Slashdot Mirror
Exchange Compatible Spam Filters?
DamienMcKenna asks: "At work our license for Symantec Brightmail is coming up for renewal and I'm looking for alternatives that will cooperate with Microsoft Exchange 2003. Brightmail hasn't worked consistently since we installed it last year, has a low success rate, the client plugin has been very unstable, and it takes up far too much server resources for what it does. Given that many of the appropriate software is not available for trial (you have to base decisions off their marketing materials), does anyone have recommendations on what to use instead? It must be Windows-based (UNIX/Linux/BSD is out of the question right now), and should have an easy to use administrative interface since not all of the IT staff are very technically minded. A working plugin for Outlook for client-level configuration would also be appreciated."
The company I used to work at used MailMarshal for their spam/virus filtering. The interface was pretty good, but there was no Bayesian filters, nor client-side plugins (though I don't really thing they are that much of a bonus). It was pretty easy on resources; the Poweredge server we had never seemed to have much of a problem, and it was running IIS and MSSQL at the same time (it was a smaller business).
This was several years ago, and all those things, including a web interface and quarantines were supposed to be in the next version (and they've gone through some two or three versions since then).
Might be worth checking out anyway.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
If your IT staff is not technically minded, you have bigger problems than SPAM. Maybe it's just me, but I was under the distinct impression that the foremost qualification necessary to join the IT staff of any self-respecting company is to be technically minded. What are those people doing there if they can't do their jobs?
What kind of a "company" is this? I guess it's too much to ask for a name.
Quality, performance, value; you get only two, and you don't always get to pick.
ASSP is an excellent, cross-platform, open source mail filter that is quite popular amongst my long-suffering Windows mail server admins. Perl-based and platform-agnostic it might be what you're looking for.
I've had good luck with ORFEE. After implementing the Greylist, our spam went down about 75%. I then blacklisted the remaining spam-sending networks (only if I knew we wouldn't need to mail them) and it has now been several weeks since I've received a single piece of spam.
It doesn't have an outlook plugin, but we haven't really needed one. It also has a trial version.
McAfee is what my company uses on our Exchange server. I'm a linux guy, so I'm familar SpamAssassin and I use SA on my linux mail servers. However, since SA isn't available for windows, I did some research and discovered that McAfee created a product call SpamKiller, which uses SpamAssassin as it's base, and they basically create hooks into Exchange for it. SpamAssassin is currently up to version 3.1.1, and from what I understand, the McAfee product is still using the 2.X base for their code, but it does work OK. SA does a slightly better job since it's more up to date, but with McAfee's nightly antivirus updates, you also get an updated spamfilter settings and code. I'd give it OK marks and definitely suggest using it:
p amkiller_mail_servers.html
http://www.mcafee.com/us/smb/products/anti_spam/s
While you said it should be Windows-based, I wanted to make sure you are aware that you *can* have a Linux/BSD/Mac server filter spam and keep your Exchange server. It would just be a gateway that receives your mail, runs filters, and then sends the messages along to your Exchange server. Just something to think about. It would also mean your filters would not break as you upgrade your software, since it would be a separate machine from the one that runs Exchange.
The IMF which ships as a part of E2K3 SP1 and later works well, and has the advantage of being free with Exchange.
Your best bet if you want to not care if it's Exchange or anything else, go for a gateway product.
1) If you want to house on site, then use this: Trend Micro InterScan Messaging Security Suite It runs on windows, and has a really good hit rate for SPAM and it's even better with viruses.
2) If you don't mind getting someone else to do it for you: MessageLabs Spam and Virus filtering
The IMSS solution I am not going to turn around to you and say that it's the absolute best thing on the face of the planet, as quite simply I just haven't seen something out there yet, that really makes me go WOW! It is however, a really good gateway product, and works extremely well, if nothing else, it's the pick of a bad bunch. It's very configurable, and in from my experiences with it, tends not to screw up. That's a pretty important factor for me.
The MessageLabs solution is another gateway solution. It's not housed by you, so it takes up no server resources on your part, and the solution is extremely redundant. Certainly a hell of a lot more than you are going to get paying for it yourself in most instances. Their virus and spam definitions are essentially second to none, and the rates of false positives I have seen for spam are very good as well. Their interface on their web site isn't exactly feature rich, in actual fact it really is quite sparse, but then it does cover the basics, and their retention times for bad mails are good too.
So for gateway products, these are what I am recommending to customers at the moment. I am tending to not push for server based (Exchange server / Information Store) AV as hardware is cheap and if it's not on there it can't cause you any problems. All this tied in with the fact that it doesn't scale leads me to think that it's not worth it. The other suggestion would be to run Exchange on port 26 and have this on port 25. That way it can be on the same box, but it shouldn't interfere with Exchange at all.
I have no idea what your discount schedule is for resellers, so I can't even get you indicitive pricing. I also don't know where you are, so that helps me even less.
Happy hunting!
Berny
Curiosity was framed; ignorance killed the cat. -- Author unknown
Read up on Exchange 2003 SP2. MS made significant security and spam related enhancements to Exchange 2003 with the release of that SP. There is plenty of info on Microsoft's Exchange site about SP2.
I'd also recommend looking at GFI MailEssentials. It's cheap (free in it's "cheapest" version), simple to install and configure, and can do a good job when configured properly. Several methods for defining spam are available in the product - blacklists/whitelists, Bayesian, others.
Finally, consider outsourcing the entire spam identification process. Postini, which I've used for years at various employers, rocks. Adminitration and all user level functions (approve/delete quarantined messages, whitelist/blacklist addresses or domains, etc.) are performed via web browser (works great with Firefox or IE). Users are given their own id/password and are notified via email when they have quarantined items (once per day). Postini also does basic antivirus scanning (via McAfee) and while that isn't adequate in itself for protecting your email environment from viruses, it does offer an extra layer of protection. It's relatively cheap as well. If you are a small company (100 users), I believe McAfee offers Postini services bundled with some of their products geared for small business.
at work. However, have you considered instead of using brightmail on the exchange server, only use the foldering agent and set up brightmail filters as your MX record (top level) and have them relay the mail to your exchange? We have about >95% catch rate. You can set them up running on Windows with IIS SMTP, Linux with sendmail or Solaris with sendmail. As cheap as brightmail is and as good as it has worked for my company, I would keep it. My suggestion would be to use the "Suspected Spam" option and set the threshold to 62. The one thing I would suggest is if it is a windows based gateway filter, as described above, reboot it weekly (works really well if you can afford 2 boxes, since BM doesn't charge by server, CPUs or anything, but rather how many clients you have it filter for) or at least schedule scripts to restart tomcat (net stop tomcat... net start tomcat...) If on a *Nix box, just cron tomcat restarts.
Sunbelt Software's program called iHateSpam works very well on Exchange servers. It has an fairly easy administrative interface, and is very easy for users to understand. Also generates good look reports which are great for showing to execs and users how much spam is getting caught and who the worst offenders are. Demo version too. They have some other products for anti-virus and spyware and such, but I have only used the spam one.
It's free, it's part of Exchange but shipped after the product.
See: here.
I used to fool a dedicated linux box and SpamAssassin. I tested out the IMF when it came out and for the spam my users see, it beat out how our SpamAssassin was configured.
It also integrates with exchange very closely and uses the new Spam Confidence Level header stuff.
-Malakai
A Dragon Lives in my Garage
We installed Sophos PureMessage for UNIX about a month ago on our postfix SMTP gateways. The performance has been outstanding and provides web management user interfaces. Note that we specifically chose an AntiSpam/AntiVirus solution for our SMTP gateway servers different from our enterprise AntiVirus solution (we run McAfee GroupShield on Exchange and McAfee Enterprise 8i on our desktops and servers).
o ws-exchange.html
Since a UNIX server is not an option (though the web management interface may change that), you might want to take a look at PureMessage for Exchange:
http://www.sophos.com/products/es/gateway/pm-wind
Sophos offers a 30 day evaluation:
http://www.sophos.com/products/eval/
BTW, prior to Sophos PMX, we were using SpamAssassin.
"I'm The Bounty Bear. I will find him anywhere. I'm searching."