Questions

Exchange Server Best Practices Advice for spam Explosion

+
0 Votes
Locked

Exchange Server Best Practices Advice for spam Explosion

dmiller
Good Day everybody.
I have been a Tech Republic member for many years (under a different name prior to 2004), but this is my first posting. Yee-hah

Our organization has a problem and I could use some input from the community.

We run a native Windows 2003 AD domain with Exchange Server 2003 Standard. I have a back-end Exchange server hosting 180 mailboxes and public folders. The back-end server is a dual processor w/3gb RAM, and the hostname is listed as our public MX record. I have a front end server with single processor and 2gb RAM. The front end server ONLY manages OWA for external users and we do not use POP3, HTTPS over RPC, or IMAP at this time. The back-end server handles all SMTP traffic and i have the IMF running. Additionally, the back-end is running Symantec Brightmail anti-spam and Exchange AV. Both Exchange installs are SP2.

Here is my dilemma. Until late last year I only had the Back-end server for all email and that is where I installed Brightmail. I added the front-end end server later. The good news is that i haven't seen a single spam in over a year!!! I take this very seriously and would rather lose a legitimate message than risk garbage getting through. The organization is spoiled because we simply don't get spam.

BUT - Until about four weeks ago I had few problems with SMTP or spam, and where Brightmail used to report about 1800 spams an hour, I am now seeing >5000 an hour. The IMF is intercepting >1500 spams an hour as well. This is causing the SMTP engine to lock up and the queues to back up. I need to reboot almost daily to break SMTP connections. In 10 years I have never seen anything like this. Spam has exploded all over the place. Otherwise Exchange is stable.

Here is my question: Obviously it is time to separate IMF SMTP and Brightmail from the Information Stores running on the same server. Disk space is not an issue.
Which would be a better path for server resources and efficiency -
A) Trade front-end/back-end roles of the servers and migrate the mailboxes to the single processor server/lower RAM server? or B)Re-install Brightmail on the single processor lower memory front end and re-direct SMTP traffic through that server and change the MX record?
My gut tells me to go with option B.

Any advice would be greatly appreciated.
  • +
    0 Votes
    Marty-7

    We were in a similar situation, using BrightMail and trucking along just fine when the same thing happened, overwhelming the BrightMail server.

    We ended up going with a service. In our case, we moved to MX Logic and have been very pleased. We originally wanted to go with Postini, but we're a small company and they only service accounts with 100 mailboxes & up. I know several admins that use this service and are very pleased.

    The nice thing about a service is that it's one less server you need to maintain and more importantly, it moves all the spam bandwidth issues off your network.

    Good luck whichever way you decide to go.

    +
    0 Votes
    dmiller

    I have not had a lot of time in the past year to investigate additional options. (between SOX, an ERP upgrade, and a Citrix upgrade)

    What kind of pricing per user and have you been able to totally eliminate any local spam filtering? Our mid-level managers are auditing end users we will be further restricting SMTP access. Those users will get only internal rights. I will check out MX Logic.
    Thanks

    I spent two years getting my users trained to use the pop-up blocker in XP-SP2 and before that Pop-up Stopper. I also use Adaware and Symantec client security. We haven't had any instances of viruses or compromised PC since January 2006. (By the way did i mention I am seriously **** about network security?)

    +
    0 Votes
    Marty-7

    Postini may offer better pricing - as I said, they were our first choice based on some rave reviews fron peers, but they only handle upwards of 100 users and we're way under that. I'd check with both for the current rates, it's really not as much as you'd think.

    To answer your question, we've totally been able to do away with any local filtering. It's extremely rare that a spam message gets thru.

    Hope that helps.

    +
    0 Votes
    dmiller

    Thanks for your input.
    I will investigate Postini.

    Interesting that you are from Buffalo NY.
    I live in Albany Oregon. In 1876 several well to do families moved from Albany NY and settled in "Hole in the River" (real original name) Oregon which they promptly were able to rename Albany.

    +
    0 Votes

    We use Postini for about 150-200 mailboxes and love it.
    The best part is that we don't have to manage any additional infrastructure, and we keep unnecessary e-mail traffic off our systems and circuits.
    We are also a public company and subject to SOX regulations. Postini also offers archiving as well as IM and Web content control. We are in the process of eveluating Postini as our "one stop shop". Definitely worth a look even if you think you are too small.

    +
    0 Votes
    dmiller

    Thank you for your input.
    SMTP and spam have stabilized for now. I will continue to investigate all options and alternatives and report back in a couple of months. Since my Microsoft licensing annual payment is due in October, this is a good time to plan.
    Thanks.

  • +
    0 Votes
    Marty-7

    We were in a similar situation, using BrightMail and trucking along just fine when the same thing happened, overwhelming the BrightMail server.

    We ended up going with a service. In our case, we moved to MX Logic and have been very pleased. We originally wanted to go with Postini, but we're a small company and they only service accounts with 100 mailboxes & up. I know several admins that use this service and are very pleased.

    The nice thing about a service is that it's one less server you need to maintain and more importantly, it moves all the spam bandwidth issues off your network.

    Good luck whichever way you decide to go.

    +
    0 Votes
    dmiller

    I have not had a lot of time in the past year to investigate additional options. (between SOX, an ERP upgrade, and a Citrix upgrade)

    What kind of pricing per user and have you been able to totally eliminate any local spam filtering? Our mid-level managers are auditing end users we will be further restricting SMTP access. Those users will get only internal rights. I will check out MX Logic.
    Thanks

    I spent two years getting my users trained to use the pop-up blocker in XP-SP2 and before that Pop-up Stopper. I also use Adaware and Symantec client security. We haven't had any instances of viruses or compromised PC since January 2006. (By the way did i mention I am seriously **** about network security?)

    +
    0 Votes
    Marty-7

    Postini may offer better pricing - as I said, they were our first choice based on some rave reviews fron peers, but they only handle upwards of 100 users and we're way under that. I'd check with both for the current rates, it's really not as much as you'd think.

    To answer your question, we've totally been able to do away with any local filtering. It's extremely rare that a spam message gets thru.

    Hope that helps.

    +
    0 Votes
    dmiller

    Thanks for your input.
    I will investigate Postini.

    Interesting that you are from Buffalo NY.
    I live in Albany Oregon. In 1876 several well to do families moved from Albany NY and settled in "Hole in the River" (real original name) Oregon which they promptly were able to rename Albany.

    +
    0 Votes

    We use Postini for about 150-200 mailboxes and love it.
    The best part is that we don't have to manage any additional infrastructure, and we keep unnecessary e-mail traffic off our systems and circuits.
    We are also a public company and subject to SOX regulations. Postini also offers archiving as well as IM and Web content control. We are in the process of eveluating Postini as our "one stop shop". Definitely worth a look even if you think you are too small.

    +
    0 Votes
    dmiller

    Thank you for your input.
    SMTP and spam have stabilized for now. I will continue to investigate all options and alternatives and report back in a couple of months. Since my Microsoft licensing annual payment is due in October, this is a good time to plan.
    Thanks.