What are the best "spam filtering" methods or services for an SBS 2008 server's Exchange Server

I support several servers running “small business server 2008”
-      all my servers are up-to-date and have the latest service packs and patches.

-      when I built all my SBS2008 servers, which most have been built or rebuild in the past year, I did not install the Microsoft forefront. As I understand it, it's no longer supported by Microsoft
-      Therefore, I am rerouting all inbound email through an outside server hosted by a company doing spam filtering. The server and company running the spam filtering service is a small company. In the past few months, my servers have been having issues receiving emails. The exchange server would send an undeliverable back to the sender such as “delivery is delayed to these recipients or groups” among other failures. I fully understand all mail servers and spam filtering service will occasionally hic-ups, but it's happening too often.
-      The technician usually gets the issue resolved with and the hour but it puts a strain on myself and my clients.

So my question is “what is the best method to safely and securely support the servers against viruses, spam and malware?”
-      I currently am not running an antivirus programs on the servers for I have all inbound traffic going through the mentioned spam filtering server which checks for viruses and spam
-      I really don't want to install an anti-malware program on the server. I find its always recommended to have the servers performed outside your network before email enters your server.
-      I'm asking to see and get recommendations what other exchange server support persons are using to protect the server. Most of my clients are small number of users. Anywhere from 10 to 30 users
-      I am not interested in purchasing an expensive external hardware anti-spam appliance
-      I still prefer to have an outside spam filtering hosting company where I can forward my MX records to and have the company filter all my inbound email. The company I'm using right now is very cost-effective and I know larger companies are more expensive. But my down time has caused me a lot of lost time not to mention my clients.

Questions
-      what would be a highly recommended antivirus program to run on the servers. Even though I do my spam filtering externally, I know it's still recommended to have an antivirus program on the server. With so many on the market, I wanted to get some feedback of folks who actually are using antivirus software on their exchange servers
-      for those who are doing external spam filtering, I would really appreciate some recommendations.
-      Any recommendations you can provide for running a safe and secure SBS 2008 server would be appreciated
NOTE: I know many folks with ask why I am not running the newer version. Any future upgrades will most likely be the newer and possibly the last version of small business server.
LVL 1
Andreas GieryicComputer Networking, OwnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
For Extenral Spam Filtering I would recommend something like MXLogix (Now McAfee).

For internal scanning I have always used the Symantec product line with Mail Security. I have found that when it comes to definitions scanning and overall performance they are the best IMO. They are a little pricey but worth the investment.

Will.
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
I've not been a fan of McAfee for the last 10 years
Is MXLogix (Now McAfee) a totally different service? I'll have to look it up.

Is this what you use on your Exchange servers?
0
Will SzymkowskiSenior Solution ArchitectCommented:
I have used MxLogix in a past life and it is very accurate at defecting spam. You get dinged when you use External services becasue you usually pay per individual mailbox. This will add up if you have thousands of mailboxes. That is why most large corporatations do not use Hosted solutions for mail.

Will.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Andreas GieryicComputer Networking, OwnerAuthor Commented:
I assume you mean hosted spam filtering  for email.
The exchange servers I support are all in-house for the mere fact that hosting hundreds of exchange accounts externally would be too costly. I thought about installing a local software solution but that takes administration and time to maintain

I did call MxLogix and yes, its gets expensive
Thanks!
0
Cris HannaCommented:
Externally, I would pick a service that will also hold your mail in the event your Exchange server is down
OwnWebNow provides such a service and you can even view your mail on the web while they are holding it.

I also use a UTM appliance to scan everything coming into the network.
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
I would love to setup a UTM appliance, however cost and managing such a device is not an option for many small business. In a larger corporate environment, it makes since.
Thanks!
0
Cris HannaCommented:
All of my customers are small businesses most have 10 or fewer desktops and all have UTM firewalls because the cost of not having "gators in the moat" protecting the castle will at some point cost the business more than the cost of the network breach
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
The problem is that I don't have experience manipulating these devices and would require additional support to support the device. Can you tell me which device you use and approximately the cost. I assume they all have a yearly subscription.
0
Cris HannaCommented:
I use the Calyptix access enforcer...
The first tier unit is 1k and includes 1 yr subscription for all services available on device and 1 year hardware warranty

After initial setup I hardly ever have to do anything with the unit, but they have a great support group.  It's all GUI driven..no command line stuff
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
thanks
do you know the approximate cost?
when I look up these products, they don't tell you the price. they want you to fill out online forms and then have some call you back. I just don't want all the phone calls and emails.
0
Cris HannaCommented:
For a unit for 10-15 users it's about 1000.
That gives you all features and functionality.  No per user licensing.  The number of users recommended is based on the hardware in the unit
Renewal is about 66% of first year cost
They don't sell directly only through dealers so that's why prices aren't listed
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
understood, the reoccurring fees do out way companies like OwnWebNow - which by the way I am entertaining
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
Also, I know the Exchange Server 2007 has some basic built-in Spam Filtering tools already enabled. I don't plan on totally relying on these tools. Microsoft does update these tools but for now it better then nothing at all. I am entertaining using OwnWebNow who are now called Exchange Defender. I already spoke with them.

Just wanted your feedback on the built-in Spam filtering
0
Cris HannaCommented:
First of all...without a lot of other configuration, you can't get to the mail marked as spam to read it or release it required.
As you said..they're basic
But it's also important to point out that Exchange Defender, UTM devices, etc, do more than just spam.  They're also inspecting the mail for malware/virus, etc.   You don't get that with exchange.   Even if you re-installed ForeFront...it's limited because the bad stuff is already on your server and ForeFront won't get updated to inspect for newer types of exploits
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Andreas GieryicComputer Networking, OwnerAuthor Commented:
I am looking into Exchange Defender. They were priced very reasonable. Looking to test this week.
Sorry for the delay in responding
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
Thanks for everyone's input
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.