Solved

Blackberry enteprise and anti-spam

Posted on 2006-11-03
13
702 Views
Last Modified: 2013-11-22
I have to support a network and we are currently running Blackberry enteprise with Exchange 2003.  They are complaining about spam.  Is there a specific anti-spam software that works better or not than others with Blackberry.

What would you guys recommend for anti-spam with Exchange 2003.  I was thinking of Symantec's Anti-spam product.  I don't really like to deal with the licensing of Symantec.  Does anyone have another idea?

Brad Wilson
0
Comment
Question by:bhgewilson
  • 5
  • 3
  • 2
  • +2
13 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Hi bhgewilson,

Whatever you do, don't get anti-spam from Symantec.  Trust me, I have it deployed in 2 sites and it is pathetic.

My preferred spam software is GFI -> http://www.gfi.com <- and they have a free 30 day demo

Alternatively, you could look at Vamsofts ORF -> http://www.vamsoft.com

If you are on SP2 for exchange, and you should be, you can try the IMF / Recipient filtering combo (if you aren't already)

http://www.msexchange.org/tutorials/Sender-Recipient-Filtering.html
http://www.amset.info/exchange/imf.asp

Hope that helps,

-red
0
 
LVL 16

Expert Comment

by:The_Kirschi
Comment Utility
Any Anti-Spam software that suits you and your exchange server will be fine for Blackberry also, because messages are sent to Blackberry after they are delivered to the users mailboxes, meaning after spam and viruses have (hopefully) been blocked.

The requirements are the same if you use Blackberry or not.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
What you need is something that scans the messages before the Blackberry server forwards the message out. I think IMF does it too late to stop it from going to the Blackberry device.

Simon.
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
I thought IMF got it in time?

BES is just another client that accesses the mailbox, isnt it?
0
 

Author Comment

by:bhgewilson
Comment Utility
I have heard a lot about GFI.  Is it easy to configure and keep going.  I have installed mail security with Symantec but not the anti-spam stuff.  I have been disappointed also and wanted to find out what everyone thought.  Does GFI have a catchall mailbox?  Is there a way to send a message to the mail sender saying that they have been blocked?  

Thanks,
Brad
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
If you are archiving on the server then it catches the messages.
If you using the Junk Email Folder then it doesn't always - at least that is what I have seen.

Simon.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Ah, I see what you mean Sembee.

GFI is quite easy to configure, and once it is up and running there is really nothing to it.

If you can, install it on a gateway machine (good use of an old desktop).  If you can't, then you can simply install it on the exchange server.

I configure it both ways, a gateway spam scanner (MailSecurity and MailEssentials) that weeds out and deletes all the obvious mail, then forwards it on to the exchange server - which is also running MailEssentials and sends the borderline spam to the users Junk E-Mail box (which may have the same problem that Sembee was mentioning).

As for a catchall, that is not a good idea - it will take a lot of time to monitor, and will also mean that you cannot enable Recipient Filtering.  You can't do it with GFI, but you can do it with exchange - if you REALLY want to do it, I will give you the MS link, but I urge you to reconsider :)

An replying to mail that has been blocked is also a bad practice.  80% of mail being sent is spam, 90% of that would be from a fake sender - meaning you would be replying to people that never sent mail in the first place.  GFI CAN do it, but once again, I urge you to reconsider :))

-red
0
 
LVL 8

Expert Comment

by:nitadmin
Comment Utility
Configure IMF, Send Filtering, Recipient Filering, SPF filtering, and RBL Filtering. No need to buy third party software, services or devices.

Microsoft Exchange 2003 Service Pack 2 has great tools that you can enable to reduce or eliminate UCE e-mails. Most Exchange Administrators don't bother to configure and enable these great features. Instead they go and waste money on software tools like,

GFI Essentials,
IHateSpam
Microsoft Atigen.
Symatec Ati-Spam,
and thousands of Server or client based free and paid software tools.
Some also buy appliances like the Barracuda Spam Filter and other similiar devices.
Others will purchase the services of Spam filtering Services like MessageLabs, Postini, and similiar Services providers.

They are all a waste of Money. Configure anf then enable the features that come with Exchange 2003.

Cheers,
NITADMIN
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
"Most Exchange Administrators don't bother to configure and enable these great features. Instead they go and waste money on software tools like"

Are you basing that statement on anything inparticular nitadmin?

I ALWAYS configure recipient filtering, tarpitting and the IMF.  SPF filtering is pointless at the moment, it is nowhere near widely adopted.  RBL filtering is good, but other people telling be what should be blocked isn't really my cup of tea.

There are times though where it is simply not effective, if you have not had this happen to you, congratulations - the simple reality is that these tools, while useful, are by no means the be all and end all of spam filtering.

And, asking the obvious, what do you do for viruses?  Infact, don't answer that, I dont want to know

-red
0
 

Author Comment

by:bhgewilson
Comment Utility
The only reason that I would want to send back to sender is becasue this is a investment company and some of the stuff may acutally be for real.  That is what has been requested of me so far.  

To be honest I have not done anything with SP2.  What is recepient filtering?  

If we don't use a catchall how can we ever inform GFI that it is to allow certain people to come through?

Is there any way to let the users know how much mail is being stopped?

Brad
0
 
LVL 8

Expert Comment

by:nitadmin
Comment Utility
Red,

Good that you have implmented recipient filtering, tarpitting and the IMF.
SPF filtering is not pointless. The more Administrators who configure SPF the more it will catch on and spread. This is what we want. For everyone to learn about it and to configure their SFP records. If we ignore it, then everyone else will ignore it too.

RBL has its draw backs. It can often block legitamte senders. It you ip address can end up on an RBL lists very randomly.

Yes I agree that "simple reality is that these tools, while useful, are by no means the be all and end all of spam filtering." This is true about all Spam tools, whether it is part of Exchange or some third party tools.

You will never be able to completely eliminate junk e-mails, just like you can never completely eliminate all the junk letters you receive at your home or office mailbox. Even laws or new lisgislation will not eliminate it. Even if e-mails were to one day require a delievry fee, like the postage stamps we pay to mail letters, junk e-mails will not disappear.

The best things you can do to reduce junk e-mails is to educate your users about how they use e-mails and who or where they give out their e-mail addresses to.

Another point I should make. To reduce spam e-mails you have to take pro-active approach. You can expect to configure some tool one time and expect it will reduce the amout of spam you receive. You have to constanly monitor and make sdjustments using the tools available to you.
You can not expect that from day one when you setup and configure Echange IMF filtering that it will eliminate every junk e-mail. You have continue monitoring the junks e-mails that you getting and make adjustments to IMF so that it will catch more of the particular type junk e-mails that you users are getting.

This is true whether you use IMF or Surfcontrol Spam filter, Barracuda Spam Filter, GFI spam Filter, MessageLabs Filtering Service, and thousand of other software tools, devices, or Service providers.

"what do you do for viruses?", I install Symatec Ant-virus on all Servers, and Desktops, Laptops. I also configure nightly updates of Virus deinitions. I push anti-virus software on all new computers and servers in our network. Any time a virus or spyware infects our computers or servers, it will be taken offline immediately, Its hard drives are completely wiped out and re-imaged. This is Corperate policy of all fortune 500 companies. We also educate our users constantly and new hires are given our Corperate USE Policy durring their orienatation. Which they must sign and acknlowdge that they have read it. We enforce our Corperate IT policies vigorously.

Cheers,
NITADMIN
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 125 total points
Comment Utility
Hi Brad,

>>The only reason that I would want to send back to sender is becasue this is a investment company and some of the stuff may acutally be for real.  That is what has been requested of me so far.  

This is entirely possible with all spam software available - but, you should tell your superiors that it is HIGHLY not recommended.  GFI lets you send a response to CERTAIN types of spam (such as attachments) which may at least limit the amout of spam YOU will be sending out.  Consider this, one of my clients receives about 10k legitmate mails a week, and about 40k spam, they will send probably 8k a week.  If our systems responded to ALL spam, not only will we now be sending so much traffic down our link (doubling the financial cost of spam for out network) but we will also be spamming the heck out of other people as well!  What you are better off doing, which is what I did for this client, was to send all "spam" messages to a mailbox, and monitor it manually - this is a nightmare of a job, and required about 2 hours a day when I did it, but I quickly learned what was being INCORRECTLY picked up as spam, and adjusted our rules.

>>To be honest I have not done anything with SP2.  What is recepient filtering?  

Upgrade to SP2, NOW! :)  Recipient filtering (which should always be mentioned with tarpitting) is a way for your server to immediately drop any mail that is being sent to non-existant users on your domain.  Of the 40k spam mails from the above example, something rediculous like 70% of those are to non-existant users - just random names like geos-cfv@ or asduhasid@ - the downside to this is that someone could do a "directory harvest" which is basically sending to every possible address (with brute force) and then making a list of emails that are not dropped.  Someone now has a list of ALL your email addresses.  This is where tarpitting comes in, the elegance of tarpitting is that it is so simple.  Tarpitting adds a 5 second delay between commands on the mail server - that's it.  This delay will have no adverse affect for all other mail, but someone trying to scan the millions of possible combinations of email addresses, will soon realise that something is not right, and move on to an easier target.

>>If we don't use a catchall how can we ever inform GFI that it is to allow certain people to come through?

Recipient filtering is the death of the catchall - you have to have one or the other - they will not work together.  Other than that, I do not really understand your question.  GFI knows to allow certain mail through based on the rules it has, and what it knows as it's internal domain.

>>Is there any way to let the users know how much mail is being stopped?

GFI, as well as others, can give reports.  What may be more appropriate in this instance is to forward all mail marked as junk to the end users Junk Email folder - this way the onus is on them to monitor it (and they can see exactly what it is doing)


NIT,

I should clarify.  SPF is not pointless, it is great IN THEORY, but the uptake is nowhere near enough that I would DENY mail because of an SPF violation.  Therefore, presently, SPF is useless.

Also, you are correct, nothing will make spam disappear - our job is to minimize it.  The only, 100% way to be totally spam and virus free is to simply disconnect from the internet and not let your users near computers with external data (CDs, ThumbDrives, iPods).

-red
0
 

Author Comment

by:bhgewilson
Comment Utility
Thanks so much for all the responses.  I will take action on both the SP2 stuff and GFI.  Thanks for the info.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now