Educause Security Discussion mailing list archives
Re: anti-spam software
From: Ken Connelly <Ken.Connelly () UNI EDU>
Date: Tue, 29 Jul 2008 07:51:46 -0500
We've been using IronMail for about five years (maybe six, time flies when you're having fun...). I am no longer responsible for those machines, but still get consulted occasionally due to my 20+ years of fulfilling the postmaster role here. See interspersed below for my take on the current IronMail product. Jason C. Belford wrote:
Maria, We have previously used Secure Mail (formerly Ciphertrust) Ironmail. However, based on our needs, we purchased Sophos PureMessage and have been using it for over two years. Below I have listed some of the pros and cons of each - based on our experiences. (Note: I am sure many changes may have been made to Ironmail in the last 2 years. The limitations listed below are based on our experiences when we ran these boxes in our production environment.) Our setup / requirements: Centrally, we maintain 170+ domains we receive 1 million + messages per day our rule sets based on domain we only proactively drop only the worst of the worst we tag everything (spam and not spam based on a scale) we have global rules set up in the central mail system to filter mail to a Junk folder we expire mail in the Junk folder after some period of time Ironmail (appliances): Pro: Easy Interface Great reporting mechanisms Allowed different rules for users and domains Attentive / quick technical support
Most of these are still valid, but we gave up on the reporting due to the intense load it placed on the IronMail appliances. We just dump off selected logs and grep what we want from them.
Con: Deferred retry schedule limited to 4 (total) retries (unlike Postfix, Sendmail, etc which allow retrying every X hours for Y days)
improved, not sure that it's completely unlimited, but it's *far* better than a total of 4 retries.
Applied first rule to message (i.e. if one domain said drop and other just change subject and a message was addresses to both, it would only do one.)
still valid con
No regex available
i think this is still a valid con
High false positive / false negative rate
in my opinion, this is no longer true.
Quarantine database has a limit of the number of messages it could keep (way too small)
yup... still a substantial limitation. you can choose to discard messages with higher scores or choose to shorten the time a message stays in the quarantine before being expired out.
not all commands were available via command-line (GUI was required)
the command line is *not* usable for day-to-day management. it lets you peek at a few things, mostly in the logs of what has already transpired, but there is virtually no configuration capability from the cli. the gui is heavily java-based, not my idea of a good thing, but seems to be the way of the wicked these days.
used McAfee A/V (con for us since we already use it on the Desktop, it was not providing much addition protection)
we initially chose sophos over (i think) mcafee. then they phased sophos out and went with authentium. now, i think sophos is an option again. - ken
-- Jason C. Belford Information Security Manager Office of Information Technology Georgia Institute of Technology Phone: (404) 894 - 6159
-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373
Current thread:
- anti-spam software Maria Iano (Jul 28)
- <Possible follow-ups>
- Re: anti-spam software Basgen, Brian (Jul 28)
- Re: anti-spam software David Kovarik (Jul 28)
- Re: anti-spam software Bob Bayn (Jul 28)
- Re: anti-spam software David Lundy (Jul 28)
- Re: anti-spam software Paul Russell (Jul 28)
- Re: anti-spam software Jeffrey Ramsay (Jul 28)
- Re: anti-spam software Cody, James (Jul 29)
- Re: anti-spam software Jason C. Belford (Jul 29)
- Re: anti-spam software Ken Connelly (Jul 29)
- Re: anti-spam software Michael Young (Jul 29)
- Re: anti-spam software Jesse Thompson (Jul 29)
- Re: anti-spam software David Boyer (Jul 29)
- Re: anti-spam software Maria Iano (Jul 29)