When e-mail attacks!

Spam, viruses, and malware: the bane of any network administrator's life. This is not only due to the inherent risk they pose to overall network security, but also because of the additional load they place on your network.The detection and processing of junk e-mail puts quite a bit of stress on mail systems; some people claim the extra burden doubles their load. I wouldn't be at all surprised if that were accurate. But not only do these threats place additional load on servers, they also put stress on the network; the bandwidth consumed by unsolicited bulk mail and worms can be quite substantial. If you notice that your Internet connection seems to be a little slow, then check your mail logs-it's likely you're being hit by a dictionary spammer trying to deliver image spam!

I think there are two ways to approach the problem of junk e-mail:

  • Run antispam and antivirus software on smart-gateway

    o Build a custom gateway

    o Buy an appliance
  • Run antispam and antivirus software on mail server

In my opinion, it's best to tackle this problem with a balanced combination of both of these strategies. A smart mail gateway is essential if you want to stop your mail system from being bogged down with processing junk. Depending on your configuration, the gateway can bounce messages to invalid addresses before processing any of its content and deny SMTP sessions to IPs known to be used by spammers and botnets. Spam and viruses can be identified and quarantined without touching your mail servers, which keeps things tidy and gives at least some peace of mind.

While a smart gateway will be able to filter out almost all incoming threats, I would always want to run virus protection software on the servers holding user mailboxes. It could well be that the antivirus on your mail server never fires, but, if something were to slip through the gateway or enter the system internally then you'd be glad of the additional protection.

I'm currently using a custom built mail gateway; it runs on a Linux base with Postfix, amavisd, ClamAV, SpamAssassin, and Policyd. By combining these relatively simple apps, I have a powerful e-mail defence system which has yet to hit a false positive. When I introduced grey-listing via Policyd, it had a huge impact on both the amount of spam slipping through and the load put on the gateway. Grey-listing meant that spam messages, which would normally be processed by SpamAssassin, were being dropped before they hit the antispam engine.

Ready-built appliances are becoming more and more popular these days. I think the biggest reason for their popularity is the reduction in the amount of administrative attention required -- once the initial setup has been done, the gateway will pretty much look after itself. I have been interested in the Barracuda Spam Firewall for quite some time and will soon be replacing my custom gateway. Why the Barracuda? Used by the U.S. Treasury department, IBM, and NASA, the Barracuda Spam Firewall has taken home numerous awards; it won the Windows IT Pro ‘Community Choice Award' and the Lotus Advisor Magazine Editors' Choice for two years running.

Features offered by the Barracuda appliance include:

  • Graphical reporting
  • Automatic updates
  • Rate Control
  • IP Reputation Analysis
  • Sender Authentication
  • Recipient Verification
  • Virus Scanning
  • Spam Fingerprint Check
  • Intent Analysis
  • Image Analysis
  • Bayesian Analysis
  • Rule-based Scoring
  • Single sign-on with Active Directory integration
  • Per-user, user managed quarantine

I'm looking forward to getting my hands on the Barracuda Spam Firewall and will report back once I've had a chance to check it out properly. If you're using one of these already, then I'd love to hear your experiences; leave a comment and let me know how you've gotten on.

Maybe you've chosen to take a completely different approach to dealing with spam and e-mail borne threats? Again, leave a comment and share your views.