Re: anti-spam software

[Ken Connelly <Ken.Connelly () UNI EDU>]

We've been using IronMail for about five years (maybe six, time flies
when you're having fun...).  I am no longer responsible for those
machines, but still get consulted occasionally due to my 20+ years of
fulfilling the postmaster role here.  See interspersed below for my take
on the current IronMail product.

Jason C. Belford wrote:
> Maria,
>
> We have previously used Secure Mail (formerly Ciphertrust) Ironmail.
>  However, based on our needs, we purchased Sophos PureMessage and have
> been using it for over two years.  Below I have listed some of the
> pros and cons of each - based on our experiences. (Note: I am sure
> many changes may have been made to Ironmail in the last 2 years.  The
> limitations listed below are based on our experiences when we ran
> these boxes in our production environment.)
>
> Our setup / requirements:
> Centrally, we maintain 170+ domains
> we receive 1 million + messages per day
> our rule sets based on domain
> we only proactively drop only the worst of the worst
> we tag everything (spam and not spam based on a scale)
> we have global rules set up in the central mail system to filter mail
> to a Junk folder
> we expire mail in the Junk folder after some period of time
>
> Ironmail (appliances):
> Pro:
> Easy Interface
> Great reporting mechanisms
> Allowed different rules for users and domains
> Attentive / quick technical support
Most of these are still valid, but we gave up on the reporting due to
the intense load it placed on the IronMail appliances.  We just dump off
selected logs and grep what we want from them.
> Con:
> Deferred retry schedule limited to 4 (total) retries (unlike Postfix,
> Sendmail, etc which allow retrying every X hours for Y days)
improved, not sure that it's completely unlimited, but it's *far* better
than a total of 4 retries.
> Applied first rule to message (i.e. if one domain said drop and other
> just change subject and a message was addresses to both, it would only
> do one.)
still valid con
> No regex available
i think this is still a valid con
> High false positive / false negative rate
in my opinion, this is no longer true.
> Quarantine database has a limit of the number of messages it could
> keep (way too small)
yup...  still a substantial limitation.  you can choose to discard
messages with higher scores or choose to shorten the time a message
stays in the quarantine before being expired out.
> not all commands were available via command-line (GUI was required)
the command line is *not* usable for day-to-day management.  it lets you
peek at a few things, mostly in the logs of what has already transpired,
but there is virtually no configuration capability from the cli.  the
gui is heavily java-based, not my idea of a good thing, but seems to be
the way of the wicked these days.
> used McAfee A/V (con for us since we already use it on the Desktop, it
> was not providing much addition protection)
we initially chose sophos over (i think) mcafee.  then they phased
sophos out and went with authentium.  now, i think sophos is an option
again.

- ken
> --
> Jason C. Belford
> Information Security Manager
> Office of Information Technology
> Georgia Institute of Technology
> Phone: (404) 894 - 6159

--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373