like many other products do.
At my company we installed it, turned on greylisting, turned on a couple of the heuristic options (failing RDNS lookups, having an internal address in the FROM: field on a message from an external source, etc), and set it to query two RBLs and our spam problem was literally gone overnight. It's actually very easy to set up, and the documentation and support are excellent.
My boss was a little leery of buying something via credit card from Austria (we're in the states), but I had used it at my previous employer's (for a Fortune 50 company with over 100 Exchange servers and 60,000 users), and had no problems at all. It's worth it's weight in gold.
Would it be possible to route your incoming/outgoing email through a smart host?
If that is an option, then you have a lot more products to choose from.
Personally, I run Exim4 w/SpamAssassin as the smart host for out ancient GroupWise 5.5ep installation.
And it is un-fucking-believably fantastic.
Trouble with a Symantec product? Symantec Error gets 3,000,000 hits.
Exim4 w/SpamAssassin protecting a GroupWise installation.
The only complaint I have is that GroupWise does not make the email nicknames available via LDAP. Exim itself rocks! SpamAssassin rocks!
What we found works best is having a Barracuda Spam Firewall in the DMZ, and allow only the Barracuda to talk to the Exchange server. LDAP lookup, drops the processor load on the Exchange, and once tweaked you don't get much spam though. Though, you do have to spend maybe an hour a week tweaking it. The Barracuda works really well overall though.
It also makes the exchange server more secure.
at work. However, have you considered instead of using brightmail on the exchange server, only use the foldering agent and set up brightmail filters as your MX record (top level) and have them relay the mail to your exchange? We have about >95% catch rate. You can set them up running on Windows with IIS SMTP, Linux with sendmail or Solaris with sendmail. As cheap as brightmail is and as good as it has worked for my company, I would keep it. My suggestion would be to use the "Suspected Spam" option and set the threshold to 62. The one thing I would suggest is if it is a windows based gateway filter, as described above, reboot it weekly (works really well if you can afford 2 boxes, since BM doesn't charge by server, CPUs or anything, but rather how many clients you have it filter for) or at least schedule scripts to restart tomcat (net stop tomcat... net start tomcat...) If on a *Nix box, just cron tomcat restarts.
I installed one almost a year ago & it's worked great.
There are some features like quarantine & an outlook plugin, but it works well even without those - the user's dont need to know it's there if you dont want them too.
"Nyquil - The stuffy, sneezy, why-the-hell-is-the-room-spinning medicine."
Works great, even syncs with multiple mail gateways, and you have no client because it uses public folders. http://www.gfi.com/
JP
You're going to find that 90% of the "mail security"/anti-spam solutions that are worth anything are devices of this ilk - turnkey appliances that run some bsd derivitave and generally don't care what mail system you run inside. This is really the way you should be looking anyway - these devices are purpose built to do nothing but process mail through whatever filters you configure them to use. You're going to see much greater effeciency and performance from a device like that rather than doing anti-spam with something that plugs into exchange. When (on average) 70-80% of the email your domain receives is junk, do you really want it getting into your bulky exchange infrastructure? Weed it out beforehand!
Most of the current crop of anti-spam devices work at least fairly well - obviously there are differences in some of the filters they support and the user interface; some will also have easy integration with other mail security options like encryption, etc. Another feature you might find is an Exchange plugin, though it seems easiest and much cleaner to manage spam from the client side via a web-based interface as opposed to attempted thick mail client integration.
Some examples:
CipherTrust IronMail
Baracuda (Look at your slashdot banner ads!)
Tumbleweed EMF
BorderWare MXtreme
IronPort
I believe all of these (with the exception of Tumbleweed) are some combination of *nix/bsd, mysql/postgres, apache, and custom smtp engines, all rolled up in a nice little easy to manage package. I'm partial to IronMail (mostly because I was a CipherTrust SA in a previous life), though the price point is a bit high. The MXTreme's are decent, and have BrightMail available as an add-on in addition to their built in filters. I've also heard good things about Baracuda, and the pricepoint is much lower, but I've not used them myself.
This is easy to use. It's outsourced to MS so they do all the maintenance work. It's called "Microsoft Exchange Hosted Filtering" aka Spamshark.p x
m spx
http://www.microsoft.com/exchange/services/buy.ms
You get a 30 day free trial too:
http://www.microsoft.com/exchange/services/trial.
It sends a daily e-mail (if you have any spam) to the client. And the client identifies if any are false positives. Very easy to use. $1.75/month/address if you can't broker a deal on volume pricing. So about $21/person/year + extra addresses.
What's your best option? Depends on how many users you have. But a hosted service might be the right option for you no matter who you go with.
One minior anoyance is that it did flag an address I had previously approved from a mailing list. YMMV. I don't get much spam at my corporate address from the get go, so I don't know how other people with high spam content like this system. But I do know that you don't want a false positive on that million dollar client.
Sunbelt Software's program called iHateSpam works very well on Exchange servers. It has an fairly easy administrative interface, and is very easy for users to understand. Also generates good look reports which are great for showing to execs and users how much spam is getting caught and who the worst offenders are. Demo version too. They have some other products for anti-virus and spyware and such, but I have only used the spam one.
Brightmail works fine. Exchange not so much. You have two good options:
A) An Ironport appliance.
B) Outsource to an antispam service.
Both of these solutions also protect your exchange server from hackers, mail floods and other things that tend to make your pager go off in the night.
Outsourcing is cheap if you're a smaller company. The Ironport lets you keep control it house if you're large enough to afford it.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
The Postfix server never dies unexpectedly (99.99+% uptime last year, including maintenance downtime) and we automatically have a backup MX for when Exchange falls over - incoming mail just spools up in Postfix until Exchange comes back online. There have been no problems whatsoever, and my boss thanked me for eliminating our spam (and reliability) problems. Don't rule it out until you check into it!
Dewey, what part of this looks like authorities should be involved?
I have used GFI MailEssentials before, and it worked fantastically. One thing that I thought was great is that you can connect it to spamhaus XBL/SBL servers to filter spam. It also supports Bayesian filtering, and has a lot of other nice features. Any of the features you use to filter spam you can configure so it goes straight to the Junk Mail folder. I don't know how GFI is compared to other software pricewise, but it is definitely worth checking out.
This works well with Exchange and is simple to maintain: CanIt Appliance
It's free, it's part of Exchange but shipped after the product.
See: here.
I used to fool a dedicated linux box and SpamAssassin. I tested out the IMF when it came out and for the spam my users see, it beat out how our SpamAssassin was configured.
It also integrates with exchange very closely and uses the new Spam Confidence Level header stuff.
-Malakai
A Dragon Lives in my Garage
at work there was a project last year to replace our trend anti-spam (which wasnt cutting it) and the solution chosen (and ALL were compared) was proofpoint. I am not saying it is the BEST solution for everyone but has worked quite well for us. Some spams still get through but overall does a good job filtering the mail before it gets to exchange.
There are some features like quarantine & an outlook plugin, but it works well even without those - the user's dont need to know it's there if you dont want them too.
Yeah. We use a pair of Barracudas at work and they're awesome. The web interface is intuitive enough that non-engineers can do the spam training and look for emails that got blocked unnecessarily. It auto-updates itself, and is totally transparent to the end users.
I couldn't imagine a better anti-spam system, unless maybe someone came out with one that deployed assassin robots to hunt down and kill the spam senders.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Get yourself a Barracuda. It is an appliance, is easy to configure and use, is updated regularly over the internet by the vendor, works with active directory, has plug-in for outlook users, and best of all will continue to work after you throw exchange away and get a real mail system. We buy them for our customers and have one ourselves, exchange or unix-based email.
you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
We're using an Astaro Firewall & Spam filter for 100 users. We get updates very frequently, up to 6 times daily, and the results are excellent. On occasion we will find a new spam variant getting through and normally in less than a day that hole will be closed with an automatic update. This is in an environment where some mail users received 300 spams a day. I walked into this situation before I knew how bad it was - Groupwise 6.0 on a Netware 6.0. With the firewall/SMTP proxy solution, we get great spam filtering and we didn't have to touch Groupwise other to set a smart SMTP host.
We installed Sophos PureMessage for UNIX about a month ago on our postfix SMTP gateways. The performance has been outstanding and provides web management user interfaces. Note that we specifically chose an AntiSpam/AntiVirus solution for our SMTP gateway servers different from our enterprise AntiVirus solution (we run McAfee GroupShield on Exchange and McAfee Enterprise 8i on our desktops and servers).
o ws-exchange.html
Since a UNIX server is not an option (though the web management interface may change that), you might want to take a look at PureMessage for Exchange:
http://www.sophos.com/products/es/gateway/pm-wind
Sophos offers a 30 day evaluation:
http://www.sophos.com/products/eval/
BTW, prior to Sophos PMX, we were using SpamAssassin.
"I'm The Bounty Bear. I will find him anywhere. I'm searching."
SpamBayes is a python script that proxies pop3 connections. Works great, runs on Linux or Windows.
I was going to mention GFI as well. I've used it at a small office with Exchange 2000. The paid version does baynesian and what not, once the trial expires, you get to "keep" the DNS blacklist feature. Whitelist support was pretty good too.
But I know where you can find an Exchange-compatible spam generator
"I would say that 99 per cent of what my father has written about his own life is false." - L. Ron Hubbard Jr.
Heluna - rather than installing any software or hardware, it's a service that accepts all of your incoming e-mail and forwards on the good messages. Unlimited mailboxes, quarantines, approved/blocked senders, and it only costs based upon the number of good messages that you get.
I do this too. Spam filtering is a very resource intensive process, if done properly, so taking that function off of your exchange server is not a bad idea for that reason either.
The drawbacks, which I think the original poster listed as requirement, is that it doesn't integrate nicely into exchange. Training the bayes stuff for _your_ mail is hard (eg marking it as spam under exchange doesn't automatically adjust the bayes stuff). That being said, the solution I put togther has very low false positive rate (unless the sender ip is on a blackhole list - then all bets are off), and a fairly low false negative rate (2 or so a day for me on average, out of hundreds a day detected).
The other thing is that you need to muck around a bit to be able to get messages out of quarantine (eg if you do virus scanning too). Not impossible though, all you'd have to do is rig up something that emails the user a link to click on to get the message released, or something where you reply to the 'your message has been quarantined' message and it then releases it.
One thing that has only just occured to me, is that if you put your spam emails into your spam/junk email folder in exchange, then the spam filtering software could use IMAP to get them out again and use them to train the per user bayes lists. You could also place a copy of 'false positives' (assume you tag them instead of deleting them) into a 'Not Spam' folder. In my case this would be too much mucking around to really be useful as my system is about as good as i think it will ever get, but maybe in the future it could be worth considering.
If you're talent pool is so limited, use MXLogic or PostIni.
We've been using MXLogic for a year, and it works much better than SpamAssassin ever did.
Yes that's true, but underlying the Symantec hits is an enormous amount of lost time and pain. -- From a fellow sufferer.
We had IHateSpam for a few months and wow what a piece of crap that product was. We got BrightMail after that and although it worked very well for us, it (as others have mentioned) gobbled up ridiculous amounts of server resources which made it undesirable for the long term. We've been using Cloudmark Server Edition (http://www.cloudmark.com) for the past 1.5 years and although it allows a few more messages through than BM did, overall it's a better value and much easier on CPU resources. And, there is a client-side add-in which further increases the effectiveness if you choose to employ it.
I just went through this process a few months ago, and ended up with GFI Anti-spam/anti-virus for our underworked Exchange 2003 server (about a dozen users). I'm pretty happy with it. It's one of the few that uses a Baysian mail filter (trained by dropping emails into public folders). It also has auto-whitelisting (from outgoing emails), and a lot of other practical features, and just keeps working in the background. And reasonably priced. It's an extra bonus having a mail anti-virus scanner that's different from our desktops. -- http://www.gfi.com/
Everyone is entitled to his own opinions, but not his own facts.
Spamassassin is very good and can be found as part of very good cross platform packages like MailScanner. A low end machine can do a lot of filtering - and if it does get hammered the users won't notice because exchange on the other machine will still be accepting mail at full speed and passing it on when it can.
All the alternatives to a different machine are exchange add ons which will impact on the performace of the machine to some extent simply because of what it has to do. When you get a lot of spam this will most likely result in users looking at their email client window for annoyingly long periods of time as it contacts the server for deleivery. This will result in time wasting service calls - so you could go for big hardware and good settings or shift the problem to another system where latency is not so important.
This was what I was going to suggest. Our organization uses a Lotus Domino mail server on an AS/400 platform. The number of spam scanners directly compatible with this setup is close to nil, but I just have a gateway FreeBSD machine in front of it that does the scanning. It runs a combination of Postfix/SpamAssassin/Amavisd/ClamAV to process all the mail, and then send it along to the Domino server if it passes the filter.
:(.
It works very very well. The only drawback I've found is that it seems to be absolutely impossible to get my internal Domino messages to pass through that server and be sent back to Domino before being deliverd (there may be a way, but I looked for days and was unable to do it). With that limitation we were forced to buy a seperate (expensive) anti-virus package for the internal users, even though it hasn't caught a thing since we put the ClamAV filter in front of the mail server
I am thinking about replacing amavisd-new with MailScanner on my next setup though. I'll have to play around with it a bit more before a make a decision on that.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
I've used Spambayes at a few sites and most users love it. It gives the users control to filter what they want.
http://spambayes.sourceforge.net/
Via "Spamsink"? it's basically an iis smtp front-ender to spamd.
"It works very very well. The only drawback I've found is that it seems to be absolutely impossible to get my internal Domino messages to pass through that server and be sent back to Domino before being deliverd (there may be a way, but I looked for days and was unable to do it)"
Just bind a second postfix instance to a different port IP and use it as smarthost for you Domino wich pumps up it again to the Lotus server; then just add a static route for mail coming from that server/port to be directly delivered.
I second the SpamBayes recommendation. I worked at a non-profit where spam was getting out of control for employees and there was no $ to pay for a solution. I hooked up my co-workers with SpamBayes on the client-side of Outlook one at a time so they could see how much people liked it once it started to adjust to the particular employee's spam. By the time I left, everyone was running it and everyone seemed to have adjusted.
One of the tricks I used to make the filter a little smarter off the bat was to save some of the spam from the early adopters and create a spam corpus on a shared Exchange folder. It let SpamBayes start out with some useful information about spam so that it wasn't totally useless at first.
My employer uses (and resells) SpamSoap. It kicks ass. They filter all the mail before sending it on to your mailserver. When they catch spam addressed to a user, that user gets a notification message (one per day) directing them to a web-based console. There they're presented with a list of the messages that have been filtered and can choose to delete them or release them for delivery to the mailserver.
If your mailserver takes a shit, they can cache your inbound mail for a while as well (at least 24 hours, but maybe more). I don't know all the service's specifics because I don't work in the department that deals with it, I only really see it from the perspective of an end-user. All of our clients who have signed on to use it love it.
~Philly
We use a barracuda and quite frankly arent very impressed. It used to work great but the spammers have gotten better while the technology powering the barracuda hasnt. I get tons of spam in my personal inbox and i have trained the byasian(sp?) filter for my account and for the box as a whole extensively.
now dont get me wrong, we love their outgoing filter product as for the load it handles and the email it handles, it works great.
the incomming product has to be babysat far too much, and the company itself tells you that you need to blow away the byasian db every 3 months and build it again. not acceptable. as it is right now a tech spends half a day every day training the damned thing to make it better at keeping our customers happy.
We are close to migrating to postini. postini costs more but they have techs their who do the spam classification for you and they stay on top of filtering techniques. personally i dont like the idea of having a 3rd party be the first stop for all of our incoming mail, but if it helps keep the customers happy then it is fine by me.
We've used (www.)MailFrontier(.com)'s EG for a long time now, and seen it evolve from v2.0 to where it is today. The product offers a number of features that are appealing:
- filters spam accurately; we've had very few missed messages, and fewer still false positives.
- monitors Exchange logs; automatically configures whitelists accordingly
- allows remote agents to be installed on user machines, though log monitoring makes this fairly unnecessary
- DOES NOT HAVE TO LIVE on the Exchange box (it can, but I would never recommend that for any enterprise solution, for both speed and crash recovery)
- provides first-touch isolation
- antivirus plugs (McAfee and Kaspersky) available
- provides out-bound filtering
Drawback:
- not free
You still need to run internal software to be safe, but have you considered contracting with a mail scanning service like Message Labs? A significant percentage of the mail that comes to my employer's accounts contains spam or viruses, and this service has been great at filtering it out. Not only that, but whatever bandwidth it would have taken (granted, it's not that much) never comes to our network. Again, and I can't stress this enough, you still need to run something internally to be as safe as possible, but these guys are inexpensive, and their service has been great. (No, I don't work there. I'm just happy with them)
Be quick to listen, slow to speak, and slow to anger.
I've been using ASSP for well over 2 years now and am relatively pleased. It can be a total bitch to set up for the first time though - it helps to understand Unixy terminology as applied to mail servers.
BUT... Once it's set up, it's easy to modify, easy to update, and fun to watch as it clears away your spam problems.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
From what I've seen, this won't work. AFAIK, the Domino server only sends to the smart host in the event that the user is not found within the Domino directory. So I could use it to make sure messages to other Domino servers within the organization get scanned (though we don't have but the one), but for any user in the directory it would skip the smarthost and deliver.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
A managed service is flat out the way to go. That way you don't have to mess with installing and managing software or hardware that's just going to get old and useless.
My recommendations are:
MXLogic
MessageLabs
Spam Spy
There are many others too. Postini is the most popular but I hear it kind of sucks.
Best of luck!
Just point it to an RBF such as Spamhaus. We use their SBL/XBL combo list, and spam dropped by easily 95%.
You don't need any additional software, it just plain works. And it stays up-to-date automagically (well, thanks to the hard work of the guys at Spamhaus that maintain it). You'll never need to touch it again unless your RBL's maintainer shuts down.
Sadly, as the biggest problem you'll have - Many manegerial types receive spam and consider it some sort of insider secret prize they've won (you know, like the stock-tip s[cp]ams?). No joke - You will get complaints if you manage to completely block all spam.
Nice open source antispam which plugs in to Exchange. Simple to setup
Great UI for admins and users with quarantine features users can manage themselves.
We've had great results with it.
http://oss.firetrust.com/
My company has purchased http://www.spambully.com/ and I have to say it is an absolutely excellent product. I tried and tested a few products before recommending SpamBully. SpamBully was by far the best. It works with Exchange accounts, that is very important for us. The very first time you start Spam Bully, its Bayesian spam filter will learn from your own personal email habits, identifying good and spam messages. Every time you download your email, Spam Bully will make sure good emails make it to your Inbox. Spam emails are sent to the "Spam" folder. Emails SpamBully may have difficulty classifying, go to a special "Unsure" folder. You can always adjust emails in these folders by using the Spam and Not Spam buttons in the SpamBully toolbar. Tons of features and worth a look.
I will second canit!
We have been using Canit for about a year (and MIMEDefang for four years before that) and it is freaking awesome. If pointy-clicky through a web interface is enough of a GUI, that is.
It is _highly_ configurable and super flexible. You can have one stream for the whole company's inbound mail, one stream per user, or use a user's attribute in AD (accessable through LDAP) to "dynamically" map their email to a stream. Cripe, you can plumb it any which way you want.
In our case, I have our CanIT host sitting in front of five mail servers (one exchange, one groupwise, one netmail, one linux/sendmail host for application generated email and one OS/400 mail - not domino) each hosting one or more domains, or different POs in the same domain and not quite 1000 users. To say the least, we are in the middle of some consolidation. CanIT is acting as the smarthost, and has been hucking packets between systems with nary a hitch over the past year and a bit.
You can tell canit to strip training links from other systems and stuff it's own in the boilerplate or in the headers. If you want, you can have it send a daily reminder if you have messages in the trap.
Since the time we have installed it, we have been hit with a Joe Job, hammered by random word spam, you name it. Our mail servers and our users see none of it. Between greylisting RPTN (think distributed spam tagging database) and a handful of custom rules, we dispose of somewhere over 99% of spam. 3 false positives over the past 6 months or so, and they were easily released from the trap.
And the hardware? We use a recycled three year old Poweredge 350. 1GB ram 1GB CPU. The only time there is a load above 0.02 on the machine is when it is merging the RPTN data.
Sorry if I am coming across as a fanboy, but damnit, I like this package. If you don't want to manage "another server" get the appliance an just use a web browser.
ObDisclaimer: I wrote the first spin on the SuSE rpms (spec file, that is) for RP based on their Redhat spec file.
Cheers!
John