Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Exchange Compatible Spam Filters?

Cliff posted more than 8 years ago | from the email-pork-removal dept.

99

DamienMcKenna asks: "At work our license for Symantec Brightmail is coming up for renewal and I'm looking for alternatives that will cooperate with Microsoft Exchange 2003. Brightmail hasn't worked consistently since we installed it last year, has a low success rate, the client plugin has been very unstable, and it takes up far too much server resources for what it does. Given that many of the appropriate software is not available for trial (you have to base decisions off their marketing materials), does anyone have recommendations on what to use instead? It must be Windows-based (UNIX/Linux/BSD is out of the question right now), and should have an easy to use administrative interface since not all of the IT staff are very technically minded. A working plugin for Outlook for client-level configuration would also be appreciated."

cancel ×

99 comments

Sorry! There are no comments related to the filter you selected.

MailMarshal (3, Informative)

nmb3000 (741169) | more than 8 years ago | (#15224896)

The company I used to work at used MailMarshal [marshal.com] for their spam/virus filtering. The interface was pretty good, but there was no Bayesian filters, nor client-side plugins (though I don't really thing they are that much of a bonus). It was pretty easy on resources; the Poweredge server we had never seemed to have much of a problem, and it was running IIS and MSSQL at the same time (it was a smaller business).

This was several years ago, and all those things, including a web interface and quarantines were supposed to be in the next version (and they've gone through some two or three versions since then).

Might be worth checking out anyway.

Re:MailMarshal (2, Interesting)

m0rph3us0 (549631) | more than 8 years ago | (#15225529)

I know of a company Global Relay [globalrelay.com] that offers a hosted spam/virus filter for Exchange. They also do Email archiving so that in the event of disaster your company still has access to all its email. Their mail systems are so good that they've never lost a single email in 6 years. The Chicago Stock Exchange uses their services so they are well prepared for larger organizations.

Re:MailMarshal (0)

Anonymous Coward | more than 8 years ago | (#15238919)

Appriver has the best capture rate in the industry, and is much cheaper than postini and mxlogic.

"Not technically minded?" (5, Interesting)

W2k (540424) | more than 8 years ago | (#15224901)

If your IT staff is not technically minded, you have bigger problems than SPAM. Maybe it's just me, but I was under the distinct impression that the foremost qualification necessary to join the IT staff of any self-respecting company is to be technically minded. What are those people doing there if they can't do their jobs?

What kind of a "company" is this? I guess it's too much to ask for a name.

Re:"Not technically minded?" (3, Insightful)

crerwin (971247) | more than 8 years ago | (#15225001)

Some organizations may not be able to pay the salaries that highly qualified IT people are looking for. This particularly happens with such places as school districts, which is unfortunate because school district networks usually have more malicious users than traditional corporate networks. School districts are also often forced to use Exchange/AD setups by less knowledgeable school boards. Not that this combination is unworkable, it just sometimes requires more babysitting and trouble spotting than more inherently secure infrastructures.

Whether the submitter is working for a school district or not, it does not help to berate his/her IT team. Perhaps they work for a non-profit organization working towards the greater good with a need for IT but without a budget to support it. Don't get me wrong, you make a valid point, but not a helpful one. Their spam filter situation can be changed, so let's focus on that.

Re:"Not technically minded?" (3, Insightful)

GigsVT (208848) | more than 8 years ago | (#15225112)

Don't you know the custom here? If you don't know the answer to a question, you attack the person asking it, or point out why they need to change their situation entirely to change the question into one you know the answer to. :)

Re:"Not technically minded?" (0)

Anonymous Coward | more than 8 years ago | (#15225126)

Some organizations may not be able to pay the salaries that highly qualified IT people are looking for.

Or, per our CEO, "Won't pay that much on principle!"

Anybody know a Peoplesoft guru who will take $65k to work 65 hours a week? I should point out, in our city, the going rate for that expetise is $125k.

Re:"Not technically minded?" (0)

Anonymous Coward | more than 8 years ago | (#15229454)

Anybody know a Peoplesoft guru who will take $65k to work 65 hours a week? I should point out, in our city, the going rate for that expetise is $125k.


$65k for 65 hours a week works out to be $20/hr. Even at the "high" rate of $125k that's still only $40/hr.

Re:"Not technically minded?" (1)

drsmithy (35869) | more than 8 years ago | (#15225382)

Not that this combination is unworkable, it just sometimes requires more babysitting and trouble spotting than more inherently secure infrastructures.

What's "inherently" insecure about AD and Exchange ?

Re:"Not technically minded?" (1)

Vryl (31994) | more than 8 years ago | (#15225733)

What's "inherently" insecure about AD and Exchange ?

Stuff like this?

http://security.tombom.co.uk/shatter.html [tombom.co.uk]

I dunno. I still use it, have only a few users, and use the inbuild 'intelligent message filter' which is actually a ripped off spam assasin? Or very similar, being baysian, I believe.

Re:"Not technically minded?" (1)

drsmithy (35869) | more than 8 years ago | (#15236086)

Stuff like this?

Shatter attacks require a) a local login and b) a suitably exploitable application.

It should not be difficult to see how an equivalent set of circumstances on other platforms would make them similarly vulnerable.

Re:"Not technically minded?" (1, Informative)

thegrassyknowl (762218) | more than 8 years ago | (#15226329)

IT staff don't have to be technically minded anymore. I see it every day; dicks that say to themselves "I installed Windows once" (or worse, "I use Windows at home to write letters") apply for IT jobs. Their lack of real skill means they often ask for a salary figure that is... low. Of course they get the jobs.

Now, if you're after a client-side solution for Craplook, try SpamBayes. I have it at work (no thanks to senior management being invited to wine and dine with the Borg-team). It works OK if the user is willing to train it up a little. Seems in our outfit, most people are willing to use it and even happy to learn how to properly work it. It is also VERY accurate from what I have seen. I used to get thousands of spams, now I get one or two that doesn't get caught. It's also not very often that it mislassifies non-spam... probably one message a month that (I will admit) looks a bit spammy.

SpamBayes Yeahs (1)

smvp6459 (896580) | more than 8 years ago | (#15227583)

I second the SpamBayes recommendation. I worked at a non-profit where spam was getting out of control for employees and there was no $ to pay for a solution. I hooked up my co-workers with SpamBayes on the client-side of Outlook one at a time so they could see how much people liked it once it started to adjust to the particular employee's spam. By the time I left, everyone was running it and everyone seemed to have adjusted.

One of the tricks I used to make the filter a little smarter off the bat was to save some of the spam from the early adopters and create a spam corpus on a shared Exchange folder. It let SpamBayes start out with some useful information about spam so that it wasn't totally useless at first.

Re:"Not technically minded?" (1)

munwin99 (667576) | more than 8 years ago | (#15231367)

I agree.
SpamBayes works fine.
My 2cents.

Re:"Not technically minded?" (1)

Southpaw018 (793465) | more than 8 years ago | (#15227441)

Usually, people don't give company names in Ask /. questions. Why's this guy supposed to be different?

That said, we do use Brightmail. I must say that this IT department must not be technically minded: Brightmail was an SOB to install, but after that it's been literally running for *looks at calendar* 9 months with zero interaction, has had a total of -one- false positive, and has something like a 99.9% detection rate, with one message that consistently got through for 2 days or so until it was added to the Brightmail filters.

It's been an absolutely beautiful product.

Re:"Not technically minded?" (1)

eno2001 (527078) | more than 8 years ago | (#15238886)

Right on the money my friend. The problem is that people have been sold a bill of goods when they were told by MS that "computing is now easy". While the GUIs might help make things easier for low skill administrators for many tasks that used to require skill, there is no substitute for a thorough understanding of the underlying technology. One main flaw in today's IT world is that the users are driving technology. While this is liberating for them, it's like letting a wet behind the ears new teen driver drive in Mexico City just after getting their license.

The users *THINK* they know how things should work but have no comprehension of just how impossible some of their desires are since computers AREN'T inherently easy. Those of us with the skill to work with the underlying systems (I'm no genius mind you, but I'm a bit better off solving even Windows problems than most Windows admins are and I'm a *nix only guy at this point) know this all too well. We curse things like Rapid Application Development daily since it takes people who SHOULD be just users and makes them *THINK* they are programmers. Worse yet, it adds arrogance to their disposition so that they believe that their bloated muddled crap is on par with the elegant solutions written decades earlier by people who knew a little something about how computers work. And when they believe that, then they start expecting to be paid like kings when all they truly deserve is a good horse whipping for their stupidity in algorithms and no supper.

However, there is a deeper problem at work here. Most of the human population is not and cannot be technically minded. There are precious few of the technically minded in the world and they tend to be locked up in back rooms of IT departments working on the most vital systems of their organizations because nobody else can do it or learn it.

Standalone device (1)

XanC (644172) | more than 8 years ago | (#15224924)

There are a number of companies that'll sell you a standalone device that filters spam. I think it's the only thing you might be qualified to use...

And if I may expand upon that... (1)

khasim (1285) | more than 8 years ago | (#15225149)

Would it be possible to route your incoming/outgoing email through a smart host?

If that is an option, then you have a lot more products to choose from.

Personally, I run Exim4 w/SpamAssassin as the smart host for out ancient GroupWise 5.5ep installation.

And it is un-fucking-believably fantastic.

Re:And if I may expand upon that... (1)

walt-sjc (145127) | more than 8 years ago | (#15225403)

Well, the poster is asking for a Windows solution. Luckily, Exim / ClamAV / Perl (spamassassin) runs in cygwin!! Yeah, I know, cygwin is an abortion, but it does work.

The poster is really asking for a push-button point and clicky GUI interface type thing ("easy to use administrative interface"), due to the non-technical IT staff and the "Must be windows" requirement which just happens to exclude the ALL the best options. Really. So the alternatives are overpriced crapware which are not nearly as effective (or flexible.)

MTA software in general is complex. Exchange sure as hell is... Exim running in "smart host" mode is pretty simple, but you need to be able to use complex applications like "Notepad" to configure it. You also have to be able to read and understand the manual because it doesn't have a built-in idiot proof GUI management tool with online help (nor should it, IMHO for the simple reason that no GUI can ever have enough flexibility and options to point and click your way through all the possibilities. Something that tried would be 100 times more complex than Exchange and STILL not get there.) That given, there are probably only about 10 - 20 lines of configuration that need to be changed from the stock config file to setup exim for this task. Ditto for clamav / spamassassin.

It "should" be configured to query exchange to determine valid local email addresses so it doesn't accept then bounce email which causes collateral spam / damage, as ANY smarthost solution should (and few do, or are configured to. Demand that your solution has that capability.)

Re:Standalone device (1)

NP1123 (971698) | more than 8 years ago | (#15226508)

I currently administer 30 exchange servers at multiple companies. For the companies that want spam filtering we are using Barracuda spam filters, it is a 1U Spam appliance, and is pretty much plug and play, you tell it the IP of your mail server, and once you train it, it works wonderfully. I believe they do offer free evaluation units, and like I said the companies who I have them at are very happy with them. The company that makes it is Barracuda Networks, and a simple Google search for Barracuda spam filter pops up there URL.

Good luck with your search

ASSP (3, Informative)

GrigorPDX (513102) | more than 8 years ago | (#15224930)

ASSP [sourceforge.net] is an excellent, cross-platform, open source mail filter that is quite popular amongst my long-suffering Windows mail server admins. Perl-based and platform-agnostic it might be what you're looking for.

Re:ASSP - I use this... (1)

Chordonblue (585047) | more than 8 years ago | (#15230865)

I've been using ASSP for well over 2 years now and am relatively pleased. It can be a total bitch to set up for the first time though - it helps to understand Unixy terminology as applied to mail servers.

BUT... Once it's set up, it's easy to modify, easy to update, and fun to watch as it clears away your spam problems.

ORFEE (2, Interesting)

ReverendRyan (582497) | more than 8 years ago | (#15224947)

I've had good luck with ORFEE [vamsoft.com] . After implementing the Greylist, our spam went down about 75%. I then blacklisted the remaining spam-sending networks (only if I knew we wouldn't need to mail them) and it has now been several weeks since I've received a single piece of spam.

It doesn't have an outlook plugin, but we haven't really needed one. It also has a trial version.

Re:ORFEE (1)

CFrankBernard (605994) | more than 8 years ago | (#15225866)

I second that; I've been using ORF since early 2003. ORF, Open Relay Filter, is a less than $100/per year (regardless of employees/mailboxes/email addresses/volume) software solution installed on an IIS smtpsvc gateway called Vamsoft ORF (Open Relay Filter). It builds into IIS SMTP (5 or 6) transport level, allowing filtering such as: A/MX record check, inclusive/exclusive white/blacklists for email addresses and IP addresses, cacheable DNS blacklists (SpamCop, Spamhaus, SORBS, etc.), Tarpitting, maintains a duration-customizable triplet Greylist database (blocks p&d/spambots/zombies), broken sender FQDN, regex customizable HELO domain blacklisting (e.g., blacklisting non-bracketed IP addresses used as HELO/EHLO), SPF1 record lookups--all performed at either the "Before Arrival" filtering point (before delivery of message header/body/attachments) and/or the "On Arrival" filtering point (when the message DATA/body/attachments arrive). It also has customizable On Arrival-only actions (Drop/pretend protocol failure, Redirect, Tag) based on regular expressions, lookups of body website links against SURBL and URIBL, and external agents such as ClamAV with phish.ndb

Re:ORFEE (1)

swmccracken (106576) | more than 8 years ago | (#15226555)

I agree! ORFEE blocks about 75% of incoming SMTP conenctions for me. The tremendous advantage of ORFEE over a lot of other anti-spam filters is that it can (and does by default) block at the SMTP level (ie, generates a 500 series error instead of 200 okay).

This means that should you accidentally block a legitimate email, the original sender will be notified as their system will send a bounce, but you won't waste everyone's time sending out non-delivery-reports to spam with forged senders.

(The usual approach of merely deleteing email means that a false postitive will be silently lost, and if you tag of otherwise classify spam, user will just ignore/delete everything tagged spam meaning a false postive also won't be noticed.)

Oh, the price is $198 USD per server (unlimited mailboxes, discounts for more servers [vamsoft.com] ), including a free 1 year upgrade and support (and Vamsoft do monitor and respond to questions in their very active support newsgroup.) Only servers accepting SMTP connections from the Internet need an installation; a pure back-end server doesn't need one.

It's brilliant, simple, does what it does well, plugs into Exchange or Microsoft SMTPSVC, can optionally intergrate ClamAV or SpamAssassian [vamsoft.com] or other third party programs into the mail flow, DNSBLs (which is the product's original focus), greylisting, SURBL support, HELO/EHLO string scanning, IP Blacklist, Automatic-sender-whitelist (allow addresses that your users send to to reply even if they're on a DNSBL), SPF (Classic) scanning (!), Active Directory address verification (reject incoming sessions to non-existing addresses instead of generating a bounce message later), attachment verification (eg: reject all emails with a .exe or .scr attachment!), all with minimal CPU and RAM use.

It does all this, yet the program is a cohesive whole, easy enough to understand, not a bunch of seemingly random things stuck together.

Er, yeah, that's right, if you want to intergrate ClamAV and/or SpamAssassian into Exchange if you're that way inclined, then here you go. :-)

And you can install it on a seperate Windows 2000/2003 box and use Microsoft SMTP service instead of on your Exchange server itself if you want (so long as it can talk to a domain controller it doesn't have to be on an Exchange server to verify that incoming addresses exist!)

McAfree GroupShould with SpamKiller add-on (2, Interesting)

hawkbug (94280) | more than 8 years ago | (#15224959)

McAfee is what my company uses on our Exchange server. I'm a linux guy, so I'm familar SpamAssassin and I use SA on my linux mail servers. However, since SA isn't available for windows, I did some research and discovered that McAfee created a product call SpamKiller, which uses SpamAssassin as it's base, and they basically create hooks into Exchange for it. SpamAssassin is currently up to version 3.1.1, and from what I understand, the McAfee product is still using the 2.X base for their code, but it does work OK. SA does a slightly better job since it's more up to date, but with McAfee's nightly antivirus updates, you also get an updated spamfilter settings and code. I'd give it OK marks and definitely suggest using it:

http://www.mcafee.com/us/smb/products/anti_spam/sp amkiller_mail_servers.html [mcafee.com]

Re:McAfree GroupShould with SpamKiller add-on (3, Informative)

perlionex (703104) | more than 8 years ago | (#15225007)

Since we're on the topic of commercial distributions of SpamAssassin:

http://wiki.apache.org/spamassassin/CommercialWind ows [apache.org]

...and I know you're looking for easy-to-click distributions, but on the off-chance you (or somebody else reading this article) is looking for information on simply running SpamAssassin on Windows:

http://wiki.apache.org/spamassassin/UsingOnWindows [apache.org]

Re:McAfree GroupShould with SpamKiller add-on (1)

TheGreek (2403) | more than 8 years ago | (#15237258)

In my former life as an Exchange Admin, I installed SpamAssassin for Exchange before McAfee purchased it.

Worked great, except it had a fun bug where if an e-mail with an attachment went to a distribution group where some users were being filtered but others weren't, the attachment kinda disappeared.

(And it did other bad things to the mail store.)

The product's probably much better now, but I'd still prefer a mail gateway these days.

Re:McAfree GroupShould with SpamKiller add-on (1)

Christopher_G_Lewis (260977) | more than 8 years ago | (#15240654)

Kind of self promoting:

http://www.christopherlewis.com/ExchangeSpamAssass in.htm [christopherlewis.com] contains information to run SpamAssassin as an Exchange SMTP Sink.

It's pretty much for low volumne usage in the under 5000 emails a day range. It uses SA in serial mode (ie, each mail launched a new copy of perl running SpamAssassin) rather then using SpamC/SpamD. Does some interesting things with logging, archiving, size filtering etc.

I should probably re-write it for SpamC/SpamD stuff, but I haven't had the email volume, and SpamD only works on the CygWin perl, not ActiveState perl. I don't want to run a unix box at home just for SpamAssassin, although with Virtual Server being free, I could probably just run a 128k Unix VM running SpamD...

Anyway, it's free, source is available, and it works.

Non-Windows doesn't mean you can't use Exchange... (4, Insightful)

dn15 (735502) | more than 8 years ago | (#15224998)

While you said it should be Windows-based, I wanted to make sure you are aware that you *can* have a Linux/BSD/Mac server filter spam and keep your Exchange server. It would just be a gateway that receives your mail, runs filters, and then sends the messages along to your Exchange server. Just something to think about. It would also mean your filters would not break as you upgrade your software, since it would be a separate machine from the one that runs Exchange.

I'm doing this (1)

XanC (644172) | more than 8 years ago | (#15225031)

And it works great. It hasn't been worth replacing our old Exchange setup yet, so I set up a little box running exim that handles all the incoming connections and runs them through spamassassin and clamav before forwarding to Exchange.

Exactly the same except w/GroupWise. (1)

khasim (1285) | more than 8 years ago | (#15225184)

Exim4 w/SpamAssassin protecting a GroupWise installation.

The only complaint I have is that GroupWise does not make the email nicknames available via LDAP. Exim itself rocks! SpamAssassin rocks!

Re:Non-Windows doesn't mean you can't use Exchange (1)

c0nman (573940) | more than 8 years ago | (#15225051)

I was going to suggest something similar.

An opensource frontend (cluster if required) that acts as a gateway to your exchange backend.

This is exactly what my company does and it works very well. I have, infact, never recieved a single piece of spam. It can be configured to touch base with the exchange backend to insure a real account/group is on the recieving end and 550 anything else.

Yes, yes, a million times yes! (1)

Just Some Guy (3352) | more than 8 years ago | (#15225441)

My company isn't about to switch away from Exchange in the near future. Instead, I created a jail inside the FreeBSD webserver we were already using, installed Postfix, said a few incantations [freesoftwaremagazine.com] , and watched in delight as the CPU use percentage on the Exchange server fell back from three digits to one.

The Postfix server never dies unexpectedly (99.99+% uptime last year, including maintenance downtime) and we automatically have a backup MX for when Exchange falls over - incoming mail just spools up in Postfix until Exchange comes back online. There have been no problems whatsoever, and my boss thanked me for eliminating our spam (and reliability) problems. Don't rule it out until you check into it!

Re:Non-Windows doesn't mean you can't use Exchange (1)

jamesh (87723) | more than 8 years ago | (#15225826)

I do this too. Spam filtering is a very resource intensive process, if done properly, so taking that function off of your exchange server is not a bad idea for that reason either.

The drawbacks, which I think the original poster listed as requirement, is that it doesn't integrate nicely into exchange. Training the bayes stuff for _your_ mail is hard (eg marking it as spam under exchange doesn't automatically adjust the bayes stuff). That being said, the solution I put togther has very low false positive rate (unless the sender ip is on a blackhole list - then all bets are off), and a fairly low false negative rate (2 or so a day for me on average, out of hundreds a day detected).

The other thing is that you need to muck around a bit to be able to get messages out of quarantine (eg if you do virus scanning too). Not impossible though, all you'd have to do is rig up something that emails the user a link to click on to get the message released, or something where you reply to the 'your message has been quarantined' message and it then releases it.

One thing that has only just occured to me, is that if you put your spam emails into your spam/junk email folder in exchange, then the spam filtering software could use IMAP to get them out again and use them to train the per user bayes lists. You could also place a copy of 'false positives' (assume you tag them instead of deleting them) into a 'Not Spam' folder. In my case this would be too much mucking around to really be useful as my system is about as good as i think it will ever get, but maybe in the future it could be worth considering.

Re:Non-Windows doesn't mean you can't use Exchange (1)

MBGMorden (803437) | more than 8 years ago | (#15227082)

This was what I was going to suggest. Our organization uses a Lotus Domino mail server on an AS/400 platform. The number of spam scanners directly compatible with this setup is close to nil, but I just have a gateway FreeBSD machine in front of it that does the scanning. It runs a combination of Postfix/SpamAssassin/Amavisd/ClamAV to process all the mail, and then send it along to the Domino server if it passes the filter.

It works very very well. The only drawback I've found is that it seems to be absolutely impossible to get my internal Domino messages to pass through that server and be sent back to Domino before being deliverd (there may be a way, but I looked for days and was unable to do it). With that limitation we were forced to buy a seperate (expensive) anti-virus package for the internal users, even though it hasn't caught a thing since we put the ClamAV filter in front of the mail server :(.

I am thinking about replacing amavisd-new with MailScanner on my next setup though. I'll have to play around with it a bit more before a make a decision on that.

Re:Non-Windows doesn't mean you can't use Exchange (0)

Anonymous Coward | more than 8 years ago | (#15227316)

"It works very very well. The only drawback I've found is that it seems to be absolutely impossible to get my internal Domino messages to pass through that server and be sent back to Domino before being deliverd (there may be a way, but I looked for days and was unable to do it)"

Just bind a second postfix instance to a different port IP and use it as smarthost for you Domino wich pumps up it again to the Lotus server; then just add a static route for mail coming from that server/port to be directly delivered.

Re:Non-Windows doesn't mean you can't use Exchange (1)

MBGMorden (803437) | more than 8 years ago | (#15236326)

From what I've seen, this won't work. AFAIK, the Domino server only sends to the smart host in the event that the user is not found within the Domino directory. So I could use it to make sure messages to other Domino servers within the organization get scanned (though we don't have but the one), but for any user in the directory it would skip the smarthost and deliver.

Why not use Exchange IMF? (4, Informative)

YU Nicks NE Way (129084) | more than 8 years ago | (#15225032)

The IMF which ships as a part of E2K3 SP1 and later works well, and has the advantage of being free with Exchange.

IMF is the answer. Free, from MS, and effective (4, Informative)

malakai (136531) | more than 8 years ago | (#15225486)

It's free, it's part of Exchange but shipped after the product.
See: here [microsoft.com] .

I used to fool a dedicated linux box and SpamAssassin. I tested out the IMF when it came out and for the spam my users see, it beat out how our SpamAssassin was configured.

It also integrates with exchange very closely and uses the new Spam Confidence Level header stuff.

Re:Why not use Exchange IMF? (1)

demongp (881564) | more than 8 years ago | (#15226898)

Yep, another vote for IMF from my side. We have a SpamAssassin that does scanning before it comes into the Exchange system, with IMF running at the Exchange gateway - and guess what, IMF actually catches Spam that SpamAssasin misses!

Have a look at http://www.microsoft.com/technet/prodtechnol/excha nge/downloads/2003/imf/default.mspx [microsoft.com]

Re:Why not use Exchange IMF? (1)

awilden (110846) | more than 8 years ago | (#15229951)

I have had a much different experience with IMF than what you have described. My business uses it, but we consistently have problems with false positives (especially legitimate email from gmail is flagged), and lots of false negatives as well. It's gotten to the point that I just forward all my mail to my gmail account, and then I'll get about 1 mail/day that gets through gmail's spam filter.

maia mailguard (1)

GeorgeS069 (956679) | more than 8 years ago | (#15225033)

I'm not sure if it can run on windows it seems to be all pearl based includes spamassassin and virus scanning http://www.renaissoft.com/maia/ [renaissoft.com]

Two suggestions - Gateway products (2, Interesting)

bernywork (57298) | more than 8 years ago | (#15225040)

Your best bet if you want to not care if it's Exchange or anything else, go for a gateway product.

1) If you want to house on site, then use this: Trend Micro InterScan Messaging Security Suite [trendmicro.com] It runs on windows, and has a really good hit rate for SPAM and it's even better with viruses.

2) If you don't mind getting someone else to do it for you: MessageLabs Spam and Virus filtering [messagelabs.com]

The IMSS solution I am not going to turn around to you and say that it's the absolute best thing on the face of the planet, as quite simply I just haven't seen something out there yet, that really makes me go WOW! It is however, a really good gateway product, and works extremely well, if nothing else, it's the pick of a bad bunch. It's very configurable, and in from my experiences with it, tends not to screw up. That's a pretty important factor for me.

The MessageLabs solution is another gateway solution. It's not housed by you, so it takes up no server resources on your part, and the solution is extremely redundant. Certainly a hell of a lot more than you are going to get paying for it yourself in most instances. Their virus and spam definitions are essentially second to none, and the rates of false positives I have seen for spam are very good as well. Their interface on their web site isn't exactly feature rich, in actual fact it really is quite sparse, but then it does cover the basics, and their retention times for bad mails are good too.

So for gateway products, these are what I am recommending to customers at the moment. I am tending to not push for server based (Exchange server / Information Store) AV as hardware is cheap and if it's not on there it can't cause you any problems. All this tied in with the fact that it doesn't scale leads me to think that it's not worth it. The other suggestion would be to run Exchange on port 26 and have this on port 25. That way it can be on the same box, but it shouldn't interfere with Exchange at all.

I have no idea what your discount schedule is for resellers, so I can't even get you indicitive pricing. I also don't know where you are, so that helps me even less.

Happy hunting!

Berny

Re:Two suggestions - Gateway products (1)

stry_cat (558859) | more than 8 years ago | (#15236047)

I second the message labs solution, if you can affort it. We've got over 4000 employees all with email and maybe once a week does a spam make it to one person. The only false positive reported in the last two years was, someone wanted to subscribe to bugtraq and the confirmation message kept gettting blocked. The only draw back is cost. We're paying an arm and a leg, but we are getting what we pay for.

Ignore the outlook plugins (1)

Anonymous Coward | more than 8 years ago | (#15225053)

Most of them are either tied to sub-standard products, or cause more problems than they're worth

Go for one of the plethora of standalone appliances that go infront of exchange. Any of them will increase the security of the exchange system, and combat spam. Some even include per-user spam quarantines that the end-user can control through a simple web interface.

Exchange 2003 SP2 (2, Informative)

slasher999 (513533) | more than 8 years ago | (#15225101)

Read up on Exchange 2003 SP2. MS made significant security and spam related enhancements to Exchange 2003 with the release of that SP. There is plenty of info on Microsoft's Exchange site about SP2.

I'd also recommend looking at GFI MailEssentials. It's cheap (free in it's "cheapest" version), simple to install and configure, and can do a good job when configured properly. Several methods for defining spam are available in the product - blacklists/whitelists, Bayesian, others.

Finally, consider outsourcing the entire spam identification process. Postini, which I've used for years at various employers, rocks. Adminitration and all user level functions (approve/delete quarantined messages, whitelist/blacklist addresses or domains, etc.) are performed via web browser (works great with Firefox or IE). Users are given their own id/password and are notified via email when they have quarantined items (once per day). Postini also does basic antivirus scanning (via McAfee) and while that isn't adequate in itself for protecting your email environment from viruses, it does offer an extra layer of protection. It's relatively cheap as well. If you are a small company (100 users), I believe McAfee offers Postini services bundled with some of their products geared for small business.

Moving spam detection off Exchange... (1)

Karl Cocknozzle (514413) | more than 8 years ago | (#15225103)

...Or at least, most of it. We're implementing the "spam firewall" box option that has been the vogue for the last few years because our Exchange spam filter is, likewise, coming up for license renewal. The last straw for me was when it came to image-only spam--for about two dozen of my 300 users, it won't block it. But it does block it for SOME people... Irritating, and hard to explain to a sales manager in the field getting six of these penny-stock-scam messages per day. I even have one guy who gets some penny-stock image-only messages blocked, others not.

Our new plan is to filter on the spam firewall for viruses and spam, dropping messages with viruses immediately, and dropping spam with a very high and obvious spam score. Anything that isn't spam at this point gets forwarded to Exchange. Spam below a certain point gets pre-pended with "SPAM:" in the subject so it is automagically filed by the tier 2 spam-filter and routed to the SPAM folder in Outlook. Spam above our threshold will not be forrwarded to Exchange and gets dropped.

On Exchange, the tier 2 filter will route the SPAM: messages that made it (our precaution against false positives getting totally dropped) to the SPAM folder in Outlook. The tier 2 filter will also be looking for spam/viruses that somehow got missed at tier 1, or for if a client gets a virus and starts spewing junk we want to block (from inside the SPAM firewall...)

It is convoluted, but we are having performance issues with Exchange related to spam being "filtered" on the Exchange server. In the recent past we've seen a drastic increase in spam volume because our company has put up an e-commerce web-site, so we're attracting more traffic and attention to our domain. In our current configuration, because every message that got dropped entirely (viruses) still had to come into the store, then be moved, and deleted, all contributing to log growth, store growth (exchange stores go one direction) and performance degradation.

By filtering the most obviously unwanted messages before they hit the Exchange store we keep growth of the stores to a minimum, they don't get fragmented and bog-down to molasses as often, and the customers don't complain as much/ever about "Outlook is requesting data..." (Anybody with large exchange stores in their life knows about the molasses phase some stores go through, and the wonderful "Outlook is requesting data..." phenomenon.

Barracuda (1)

zeitgeist77 (107700) | more than 8 years ago | (#15225124)

http://www.barracudanetworks.com/ [barracudanetworks.com]

Not to evangelize too much, but but I love my barracuda box. It's conceptually a linux box with spamassasin and some bayes stuff with a web interface. But its great, no per user licensing, active directory integration etc. (The AD stuff lets it tell if an email address exists in your organization or not before forwarding the message. If not, it just hangs up on the sender.)

It isn't 100%, at least the way I have it set up because we don't want false positives ever, and my users are far too dumb to navigate the quarantine box. Anyway, overall in my experience it has been a nice box. Oh yeah, and the reseller I used set us up with a try-before-you-buy type thing, probably others will do that too.

Re:Barracuda - I'll second that. (1)

CSIP (31272) | more than 8 years ago | (#15225241)

I installed one almost a year ago & it's worked great.

There are some features like quarantine & an outlook plugin, but it works well even without those - the user's dont need to know it's there if you dont want them too.

Re:Barracuda - I'll second that. (1)

blincoln (592401) | more than 8 years ago | (#15225509)

There are some features like quarantine & an outlook plugin, but it works well even without those - the user's dont need to know it's there if you dont want them too.

Yeah. We use a pair of Barracudas at work and they're awesome. The web interface is intuitive enough that non-engineers can do the spam training and look for emails that got blocked unnecessarily. It auto-updates itself, and is totally transparent to the end users.

I couldn't imagine a better anti-spam system, unless maybe someone came out with one that deployed assassin robots to hunt down and kill the spam senders.

Re:Barracuda - I'll second that. (1)

ophix (680455) | more than 8 years ago | (#15228667)

We use a barracuda and quite frankly arent very impressed. It used to work great but the spammers have gotten better while the technology powering the barracuda hasnt. I get tons of spam in my personal inbox and i have trained the byasian(sp?) filter for my account and for the box as a whole extensively.

now dont get me wrong, we love their outgoing filter product as for the load it handles and the email it handles, it works great.

the incomming product has to be babysat far too much, and the company itself tells you that you need to blow away the byasian db every 3 months and build it again. not acceptable. as it is right now a tech spends half a day every day training the damned thing to make it better at keeping our customers happy.

We are close to migrating to postini. postini costs more but they have techs their who do the spam classification for you and they stay on top of filtering techniques. personally i dont like the idea of having a 3rd party be the first stop for all of our incoming mail, but if it helps keep the customers happy then it is fine by me.

XWall (1)

ocbwilg (259828) | more than 8 years ago | (#15225128)

I use and recommend XWall for Exchange by DataEnter. Go to www.dataenter.at and check it out. There is a 30-day eval that you can download, and it is extremely cheap (something like $250 per server). It is basically a gateway product, so you only install it on your SMTP gateways. My company with 3 Exchange servers only has it installed on the single SMTP gateway server, so we only needed one license.

XWall does pretty much everything that you could want. It supports greylisting, blacklisting, whitelisting, multiple SLS and blackhole services, and you can make exceptions or additions to just about any filtering criteria. It also has plug-ins for anti-virus capability. It has a large number of heuristic detection settings that you can enable/disable individually, and it even supports bayesian filtering. It also lets you flag, forward to an admin, bounce, or blackhole suspicious email as needed. It's really about the most feature-complete spam filter I've ever seen, and since it runs on the gateway it doesn't slow down client-side operations like many other products do.

At my company we installed it, turned on greylisting, turned on a couple of the heuristic options (failing RDNS lookups, having an internal address in the FROM: field on a message from an external source, etc), and set it to query two RBLs and our spam problem was literally gone overnight. It's actually very easy to set up, and the documentation and support are excellent.

My boss was a little leery of buying something via credit card from Austria (we're in the states), but I had used it at my previous employer's (for a Fortune 50 company with over 100 Exchange servers and 60,000 users), and had no problems at all. It's worth it's weight in gold.

Trouble with a Symantec product? (1)

Futurepower(R) (558542) | more than 8 years ago | (#15225163)

Trouble [google.com] with a Symantec product? Symantec Error [google.com] gets 3,000,000 hits.

Re:Trouble with a Symantec product? (1)

Anarke_Incarnate (733529) | more than 8 years ago | (#15225248)

That proves nothing. It just means that there is a lot of penetration in symantec products. I am not a fan of a lot of their products, but Brightmail is not on the list of crap they have put out. They BOUGHT brightmail and made it their own.

Just an FYI, looking up "Linux Error" in google gets me 72,800,000 hits. Looking up "Sexual Error" gets me 15,600,000 hits and "google error" gets me 65,800,000 hits.

lost time and pain (1)

Futurepower(R) (558542) | more than 8 years ago | (#15226446)

Yes that's true, but underlying the Symantec hits is an enormous amount of lost time and pain. -- From a fellow sufferer.

Use a Barracuda SPAM Firewall (1)

ahappli (175582) | more than 8 years ago | (#15225220)

What we found works best is having a Barracuda Spam Firewall in the DMZ, and allow only the Barracuda to talk to the Exchange server. LDAP lookup, drops the processor load on the Exchange, and once tweaked you don't get much spam though. Though, you do have to spend maybe an hour a week tweaking it. The Barracuda works really well overall though.

It also makes the exchange server more secure.

We love brightmail (2, Interesting)

Anarke_Incarnate (733529) | more than 8 years ago | (#15225230)

at work. However, have you considered instead of using brightmail on the exchange server, only use the foldering agent and set up brightmail filters as your MX record (top level) and have them relay the mail to your exchange? We have about >95% catch rate. You can set them up running on Windows with IIS SMTP, Linux with sendmail or Solaris with sendmail. As cheap as brightmail is and as good as it has worked for my company, I would keep it. My suggestion would be to use the "Suspected Spam" option and set the threshold to 62. The one thing I would suggest is if it is a windows based gateway filter, as described above, reboot it weekly (works really well if you can afford 2 boxes, since BM doesn't charge by server, CPUs or anything, but rather how many clients you have it filter for) or at least schedule scripts to restart tomcat (net stop tomcat... net start tomcat...) If on a *Nix box, just cron tomcat restarts.

GFI Mail Essentials (1)

punkrokk (644392) | more than 8 years ago | (#15225267)

Works great, even syncs with multiple mail gateways, and you have no client because it uses public folders. http://www.gfi.com/ [gfi.com]

Free DNS Blacklist support. (1)

WoTG (610710) | more than 8 years ago | (#15225637)

I was going to mention GFI as well. I've used it at a small office with Exchange 2000. The paid version does baynesian and what not, once the trial expires, you get to "keep" the DNS blacklist feature. Whitelist support was pretty good too.

Re:GFI Mail Essentials (1)

scsa (929805) | more than 8 years ago | (#15226907)

I'm no fan of GFI and actively recommend that people don't go anywhere near their Mail Security product (the AV scanner), which with every release seems to be fighting a losing battle against critical bugs that delete your CEO's e-mail. I just wish GFI could keep the releases in QA a bit longer, or hey, maybe start a QA department....

However, Mail Essentials is the best spam filter I've seen. Users almost hug you with delight once the bayesian filter gets switched on. It integrates in exchange neatly, users 'get' how to use the public folders easily, and it even uses Outlook's junk e-mail folder! It's pretty damn good. Just don't expect Mail Security or Web Monitor to be anywhere near as good. Because they're shit.

Re:GFI Mail Essentials (1)

RPGonAS400 (956583) | more than 8 years ago | (#15261397)

I have to agree with GFI Products. We use GFI MailEssentials for anti-spam and MailSecurity for anti-virus. I am not sure on the initial costs, but our yearly maintenance fee for a 50 user license of each is a total of $400 for both products plus 2 virus subscriptions (BitDefender and Norman). Their support is great also.

We have never had a virus slip through. Last November when whatever virus was going around we were receiving 3000+ a day of these and no problems. Because of this, our server anti-virus (eTrust) has never processed 1 virus.

For anti-spam the MailEssentials works great also. I use 8 of their filters. Mail I know is spam is deleted. If I am not sure (my last filters, including Bayesian) I look through it. I have to look at the headers of about 30 emails a day to see if it caught real mail. We process 1260 emails per weekday of which 60% is spam. On the weekends we process about 600 per day and 95% is spam.

No linux/bsd? (0, Redundant)

Anonymous Coward | more than 8 years ago | (#15225282)

You're going to find that 90% of the "mail security"/anti-spam solutions that are worth anything are devices of this ilk - turnkey appliances that run some bsd derivitave and generally don't care what mail system you run inside. This is really the way you should be looking anyway - these devices are purpose built to do nothing but process mail through whatever filters you configure them to use. You're going to see much greater effeciency and performance from a device like that rather than doing anti-spam with something that plugs into exchange. When (on average) 70-80% of the email your domain receives is junk, do you really want it getting into your bulky exchange infrastructure? Weed it out beforehand!

Most of the current crop of anti-spam devices work at least fairly well - obviously there are differences in some of the filters they support and the user interface; some will also have easy integration with other mail security options like encryption, etc. Another feature you might find is an Exchange plugin, though it seems easiest and much cleaner to manage spam from the client side via a web-based interface as opposed to attempted thick mail client integration.

Some examples:

CipherTrust IronMail
Baracuda (Look at your slashdot banner ads!)
Tumbleweed EMF
BorderWare MXtreme
IronPort

I believe all of these (with the exception of Tumbleweed) are some combination of *nix/bsd, mysql/postgres, apache, and custom smtp engines, all rolled up in a nice little easy to manage package. I'm partial to IronMail (mostly because I was a CipherTrust SA in a previous life), though the price point is a bit high. The MXTreme's are decent, and have BrightMail available as an add-on in addition to their built in filters. I've also heard good things about Baracuda, and the pricepoint is much lower, but I've not used them myself.

Microsoft Exchange Hosted Filtering aka Spamshark (1)

JumperCable (673155) | more than 8 years ago | (#15225352)

This is easy to use. It's outsourced to MS so they do all the maintenance work. It's called "Microsoft Exchange Hosted Filtering" aka Spamshark.
http://www.microsoft.com/exchange/services/buy.msp x [microsoft.com]

You get a 30 day free trial too:
http://www.microsoft.com/exchange/services/trial.m spx [microsoft.com]

It sends a daily e-mail (if you have any spam) to the client. And the client identifies if any are false positives. Very easy to use. $1.75/month/address if you can't broker a deal on volume pricing. So about $21/person/year + extra addresses.

What's your best option? Depends on how many users you have. But a hosted service might be the right option for you no matter who you go with.

One minior anoyance is that it did flag an address I had previously approved from a mailing list. YMMV. I don't get much spam at my corporate address from the get go, so I don't know how other people with high spam content like this system. But I do know that you don't want a false positive on that million dollar client.

iHateSpam (2, Informative)

carnellm (256788) | more than 8 years ago | (#15225427)

Sunbelt Software's [sunbelt-software.com] program called iHateSpam works very well on Exchange servers. It has an fairly easy administrative interface, and is very easy for users to understand. Also generates good look reports which are great for showing to execs and users how much spam is getting caught and who the worst offenders are. Demo version too. They have some other products for anti-virus and spyware and such, but I have only used the spam one.

Outsource (1)

Spazmania (174582) | more than 8 years ago | (#15225428)

Brightmail works fine. Exchange not so much. You have two good options:

A) An Ironport appliance.
B) Outsource to an antispam service.

Both of these solutions also protect your exchange server from hackers, mail floods and other things that tend to make your pager go off in the night.

Outsourcing is cheap if you're a smaller company. The Ironport lets you keep control it house if you're large enough to afford it.

Re:Outsource (1)

Bacon Bits (926911) | more than 8 years ago | (#15225574)

I'll second the Ironport appliance. We were able to free up a couple Win2k3 servers when we switched from Trend Micro to a single IronPort appliance. I'm a fan of Trend, too, so it took a lot for IronPort to impress me. I don't admin the box myself, but I'm told it is very easy to administer.

GFI MailEssentials (0)

Anonymous Coward | more than 8 years ago | (#15225458)

I have used GFI MailEssentials before, and it worked fantastically. One thing that I thought was great is that you can connect it to spamhaus XBL/SBL servers to filter spam. It also supports Bayesian filtering, and has a lot of other nice features. Any of the features you use to filter spam you can configure so it goes straight to the Junk Mail folder. I don't know how GFI is compared to other software pricewise, but it is definitely worth checking out.

Get a CanIt Appliance (1)

dheltzel (558802) | more than 8 years ago | (#15225470)

This works well with Exchange and is simple to maintain: CanIt Appliance [roaringpenguin.com]

I will second CanIT! (1)

janic (102538) | more than 8 years ago | (#15245469)

I will second canit!

We have been using Canit for about a year (and MIMEDefang for four years before that) and it is freaking awesome. If pointy-clicky through a web interface is enough of a GUI, that is.

It is _highly_ configurable and super flexible. You can have one stream for the whole company's inbound mail, one stream per user, or use a user's attribute in AD (accessable through LDAP) to "dynamically" map their email to a stream. Cripe, you can plumb it any which way you want.

In our case, I have our CanIT host sitting in front of five mail servers (one exchange, one groupwise, one netmail, one linux/sendmail host for application generated email and one OS/400 mail - not domino) each hosting one or more domains, or different POs in the same domain and not quite 1000 users. To say the least, we are in the middle of some consolidation. CanIT is acting as the smarthost, and has been hucking packets between systems with nary a hitch over the past year and a bit.

You can tell canit to strip training links from other systems and stuff it's own in the boilerplate or in the headers. If you want, you can have it send a daily reminder if you have messages in the trap.

Since the time we have installed it, we have been hit with a Joe Job, hammered by random word spam, you name it. Our mail servers and our users see none of it. Between greylisting RPTN (think distributed spam tagging database) and a handful of custom rules, we dispose of somewhere over 99% of spam. 3 false positives over the past 6 months or so, and they were easily released from the trap.

And the hardware? We use a recycled three year old Poweredge 350. 1GB ram 1GB CPU. The only time there is a load above 0.02 on the machine is when it is merging the RPTN data.

Sorry if I am coming across as a fanboy, but damnit, I like this package. If you don't want to manage "another server" get the appliance an just use a web browser.

ObDisclaimer: I wrote the first spin on the SuSE rpms (spec file, that is) for RP based on their Redhat spec file.

Cheers!
John

proofpoint? (0)

Anonymous Coward | more than 8 years ago | (#15225501)

at work there was a project last year to replace our trend anti-spam (which wasnt cutting it) and the solution chosen (and ALL were compared) was proofpoint. I am not saying it is the BEST solution for everyone but has worked quite well for us. Some spams still get through but overall does a good job filtering the mail before it gets to exchange.

Barracuda (1)

xdroop (4039) | more than 8 years ago | (#15225516)

Get yourself a Barracuda [barracudanetworks.com] . It is an appliance, is easy to configure and use, is updated regularly over the internet by the vendor, works with active directory, has plug-in for outlook users, and best of all will continue to work after you throw exchange away and get a real mail system. We buy them for our customers and have one ourselves, exchange or unix-based email.

Re:Barracuda (1)

SquarePants (580774) | more than 8 years ago | (#15228049)

I second the Barracuda firewall. Have been using it for 3 years at our office (about 40 users) and has worked great with Exchange so far.

Astaro Firewall works very well (1)

cornice (9801) | more than 8 years ago | (#15225544)

We're using an Astaro Firewall & Spam filter [astaro.com] for 100 users. We get updates very frequently, up to 6 times daily, and the results are excellent. On occasion we will find a new spam variant getting through and normally in less than a day that hole will be closed with an automatic update. This is in an environment where some mail users received 300 spams a day. I walked into this situation before I knew how bad it was - Groupwise 6.0 on a Netware 6.0. With the firewall/SMTP proxy solution, we get great spam filtering and we didn't have to touch Groupwise other to set a smart SMTP host.

We use Sophos PureMessage (2, Informative)

ayden (126539) | more than 8 years ago | (#15225626)

We installed Sophos PureMessage for UNIX about a month ago on our postfix SMTP gateways. The performance has been outstanding and provides web management user interfaces. Note that we specifically chose an AntiSpam/AntiVirus solution for our SMTP gateway servers different from our enterprise AntiVirus solution (we run McAfee GroupShield on Exchange and McAfee Enterprise 8i on our desktops and servers).

Since a UNIX server is not an option (though the web management interface may change that), you might want to take a look at PureMessage for Exchange:
http://www.sophos.com/products/es/gateway/pm-windo ws-exchange.html [sophos.com]

Sophos offers a 30 day evaluation:
http://www.sophos.com/products/eval/ [sophos.com]

BTW, prior to Sophos PMX, we were using SpamAssassin.

Spambayes (1)

vasqzr (619165) | more than 8 years ago | (#15225627)

SpamBayes is a python script that proxies pop3 connections. Works great, runs on Linux or Windows.

Re:Spambayes (0)

Anonymous Coward | more than 8 years ago | (#15231817)

Another vote for Spambayes.

I don't know about spam FILTERS (1)

zephc (225327) | more than 8 years ago | (#15225648)

But I know where you can find an Exchange-compatible spam generator [microsoft.com]

Heluna (1)

markv242 (622209) | more than 8 years ago | (#15225680)

Heluna [heluna.com] - rather than installing any software or hardware, it's a service that accepts all of your incoming e-mail and forwards on the good messages. Unlimited mailboxes, quarantines, approved/blocked senders, and it only costs based upon the number of good messages that you get.

Outsource it (1)

Some guy named Chris (9720) | more than 8 years ago | (#15225857)

If you're talent pool is so limited, use MXLogic or PostIni.

We've been using MXLogic for a year, and it works much better than SpamAssassin ever did.

Re:Outsource it (1)

GiMP (10923) | more than 8 years ago | (#15226000)

On my side.. for a company, I setup a filter based on SpamAssassin to catch all of the stuff that Postini missed -- Postini was really worthless, in my opinion.

Avoid IHateSpam, Checkout Cloudmark (1)

mantis108 (971697) | more than 8 years ago | (#15226474)

We had IHateSpam for a few months and wow what a piece of crap that product was. We got BrightMail after that and although it worked very well for us, it (as others have mentioned) gobbled up ridiculous amounts of server resources which made it undesirable for the long term. We've been using Cloudmark Server Edition (http://www.cloudmark.com) for the past 1.5 years and although it allows a few more messages through than BM did, overall it's a better value and much easier on CPU resources. And, there is a client-side add-in which further increases the effectiveness if you choose to employ it.

GFI AS/AV (MailEssentials and MailSecurity) (1)

dreamer-of-rules (794070) | more than 8 years ago | (#15226728)

I just went through this process a few months ago, and ended up with GFI Anti-spam/anti-virus for our underworked Exchange 2003 server (about a dozen users). I'm pretty happy with it. It's one of the few that uses a Baysian mail filter (trained by dropping emails into public folders). It also has auto-whitelisting (from outgoing emails), and a lot of other practical features, and just keeps working in the background. And reasonably priced. It's an extra bonus having a mail anti-virus scanner that's different from our desktops. -- http://www.gfi.com/ [gfi.com]

Re:GFI AS/AV (MailEssentials and MailSecurity) (1)

tvalley000 (410933) | more than 8 years ago | (#15227766)

I'll second your suggestion for GFI. Not only is the product server based, meaning I had to go through no training with my users for a client install and maintenance, but with the auto-update of the Bayesian filters, it really keeps on top of things. My small office tends to get a lot of spam due to the age of the domain name, so when I installed this application, my users were suddenly able to actually get work done again.

Put it under adult supervision (1)

dbIII (701233) | more than 8 years ago | (#15226931)

You already have more than one computer on your network, so ignore exchange entirely and have another machine accepting mail for it and forwarding it on to exchange after filtering. Exchange will accept conventional email as well as it's own odd methods.

Spamassassin is very good and can be found as part of very good cross platform packages like MailScanner. A low end machine can do a lot of filtering - and if it does get hammered the users won't notice because exchange on the other machine will still be accepting mail at full speed and passing it on when it can.

All the alternatives to a different machine are exchange add ons which will impact on the performace of the machine to some extent simply because of what it has to do. When you get a lot of spam this will most likely result in users looking at their email client window for annoyingly long periods of time as it contacts the server for deleivery. This will result in time wasting service calls - so you could go for big hardware and good settings or shift the problem to another system where latency is not so important.

Spambayes? (1)

cbqwinner (152547) | more than 8 years ago | (#15227173)

I've used Spambayes at a few sites and most users love it. It gives the users control to filter what they want.
http://spambayes.sourceforge.net/ [sourceforge.net]

Re:Spambayes? (1)

The Breeze (140484) | more than 8 years ago | (#15233600)

I second this. Spambayes works very well with Outlook & Exchange. The only problem is that since it's a client-side program, it's not working when the Outlook client isn't running. I have several clients who have an Exchange server hosted by someone else, and they are in the habit of opening their Outlook and letting it sit for 10 minutes so Spambayes can catch up on all the spam if they haven't checked their email for a few days. Also, of course, they now hate checking webmail since Spambayes only works with the Outlook client.

Best of all, it's free.

Why not spamassassin on windows? (1)

thenerdgod (122843) | more than 8 years ago | (#15227228)

Via "Spamsink" [spamsink.org] ? it's basically an iis smtp front-ender to spamd.

Re:Why not spamassassin on windows? (1)

belg4mit (152620) | more than 8 years ago | (#15228255)

Mail here comes in to UN*X servers, however our group uses Exchange so our stuff gets received there and then kicked over here. All incoming mail on the UN*X boxen is run through SpamAssassin, so the end result is the same as this (though the implementation sounds interesting).

In any event, SpamAssassin deinfitely works well with Outlook, you just add a rule based on

X-Spam-Level: ******
and each user can set their threshold as they see fit, by changing the number of stars.

Check out SpamSoap (1)

phillymjs (234426) | more than 8 years ago | (#15228374)

My employer uses (and resells) SpamSoap. [spamsoap.com] It kicks ass. They filter all the mail before sending it on to your mailserver. When they catch spam addressed to a user, that user gets a notification message (one per day) directing them to a web-based console. There they're presented with a list of the messages that have been filtered and can choose to delete them or release them for delivery to the mailserver.

If your mailserver takes a shit, they can cache your inbound mail for a while as well (at least 24 hours, but maybe more). I don't know all the service's specifics because I don't work in the department that deals with it, I only really see it from the perspective of an end-user. All of our clients who have signed on to use it love it.

~Philly

MailFrontier (1)

ravidew (456067) | more than 8 years ago | (#15228954)

We've used (www.)MailFrontier(.com)'s EG for a long time now, and seen it evolve from v2.0 to where it is today. The product offers a number of features that are appealing:

- filters spam accurately; we've had very few missed messages, and fewer still false positives.
- monitors Exchange logs; automatically configures whitelists accordingly
- allows remote agents to be installed on user machines, though log monitoring makes this fairly unnecessary
- DOES NOT HAVE TO LIVE on the Exchange box (it can, but I would never recommend that for any enterprise solution, for both speed and crash recovery)
- provides first-touch isolation
- antivirus plugs (McAfee and Kaspersky) available
- provides out-bound filtering

Drawback:

- not free

Did you check IPCop + Copfilter ? (1)

marcomuskus (628509) | more than 8 years ago | (#15229308)

IPCop + Copfilter, based on Linux, check it at: www.ipcop.org [ipcop.org] and www.copfilter.org [copfilter.org]

Consider a Hosted Service (1)

Ubertech (21428) | more than 8 years ago | (#15229459)

You still need to run internal software to be safe, but have you considered contracting with a mail scanning service like Message Labs [messagelabs.com] ? A significant percentage of the mail that comes to my employer's accounts contains spam or viruses, and this service has been great at filtering it out. Not only that, but whatever bandwidth it would have taken (granted, it's not that much) never comes to our network. Again, and I can't stress this enough, you still need to run something internally to be as safe as possible, but these guys are inexpensive, and their service has been great. (No, I don't work there. I'm just happy with them)

Managed Service (1)

dancablam (594200) | more than 8 years ago | (#15236476)

A managed service is flat out the way to go. That way you don't have to mess with installing and managing software or hardware that's just going to get old and useless.

My recommendations are:
MXLogic [mxlogic.com]
MessageLabs [messagelabs.com]
Spam Spy [spamspy.com]


There are many others too. Postini is the most popular but I hear it kind of sucks.

Best of luck!

Can't believe no one has mentioned... (1)

pla (258480) | more than 8 years ago | (#15237263)

Just point it to an RBF such as Spamhaus. We use their SBL/XBL combo list, and spam dropped by easily 95%.

You don't need any additional software, it just plain works. And it stays up-to-date automagically (well, thanks to the hard work of the guys at Spamhaus that maintain it). You'll never need to touch it again unless your RBL's maintainer shuts down.

Sadly, as the biggest problem you'll have - Many manegerial types receive spam and consider it some sort of insider secret prize they've won (you know, like the stock-tip s[cp]ams?). No joke - You will get complaints if you manage to completely block all spam.

Mailwasher server (1, Informative)

Anonymous Coward | more than 8 years ago | (#15243920)

Nice open source antispam which plugs in to Exchange. Simple to setup

Great UI for admins and users with quarantine features users can manage themselves.

We've had great results with it.

http://oss.firetrust.com/ [firetrust.com]

SpamBully (1)

-kyle-rev (972303) | more than 8 years ago | (#15245228)

My company has purchased http://www.spambully.com/ [spambully.com] and I have to say it is an absolutely excellent product. I tried and tested a few products before recommending SpamBully. SpamBully was by far the best. It works with Exchange accounts, that is very important for us. The very first time you start Spam Bully, its Bayesian spam filter will learn from your own personal email habits, identifying good and spam messages. Every time you download your email, Spam Bully will make sure good emails make it to your Inbox. Spam emails are sent to the "Spam" folder. Emails SpamBully may have difficulty classifying, go to a special "Unsure" folder. You can always adjust emails in these folders by using the Spam and Not Spam buttons in the SpamBully toolbar. Tons of features and worth a look.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>