SPAM

0 pts.
Tags:
AIM
Application security
Availability
backdoors
Bandwidth
Budgeting
Compliance
CRM
Current threats
Database
DataCenter
Desktops
Development
Disaster Recovery
Encryption
Exchange security
Firewalls
Forensics
Hacking
Hardware
human factors
Incident response
Instant Messaging
Intrusion management
Management
Microsoft Exchange
Microsoft Windows
Network monitoring
Network security
Networking
OS
Patch management
Performance management
Policies
Risk management
Secure Coding
Security
Security Program Management
Servers
Spyware
SQL Server
Trojans
Viruses
VPN
Wireless
worms
I am running Exchange 2003 and Win2k3 servers. we get a ton of spam, and I want to stop it. What in your opinion are the best SPAM softwares and why? (such as strong points and weak points) let's hear it....
ASKED: November 10, 2005  11:11 AM
UPDATED: November 21, 2005  5:31 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

First off, I like the positini.com spam filtering service. They do a pretty good job.

Secondly, you need to watch the format of email addresses to avoid those which can be mechanically generated. By this I mean avoid names like “johna, johnb, ajones, asmith” etc. I used to use bobk and got flooded with the stuff.

Do a Google Search for “Mail Scrubbers”.

Have fun!

Bob

Discuss This Question: 48  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Bwaggs
    I have Brightmail and I am extremely happy with it. My spam went from about a 100 a day to approximately 10 to 15 per week. No reports of of people not getting email. This has been installed for about 10 months.
    0 pointsBadges:
    report
  • Rloveall
    We do a double wash. First the email goes through a Barracuda hardware device and then through MailFrontier, this two step process makes spam essentially non-existant. We receive close to 10000 emails a day. After going through the two steps Exchange only needs to handle the approximate 1000 emails that are actually business related. As for false positives we have had maybe four in the time the solution has been in place. Its been in place over a year. The Barracuda also checks against viruses and the email is rechecked when it gets to the Exchange server.
    0 pointsBadges:
    report
  • Steve86
    We have a similar setup inside our network. We use an outside service through Sprint as a first line of defense. What happens is our MX records route all inbound email through Sprint and we set our firewall to only accept inbound SMTP traffic from the Sprint server's IP addresses. We have had very few false positives with this system (in a year and a half I think there were a total of 5 out of 240,000 legitimate messages delivered). This also includes running each message through three virus scanners, which has almost eliminated infected messages reaching our system. The cost is ~$3 per month per mailbox, and management of the system has been minimal. They update the spam and virus scanners on their end so I don't have to worry about it. A recent report showed that the Sprint filter blocked over 90% of the mail sent to our domain (those are messages that did not use our bandwidth or server resources). At the second line, we are using GFI MailEssentials. With the Sprint service, this is more of a blacklist scan to fine-tune and catch things like newsletters that people's "friends" signed them up for and messages that violate company policies (like adult-related spam). This software has an auto-whitelist feature that adds the addresses of outbound messages to the list to keep them from being blocked. I tend to be more hands-on with this filter and regularly watch for false positives. This system picks up another 3-5% of the spam before hitting people's mailboxes. Steve
    0 pointsBadges:
    report
  • MonicaE
    My company uses a service called Gateway Defender, which checks for spam and viruses. The company also has disaster recovery service for messaging. The web site is www.gatewaydefender.com.
    0 pointsBadges:
    report
  • Cherie
    We're a medium size company with a small IT group, so we wanted a SPAM solution that required as little of our time as possible to install/configure/manage. In the end we chose FrontBridge spam filtering service. We went from getting thousands of spam messages per week to as few as 50 per week (across our entire user base). Any messages that do get through can be easily reported to FrontBridge for future blocking. Their management tool (web interface) is simple and easy to use. Users get a summary email weekly that lists all of their spam messages. They can ignore the email, or they can look through it for false positives of which there have been a negligible amount (fewer than 5 in the past 18 months). The price is more than reasonable, and their service is great. I highly recommend this service, particularly if you're looking for a hands-off approach to spam filtering.
    0 pointsBadges:
    report
  • Rfrancis
    We are using the Barracuda Spam filter and it is the best i have found on the market. I have used it within GE for a few years and the hook up takes less than 15 minutes and the updates are automatic freeing up your time for other projects. check out their web site www.barracudanetworks.com Hope this helps
    0 pointsBadges:
    report
  • HumbleNetAdmin
    What do you use for email virus protection? One tool you might consider is Symantec Mail Security for Exchange. Does email virus protection as well as spam filtering. Some points of interest in the Anti Spam Set RBL blocking Heuristic Anti Spam Engine Cant set Spam Confidence LeveL (SCL) You can set individual SCL levels for these actions; Reject Message and Log rejected message Prevent delivery to orginal recipient Deliver to alternate recipient Add Subject tag Add custom X-header Log message Set a sender whitelist Set Recipient Whitelist Week Points, at least compared to previous posts. Previous post state that have no or very view false positives. I have never seen spam blocking that did not have false positives, if it didnt, then it wasnt blocking spam very well. So with SMSE You do need to redirect your spam to a mailbox that is checked and check it for false positives (emails that are blocked as spam that is legitimate.) I get serveral a week, that is out of some 10,000 - 20000 emails a week however. And I have the SCL of SMSE set fairly aggresive. Good luck in your search The HumblenetAdmin
    0 pointsBadges:
    report
  • DKoch67
    When spam started to become a problem for us, we initially tried using free blacklists on the internet. After spending way too much time configuring blacklist options, we decided to outsource the solution. We looked at Postini, but went with MXLogic because it was significantly cheaper. After more than a year of using the service, I have nothing but positive things to say about MXLogic -- spam has ceased to be a problem for our company.
    5 pointsBadges:
    report
  • Japeters
    Something to add...Depending on your environment, a two tier scrup may be the way to go or may be overkill. If you can live with 10-15 spam messages per week, why implement a second tier, unless there's a real good reason? In general, I have to recommend the outside filtering method because the filtering takes place before even hitting your internet pipe (securing you further and not utilizing your bandwith or throughput). However, the cost of these services from postini or sprint and other big names that popped up over the last couple years is pretty crazy when you get past 10-15 mailboxes. We use a no frills spam/virus filtering service from hydranetwork.com, which costs a third of these other services. You have to contact them by phone for most things, and this service doesn't have the administrative controls offered by services like postini...but that may be a benefit for a large organization that is trying to increase productivity. If you are trying to cut down on the time employees waste reading/deleting spam messages, why send them tempting notices about how many messages were filtered and give them the option to log in and look at them? That wastes more time than if they just read and deleted them in the first place!
    0 pointsBadges:
    report
  • Layer9
    We also use Symantec Mail Security for Exchange to screen out SPAM. It does include an optional Brightmail SPAM engine, however it costs extra and we never enabled it. We have found that the Heuristic SPAM filter coupled with a few well chosen blacklists does wonders to keep SPAM at bay. Also we utilize the built in SPAM filters in Exchange 2003 to catch anything the Symantec Gateway misses. Using this approach we get almost zero SPAM that acutally gets through. For the money the Symantec solution is a good one. Chris Weber Layer9corp.com
    0 pointsBadges:
    report
  • Linger1974
    I personally use XWall and love it. Great easy setup, works perfectly with Exchange, and antivirus. Support is also great. And.. It's only $300.00 or so. Can run on a seperate box or on the same one as Exchange.
    0 pointsBadges:
    report
  • Layer9
    One other quick note. Ringer pointed out Xwall works on either a separate box, or the Exchange Server itself. In all scenarios I strongly recommend not installing your Anti virus and or SPAM filtering software directly on your Exchange Server. We always recommend using a separate box to sit on your DMZ and accept email from the World Wide Web. This serves several purposes. 1. You don't have to open your Exchange Server to the WWW. 2. You have a better defense against Zero Day viruses and worms. 3. SPAM and mass mail will not reach your Exchange Server, which can overload the Queues on the Exchange Server. 4. You are protected against DOS attacks directly against your mail server. 5. If a hacker does get a Zero day virus to execute it's payload then the damage is minimized. I would rather loose a sacrificial box on the edge that does nothing other than scan my email messages and hand them off, then loose my entire mail database. Also there is another good reason. Exchange Servers that are open directly to the WWW accept connections over TCP 25 from any systems on the Internet. As most of you know anyone can telnet to your Exchange Server and throw commands at it and build bogus emails. Even assuming you are closed to relay hackers can still build internal messages that are routed to someone on the inside network. These messages can be used to cause problems or glean sensitive company information. Hackers can build a message from the head of the IT department for instance, asking for someone?s password. You can imagine the possibilities. Using a Gateway appliance it makes it more difficult to do this as messages coming from the inside will have the gateway as the originating server of the message, which makes internal bogus messages easier to spot. There are ways to block this altogether but installing an SMTP Gateway to accept messages on your behalf is a great step in the right direction. Never expose your Exchange Server to the Internet unless you have to. Chris Weber Layer9corp.com
    0 pointsBadges:
    report
  • Backbyrner
    We use Sophos Puremessage which does both spam and virus filtering. Like previous posters we have had only a handful of false positives in nearly 16 months of use. We use the version for UNIX/Linux but there is also an Exchange version. (http://www.sophos.com/products/es/gateway/pm-windows-exchange.html) On the positive side their hourly updates keep the spammers and virus writers at bay and their telephone support (in Australia, at least) is excellent. On the negative side the regular updates can add up to about 800-900Mb of downloads per month. Good luck.
    0 pointsBadges:
    report
  • Zaphod99
    I use SOPHOS PureMessage for Exchange. Out of the box it stopped 85% of all spam. It's really easy to administer, but also allows a reasonable amount of customisation. After two weeks of running I made two changes, and it now stops 97% of all spam for me. I like the frequency of spam rule updates and the low overhead it introduces. I also like the fact that it does AV for me too with the same interface. The only weakness I have seen is that reporting of historical stats is not great but I understand this is changing.
    0 pointsBadges:
    report
  • Hedgehog
    Hello there, I couldn't agree more with Layer9's latest post about not overloading and specially not showing your Exchange (or any other mails server) directly on the Internet, but use an SMTP proxy/gateway instead to do AV, AS, etc. However I would still recommend having AV (not so much AS) integrated into your email server if possible. That would catch any viruses sent internally that an external SMTP proxy will not see. Belt & braces approach, we call it :-) To answer TheVyrys's question, we use a 2-tier spam & virus filtering approach, with our ISP filtering the bulk of the junk, and a linux box on the DMZ that does spam filtering (SpamAssassin - f.o.c.) as well as AV (using Kaspersky engine, if you must know). We haven't received a single virus in the last 3 years (fingers crossed!). We do get some spam, but nothing significant. If you don't want to take the trouble of configuring spamassassin (or other AS sw) yourself, an appliance like those mentioned above is worth looking at. I have heard of a small company in the West of Ireland called Copperfasten.com that are giving Barracuda a run for their money. Please note that I have not used them myself AND I am NOT affiliated with them in any way, but I like to promote Irish products ;-) Another good appliance, although more expensive, is Borderware.com MXtreme Mail Firewall which uses their own AS engine as well as Symantec's Brightmail Anti-Spam Good luck in your search and don't forget to let us know what you end up choosing. Hedgehog.
    0 pointsBadges:
    report
  • Emtiez
    I use GFI Mail Essentials, havn't had one problem with spam since it started. Since the users have some control over what mail you choose false positives can be almost eliminated.
    0 pointsBadges:
    report
  • CherylC
    We use the Barracuda also and love it. It is our first line of defense. We also have TrendMicro on the Domino server and that picks off anything else. Between the two, we have reduced our mail load by leaps and bounds.
    15 pointsBadges:
    report
  • Mrmobile
    As a user, I find Postini to be very effective and easy to configure to my needs. It allows each person to set their own filter levels for certain types of spam, and to easily approve senders.
    0 pointsBadges:
    report
  • Layer9
    Hedgehog is correct about running AV software on the Exchange Server itself, something I negelected to mention. We run Symantec Anti-Virus for MS Exchange on all of our Exchange Servers in addition to the Gateway. This not only give us a double tier of protection from viruses, but not doing so would open yhe Exchange Servers to viruses from users attaching infected files that are sent internally and that do not pass through the AV Gateway. Good catch Hedgehog. Chris Weber Layer9corp.com
    0 pointsBadges:
    report
  • Mlandes
    hi, we use mailsweeper from clearswift does content filtering that corrolate with company policy and SPAM check (RBL test which is very strong) another solution we have put in place is MDAEMON that does a very good job too greetings.
    0 pointsBadges:
    report
  • INverc
    Just as a side note I've been very impressed with the standard filtering which comes with Outlook 2003. As a primary/secondary/tertiary filter it works quite well cutting down spam 90-95% with little configuration.
    0 pointsBadges:
    report
  • Stevesz
    You have received some goode suggestions here, however, you really need to explain your environment, since some of the solutions mentioned may not be appropriate for your environment. Some may be overkill for you if you have a smaller environment. If you handle a large amount of mail, then some may not be up to the task. I deal mainly with smaller environments, and have found that GHFi's Mail Essentials fills the bill very nicely. I've not used I Hate Spam, but have heard good reports about that also. Don't forget that Exchange itself has a spam filter. If you have installed SP2, it is automatically loaded for you, otherwise it is a seperate install. I just loaded it onto a 2003 server that mainly serves as a relay server, accepting mail from an external source and sending it out--there is not much incoming mail, and only a few live accounts on it, and as yet is has not attracted anything in the way of spam, but it is only a matter of time until it is discovered and a target for spam, so it is a wait and see to see how it works. Again, your particular environment will be the driving force in the choice of a spam filter, whether it be an appliance, a service, or a software package.
    2,015 pointsBadges:
    report
  • TheVyrys
    stevesz brings up a good point. Indeed it is a smaller environment...we are a nonprofit organization having only one exchange server with about 150 mailboxes. Out of those only about 90 have any external messages coming in. Doesn't sound like much to handle, but we do manage to get a ton of spam. As mentioned by BobKerg, it may be the standard naming convention we use. We just upgraded to Symantec Mail Security 4.6 for Exchange, and as mentioned by Chris, from Layer9, will be using that to begin with. If it doesn't handle the spam enough, then I will move on to something a little beefier, but is sounds like it will do the job. I would prefer the users to be able and add messages to the list when they receive them though. Thanks a mil to all....you guys are great...and if you have any other suggestions, keep em comin...
    0 pointsBadges:
    report
  • Layer9
    I think you will find Symantec Anti Virus for SMTP a great addition to your Symantec Mail Security and I think you will find it very cost effective for your size network. Being a non-profit org you should get some decent pricing, probably around 500 to 750 bucks. As good as Symantec Mail Security for Exchange is, it still runs ON the Exchange Server, meaning you are opening your Exchange Server to the World Wide Web. The AV Gateway will allow you to close your exchange server off to the Internet. Rememeber anyone can telnet into and connect to your mail server over TCP 25 without authentication. Placing the gateway in place allows you to provide a bastion host to accept mail on behalf of your Exchange Server, clean it, and hand it off to the Exhcange server, which not only stops hackers from connecting directly to your Exchange server but it can stop zero day attacks before they hit your Exchange Server which of course is critical. Ok, my two cents worth has exceeded it's limit so to you I say good night, and good luck. Chris Weber Layer9corp.com
    0 pointsBadges:
    report
  • Evilninja
    We use the Ironport C300 Appliance. It is the best of breed with Symantec Brightmail and Ironport's reputation filters as a anti-spam tool, Sophos and Ironport virus outbreak filters as a anti-virus tool + a build in content scanning threw senderbase.org. Together they are a powerfull tool to minimize email threads.
    0 pointsBadges:
    report
  • Ntlanman
    We use St. Bernard's EPRISM appliance to filter email and do anti-virus check before delivering to our exchange. Its my feeling that doing anti-virus and spam checking on the email server un-necessarily works the server to process this mail and any work I can off-load will stretch out the work life of the server and keeps the performance optimal. The Eprism also is a learning device in that it inspects outgoing emails and adjusts its spam filter to incorporate commonly used words. Each user has their own quarantine and white list which they have access to through a web interface as well as the administrator having access to global parameters. Users check their own quarantines saving the IT staff time and giving the user the ability to help themselves faster than putting a call into IT.
    0 pointsBadges:
    report
  • Juswannano
    You should also check out Tumbleweed's MailGate 3.0 SMTP Defensive tool: http://www.tumbleweed.com/products/mailgate/appliance.html This is a secure appliance designed to sit in the DMZ and offers multiple defenses for SMTP mail such as Denial of Service & DHA attacks, as well as Anti-SPAM, Anti-Phishing, Anti-Virus, Attachment Content Filtering, and Email Policy Enforcement for both inbound and outbound email.
    0 pointsBadges:
    report
  • Maclanachu
    Hi there, we use Mail Marshal 6. Pretty happy with it. It also has an option to use McAfee AV engine but we don't use it as we have Mcafee 8 enterprise separate. We are just upgrading to front end and back end cluster solution and one of the bummers is MM won't run in a Network Load Balanced solution on our FE servers. We have two separate installs that wll have to manually update each. Anyone know of anything better? Mac!
    0 pointsBadges:
    report
  • Ursulus
    Hi! I've read the existing posts and for the most part I think they are over the top for the average user. I have set up and configured many systems and ALWAYS connect the exchange server directly to the internet and it has never caused a problem. Admittedly my customers were small comapnies by world standards and extrememly unlikely to be targeted by anyone! If you are in a 'sensitive' situation, ie you think it is likely that people (read hackers) would want to target your company.. then having a standalone server to accept and forward mail is not a bad idea. If you aren't Microsoft, IBM a Bank or something else really BIG.. then as previously mentioned install the new Exchange 2003 Service Pack and configure the SPAM filter. It uses the same engine as the Outlook Junk Mail filter and is very good with regualr updates. Good luck! Malcolm
    0 pointsBadges:
    report
  • Stuberman
    As others have indicated - going with an external managed service is the way to go if you have enough users ( >1,000 tends to be the break point and as you add more users >10,000 the price gets very economical). Do this for several reasons: Filter the problems before it hits your systems Let dedicated spam experts handle the never ending mutations (who needs to be a spam expert when there is so much else to do?) It usually costs less to have it managed (considering all costs including training and redundancy) They usually do a better job than 'roll your own' We use Postini and are extremely happy with it. I am sure the other services are very good as well. We also discovered that the depth of reporting will yield other surprises as well beyond spam - such as outliers with a lot of mail and very little spam - often reveals something worth investigating. The other comment I will make is that you can also enable Exchange and Outlook to trap additional spam that the user can sort through (a few a week) - just make sure you apply the monthly Microsoft junk filter updates - it is pretty good at catching the few that slip by. (Postini traps about 14 million spam messages each year for us - we estimate another 200,000 get past their filters and get caught by Outlook.)
    0 pointsBadges:
    report
  • Layer9
    Ok, two more cents. I could not disagree with Malcolm more. That, you?re a small business so you don't need anything fancy or advanced is the type of hype that has allowed hackers free run of the Internet for so long. Your network may not be the target so saying stuff like who would want to hack me is erroneous. It's important to remember that; 1. The majority of successful breaches on the Internet are on small unprotected systems 2. The majority of those breaches are not directed towards the breached systems, but are designed to facilitate the breach of another system. 3. Zero Day virus attacks do not CARE if you network is large or small. They do not think, they are indiscriminate. 4. Should a Zero Day virus execute on one of my systems, I would rather it be a sacrificial box sitting on my perimeter that stores NO data and NO user information rather than a Member Server or DC in my AD Domain. In fact, it?s a no brainer. This type of mentality, the my networks too small, and therefore I don't have to worry about security is a bad way to fly, and the liability it leaves a firm open to is needless, not to mention risking your data integrity. Forget about whether it?s sensitive data. If it?s your business data then it?s ALL sensitive data. I don?t want to loose or compromise any of it and I don?t know any business owners who would. As for placing Exchange directly on the Internet there are several specific reasons for not doing this. One important one is that Exchange 2003 will not install without Active Directory, and in most small businesses they usually have only one AD domain for the entire organization, which means authentication information and AD information may be compromised. This one reason is enough, but there are plenty more. And as for overkill? I don't think 500 bucks for an AV Gateway is overkill for a 150 user network with a SPAM problem. Chris Weber Layer9corp.com
    0 pointsBadges:
    report
  • Sonyfreek
    I have to agree with Layer9 about the sacrificial box. The reasons "hackers" are able to gain and maintain a foothold are because they can gain control of these low hanging fruits and either use them as bots or stepping stones to exploiting someone else from the owned box. No matter how small you are, I don't think you should sacrifice security, especially considering that there are free products out there that do extremely well as firewalls, spam blockers, antivirus, vunerability tests, etc. Typically, all that you need to have is the hardware as you can get the software for free. You want all of your ingress services to be run on a system that is hardened and that you expect to be attacked. Never let an Internet user talk directly behind your firewall to the soft squishy internal network. Put those services in a DMZ environment and perform any malicious logic checking on the DMZ computers and then check it again when/if you allow the traffic to be passed to the internal network. SF
    0 pointsBadges:
    report
  • Nazrul
    Try using MailScan for SMTP by MWTI(www.mwti.net). You have all sorts of option enabled in this software. We are using this software for the last 3 years and we still like to continue with it.
    0 pointsBadges:
    report
  • Squiggles
    I am reading this with interest. We use GFI here, and yet this morning, I still have 35 spams in my inbox out of 160 emails. I'm going to have to tighten it up here, too.
    0 pointsBadges:
    report
  • Clarke
    I am using Sunbelt Software "I Hate Spam for Exchange" running on Exchange Server 2K. The filters as they come out of the box work decently, but some tuning is required. I had a few false positives at first, and some SPAM still gets through, but it has reduced the spam count by about 80%-85%. I don't have it 'tight' enough to automatically delete SAPM, but the stuff gets dumped into the "SPAM-Quarantine folder". Users can then each manage their own SPAM.
    20 pointsBadges:
    report
  • TedRizzi
    I use CA's secure content Manager, which is a lot more than just a spam filter, but it has a great set of tools for filtering spam.. I use about 24 RBL's,you can add or remove RBL's easily, the set that comes with the package is decent but I have found many more that were much better, and added them. plus content filters for filtering spam.. with out getting too wordy, Ill try to discribe how it works. you can assign weights to RBL's, say you make the threshold 4, you can assigne a weight to each rbl, and once the hits reach the threshold, it is considered spam. same can be done with the content filters, and you can make as you like. it has a self managed feature, for those that want to manage thier own spam, and for those that dont, you can centrally manage it for them.. The amount of false positives and the effectiveness of the filters is based on how tight you make your filters. The tighter the filters, the more spam is caught, but the false positive rate goes up as well. If you choose the RBL's you use, you can easily manage the effectiveness of the filters
    0 pointsBadges:
    report
  • Abtommag
    We use a filtering service called Appriver. It costs about $.80 per mailbox/month. You simply point your MX record to the Appriver server and they filter then forward the good stuff to your server. Benefits: Spam and viruses are removed without touching any of your servers, reduced traffic, minimal admin time, no software to install, Automatic maintenance of Spam lists and viruses, easy user recall of a held, valid message.
    0 pointsBadges:
    report
  • Astronomer
    Since we replaced our mcafee box with a barracuda the spam calls have vanished from both faculty and staff. We installed a barracuda spam firewall 300 in the DMZ as our mx host. I had to upgrade the firmware immediately and it didn't match the manual anymore, but even so, just by looking at the options I got all but one configured correctly for my setup. The only change recommended by support was disabling throttling of mail from our exchange server. We are still using the default spam settings. Approximately two thirds of mail is blocked. There is still a little getting in but our team is very pleased with it. We have yet to hear of a blocked legitimate email since we installed it. Before we changed to the barracuda I was getting several complaints each month about not getting legitimate emails. rt
    15 pointsBadges:
    report
  • Snowin
    I work in a school, and as such we *HAVE* to use some serious spam filtering. All our mail goes through a regional broadband provider, which uses EMF from Email Systems (http://www.emailsystems.com/business/) to filter spam. It seems to be quite effective. EMF will also (i believe) act as a mail gateway to stop you having you exchange servers quite so public. I have also toyed with GFI's mail essentials and found that to be an excellent product. We actually use PureMessage from Sophos, but this is purely down to cost, since Sophos are very generous with thier pricing for education. Having said it doesn't really get much of a workout since EMF get 99.9% of everything that comes in.
    0 pointsBadges:
    report
  • Nazrul
    A better way to get rid of spam attack is to check the reverse dns entry of the connecting host(AOL does this). After that you can check the RBL list and then you check the content. This is what we follow in our organization. 70% SPAM server is rejected due to the first check. So far we haven't got any call from our users regarding the SPAM. You may say "All servers IP address doesn't have reverse dns entry". Well, if they don't have it, let them contact you and you can add them in your safe list. We use MailScan for SMTP V4.
    0 pointsBadges:
    report
  • Ebg250
    we outsource spam filtering to Postini. I have seen a 95% drop in spam emails. One of the best feature is that users manage their own allow/block list and has the ability to release any false positive emails.
    0 pointsBadges:
    report
  • Ursulus
    OK.. when I say small.. I mean 5-15 users! Ok... and all your options are way over the top for that size network. 150 users is large by my standards and the original post did not mention how many users you are connecting. Admittedly I come from New Zealand where 150 users is BIG and 5-15 is small to medium. Different scale from the US. But I still stand by what I've said. As long as you have anti virus on your email server and a firewalled router and keep your security patches up to date and monitor your server... you are in little danger. I have administered dozens of networks and to have one breached is the exception, not the rule! And with all the protection in the world on your server and even a sacrificial box in between.. you can still get infected with a deadly payload... What we need is for ISP's to start actively preventing SPAM from getting onto the internet.. but that's another argument.. Malcolm
    0 pointsBadges:
    report
  • Astronomer
    For a really small environment I would go with one of the linux firewalls that includes antispam software. This requires considerably more knowledge investment but the price is right. I plan on doing this when I get a DSL at home. rt
    15 pointsBadges:
    report
  • Layer9
    Sorry Malcolm but once more I must strongly disagree with your entire supposition. Kudos to you for not having a breach, at least not any that you know about, but placing Exchange directly on the Internet is not the best way to fly, and the fact that it works does not mean that an AV Gateway is overkill as you put it. You come from a beautiful country (I loved your countryside in Lord of the Rings)so I don't want to be too critical:), but this overkill hype is why the Internet is such a mess today. Small does not mean safe. As we say here in the states, that dog won't hunt. It doesn't matter if you have 15 or 5000 users. Hackers don't care how many users you have on your server, they care how weak it's defenses are, and how much return on their effort they will get. An Exchange Server, with all it's weaknesses and vulnerabilites which are constantly being published and patched, the Exchange Server makes a much more attractive target to hackers than a well hardened Gateway that stores no intel. Which part of sacrificial box am I not being clear about? I realize that small firms are restrained by budget but most vendors including Symantec price by the user, making these solutions very cost effective. Bastion hosts are just good policy and practice for networks from 5 to 5000 users and as a security consultant I am constantly having to correct business owners who have been brainwashed into believing that because they are small, they are safe, by mostly well meaning small business consultants and undertrained or experienced network staff. I have been doing this for a pretty long time, and I can tell you that just like a house burgular will ALWAYS look for the house WITHOUT the fancy alarms, dogs and strong gates, so hackers will ALWAYS go first for the small, minimally defended systems to facilitate their breaches of larger more difficult systems. This is just a fact, so telling people otherwise helps the hackers, and hurts the Internet as a whole. I am not saying you can't defend an Exchange Server on the Internet, you can, but it's much more difficult, and the damage to a breach of an Exchange System is vastly more destructive than the breach of a sacrifical box with nothing on it. Also it is important to rememeber that SPAM can actually perform a DOS attack on an Exchange Server directly accepting it from the Internet, by clogging up the Queues. I have seen this many times. A simple gateway can protect your exchange server from this by dropping the messages BEFORE the Exchange Server has to queue and process them, so that alone is a good enough reason for me to use one, not to mention taking the hit from those zero day viruses. Think of your Exchange Server as the General, and your Gateway as the soldier. The soldier takes the fight away from the General, and if someone gets hurt, it's usually the soldier. It's easier to replace a soldier than a General. Believe me, I am not trying to sell anything here. This stuff sells itself. Chris Weber Layer9corp.com
    0 pointsBadges:
    report
  • Hedgehog
    Malcom, I totally understand your position. In Ireland, a country with similar population as NZ, a 150-user site is also considered medium-large, and we think of a small-medium site in the 5-25 range. However, Chris is (again) right. You can't assume anything on the Internet, my friend. For a hacker, you're just a target, no matter how large or small you are. And if you make it easy for them (and let's face it, it doesn't get much easier than having an Exchange box accepting mail directly off the Net), they'll get you. It may not be today or tomorrow, but they will. Astronomer mentions a Linux box requires "considerably more knowledge". Well, that's +/- true if you do it all yourself, but as I (and others) mentioned before, there are "all-in-one" products (appliances or software-only) for very little money ($300-$600) with ALL you need to protect a small site. Check out for example www.astaro.net. FYI, a 10-user one-time licence is less than $400 and the annual AV + AS subscription is about $410. And BTW, Astronomer, you can get there a free licence for your home. Cheers, Hedgehog PS: I agree that ISP's should be doing A LOT MORE to stop spam, but that as you say, that's another story... I might open a new thread for suggestions/ideas.
    0 pointsBadges:
    report
  • Mintun
    We use a t tiered approach. First the E-Mail goes through ORF (Open Relay Filter) by Vamsoft. This catched approx 70-80% of our daily spam before it gets to our servers. ORF's rulebase allows you to block e-mail before, during and after receiving it. After ORF, the E-Mail goes through GFI MailEssentials and MailSecurity to catch any stragglers and filter out certain attachments and keywords - as well as scan the E-Mail for viruses. If there are any false positives, no one is making me aware of them :)
    0 pointsBadges:
    report
  • Layer9
    Here, I thought the following story from the Government Computer News site might help illuminate the dangers of unprotected systems and how they can be used to attack much larger systems. In fact, this is a prime example. The following is taken directly from the GCN news site (www.gcn.com) ________________________________________________________ Hacker arrested for breaching DOD systems with `botnets? 11/04/05 By Rob Thormeyer GCN Staff A California man will be arraigned Monday on federal charges that he breached computer security at Defense Department installations and profited by creating a so-called ?botnet??a network of computers used to launch viruses or send out huge amounts of junk e-mail, federal prosecutors said. The arrest Thursday of 20-year-old Jeanson James Ancheta of Downey, Calif., is the first of its kind and a stark reminder that even the most secure computer system is vulnerable, according to the U.S. Attorney?s Office in the Central District of California. According to the 17-count indictment, Ancheta wrote malicious computer code that was spread to armies of infected computers. Access to this ?botnet? was then sold to others for the purpose of distributing denial-of-service attacks and sending junk e-mails. ___________________________________________________________ As you can see the real attack came from small unprotected systems. No doubt each one of these infected systems had someone tell them at one time or another that they were small, and no one would want to hack them. Like I said, this stuff sells itself. Chris Weber Layer9corp.com
    0 pointsBadges:
    report
  • Zottmann
    Hi!! Just a few comments ... We used to run Symantec Mail Security as our spam defense, but it had tons of false positives fired by its heuristic engine, even setting it to it's lower level. So we moved to an open source aproach, and installed an MTA with Postfix, Amavis and SpamAssassin. It is working like a breeze (although it was not easy to set up), and our spam rates are very low now. We are using two policy deamons written for Postfix that do an excellent job: SPF and Greylisting. This last one is a great tool nowadays, but might loose its strengh if spammers get smarter about this method... Regards, Carlos.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following