Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2535
  • Last Modified:

Best Email Gateway for Excahnge server 2010 or 2013

Hi EEs,
I have to host exchange server2013 in my company,
Currently I have Fortigate 100 D as a firewall, & as a antivirus we are using Symantec end-point protection 12.1,

Now Can any one pls advise me …either I can use Fortigate 100D or Symantec End-Point 12.1 as an email Gateway for protecting my Exchange server from Email Viruses & spams etc.

Also advice does Hardware based Email gateway(appliance) is good V/S Software base Email gateway (Trend Micro Interscan Messaging suit-IMSS).

Many thanks in advance…
  • 3
  • 2
  • 2
  • +5
4 Solutions
I QasmiCommented:
Both the softwares are good
Also hardware based  is good as compared to software based.
Those with less expenses can deploy a software alternate solution
that are also good these days
Simon Butler (Sembee)ConsultantCommented:
No such thing as "best". What works for me may not work for you.
As a rule I avoid products from the AV vendors, as I find they largely suck and are expensive. Get something that supports multiple AV engines.

You could look at something like GFI Mail Essentials, and then install it on a regular Windows machine with IIS SMTP installed. That can act as a very good gateway machine for SMTP traffic.
Another product that can do similar is Vamsoft ORF.

Another option would be to look at an appliance, even a virtual one. Lots of those around, again using multiple AV engines.

If you have Symantec on your clients, then that would immediately rule it out as the gateway because they will use the same definition files. You want a different vendor so you get multiple attempts to block the traffic.

Final advice - do NOT purchase based on reviews/recommendations alone. Always evaluate. If the vendor doesn't allow evaluations, walk away. If it is a "money back" guarantee then I am not interested because there is no guarantee they will still exist to give you the money back.

Exim is most popular mailserver on the internet
Postfix comes second
Both support ldap to active directory and numorous antiviruses.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

AmitIT ArchitectCommented:
To protect Exchange from Viruses and Spams, You need multiple level of scanning and preferred to have one web based and one on premises. This gives maximum control.

Like i am using Message Labs web based solution and Mail Marshal on premises.
Giovanni HewardCommented:
While the term "best" is relative, there are solutions which are more effective than others.  I strongly suggest you consider a FireEye EX series appliance.

The FireEye® EX series secures against spear-phishing emails that bypass anti-spam and email reputation-based technologies. As part of the FireEye Threat Prevention Platform,
the FireEye EX uses signature-less technology to analyze every email attachment and successfully quarantine the spear-phishing emails used in advanced targeted attacks.

Real-time quarantine of malicious emails
To block spear-phishing emails, the FireEye EX series analyzes every attachment using the purpose-built FireEye Multi-Vector Virtual Execution™ (MVX) engine that accurately identifies today’s advanced attacks. The FireEye MVX engine detonates email attachments against a cross-matrix of operating systems and applications, including multiple Web browsers and plug-ins like Adobe Reader and Flash. If an attack is confirmed, the EX platform quarantines the malicious emails for further analysis or deletion.


Installs in under 60 minutes – Deploys as an MTA, SPAN device, or BCC destination, in-line (block/monitor-mode) or out-of-band (monitor-only)
Real-time quarantine of zero-day email attacks – Using the FireEye MVX engine, identifies and blocks advanced targeted attacks using malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
Integrates with the NX to stop blended attacks – Quarantines emails with malicious URLs and traces Web-based attacks back to the original spear-phishing email
Enhances existing email control infrastructure – Layers dynamic malware and attachment analysis behind the static signature-based detections of anti-spam and anti-virus gateways
Dynamically generates threat intelligence – Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the DTI cloud
Supports YARA-based rules – Enables information security analysts to specify byte-level rules and quickly analyze email objects for threats specific to the organization
Supports AV-Suite integration – Malicious objects identified by anti-virus software can be linked to the deeper forensic information provided by the EX for more efficient incident response prioritization

I also strongly suggest the use of OpenDNS to further mitigate against malicious links, malware "phone home" requests (including Cryptolocker), and other threats.  Your firewall should be configured to block all public DNS servers except OpenDNS.
I've had decent luck with a combo of "not the entry level" Barracuda devices, coupled with Sophos Computer Security.

As you already using FortiGate, I recommend to start use the FortiGate for AntiSpam scanning along with third party DNSBL scanning. This should avoid most of the spam mails. But you don't get dedicated AS scanning appliances features like per user configuration, AD integration for AS scanning and user quarantine.

If you are not happy with the FortiGate AS catch rate, you can try Iron Port or FortiMail for in-depth AS scanning.  

Always do POC and get the product that fulfill your needs.
dxbdxb2009Author Commented:
Dear All,

Lets go step by step to clear if off...

Can use Fortigate 100D or FortiMail 200D for mail Email Server Security?

Pls advice...
First try to use what you have. If that proves insufficient you are expert on the subject for purchasing decisions. Fortimail is for high volume
dxbdxb2009Author Commented:
any core advantages for having FortiMail-200D which insist us to buy FortiMail200D

pls advice some core benefits..

thanks in advance..
Still I would suggest you to try FortiGate AS feature, if not satisfied with spam catch rate then try FortiMail.
Core advantages of FortiMail:
1) Transparent mode implementation.
2) Sender reputation based on sender behavior
3) Per user/system quarantine and email archiving
4) Other anti-spam techniques(Grey list, heuristic, deep header) to catch more spams
5) Session level spam catching.

Good Luck!
dxbdxb2009Author Commented:
@ Admin: pls close this question; as this is being shown at my dashboard saying 'Your question has been inactive''

thanks in advance...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now