General discussion

Locked

Where to filter for SPAM?

By liam ·
Currently we are debating what network function should handle the SPAM filter. On the one hand we could use a firewall to handle this task. The other option is to have our Anti-virus software (Symantec) handle this task. What is the general consensus about the best way to design the network for SPAM?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Personally

by Kjell_Andorsen In reply to Where to filter for SPAM?

My experience is that spam filtering should be done by a dedicated appliance such as a Barracuda or Ironport unit, this way the spam filtering is done before it ever hits the e-mail server which will reduce load and also limit the risk of malware getting through.

We went from doing software based spam filtering on our Exchange box to an Ironport appliance and were greatly impressed. It was easier to manage and Exchange performance increased significantly.

Collapse -

Agree with dedicated device advice....

by NotSoChiGuy In reply to Personally

The performance increase was appreciably visible by not just IT folks, but by end users as well ("hey, did you guys upgrade the mail server...it is running so much faster").

I've also worked at a shop that had an SMTP relay (Windows 2K server with I believe McAfee's suite of software on it...but I can't recall with 100% certainty) in the DMZ that did all the scanning (spam, virus, content, etc), and then forwarded it along to the Exchange server.

This worked ok in terms of Exchange performance, but there was a noticeable delay in sending/receiving messages (common question was why someone's Yahoo account got mail quicker than our mail server).

btw...editing to note that the device we used in my reference was Barracuda.

Collapse -

I third the appliance

by Dumphrey In reply to Personally

we use an Ironport 150. 99.8% of incoming mail traffic is blocked/dropped and never reaches our mail server. This means fewer chances to dictionary spam, fewer virus on the network, increased server performance.
As a note: an Ironport 150 with roughly 400,000 incoming mail per day never gets above 15% cpu/ram usage. Our Barracuda 200 was bogged down by the load, and was being dosed by the incoming spam volume. We have 35 active email addresses.
Exchange 2003 has some built in junk mail features, that makes sense to use on top of an appliance, but a good appliance should get a minimum of 99% block rate.

Collapse -

My experience

by wesley.chin In reply to I third the appliance

There is nothing like an Exchange server here, or any server for that matter currently. Email is through our T1 provider, and there is some kind of spam filtering that is done before email is received by email clients.

At first, it seemed like everything was well. But then spam started appearing in the Junk Mail folder of Outlook 2003, which is the client on the majority of the computers. Which meant spam was getting through.

Also, there was an instance of a legitimate message not being received. Most likely it was due to the email being filtered before receipt by Outlook.

If Barracuda does anything like that, there is potential of legitimate email not getting through. And there would be no way to know that the message was not received...

Collapse -

Appliance...SOLD!

by Forum Surfer In reply to Personally

I use Symantec's Brightmail. I love it, it works great. Logs are excellent, I have no trouble tracking down emails that were blocked by mistakes or updating black/whitelists.

That being said...it is horribly expensive and it does place a great deal of overhead on the exchange server. Our organization doubled in size as of late and we typically receive 1 million plus incoming emails per day. Exchange/Brightmail handles it well and is doing an adequate job. I visited a few other organizations of similar sizes running Barracuda and Ironport. Personally, I liked Ironport. Exchange alos performed faster in these organizations, so I'm as good as sold. I'm merely waiting out my license period (another 2 years, ugh!) before I switch to the appliance.

Back to Malware Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums