Educause Security Discussion mailing list archives

Re: anti-spam software

From: "Jason C. Belford" <jason.belford () OIT GATECH EDU>
Date: Tue, 29 Jul 2008 08:17:50 -0400

Maria,

We have previously used Secure Mail (formerly Ciphertrust) Ironmail.
However, based on our needs, we purchased Sophos PureMessage and have
been using it for over two years.  Below I have listed some of the
pros and cons of each - based on our experiences. (Note: I am sure
many changes may have been made to Ironmail in the last 2 years.  The
limitations listed below are based on our experiences when we ran
these boxes in our production environment.)

Our setup / requirements:
        Centrally, we maintain 170+ domains
        we receive 1 million + messages per day
        our rule sets based on domain
        we only proactively drop only the worst of the worst
        we tag everything (spam and not spam based on a scale)
        we have global rules set up in the central mail system to filter mail
to a Junk folder
        we expire mail in the Junk folder after some period of time

Ironmail (appliances):
Pro:
        Easy Interface
        Great reporting mechanisms
        Allowed different rules for users and domains
        Attentive / quick technical support
Con:
        Deferred retry schedule limited to 4 (total) retries (unlike Postfix,
Sendmail, etc which allow retrying every X hours for Y days)
        Applied first rule to message (i.e. if one domain said drop and other
just change subject and a message was addresses to both, it would only
do one.)
        No regex available
        High false positive / false negative rate
        Quarantine database has a limit of the number of messages it could
keep (way too small)
        not all commands were available via command-line (GUI was required)
        used McAfee A/V (con for us since we already use it on the Desktop,
it was not providing much addition protection)

Sophos PureMessage (software,not appliance):
Pro:
        Easy Interface
        Everything can be accomplished via command line
        Very customizable (note: we have some rule sets that are quite
complicated)    
        Message Splitting (handles different rule sets for each message)
        Uses Sophos A/V (typically finding viruses first according to Secunia)
        Allowed different rules for users and domains (or custom dictionaries
- subjects, words, globs, regex, etc)
        Very accurate (low false positive and false negative rate)
        Attentive / quick technical support     
        Uses postfix or sendmail (your choice) as MTA
Con:
        Slow interface on most hardware
        Reporting mechanisms not great
        Tech support is lacking in some cases
        Pricey (Education discounts available)

Other products we tested and/or evaluated that did not meet our needs:
        Proofpoint
        Barracuda

Please let me know if you would like additional information:
Thank you,
Jason

On Jul 28, 2008, at 3:25 PM, Maria Iano wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am hoping to pick your brains about commercial anti-spam solutions.

The Math Department has roughly 1000 user accounts and currently
uses SpamAssassin, as well as many of the spam filtering options in
postfix such as header and body checks and DNS blacklists. Our users
mark messages as spam and we feed them to the Bayesian database for
SpamAssassin. Nonetheless, a lot of spam still gets through. So we
are looking into commercial anti-spam software. Has anyone else gone
the route of purchasing a commercial solution? If so, how did it
work out for you? Has anyone else compiled a review of the different
choices and how they compare? If so, I would love to see it. If you
know of any commercial anti-spam providers that offer deep education
discounts that would be good to know also.

Thanks for any help you can give.

Maria Iano
- --
iano () math umd edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFIjh0oc8AgwQtz1wIRAtcvAKDv+QN8I1Plm+pZcX9zU+vV735rhgCgjxoq
uctVUHIr8rTQigx6eviOopk=
=KCHm
-----END PGP SIGNATURE-----


--
Jason C. Belford
Information Security Manager
Office of Information Technology
Georgia Institute of Technology
Phone: (404) 894 - 6159

Current thread:

anti-spam software Maria Iano (Jul 28)
- <Possible follow-ups>
- Re: anti-spam software Basgen, Brian (Jul 28)
- Re: anti-spam software David Kovarik (Jul 28)
- Re: anti-spam software Bob Bayn (Jul 28)
- Re: anti-spam software David Lundy (Jul 28)
- Re: anti-spam software Paul Russell (Jul 28)
- Re: anti-spam software Jeffrey Ramsay (Jul 28)
- Re: anti-spam software Cody, James (Jul 29)
- Re: anti-spam software Jason C. Belford (Jul 29)
- Re: anti-spam software Ken Connelly (Jul 29)
- Re: anti-spam software Michael Young (Jul 29)
- Re: anti-spam software Jesse Thompson (Jul 29)
- Re: anti-spam software David Boyer (Jul 29)
- Re: anti-spam software Maria Iano (Jul 29)