Looking for the best hardware or software anti-spam solution for multiple domains and users
I'm considering a few anti-spam hardware firewall solutions for some clients of mine such as the Barracuda and MailFoundry products (I'm a network consultant). I have several clients that are too small to afford these products and it seems software running on their PC is their only answer. However, they may access their mail from several PCs or their cell phones. In short, I am trying to find out if there is something I can run on a server or appliance, that would allow me to protect the email accounts for these different clients with different domains and email accounts, and offer it as a service to them. I could host it offsite.
The details:
-All have 3rd party hosted email although it would be nice to offer it to clients that have their own email servers too.
-Most have their own domain so I could use domain forwarding but again, it would be nice to offer it to individuals that might just have an ISP email address.
-I haven't had a lot of experience with the hardware appliances. Specs say they can handle multiple domains based on the model you select, but does that mean multiple domains for the same mailbox (aliasing) or could I handle mail for that many different companies?
-Most of what I've seen with an appliance is that the MX record forwards all mail to the appliance, then the client's pop settings point to the appliance for retrieval. If possible, it would be nice if the appliance could check the pop server and process anti-spam defense by deleting the junk before the clients d/l their messages without ever "hosting" the clients mail. I still haven't completely thought this through and not sure how it could be implemented but I know devices can tag messages for deleting or retrieval without downloading them first on a POP server.
-Low expense is key since the clients are small and I have barriers of entry for offereing this as a service. The appliances I've found have rather expensive annual fees to keep them updated which may or may not be avoidable.
Does anyone have a hardware solution or know of software (preferably open-source or cheaper than the appliances) or even another service that would meet these requirements and allow me to run it myself? I need pointing in the right direction first, then I'll follow up by opening more questions for more points on details. Thanks in advance!
The details:
-All have 3rd party hosted email although it would be nice to offer it to clients that have their own email servers too.
-Most have their own domain so I could use domain forwarding but again, it would be nice to offer it to individuals that might just have an ISP email address.
-I haven't had a lot of experience with the hardware appliances. Specs say they can handle multiple domains based on the model you select, but does that mean multiple domains for the same mailbox (aliasing) or could I handle mail for that many different companies?
-Most of what I've seen with an appliance is that the MX record forwards all mail to the appliance, then the client's pop settings point to the appliance for retrieval. If possible, it would be nice if the appliance could check the pop server and process anti-spam defense by deleting the junk before the clients d/l their messages without ever "hosting" the clients mail. I still haven't completely thought this through and not sure how it could be implemented but I know devices can tag messages for deleting or retrieval without downloading them first on a POP server.
-Low expense is key since the clients are small and I have barriers of entry for offereing this as a service. The appliances I've found have rather expensive annual fees to keep them updated which may or may not be avoidable.
Does anyone have a hardware solution or know of software (preferably open-source or cheaper than the appliances) or even another service that would meet these requirements and allow me to run it myself? I need pointing in the right direction first, then I'll follow up by opening more questions for more points on details. Thanks in advance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I buy all my stuff through Dell, they are a MS reseller.
We paid $1200 for a yearly subscription 85 mailboxes. Its just based off of how many mailboxes.
If you want a quote let me know just tell me how many domains (yes you can log into a website and can manage multiple domains) with how many email accounts per domain.
I can get back a rough quote from my account rep
We paid $1200 for a yearly subscription 85 mailboxes. Its just based off of how many mailboxes.
If you want a quote let me know just tell me how many domains (yes you can log into a website and can manage multiple domains) with how many email accounts per domain.
I can get back a rough quote from my account rep
A linux distribution would come with Postfix and Cyrus already installed. You would just meed to install the spamassassin+clamav and MailScanner package from the mailscanner.info website. I would advise using clamav and it is really such a small additional task to get it working. You can also use the sanesecurity additional definitions I mentiooned on my site which are antivirus type definitions but they detect spam such as images and other attachments which normal spam detection techniques can have difficulty with.
You need to be comfortable installing software in order to install it but once installed all you really need to do is install the new spamassassin+clamav package when a new version is released. This is a simple task of downloading and running the installer program and normally this is done about every two months or so to keep it 100% up to date but if you did 6 month or yearly updates it wont be a big problem.
Not storing the mail locally is not a problem but you can really redeliver the mail to the same mailbox because you wont know what mail you have already processed and mail will constantly be sent round in a loop. You also cant guarantee you will get and scan the mail before the client collects it.
There is no reason why you cant outsource the mail storage and collect the mail from theor existing mailbox and once cleaned redeliver it to another. http://www.1and1.com do good cheap mail hosting ($4/month for 600 x 2GB mail accounts).
You need to be comfortable installing software in order to install it but once installed all you really need to do is install the new spamassassin+clamav package when a new version is released. This is a simple task of downloading and running the installer program and normally this is done about every two months or so to keep it 100% up to date but if you did 6 month or yearly updates it wont be a big problem.
Not storing the mail locally is not a problem but you can really redeliver the mail to the same mailbox because you wont know what mail you have already processed and mail will constantly be sent round in a loop. You also cant guarantee you will get and scan the mail before the client collects it.
There is no reason why you cant outsource the mail storage and collect the mail from theor existing mailbox and once cleaned redeliver it to another. http://www.1and1.com do good cheap mail hosting ($4/month for 600 x 2GB mail accounts).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"Look NO further than:"
Ooops.
Ooops.
MIMEdefang is good as it will process each message as it is received and if a mail is deemed to contain spam or a virus then it is rejected. Mailscanner on the other hand will process mail after they have been received. Normally you would use a RBL in the mail server software you are using and this will reject about 80% of spam straight away.
No one solution is best. It depends on your mail load and your users. Some considerations :-
1) Any spam while using MIMEDefang will be rejected if it is high scoring while I would guess any lower scoring spam could be accepted and tagged. Mailscanner will accept all mail but high scoring spam can be just deleted while low scoring can be tagged.
2) Since Mailscanner runs and processes batches of mail it is far more efficient in terms of cpu and therefore if your mail server handles a very large volume of email you may find Mailscanner can cope but other systems cannot.
3) Mailscanner supports different rules for different people. One domain/company can have a larger spam threshold than others. Individual people can manage their own whitelists etc...
4) Mailscanner supports a huge number of virus scanners.
No one solution is best. It depends on your mail load and your users. Some considerations :-
1) Any spam while using MIMEDefang will be rejected if it is high scoring while I would guess any lower scoring spam could be accepted and tagged. Mailscanner will accept all mail but high scoring spam can be just deleted while low scoring can be tagged.
2) Since Mailscanner runs and processes batches of mail it is far more efficient in terms of cpu and therefore if your mail server handles a very large volume of email you may find Mailscanner can cope but other systems cannot.
3) Mailscanner supports different rules for different people. One domain/company can have a larger spam threshold than others. Individual people can manage their own whitelists etc...
4) Mailscanner supports a huge number of virus scanners.
ASKER
Thanks again for the responses. Ryansoto: I am actually a Dell Reseller so I emailed my rep for more info. Also went through the Hosted Exchange Services page on MS's site. They have a 10 min. video you can watch to show you the process for signing up. WTF? Not for how to set it up, but how to purchase the service. Way to make things difficult Microsoft. :-) However, I am following up more on this because even though it's not really the hardware/software solution I was after, if the services are already being offered out there for far cheaper than I can do it, it's not worth me messing with anyway (if it works well).
To the Linux guys: 16+ programs listed on your setup page just to get rid of spam and I haven't even figured out how to install Linux yet. That's no better than Microsoft. No wonder Linux isn't grabbing any more market share. (I hope you are all finding the humor in this because I'm just kidding.) Anyway, it seems this is certainly possible and inexpensive to do through Linux with some low cost hardware. Probably why most of the other appliances run Linux. As interesting as the solution sounds, I've got to be realistic in that it will require a great deal of learning on my part to get involved with all of that on the Linux side and it's a lot of different software to familiarize myself with.. I would certainly prefer a MS solution since that's my field but I know I lose the cost advantages. From your descriptions it seems you are also hosting the mail servers though. Can some of those apps be cut out if you don't want to host the mail? ie. I want the mail to pass through my anti-spam device in bulk from the internet, be cleaned, and forwarded on to my client's respective mail servers for sorting and retrieval. I guess it's the same thing all of these other services are doing, as ryansoto mentioned. They just point the MX records to the Spam box first.
The other idea was to monitor the POP server, download a copy of messages (leaving a copy on server), scanning and sending back a delete request to the server on bad messages, similar to what a regular email client can do. I wouldn't be uploading the messages again so there wouldn't be any cyclicle problem. The catch would be doing this before the clients retrieved their messages.
I'll have to see what Dell says about cost, minimum # of users, multiple domains/companies and whether I can resell the services. Anyone have any suggestions for software in the Microsoft OS area?
Thanks for your help.
To the Linux guys: 16+ programs listed on your setup page just to get rid of spam and I haven't even figured out how to install Linux yet. That's no better than Microsoft. No wonder Linux isn't grabbing any more market share. (I hope you are all finding the humor in this because I'm just kidding.) Anyway, it seems this is certainly possible and inexpensive to do through Linux with some low cost hardware. Probably why most of the other appliances run Linux. As interesting as the solution sounds, I've got to be realistic in that it will require a great deal of learning on my part to get involved with all of that on the Linux side and it's a lot of different software to familiarize myself with.. I would certainly prefer a MS solution since that's my field but I know I lose the cost advantages. From your descriptions it seems you are also hosting the mail servers though. Can some of those apps be cut out if you don't want to host the mail? ie. I want the mail to pass through my anti-spam device in bulk from the internet, be cleaned, and forwarded on to my client's respective mail servers for sorting and retrieval. I guess it's the same thing all of these other services are doing, as ryansoto mentioned. They just point the MX records to the Spam box first.
The other idea was to monitor the POP server, download a copy of messages (leaving a copy on server), scanning and sending back a delete request to the server on bad messages, similar to what a regular email client can do. I wouldn't be uploading the messages again so there wouldn't be any cyclicle problem. The catch would be doing this before the clients retrieved their messages.
I'll have to see what Dell says about cost, minimum # of users, multiple domains/companies and whether I can resell the services. Anyone have any suggestions for software in the Microsoft OS area?
Thanks for your help.
Thanks again for the responses. Ryansoto: I am actually a Dell Reseller so I emailed my rep for more info. Also went through the Hosted Exchange Services page on MS's site. They have a 10 min. video you can watch to show you the process for signing up. WTF? Not for how to set it up, but how to purchase the service. Way to make things difficult Microsoft. :-) However, I am following up more on this because even though it's not really the hardware/software solution I was after, if the services are already being offered out there for far cheaper than I can do it, it's not worth me messing with anyway (if it works well).
It was kind of a hassle to buy it but I have a rep so I just told him I want 85 mailboxes covered for 1 yr. He sent me a quote I paid then it took about 48 hours for MS to set the account up. Then MS emails you your account has been set up with the account info. You l log in and start setting up (Took maybe an hour).
It was kind of a hassle to buy it but I have a rep so I just told him I want 85 mailboxes covered for 1 yr. He sent me a quote I paid then it took about 48 hours for MS to set the account up. Then MS emails you your account has been set up with the account info. You l log in and start setting up (Took maybe an hour).
@grblades:
It doesn't sound as if you've ever really used MIMEDefang. MIMEDefang can work long before the E-Mail is ever received - at the HELO, MAIL FROM: and RCPT TO: steps of the SMTP conversation.
That's why I prefer it over Mailscanner, which only engages AFTER the E-mail has been received. I've already stopped 90% of spammers *before* they reach DATA. Why let them clog my bandwidth and disk space when I can identify them as spammers before they actually get to send the E-Mail?
Also, I've got no idea where you get your 80% statistic for RBLs. I check five (5) RBLs and I'd rate them as about 50% effective...on a good day. When the spammers are using a fresh set of 'botted Winblows machines, it'll drop to 30-35% until the RBL maintainers catch up.
Moreover, RBLs "cost" you bandwidth and CPU to make an interpret all the DNS calls. Again, why let it get to that point if you can identify them at HELO?
It doesn't sound as if you've ever really used MIMEDefang. MIMEDefang can work long before the E-Mail is ever received - at the HELO, MAIL FROM: and RCPT TO: steps of the SMTP conversation.
That's why I prefer it over Mailscanner, which only engages AFTER the E-mail has been received. I've already stopped 90% of spammers *before* they reach DATA. Why let them clog my bandwidth and disk space when I can identify them as spammers before they actually get to send the E-Mail?
Also, I've got no idea where you get your 80% statistic for RBLs. I check five (5) RBLs and I'd rate them as about 50% effective...on a good day. When the spammers are using a fresh set of 'botted Winblows machines, it'll drop to 30-35% until the RBL maintainers catch up.
Moreover, RBLs "cost" you bandwidth and CPU to make an interpret all the DNS calls. Again, why let it get to that point if you can identify them at HELO?
@VortexAdmin:
16+ packages? Only if you're installing from scratch.
Before hopping on the Winblows bandwagon, get *all* the facts.
Most modern Linux distros have all the necessary Perl modules included, and many have MIMEDefang itself as an installable package (along with ClamAV, SpamAssassin and sendmail). I'm fairly sure SUSE has them all available as installable packages available with the distro. I'd be surprised if Fedora didn't. RHEL, unfortunately, does not (last I checked).
"I want the mail to pass through my anti-spam device in bulk from the internet, be cleaned, and forwarded on to my client's respective mail servers for sorting and retrieval. I guess it's the same thing all of these other services are doing, as ryansoto mentioned. They just point the MX records to the Spam box first."
That's how I handle it - there's a relay host at my network border to which all MX records point. It receives SMTP connections, checks them for obvious fraud, and then lets the 10% that remain actually send E-Mail. That E-Mail is scanned for viruses and evaluated for SPAM. Anything that survives is passed along to the appropriate internal host for final delivery to a user mailbox.
If it sounds brutal, it is. Simple fact of the matter is 90% of all incoming connections to your mailhost are fraudulent - some slimeball trying to SPAM you, or relay SPAM through you. The sooner in the SMTP conversation you can identify the connecting host as fraudulent, the less of your resources they get to waste.
That's why I dislike sole reliance on post-acceptance tools like Mailscanner. By the time Mailscanner gets involved, the spammer has successfully wasted your bandwidth (transmitting their garbage) and disk space (queueing their garbage). Then Mailscanner is going to expend CPU and RAM scanning a torrent of garbage, 90% of which is SPAM - more wasted resources.
Using MIMEDefang, I can ID about half of incoming spammers at HELO, and about 90% by RCPT TO:. My virus scanner and SpamAssassin deal with a much smaller load.
"other idea was to monitor the POP server, download a copy of messages (leaving a copy on server), scanning and sending back a delete request to the server"
Again, you'd be closing the barn door long after the horse has departed. The spammer would already have wasted all your resources - bandwidth (THREE TIMES - once when you initially received their garbage, again when you sent it to the server hosting the user mailbox, and again when you download it for scanning), disk space (THREE TIMES again, since you're copying it in three different places), CPU and RAM (mostly on your scanning host). I can't imagine a less-efficient arrangement.
16+ packages? Only if you're installing from scratch.
Before hopping on the Winblows bandwagon, get *all* the facts.
Most modern Linux distros have all the necessary Perl modules included, and many have MIMEDefang itself as an installable package (along with ClamAV, SpamAssassin and sendmail). I'm fairly sure SUSE has them all available as installable packages available with the distro. I'd be surprised if Fedora didn't. RHEL, unfortunately, does not (last I checked).
"I want the mail to pass through my anti-spam device in bulk from the internet, be cleaned, and forwarded on to my client's respective mail servers for sorting and retrieval. I guess it's the same thing all of these other services are doing, as ryansoto mentioned. They just point the MX records to the Spam box first."
That's how I handle it - there's a relay host at my network border to which all MX records point. It receives SMTP connections, checks them for obvious fraud, and then lets the 10% that remain actually send E-Mail. That E-Mail is scanned for viruses and evaluated for SPAM. Anything that survives is passed along to the appropriate internal host for final delivery to a user mailbox.
If it sounds brutal, it is. Simple fact of the matter is 90% of all incoming connections to your mailhost are fraudulent - some slimeball trying to SPAM you, or relay SPAM through you. The sooner in the SMTP conversation you can identify the connecting host as fraudulent, the less of your resources they get to waste.
That's why I dislike sole reliance on post-acceptance tools like Mailscanner. By the time Mailscanner gets involved, the spammer has successfully wasted your bandwidth (transmitting their garbage) and disk space (queueing their garbage). Then Mailscanner is going to expend CPU and RAM scanning a torrent of garbage, 90% of which is SPAM - more wasted resources.
Using MIMEDefang, I can ID about half of incoming spammers at HELO, and about 90% by RCPT TO:. My virus scanner and SpamAssassin deal with a much smaller load.
"other idea was to monitor the POP server, download a copy of messages (leaving a copy on server), scanning and sending back a delete request to the server"
Again, you'd be closing the barn door long after the horse has departed. The spammer would already have wasted all your resources - bandwidth (THREE TIMES - once when you initially received their garbage, again when you sent it to the server hosting the user mailbox, and again when you download it for scanning), disk space (THREE TIMES again, since you're copying it in three different places), CPU and RAM (mostly on your scanning host). I can't imagine a less-efficient arrangement.
Some typical figures taked from our yesterdays logwatch output.
Messages rejected using Anti-Spam site 3225 Time(s)
autoblock.dnsbl identified 18 spam messages.
bl.spamcop.net identified 47 spam messages.
zen.spamhaus.org identified 3160 spam messages.
MailScanner Status:
904 messages Scanned by MailScanner
96.5 Total MB
313 Spam messages detected by MailScanner
23 Viruses found by MailScanner
1 Banned attachments found by MailScanner
So 4129 attempted deliveries.
3225 blocked by RBL
591 non spams
313 spams get past rbl
so rbl blocks 4129/4129+313) = 93%
Now that figure is not entirely correct as a mail attempted to be sent to 3 addresses will count as 3 RBL blocks. Even so from experience and the mailscanner/mailwatch output it is rare for a spammer to send to us with more than 3 valid addresses specified as recipients (we reject unknown users before RBL checks). Taking a very concervative average of 4 recipients per email the RBL block ratio comes down to 79% which is still very good.
Before implementing RBLs we were getting about 3500-4000 mails in the mailscanner logs per day. Now that is less than 1000 which also co-oberates the approx 80% detection rate.
Spamhaus is not a free service though and you need to subscribe to their datafeed service. With this you run your own rbldnsd server and get incremental updates to the database every 30 minutes (or longer if you prefer).
Messages rejected using Anti-Spam site 3225 Time(s)
autoblock.dnsbl identified 18 spam messages.
bl.spamcop.net identified 47 spam messages.
zen.spamhaus.org identified 3160 spam messages.
MailScanner Status:
904 messages Scanned by MailScanner
96.5 Total MB
313 Spam messages detected by MailScanner
23 Viruses found by MailScanner
1 Banned attachments found by MailScanner
So 4129 attempted deliveries.
3225 blocked by RBL
591 non spams
313 spams get past rbl
so rbl blocks 4129/4129+313) = 93%
Now that figure is not entirely correct as a mail attempted to be sent to 3 addresses will count as 3 RBL blocks. Even so from experience and the mailscanner/mailwatch output it is rare for a spammer to send to us with more than 3 valid addresses specified as recipients (we reject unknown users before RBL checks). Taking a very concervative average of 4 recipients per email the RBL block ratio comes down to 79% which is still very good.
Before implementing RBLs we were getting about 3500-4000 mails in the mailscanner logs per day. Now that is less than 1000 which also co-oberates the approx 80% detection rate.
Spamhaus is not a free service though and you need to subscribe to their datafeed service. With this you run your own rbldnsd server and get incremental updates to the database every 30 minutes (or longer if you prefer).
In the end it is whatever works best for you. The RBLs work very well for us which leaves only about 300 spams per day coming in which uses insignificant bandwidth and cpu time to identify so the added functionality of mailscanner is ideal for us.
If RBLs didnt work so well for us which I guess is the case for PsiCop then we would probably look for something else and may well choose to use MIMEdefang instead.
If RBLs didnt work so well for us which I guess is the case for PsiCop then we would probably look for something else and may well choose to use MIMEdefang instead.
ASKER
My issue is whether or not I can take the time to learn, implement and administer a Linux server for this. You are arguing the proper chain of command for processing by two components I've never heard of. You're 3 steps ahead of me. I am not considering jumping on the Windows bandwagon, I've been riding it successfully for years and am taking an open minded approach to jumping off of it (for a minute) if a Linux solution will be more effective for what I need. I came across this which seems to be a slick package of something similar to what you guys have been talking about. http://www.spamtitan.com/anti-spam/corporate-anti-spam-solutions I could handle it that way. Give me an ISO to load and let me spend my valuable time tweaking the anti-spam settings, not learning the finer points of LInux and it's many components. However, they want $550 for the software and another $150 for maintenance. Oh well, it was a good idea.
I'd still like to hear of any other possible solutions that doesn't require me learning a new OS. I know you guys are big fans of LInux and there's been several occassions where I've considered digging more into it but this isn't the time, I don't think. If I could put an ISO on a PC and turn it into an "appliance" I'd do it, but I can't do all the dirty work.
Meanwhile, I got a quote from MS through Dell on the Exchange filtering serrvice. They wanted $270 for a 5 user license (minimum) that lasts 3 years. Why I have to do a 3 year bulk, I'm still trying to find out. It works out to about $1.50/user/month. They charge based on user, not mailbox, not address or alias. Number of domains don't matter, but you have to do a seperate agreement for each company. Price doesn't change (no scaling) but you still have a 5 user minimum and I have clients with less than 5 people. Is this licensing like the other Open Value licenses, where you are given licenses and just "trusted" to only use that many? How can they know how many users there and from which companies if email addresses, aliases and domains don't matter to them? I'm still waiting for an answer to some questions to see how I could aggregate the service for several smaller clients.
I'm still thiking about the Linux idea only because I recently saw someone using a cheap Linux PC as a VPN firewall with the Open Source IPCop. It would be nice to be able to put together your own ISO with something like that and all of the Anti-Spam and Anti-Virus software ready to go. Blow it onto an old PC to set up for a new client and have it ready to go. How hard would it be to set that all up, configurable through a web interface and made into an ISO, similar to what SpamTItan is doing?
Thanks again.
I'd still like to hear of any other possible solutions that doesn't require me learning a new OS. I know you guys are big fans of LInux and there's been several occassions where I've considered digging more into it but this isn't the time, I don't think. If I could put an ISO on a PC and turn it into an "appliance" I'd do it, but I can't do all the dirty work.
Meanwhile, I got a quote from MS through Dell on the Exchange filtering serrvice. They wanted $270 for a 5 user license (minimum) that lasts 3 years. Why I have to do a 3 year bulk, I'm still trying to find out. It works out to about $1.50/user/month. They charge based on user, not mailbox, not address or alias. Number of domains don't matter, but you have to do a seperate agreement for each company. Price doesn't change (no scaling) but you still have a 5 user minimum and I have clients with less than 5 people. Is this licensing like the other Open Value licenses, where you are given licenses and just "trusted" to only use that many? How can they know how many users there and from which companies if email addresses, aliases and domains don't matter to them? I'm still waiting for an answer to some questions to see how I could aggregate the service for several smaller clients.
I'm still thiking about the Linux idea only because I recently saw someone using a cheap Linux PC as a VPN firewall with the Open Source IPCop. It would be nice to be able to put together your own ISO with something like that and all of the Anti-Spam and Anti-Virus software ready to go. Blow it onto an old PC to set up for a new client and have it ready to go. How hard would it be to set that all up, configurable through a web interface and made into an ISO, similar to what SpamTItan is doing?
Thanks again.
DefenderMX and BarricadeMX are very good. DefenderMX is largely based on MailScanner with some additional customisations. BarricadeMX is a propietry system which rejects mail before it is received.
They are both a lot more expensive at about $1800 but are designed for a much busier mail server than you have.
They are both a lot more expensive at about $1800 but are designed for a much busier mail server than you have.
Forgot the URL - http://www.fsl.com/defender2.html
It would be fairly difficult to build your own system. You will need to use a main distribution such as centos and then create your own distribution. That in itself is not too difficult but you will also have to write you own web configuration interface which will take a lot of work.
It would be fairly difficult to build your own system. You will need to use a main distribution such as centos and then create your own distribution. That in itself is not too difficult but you will also have to write you own web configuration interface which will take a lot of work.
Meanwhile, I got a quote from MS through Dell on the Exchange filtering serrvice. They wanted $270 for a 5 user license (minimum) that lasts 3 years. Why I have to do a 3 year bulk, I'm still trying to find out((((((Dell also wanted me to do a 3yr but you DO NOT have to. I told them I only want yr and there was no issue with this)))))))))). It works out to about $1.50/user/month. They charge based on user, not mailbox, not address or alias. Number of domains don't matter, but you have to do a seperate agreement for each company((((((Correct I also asked this and its based on company)))))). Price doesn't change (no scaling) but you still have a 5 user minimum and I have clients with less than 5 people(((((I can understand their line of thinking. They have admin overhead and have to make a profit))))). Is this licensing like the other Open Value licenses, where you are given licenses and just "trusted" to only use that many?((((((Not sure I thought it was based on mailboxes.))))) How can they know how many users there and from which companies if email addresses, aliases and domains don't matter to them?((((((Well I honestly dont know. I thought it was again by mailbox so you buy 85 you can have 85 users and no more. How they enforce that I'm not sure.)))))) I'm still waiting for an answer to some questions to see how I could aggregate the service for several smaller clients.
@grblades:
"Now that figure is not entirely correct as a mail attempted to be sent to 3 addresses will count as 3 RBL blocks."
Which is exactly my point.
Using sendmail's built-in RBL capability, or doing something a bit more sophisticated with a tool like MIMEDefang (for example, giving one RBL more weight than another), the E-Mail would be blocked BEFORE it was received.
Clearly, Mailscanner is waiting until the E-Mail has already been received and queued before checking RBLs. A bit like closing the barn door after the horse has gone. The spammer has already wasted your bandwidth and disk space, now Mailscanner is going to make 3x (or however many) more RBL calls than it was to as it decides to throw away the message.
You could have made one set of RBL calls at RCPT TO: and rejected the connection then, long before the spammer clogged your ISP connections with garbage and you queued an E-Mail that you were just going to delete.
Mission Accomplished for the spammer - they successfully delivered their spam, as far as they're concerned.
"Now that figure is not entirely correct as a mail attempted to be sent to 3 addresses will count as 3 RBL blocks."
Which is exactly my point.
Using sendmail's built-in RBL capability, or doing something a bit more sophisticated with a tool like MIMEDefang (for example, giving one RBL more weight than another), the E-Mail would be blocked BEFORE it was received.
Clearly, Mailscanner is waiting until the E-Mail has already been received and queued before checking RBLs. A bit like closing the barn door after the horse has gone. The spammer has already wasted your bandwidth and disk space, now Mailscanner is going to make 3x (or however many) more RBL calls than it was to as it decides to throw away the message.
You could have made one set of RBL calls at RCPT TO: and rejected the connection then, long before the spammer clogged your ISP connections with garbage and you queued an E-Mail that you were just going to delete.
Mission Accomplished for the spammer - they successfully delivered their spam, as far as they're concerned.
@VortexAdmin:
"My issue is whether or not I can take the time to learn, implement and administer a Linux server for this."
I suspect you overestimate the time/effort necessary to do so.
It seems you have an interest in F/OSS and/or Linux in a general sense (beyond this immediate need), else you wouldn't have mentioned it as a possibility. Also, your immediate need doesn't appear critical, must-have-right-the-frak-n
I suggest to you that now is a perfect opportunity to explore that interest and evaluate F/OSS options, rather than doing the same thing you've always been doing and will probably keep doing unless and until you make the effort to change.
The difference between the hosted Exchange filtering (or other commercial applicances) and implementing your own F/OSS-based solution is really economic.
With the former, you gain no knowledge or understanding, you simply pay money (to others who allegedly have the knowledge and understanding), get a solution that meets about 70% of the general business consumer's needs (which may or may not intersect so completely with *your* business needs), and hope you really get what you pay for (if the mindless scripts followed by the "technical" support monkeys answering the phones don't convince you of the dubious nature of the proposition, nothing will). Similar to a vehicle lease, at the end of the contract you have...nothing. Except an opportunity to sign a new contract, pay more money, and at the end of it have...nothing.
Taking F/OSS tools and building a solution based on freely available information, on the other hand, allows you to gain knowledge and understanding, which you can then apply towards honing the solution to better meet *your* business needs (as opposed to the business needs of 70% of businesses). And at the end of it...you have a working solution that *you* own (and won't suddenly be cut off if you don't pay an invoice) and the *knowledge* and *understanding* that lets you keep the solution relevant to *your* business needs.
Remember, Dell, M$, Barracuda... they're in business to make money. If they happen to actually meet your business needs in exchange for that money, wonderful. But there's a reason they want you to sign a 3-year contract, and it isn't because they're certain they can they can really meet *your* specific business needs - either now, or two years from now. Do you know your business needs two years from now? Do you think Dell or M$ does?
"My issue is whether or not I can take the time to learn, implement and administer a Linux server for this."
I suspect you overestimate the time/effort necessary to do so.
It seems you have an interest in F/OSS and/or Linux in a general sense (beyond this immediate need), else you wouldn't have mentioned it as a possibility. Also, your immediate need doesn't appear critical, must-have-right-the-frak-n
I suggest to you that now is a perfect opportunity to explore that interest and evaluate F/OSS options, rather than doing the same thing you've always been doing and will probably keep doing unless and until you make the effort to change.
The difference between the hosted Exchange filtering (or other commercial applicances) and implementing your own F/OSS-based solution is really economic.
With the former, you gain no knowledge or understanding, you simply pay money (to others who allegedly have the knowledge and understanding), get a solution that meets about 70% of the general business consumer's needs (which may or may not intersect so completely with *your* business needs), and hope you really get what you pay for (if the mindless scripts followed by the "technical" support monkeys answering the phones don't convince you of the dubious nature of the proposition, nothing will). Similar to a vehicle lease, at the end of the contract you have...nothing. Except an opportunity to sign a new contract, pay more money, and at the end of it have...nothing.
Taking F/OSS tools and building a solution based on freely available information, on the other hand, allows you to gain knowledge and understanding, which you can then apply towards honing the solution to better meet *your* business needs (as opposed to the business needs of 70% of businesses). And at the end of it...you have a working solution that *you* own (and won't suddenly be cut off if you don't pay an invoice) and the *knowledge* and *understanding* that lets you keep the solution relevant to *your* business needs.
Remember, Dell, M$, Barracuda... they're in business to make money. If they happen to actually meet your business needs in exchange for that money, wonderful. But there's a reason they want you to sign a 3-year contract, and it isn't because they're certain they can they can really meet *your* specific business needs - either now, or two years from now. Do you know your business needs two years from now? Do you think Dell or M$ does?
> Using sendmail's built-in RBL capability, or doing something a bit more sophisticated with a tool like
> MIMEDefang (for example, giving one RBL more weight than another), the E-Mail would be blocked
> BEFORE it was received.
No I dont use RBLs in Mailscanner. The RBL check is performed in postfix at the recipient verification stage so it is done before the mail is received.
The whole point of RBLs is to reject the bulk of mail before receipt so I agree doing it in Mailscanner would be a bit silly.
> MIMEDefang (for example, giving one RBL more weight than another), the E-Mail would be blocked
> BEFORE it was received.
No I dont use RBLs in Mailscanner. The RBL check is performed in postfix at the recipient verification stage so it is done before the mail is received.
The whole point of RBLs is to reject the bulk of mail before receipt so I agree doing it in Mailscanner would be a bit silly.
ASKER
Well I didn't come to the solid conclusion I was looking for. Instead, I was shown two paths, both of which I would like to explore a bit.
Exchange hosting: This seems by far the easiest solution for my immediate need and it's relatively inexpensive to get some clients on it ($1.50/user/mo.) Only problems are that MS (through Dell) insisted I had to pay for 3 years up front, not one. Maybe they changed a policy, I don't know. They also insist each company has to be on a different plan which doesn't help most of the clients I was looking to help. I still may try and aggragate it somehow if I can find a "loophole" but for now, I'll have to look at MS' long list of 3rd party resellers who sell the hosting in addition to Dell and see if any of their policies are different. For clients that have at least 5 users, this is practically a no brainer.
Linux: If antispam service can be bought for $1.50/mo I don't see a strong business model for me to try and add it as one of my services offered. However, if the solution is cheap enough for me to set up and simple enough to maintain, by bundling with my other services it may be worthwhile. I still have a curious interest in an open Linux solution. My hangups seem to be learning enough Linux to be able to master the OS and implement this in a relatively short time. I'm wondering if hacking a used Barracuda box would be easier. And by hacking I only mean bypassing their database updates. It would save me the trouble of having to set everything up and learning the finer points of Linux and all it's apps for now, and it's already in the form factor I was looking for. I will look around these boards and see if anyone else has messed with it. The big question is whether I need their $400/yr. updates to be able to use the product or if it's useable without it. From the argument/discussion you two had, it seems a big part of the cleaning process doesn't have anything to do with their databases. Is this accurate? If I didn't have access to their database updates, but still had use of the RBL calls and other methods they offer (http://www.barracudanetworks.com/ns/technology/anti-spam-tech.php), would it still be a reliable product? From their 12 layer defense description it looks like aside from the antivirus DB (which I don't really need) their updates don't even kick in until the end, when as both of you agreed, you've already weeded out 98% of the spam. If this is a possibility, then my intention is to close this question in a few days and open a new one in the same area discussing the Barracuda and that set up. I will split the points between the 3 of you since you were all helpful in your own ways, but I want to leave the question open for a bit longer until I get the other one posted (and since I haven't been around EE in months, I lost all my expert points to open some more questions so I have to answer a few real quick first.)
Thanks for your help.
Exchange hosting: This seems by far the easiest solution for my immediate need and it's relatively inexpensive to get some clients on it ($1.50/user/mo.) Only problems are that MS (through Dell) insisted I had to pay for 3 years up front, not one. Maybe they changed a policy, I don't know. They also insist each company has to be on a different plan which doesn't help most of the clients I was looking to help. I still may try and aggragate it somehow if I can find a "loophole" but for now, I'll have to look at MS' long list of 3rd party resellers who sell the hosting in addition to Dell and see if any of their policies are different. For clients that have at least 5 users, this is practically a no brainer.
Linux: If antispam service can be bought for $1.50/mo I don't see a strong business model for me to try and add it as one of my services offered. However, if the solution is cheap enough for me to set up and simple enough to maintain, by bundling with my other services it may be worthwhile. I still have a curious interest in an open Linux solution. My hangups seem to be learning enough Linux to be able to master the OS and implement this in a relatively short time. I'm wondering if hacking a used Barracuda box would be easier. And by hacking I only mean bypassing their database updates. It would save me the trouble of having to set everything up and learning the finer points of Linux and all it's apps for now, and it's already in the form factor I was looking for. I will look around these boards and see if anyone else has messed with it. The big question is whether I need their $400/yr. updates to be able to use the product or if it's useable without it. From the argument/discussion you two had, it seems a big part of the cleaning process doesn't have anything to do with their databases. Is this accurate? If I didn't have access to their database updates, but still had use of the RBL calls and other methods they offer (http://www.barracudanetworks.com/ns/technology/anti-spam-tech.php), would it still be a reliable product? From their 12 layer defense description it looks like aside from the antivirus DB (which I don't really need) their updates don't even kick in until the end, when as both of you agreed, you've already weeded out 98% of the spam. If this is a possibility, then my intention is to close this question in a few days and open a new one in the same area discussing the Barracuda and that set up. I will split the points between the 3 of you since you were all helpful in your own ways, but I want to leave the question open for a bit longer until I get the other one posted (and since I haven't been around EE in months, I lost all my expert points to open some more questions so I have to answer a few real quick first.)
Thanks for your help.
ASKER
OK, I opened a new question to follow up on the Linux/SpamAssassin path, basically with trying to use a Barracuda appliance to kickstart me past becoming a Linux guru overnight. I hope you two Linux guys can help out there. https://www.experts-exchange.com/questions/23145248/Modifying-a-Barracuda-Anti-Spam-Firewall.html
Thanks for your help here. I will probably get the clients with the immediate need (and 5 users) on the Exchange hosting, at least temporarily while I look at the Linux solution. I will close this question and split points. I appreciate all of your help.
Thanks for your help here. I will probably get the clients with the immediate need (and 5 users) on the Exchange hosting, at least temporarily while I look at the Linux solution. I will close this question and split points. I appreciate all of your help.
ASKER
grblades, I don't have a lot of Linux experience, I've used Unix but it's rusty. But I'm not ruling anything out just yet. Would I need all of those apps running to do what I need? I'm not as worried about antivirus (although a second scanner can't hurt). I wouldn't want to host the mailboxes, I'd want to forward all the mail right back to their respective web/email host. I'll try and take a look at your link tonight. I don't mind learning some new (Linux) stuff, but if I have to be a Linux Admin to run it, I don't think it'll work for me.
Thanks to both, keep the suggestions coming...