Educause Security Discussion mailing list archives
Re: Recommendations on Email Filtering System
From: Ben Spencer <ben.spencer () MOODY EDU>
Date: Mon, 10 Dec 2007 12:32:46 -0600
We also are using a homegrown solution (I will include the details below for those who care). The solution which works best for you will depend on what you are comfortable with. We come from largely a UNIX background, so GUIs are optional for us and we know how to parse logs to generate reports. There really are some nice solutions out there. Christopher (Webber) pointed out that they use Ironport as a lot of educational places seem to. One of their selling point, is no/little administration. People seem happy with them (at the same time, we didn't go with them). Note that 500 email boxes (using 1 to 1 ratio of desktops to email accounts) isn't always telling of how much load you will see. It has been noted that a lot appliances and services charge per mailbox though. Overview of what we use: Grey Listing (whoohoo), ClamAV and SpamAssassin (and a few others listed below). Our configuration comfortably supports 250K-300K delivery attempts per day going to an unknown number of email addresses (valid addresses; never valid addresses; once upon a time valid addresses). More details: First line of defense is Grey Listing. Love it. It has definitely cut down on the number of system resources which are used further in the process. (allows about 25% of the delivery attempts in for further processing with few false positives) Next are a milter which checks the HTTP links in the body against black lists (denies another 41% of the 25% with some false positives/disagreement on specific sites) Next are SPF checks. (which denies about 10% of whatever remains. Some false positives/poorly configured sites) -- At this point, we are left with about 13% of the original email delivery attempts. -- Next this goes through ClamAV (hey, where are my stats for that? Oops.) And finally the messages are marked by SpamAssassin. There is a small portion of administration/maintenance to this (Updates, tracking down messages which didn't make it which should have). Most systems (except IronPort?) will require such maintenance and administration. Benji --- Benji Spencer System Administrator Ph: 312-329-2288 _____ From: Anthony "Tony" Quigg [mailto:quiggt () TAMUG EDU] Sent: Monday, December 10, 2007 8:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Recommendations on Email Filtering System We are currently looking to replace our email spam/virus filter and would like to hear what systems other people are using. After initial investigation the price range for appliances and managed services varies greatly so it is hard to determine what you are getting for your money. We have around 500 desktops on campus. One of the important factors (apart from stopping the spam and viruses) is to be able to get decent reporting information such as the number and name of quarantined viruses on a monthly basis. I have found that most manufacturers do not have a lot of information about what reports are available. Feel free to email me directly if you don't want to inundate the list. Any recommendations, good or bad experiences greatly appreciated. Regards, Tony Quigg Computer Systems Manager Texas A&M University at Galveston 200 Seawolf Parkway Galveston, Texas 77553 (409) 740-4961
Attachment:
smime.p7s
Description:
Current thread:
- Recommendations on Email Filtering System Anthony "Tony" Quigg (Dec 10)
- <Possible follow-ups>
- Re: Recommendations on Email Filtering System Childs, Aaron (Dec 10)
- Re: Recommendations on Email Filtering System Justin Dover (Dec 10)
- Re: Recommendations on Email Filtering System Christopher Webber (Dec 10)
- Re: Recommendations on Email Filtering System Charlie Prothero (Dec 10)
- Re: Recommendations on Email Filtering System Vuong Phung (Dec 10)
- Re: Recommendations on Email Filtering System Ben Spencer (Dec 10)
- Re: Recommendations on Email Filtering System Paul Russell (Dec 10)
- Re: Recommendations on Email Filtering System HALL, NATHANIEL D. (Dec 10)