Educause Security Discussion mailing list archives
Re: anti-spam software
From: "Jason C. Belford" <jason.belford () OIT GATECH EDU>
Date: Tue, 29 Jul 2008 08:17:50 -0400
Maria, We have previously used Secure Mail (formerly Ciphertrust) Ironmail. However, based on our needs, we purchased Sophos PureMessage and have been using it for over two years. Below I have listed some of the pros and cons of each - based on our experiences. (Note: I am sure many changes may have been made to Ironmail in the last 2 years. The limitations listed below are based on our experiences when we ran these boxes in our production environment.) Our setup / requirements: Centrally, we maintain 170+ domains we receive 1 million + messages per day our rule sets based on domain we only proactively drop only the worst of the worst we tag everything (spam and not spam based on a scale) we have global rules set up in the central mail system to filter mail to a Junk folder we expire mail in the Junk folder after some period of time Ironmail (appliances): Pro: Easy Interface Great reporting mechanisms Allowed different rules for users and domains Attentive / quick technical support Con: Deferred retry schedule limited to 4 (total) retries (unlike Postfix, Sendmail, etc which allow retrying every X hours for Y days) Applied first rule to message (i.e. if one domain said drop and other just change subject and a message was addresses to both, it would only do one.) No regex available High false positive / false negative rate Quarantine database has a limit of the number of messages it could keep (way too small) not all commands were available via command-line (GUI was required) used McAfee A/V (con for us since we already use it on the Desktop, it was not providing much addition protection) Sophos PureMessage (software,not appliance): Pro: Easy Interface Everything can be accomplished via command line Very customizable (note: we have some rule sets that are quite complicated) Message Splitting (handles different rule sets for each message) Uses Sophos A/V (typically finding viruses first according to Secunia) Allowed different rules for users and domains (or custom dictionaries - subjects, words, globs, regex, etc) Very accurate (low false positive and false negative rate) Attentive / quick technical support Uses postfix or sendmail (your choice) as MTA Con: Slow interface on most hardware Reporting mechanisms not great Tech support is lacking in some cases Pricey (Education discounts available) Other products we tested and/or evaluated that did not meet our needs: Proofpoint Barracuda Please let me know if you would like additional information: Thank you, Jason On Jul 28, 2008, at 3:25 PM, Maria Iano wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am hoping to pick your brains about commercial anti-spam solutions. The Math Department has roughly 1000 user accounts and currently uses SpamAssassin, as well as many of the spam filtering options in postfix such as header and body checks and DNS blacklists. Our users mark messages as spam and we feed them to the Bayesian database for SpamAssassin. Nonetheless, a lot of spam still gets through. So we are looking into commercial anti-spam software. Has anyone else gone the route of purchasing a commercial solution? If so, how did it work out for you? Has anyone else compiled a review of the different choices and how they compare? If so, I would love to see it. If you know of any commercial anti-spam providers that offer deep education discounts that would be good to know also. Thanks for any help you can give. Maria Iano - -- iano () math umd edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFIjh0oc8AgwQtz1wIRAtcvAKDv+QN8I1Plm+pZcX9zU+vV735rhgCgjxoq uctVUHIr8rTQigx6eviOopk= =KCHm -----END PGP SIGNATURE-----
-- Jason C. Belford Information Security Manager Office of Information Technology Georgia Institute of Technology Phone: (404) 894 - 6159
Current thread:
- anti-spam software Maria Iano (Jul 28)
- <Possible follow-ups>
- Re: anti-spam software Basgen, Brian (Jul 28)
- Re: anti-spam software David Kovarik (Jul 28)
- Re: anti-spam software Bob Bayn (Jul 28)
- Re: anti-spam software David Lundy (Jul 28)
- Re: anti-spam software Paul Russell (Jul 28)
- Re: anti-spam software Jeffrey Ramsay (Jul 28)
- Re: anti-spam software Cody, James (Jul 29)
- Re: anti-spam software Jason C. Belford (Jul 29)
- Re: anti-spam software Ken Connelly (Jul 29)
- Re: anti-spam software Michael Young (Jul 29)
- Re: anti-spam software Jesse Thompson (Jul 29)
- Re: anti-spam software David Boyer (Jul 29)
- Re: anti-spam software Maria Iano (Jul 29)