General discussion

Locked

Stop SPAM in an enterprise

By California Dead Head ·
How do you stop SPAM for you company? I have W2000 exchange on a w2000 network with about 200 mailboxes. What would you recommend to filter SPAM? Software, Hardware Filter, Gateway server. What is good and what is bad? How does your company do it??

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by drsysadmin In reply to Stop SPAM in an enterpris ...

There are a number of ways to filter Spam. Some ppl prefer software on a gateway or the server itself, some ppl prefer real-time blacklists (RBL's), some ppl use an external firm to "host" forward their email and de-spam it before it is forwarded, and some take the time to write event sinks in exchange (actually the IIS portion). I currently downloaded Symantec Mail Security 4.5 for Exchange, AV Content trial for 30 days to evaluate. Sybari also is highly recommended by many exchange admins.

The advantages/disadvatages comparison as always is useful when looking at tools like this.

External firms that filter your email are external, so you lack some control, along with the re-occuring expense and fact that if they go down, so does YOUR email system. On the other hand, they are not very expensive, and simple to setup.

Software is useful for both AV protection and content filtering. Most software packages have decent scanning engines that will filter most of your daily spam, the porn, the advertisements, the useless random word lists, etc. I, along with other admins with some experience, highly recommend that if you choose a software solution, put it on a gateway rather than on your exchange server itself. The effectiveness of software is usually good, provided you take the time to configure it right. You thus have greater control than over an external firm. Your main caveats are cost (25-40 bucks per license ie. email user - but only once a yr instead of monthly), setup time and sometimes headache, monitoring requirements (which usually are not high) and the fact that if the software isn't set up to do a filter you want, you can't make it.

More in comments
Dr. Sys

Collapse -

by drsysadmin In reply to

RBL's are an inexpensive (and sometimes free) service that will - using a software package of some sort - give or add real-time source-domain filtering. The main advantage here is that some domains are here today, gone tommorow almost - and used exclusively for spamming. These RBL's list them, block them, and keep your system from bogging down due to these sources. They usually block all open relay sources as well. The down side, usually requires some sort of software (purchased) and cannot get all the spammers out there, with no content filtering, you have to be willing to either drop all emails from places like yahoo, msn, hotmail, etc., or let spam from those sources in... unless your using content scanning software WITH an RBL option.

Lastly - event sinks.. Now, this one is darned useful - at least - I think so... Problem is - I don't have the personal expertise to write one. In theory, event sinks can do things like insure that the IP and the domain name in the header are valid and match each other, meaning no more "spoofed" IP spam or "spoofed" domain name spam. Event sinks can be created to perform reverse DNS lookups, match IP's, validate domain names and IP's, etc. Unfortunately, as I said, I can't write one. Thus my current eval of Symantec's product. I have coders on staff and they are not clear on it either.. figures. So if you have (or have access to) the expertise to create an event sink, or multiple ones, then this should be your first thing to do. Its free (other than your time), flexible as far as source filtering, and implements using exchange's internal workings. Note that event sinks cannot however do things like scan for viruses or do content filtering.

Luck
Dr. Sys

Collapse -

by drsysadmin In reply to

Hmm.. .just noticed - you asked for a recommendation. Ok - I recommend you consider where your largest spam ammounts originate from, then look at the best source to block them. Remember, if your hammered from a known spam source, you can filter a few manually in exchange without hassle.

My next recommendation - evaluate some software solutions (free 30 day trials are available for most of them) and see what works and what you are comfortable with. Then recommend it (or buy it if the decision is yours) and go from there.

Also - see if events sinks are something you can create with resources available. They are not the end all be all of filters, but they are a good, free start IF you can set them up. Oh - and if you can - would you mind helping ol' Dr. Sys out with em? T'would be appreciated.

Luck.
Dr. Sys

Collapse -

by California Dead Head In reply to

Poster rated this answer.

Collapse -

by matherg In reply to Stop SPAM in an enterpris ...

I would most definitely recommend SurfControl from www.surfcontrol.com; it's alot less than one might think. It has a simple to use filtering system and auto updates its blacklists.
Can also monitor users web traffic as well.

Collapse -

by California Dead Head In reply to

Poster rated this answer.

Collapse -

by IS Girl In reply to Stop SPAM in an enterpris ...

I have tried several server level spam control software packages and finally settled on GFI Mail Controls package. It runs on your Exchange Server and uses whitelist/blacklist, dbls blacklists, bysianian analysis and keyword filtering.

I had to set it up to blacklist all domains except those specificly whitelisted to get high level end user ratings, but it was pretty easy to do.

GRI Mail Essentials has a outbox scanning wizard that will whitelist every address your users have emailed to in the past. It also uses this information to "learn" how to tell spam from "ham" for it's bysanian filters. The users can whitelist anyone they want email from by emailing them - a great feature that eliminates a lot of grumbling amongst end users when ligit mail gets blocked.

I let all spam except that blocked by the Bysanian filter, dbsl services and keyword checking go to a Spam folder in each users Outlook mailbox. They check it periodically and set up Outlook to purge the contenct frequently.

You can demo it for about 60 days free and the cost is less than $15 per user to license.

Collapse -

by California Dead Head In reply to

Poster rated this answer.

Collapse -

This question was closed by the author

Back to Networks Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums