Exchange Compatible Spam Filters? 99
DamienMcKenna asks: "At work our license for Symantec Brightmail is coming up for renewal and I'm looking for alternatives that will cooperate with Microsoft Exchange 2003. Brightmail hasn't worked consistently since we installed it last year, has a low success rate, the client plugin has been very unstable, and it takes up far too much server resources for what it does. Given that many of the appropriate software is not available for trial (you have to base decisions off their marketing materials), does anyone have recommendations on what to use instead? It must be Windows-based (UNIX/Linux/BSD is out of the question right now), and should have an easy to use administrative interface since not all of the IT staff are very technically minded. A working plugin for Outlook for client-level configuration would also be appreciated."
MailMarshal (Score:4, Informative)
This was several years ago, and all those things, including a web interface and quarantines were supposed to be in the next version (and they've gone through some two or three versions since then).
Might be worth checking out anyway.
Re:MailMarshal (Score:3, Interesting)
"Not technically minded?" (Score:5, Interesting)
What kind of a "company" is this? I guess it's too much to ask for a name.
Re:"Not technically minded?" (Score:3, Insightful)
Re:"Not technically minded?" (Score:3, Insightful)
Re:"Not technically minded?" (Score:2)
What's "inherently" insecure about AD and Exchange ?
Re:"Not technically minded?" (Score:2)
Stuff like this?
http://security.tombom.co.uk/shatter.html [tombom.co.uk]
I dunno. I still use it, have only a few users, and use the inbuild 'intelligent message filter' which is actually a ripped off spam assasin? Or very similar, being baysian, I believe.
Re:"Not technically minded?" (Score:2)
Shatter attacks require a) a local login and b) a suitably exploitable application.
It should not be difficult to see how an equivalent set of circumstances on other platforms would make them similarly vulnerable.
Re:"Not technically minded?" (Score:2)
Re:"Not technically minded?" (Score:2, Informative)
Now, if you're after a client-side solution for Craplook, try SpamBayes. I have it at work (no thanks to senior management being invited to wine and dine with the Borg-team). It works OK if the u
SpamBayes Yeahs (Score:1)
One of the tricks I used to make the filter a little smarter off the bat was to s
Re:"Not technically minded?" (Score:1)
SpamBayes works fine.
My 2cents.
Re:"Not technically minded?" (Score:2)
That said, we do use Brightmail. I must say that this IT department must not be technically minded: Brightmail was an SOB to install, but after that it's been literally running for *looks at calendar* 9 months with zero interaction, has had a total of -one- false positive, and has something like a 99.9% detection rate, with one message that consistently got through for 2 days or so until it was added to th
Re:"Not technically minded?" (Score:2)
Standalone device (Score:2)
And if I may expand upon that... (Score:2)
If that is an option, then you have a lot more products to choose from.
Personally, I run Exim4 w/SpamAssassin as the smart host for out ancient GroupWise 5.5ep installation.
And it is un-fucking-believably fantastic.
Re:And if I may expand upon that... (Score:2)
The poster is really asking for a push-button point and clicky GUI interface type thing ("easy to use administrative interface"), due to the non-technical IT staff and the "Must be windows" requirement which just happens to exclude the ALL the best options. Really. So the alternatives are overpriced crapware which are not nearly as effective (
Re:Standalone device (Score:1)
ASSP (Score:3, Informative)
Re:ASSP - I use this... (Score:2)
BUT... Once it's set up, it's easy to modify, easy to update, and fun to watch as it clears away your spam problems.
ORFEE (Score:3, Interesting)
I've had good luck with ORFEE [vamsoft.com]. After implementing the Greylist, our spam went down about 75%. I then blacklisted the remaining spam-sending networks (only if I knew we wouldn't need to mail them) and it has now been several weeks since I've received a single piece of spam.
It doesn't have an outlook plugin, but we haven't really needed one. It also has a trial version.
Re:ORFEE (Score:1)
Re:ORFEE (Score:2)
This means that should you accidentally block a legitimate email, the original sender will be notified as their system will send a bounce, but you won't waste everyone's time sending out non-delivery-reports to spam with forged senders.
(The usual approa
McAfree GroupShould with SpamKiller add-on (Score:3, Interesting)
http://www.mcafee.com/us/smb/products/anti_spam/s
Re:McAfree GroupShould with SpamKiller add-on (Score:4, Informative)
Since we're on the topic of commercial distributions of SpamAssassin:
http://wiki.apache.org/spamassassin/CommercialWind ows [apache.org]
...and I know you're looking for easy-to-click distributions, but on the off-chance you (or somebody else reading this article) is looking for information on simply running SpamAssassin on Windows:
http://wiki.apache.org/spamassassin/UsingOnWindows [apache.org]
Re:McAfree GroupShould with SpamKiller add-on (Score:2)
Worked great, except it had a fun bug where if an e-mail with an attachment went to a distribution group where some users were being filtered but others weren't, the attachment kinda disappeared.
(And it did other bad things to the mail store.)
The product's probably much better now, but I'd still prefer a mail gateway these days.
Re:McAfree GroupShould with SpamKiller add-on (Score:2)
http://www.christopherlewis.com/ExchangeSpamAssass in.htm [christopherlewis.com] contains information to run SpamAssassin as an Exchange SMTP Sink.
It's pretty much for low volumne usage in the under 5000 emails a day range. It uses SA in serial mode (ie, each mail launched a new copy of perl running SpamAssassin) rather then using SpamC/SpamD. Does some interesting things with logging, archiving, size filtering etc.
I should probably re-write it for SpamC/SpamD stuff, but I haven't had the email volume, an
Non-Windows doesn't mean you can't use Exchange... (Score:5, Insightful)
I'm doing this (Score:2)
Exactly the same except w/GroupWise. (Score:2)
The only complaint I have is that GroupWise does not make the email nicknames available via LDAP. Exim itself rocks! SpamAssassin rocks!
Re:Non-Windows doesn't mean you can't use Exchange (Score:1)
An opensource frontend (cluster if required) that acts as a gateway to your exchange backend.
This is exactly what my company does and it works very well. I have, infact, never recieved a single piece of spam. It can be configured to touch base with the exchange backend to insure a real account/group is on the recieving end and 550 anything else.
Yes, yes, a million times yes! (Score:2)
The Postfix server never dies unexpectedly (99.99+% uptime last year, including maintenance downtime) and we automatically have a backup MX for when Exchange falls over - incoming mail just spools up in Postf
Re:Non-Windows doesn't mean you can't use Exchange (Score:2)
The drawbacks, which I think the original poster listed as requirement, is that it doesn't integrate nicely into exchange. Training the bayes stuff for _your_ mail is hard (eg marking it as spam under exchange doesn't automatically adjust the bayes stuff). That being said, the solution I put togther has very low false positive rate
Re:Non-Windows doesn't mean you can't use Exchange (Score:2)
It works very very well. The only drawback I've found is that it seems to be absol
Re:Non-Windows doesn't mean you can't use Exchange (Score:2)
Why not use Exchange IMF? (Score:5, Informative)
IMF is the answer. Free, from MS, and effective (Score:5, Informative)
See: here [microsoft.com].
I used to fool a dedicated linux box and SpamAssassin. I tested out the IMF when it came out and for the spam my users see, it beat out how our SpamAssassin was configured.
It also integrates with exchange very closely and uses the new Spam Confidence Level header stuff.
Re:Why not use Exchange IMF? (Score:1)
Have a look at http://www.microsoft.com/technet/prodtechnol/exch
Re:Why not use Exchange IMF? (Score:1)
maia mailguard (Score:1)
Re:maia mailguard (Score:1)
Two suggestions - Gateway products (Score:3, Interesting)
1) If you want to house on site, then use this: Trend Micro InterScan Messaging Security Suite [trendmicro.com] It runs on windows, and has a really good hit rate for SPAM and it's even better with viruses.
2) If you don't mind getting someone else to do it for you: MessageLabs Spam and Virus filtering [messagelabs.com]
The IMSS solution I am not going to turn around to you and say that it's the absolute best thing on the face of the planet, as quite simply I just haven't seen something out there yet, that really makes me go WOW! It is however, a really good gateway product, and works extremely well, if nothing else, it's the pick of a bad bunch. It's very configurable, and in from my experiences with it, tends not to screw up. That's a pretty important factor for me.
The MessageLabs solution is another gateway solution. It's not housed by you, so it takes up no server resources on your part, and the solution is extremely redundant. Certainly a hell of a lot more than you are going to get paying for it yourself in most instances. Their virus and spam definitions are essentially second to none, and the rates of false positives I have seen for spam are very good as well. Their interface on their web site isn't exactly feature rich, in actual fact it really is quite sparse, but then it does cover the basics, and their retention times for bad mails are good too.
So for gateway products, these are what I am recommending to customers at the moment. I am tending to not push for server based (Exchange server / Information Store) AV as hardware is cheap and if it's not on there it can't cause you any problems. All this tied in with the fact that it doesn't scale leads me to think that it's not worth it. The other suggestion would be to run Exchange on port 26 and have this on port 25. That way it can be on the same box, but it shouldn't interfere with Exchange at all.
I have no idea what your discount schedule is for resellers, so I can't even get you indicitive pricing. I also don't know where you are, so that helps me even less.
Happy hunting!
Berny
Re:Two suggestions - Gateway products (Score:1)
Ignore the outlook plugins (Score:1)
Go for one of the plethora of standalone appliances that go infront of exchange. Any of them will increase the security of the exchange system, and combat spam. Some even include per-user spam quarantines that the end-user can control through a simple web interface.
Exchange 2003 SP2 (Score:3, Informative)
I'd also recommend looking at GFI MailEssentials. It's cheap (free in it's "cheapest" version), simple to install and configure, and can do a good job when configured properly. Several methods for defining spam are available in the product - blacklists/whitelists, Bayesian, others.
Finally, consider outsourcing the entire spam identification process. Postini, which I've used for years at various employers, rocks. Adminitration and all user level functions (approve/delete quarantined messages, whitelist/blacklist addresses or domains, etc.) are performed via web browser (works great with Firefox or IE). Users are given their own id/password and are notified via email when they have quarantined items (once per day). Postini also does basic antivirus scanning (via McAfee) and while that isn't adequate in itself for protecting your email environment from viruses, it does offer an extra layer of protection. It's relatively cheap as well. If you are a small company (100 users), I believe McAfee offers Postini services bundled with some of their products geared for small business.
Moving spam detection off Exchange... (Score:2)
Barracuda (Score:1)
Not to evangelize too much, but but I love my barracuda box. It's conceptually a linux box with spamassasin and some bayes stuff with a web interface. But its great, no per user licensing, active directory integration etc. (The AD stuff lets it tell if an email address exists in your organization or not before forwarding the message. If not, it just hangs up on the sender.)
It isn't 100%, at least the way I have it set up because we don't want false positives ever, and my use
Re:Barracuda - I'll second that. (Score:2)
There are some features like quarantine & an outlook plugin, but it works well even without those - the user's dont need to know it's there if you dont want them too.
Re:Barracuda - I'll second that. (Score:2)
Yeah. We use a pair of Barracudas at work and they're awesome. The web interface is intuitive enough that non-engineers can do the spam training and look for emails that got blocked unnecessarily. It auto-updates itself, and is totally transparent to the end users.
I couldn't imagine a better anti-spam system, unless maybe someone came out w
Re:Barracuda - I'll second that. (Score:2)
now dont get me wrong, we love their outgoing filter product as for the load it handles and the email it handles, it works great.
the incomming product has to be babysat far too much, and the company itself
XWall (Score:2)
XWall does pretty much everything that you could want. It supports greylisting, blacklisting, whitelis
Trouble with a Symantec product? (Score:2)
Re:Trouble with a Symantec product? (Score:2)
Just an FYI, looking up "Linux Error" in google gets me 72,800,000 hits. Looking up "Sexual Error" gets me 15,600,000 hits and "google error" gets me 65,800,000 hits.
lost time and pain (Score:2)
Use a Barracuda SPAM Firewall (Score:1)
It also makes the exchange server more secure.
We love brightmail (Score:3, Interesting)
GFI Mail Essentials (Score:1)
Free DNS Blacklist support. (Score:2)
Re:GFI Mail Essentials (Score:1)
However, Mail Essentials is the best spam filter I've seen. Users almost hug you with delight once the bayesian filter gets switched on. It integrates in exchange neatly, users
Re:GFI Mail Essentials (Score:1)
We have never had a virus slip through. Last November when whatever virus was going around we were receiving 3000+ a day of these and no problems. Because of this, our server anti-virus (e
Microsoft Exchange Hosted Filtering aka Spamshark (Score:2)
http://www.microsoft.com/exchange/services/buy.ms p x [microsoft.com]
You get a 30 day free trial too:
http://www.microsoft.com/exchange/services/trial.m spx [microsoft.com]
It sends a daily e-mail (if you have any spam) to the client. And the client identifies if any are false positives. Very easy to use. $1.75/month/address if you can't broker a deal on volume pricing. So about $21/per
iHateSpam (Score:2, Informative)
Outsource (Score:2)
A) An Ironport appliance.
B) Outsource to an antispam service.
Both of these solutions also protect your exchange server from hackers, mail floods and other things that tend to make your pager go off in the night.
Outsourcing is cheap if you're a smaller company. The Ironport lets you keep control it house if you're large enough to afford it.
Re:Outsource (Score:2)
Get a CanIt Appliance (Score:2)
I will second CanIT! (Score:1)
We have been using Canit for about a year (and MIMEDefang for four years before that) and it is freaking awesome. If pointy-clicky through a web interface is enough of a GUI, that is.
It is _highly_ configurable and super flexible. You can have one stream for the whole company's inbound mail, one stream per user, or use a user's attribute in AD (accessable through LDAP) to "dynamically" map their email to a stream. Cripe, you can plumb it any which way you want.
In our case, I have our Can
Barracuda (Score:2)
Re:Barracuda (Score:2)
Astaro Firewall works very well (Score:2)
We use Sophos PureMessage (Score:3, Informative)
Since a UNIX server is not an option (though the web management interface may change that), you might want to take a look at PureMessage for Exchange:
http://www.sophos.com/products/es/gateway/pm-wind
Sophos offers a 30 day evaluation:
http://www.sophos.com/products/eval/ [sophos.com]
BTW, prior to Sophos PMX, we were using SpamAssassin.
Spambayes (Score:1)
I don't know about spam FILTERS (Score:2)
Heluna (Score:2)
Outsource it (Score:2)
We've been using MXLogic for a year, and it works much better than SpamAssassin ever did.
Re:Outsource it (Score:2)
Avoid IHateSpam, Checkout Cloudmark (Score:1)
GFI AS/AV (MailEssentials and MailSecurity) (Score:2)
Re:GFI AS/AV (MailEssentials and MailSecurity) (Score:1)
Put it under adult supervision (Score:2)
Spamassassin is very good and can be found as part of very good cross platform packages like MailScanner. A low end machine can do a lot of filtering - and if it does get hammered the users won't notice because exchange on the other machine will still be a
Spambayes? (Score:1)
http://spambayes.sourceforge.net/ [sourceforge.net]
Re:Spambayes? (Score:2)
Why not spamassassin on windows? (Score:2)
Re:Why not spamassassin on windows? (Score:2)
In any event, SpamAssassin deinfitely works well with Outlook, you just add a rule based on
and each user can set their threshold as they see fit, by changing the number of stars.
Check out SpamSoap (Score:2)
If your mailserver takes a shit, they can cache your inbound mail for a while as well (at least 24 hours,
MailFrontier (Score:1)
- filters spam accurately; we've had very few missed messages, and fewer still false positives.
- monitors Exchange logs; automatically configures whitelists accordingly
- allows remote agents to be installed on user machines, though log monitoring makes this fairly unnecessary
- DOES NOT HAVE TO LIVE on the Exchange box (it can, but I wou
Consider a Hosted Service (Score:1)
Managed Service (Score:1)
My recommendations are:
MXLogic [mxlogic.com]
MessageLabs [messagelabs.com]
Spam Spy [spamspy.com]
There are many others too. Postini is the most popular but I hear it kind of sucks.
Best of luck!
Can't believe no one has mentioned... (Score:2)
You don't need any additional software, it just plain works. And it stays up-to-date automagically (well, thanks to the hard work of the guys at Spamhaus that maintain it). You'll never need to touch it again unless your RBL's maintainer shuts down.
Sadly, as the biggest problem you'll have - Many manegerial types receive spam and consider it some sort of insider secret prize they've won (you know
Mailwasher server (Score:1, Informative)
Great UI for admins and users with quarantine features users can manage themselves.
We've had great results with it.
http://oss.firetrust.com/ [firetrust.com]
SpamBully (Score:1)