gshaw Posted January 20, 2009 Report Posted January 20, 2009 In the last few weeks we've noticed Sophos PureMessage letting more and more spam through (think member enlargement and lonely Russian ladies ) PureMessage also managed to crash out email delivery when it's scanning engine went belly up so thus far haven't been much impressed with the new version (3) that went on our Exchange 2007 box in the summer. The situation I'm coming up to now is that the Sophos licenses are coming up for renewal and seeing as the antivirus is pretty hopeless as well (high CPU usage, poor cleanup etc) I'm weighing up the options. Checked out MessageLabs but it's far too pricey, about double what we pay for the AV and antispam for just anti spam so prob out of the question. Looking at Kaspersky for AV but not best convinved about their spam solutions yet. We haven't got the Exchange 2007 spam agents turned on yet, that might help although is it based on the same rules Sophos is looking at? Without the AV licenses it's about 1.5k for PureMessage, seems a bit steep so was wondering if there's anything else out there? Saw a Barracuda box I heard mentioned at Learning Tree but reviews didn't look great? Checked out this thread... http://www.edugeek.net/forums/windows/23298-anti-spam-exchange-2007-a.html Sophos was the recommended solution there, would be interested to hear if it's still doing well What do you guys use and how well do you rate it? :spam1::spam1::spam1:
TheFopp Posted January 20, 2009 Report Posted January 20, 2009 We use GFI MailEssentials as our Spam filter. its about £500 for 500 mailboxes I think.
tom_newton Posted January 20, 2009 Report Posted January 20, 2009 If you're running any SmoothWall stuff, our anti-spam is a worthwhile, cost effective add-on, but I wouldn't generally recommend it as a stand-alone, as you'd end up with bits you don't want
linkazoid Posted January 20, 2009 Report Posted January 20, 2009 What about Forefront? We use it here with Exchange 2007, no problems, no virus so far... (touch wood) My boss has enabled SPF (?) think thats it.. and created a spam mailbox to check now and then. Just had to get a renewal for this year... £345 for us. Mike
MarkPower Posted January 20, 2009 Report Posted January 20, 2009 How many mailboxs do you need to protect? Would you consider a hosted solution or is that a no no for the school, also does it need to scan in bound and out bound mail? Also can you send me the links on the Russian Girls I am interested Cheers Mark
gshaw Posted January 20, 2009 Author Report Posted January 20, 2009 How many mailboxs do you need to protect? Would you consider a hosted solution or is that a no no for the school, also does it need to scan in bound and out bound mail? Also can you send me the links on the Russian Girls I am interested Cheers Mark 400 odd mailboxes, don't mind if it's hosted, software or appliance at the moment. Inbound really although outbound would be good. As for the Russian Girls... the last one is prob best left in the inbox as she wasn't a pretty sight after the legs We've got IPCop as our firewall, it's a fork of SmoothWall so probably doesn't have the spam filter on it?
tom_newton Posted January 20, 2009 Report Posted January 20, 2009 400 odd mailboxes, don't mind if it's hosted, software or appliance at the moment. Inbound really although outbound would be good. As for the Russian Girls... the last one is prob best left in the inbox as she wasn't a pretty sight after the legs We've got IPCop as our firewall, it's a fork of SmoothWall so probably doesn't have the spam filter on it? No, for the anti-spam (which contains 3rd party modules) you need SmoothWall's commercial or Schools edition.
ZeroHour Posted January 20, 2009 Report Posted January 20, 2009 What version are you running? Version 3 is much better for windows. Also what limits have you set? TBH we have had no problems with puremessage and moving from 2->3 made a huge difference using recipient verification.
Sylv3r Posted January 20, 2009 Report Posted January 20, 2009 We currently use Powerful eMail Filtering, Virus & SPAM Protection | CensorNet MailSafe but will probably be moving the Anti-Spam to our Smoothwall box when the annual contract runs out for Mailsafe in September.
MarkPower Posted January 21, 2009 Report Posted January 21, 2009 sorry the thoughts I had on hosting are just not going to cut it on cost, I would pick up on the Smoothwall side of things and see if you are able to talk to Tom and look at the bigger picture with there kit.
IanT Posted January 21, 2009 Report Posted January 21, 2009 another vote here GFI MailEssentials, I've had it setup on a Exchange Server 2007 box, excellent product.
gshaw Posted January 21, 2009 Author Report Posted January 21, 2009 What version are you running? Version 3 is much better for windows. Also what limits have you set? TBH we have had no problems with puremessage and moving from 2->3 made a huge difference using recipient verification. It's version 3, anything 70% or over treated as spam, 35% or over as suspected spam. Problem is all the spam we're getting is being scored as 8% as all the words *look* OK and the image is the spam bit As for recipient verification is that the Microsoft SPF service? Question comes down to whether it's worth keeping PureMessage as a separate product after Sophos AV goes (can't see one good reason for keeping the antivirus when there's better options available) as it came in a package that's pretty good price wise... Think the Barracuda box here... http://www.barracudanetworks.com/ns/products/spam_overview.php Could be the alternative option I'm looking at right now
ZeroHour Posted January 21, 2009 Report Posted January 21, 2009 It's version 3, anything 70% or over treated as spam, 35% or over as suspected spam. Problem is all the spam we're getting is being scored as 8% as all the words *look* OK and the image is the spam bit We use 40% marked as spam, 20% suspected spam here but it depends on what score any legitimate mail is getting at your end. Also ensure your updates are set to run every 5 minutes as it appears sophos drops small updates all the time to ensure its accurate. This update rate seems to be very important as when we had it on 60 mins things were much worse. As for recipient verification is that the Microsoft SPF service? No its in puremessage. It only really applies I guess if you have your box sitting as a smtp rather then installed on exchange but basically it verifies each incoming email is going to a valid account and if not it nicely drops with a error to the server mid connection. You can find the settings in config->Filtering->Recipient Verification and to config the AD part look in config->Users and groups->Active Directory. I am just surprised your having spam problems as it really has been the best antispam product we have had.
gshaw Posted January 21, 2009 Author Report Posted January 21, 2009 Turned on recipient validation now, should stop the undeliverable messages I get when spam is sent to stuff like pc023@... (where we don't have any addresses like that). Where it's really falling down is emails like this... (spam score is anywhere from 8% to 30%) FW: {Spam?} Don't you love it when they come [scanned][spam score:32%] An image about POWER Gain+ (guess what it's for!) You are receiving this newsletter because you subscribed to the Abrams Advertising newsletter as usernameremoved@redbridge-iae.ac.uk. If you wish to change or remove your email address, please visit this link Abrams Advertising respects your privacy. Our Privacy Policy. Our Contact Information. 7513 Connelley Dr Hanover, MD 21076 © 2008 Abrams Advertising.
MK-2 Posted January 21, 2009 Report Posted January 21, 2009 Must admit, we had GFI Mailessentials here when I started and had no end of staff saying they were receiving about 30/40 messages a day of spam. On ZeroHours recommendation I purchased PureMessage and it's been on default spam settings. I think we have had about 3 spam messages get through since last November, the rest are dropped (and we use recipient validiation too).
john Posted January 21, 2009 Report Posted January 21, 2009 Must admit I personally have been very happy with Puremessage and still use and recommend it
signalguy Posted January 22, 2009 Report Posted January 22, 2009 I would suspect the issue resides in your AntiSpam Allow List. People using PureMessage 2.6 generally needed to add their own domains into the whitelist to get everything working. I would export out your allow list and save changes. Adding recipient validation will also increase your spam catch rate.
Iain Posted January 22, 2009 Report Posted January 22, 2009 (edited) Another thing that may be worth trying is Connection Filtering in Exchange and using a dnsbl like spamhaus / spamcop. Also if you have a spare box lying around, you try setting up a Postfix / Exim gateway and run Spamassassin and ClamAV. I did this recently and our spam dropped by about 99%, and it didn't cost us a penny (apart from roughly 2 hours of my time spent setting it up.) SpamAssassin: Welcome to SpamAssassin ::: Official Home Page for MailScanner - Anti-Virus and Anti-Spam Filter ::: Iain. Edited January 22, 2009 by Iain spelling!
gshaw Posted March 2, 2009 Author Report Posted March 2, 2009 PureMessage trashed itself again the other day taking the Exchange Transport Service with it... Sophos reply to try the new update but tbh it shouldn't be happening in the first place! Still looking at options, now also stuff like Messagelabs and Mimecast in addition to the Sophos ES appliance. I like the idea of getting the filtering off to something else rather than being done on the mail server itself... anyone using anything similar?
ZeroHour Posted March 2, 2009 Report Posted March 2, 2009 Well we actually have sophos running on a Win 2k3 box as a smtp role which sits between ISA and exchange to filter mail while off of exchange. This is hyper-v'ed as well and works well for us so far.
john Posted March 2, 2009 Report Posted March 2, 2009 To add to this, I am looking at the Smoothwall option for when I hope to bring our email in house as my UTM-1000 will work nicely with it (or flippin hope it would or else Gav's in for it;))
Sophos-Support-5 Posted March 2, 2009 Report Posted March 2, 2009 PureMessage trashed itself again the other day taking the Exchange Transport Service with it... Sophos reply to try the new update but tbh it shouldn't be happening in the first place! The people in support know what they’re talking about! Version 3.0.2 (currently the latest) is far better than either 3.0.0 or 3.0.1. If you're not using 3.0.2 then you should definitely upgrade ASAP. I've seen a number of problems with 3.0.0 and 3.0.1 - hence the 3.0.2 release. I know some people will say 3.0.0 or 3.0.1 is working happily but there are problems out there that are fixed in 3.0.2. It’s definitely worth reading the release notes to see what’s fixed (and what's not )… PureMessage for Microsoft Exchange version 3.0.2 release notes Some people find PureMessage works really well out-of-the-box. However it is normal to have to fine-tune the settings for your precise network. The following articles might help you understand how PureMessage can work even better for you... PureMessage for Microsoft Exchange: how to configure for the best spam capture rates Sophos Extensible List: SXL Spam campaigns can last only a matter of minutes; therefore it's important to keep up to date. If you are seeing a particular type of spam that is getting a low score then maybe we've not seen many samples. You can submit samples of spam email in the same way as viruses... How to submit spam, and false-positive spam samples to SophosLabs If you do decide to upgrade I want it to be as easy as possible. So a heads-up that we have tightened up on the requirements. Namely service pack levels for OS, Exchange and the MSDE/SQL that houses the databases... Sophos PureMessage for Microsoft Exchange - system requirements If you hit any problems or need further advice please call us free 24/7/365... Sophos - Contact technical support Regards, Sophos Technical Support P.S. Regarding your moving from SAV: I know we’ve been weak on virus removal and that’s going to change soon!
ssiruuk2 Posted March 2, 2009 Report Posted March 2, 2009 I have shifted from Messagelabs to Webroot / EmailSystems (another cloud solution) Definately worth a look - they give big discounts for education.
Sylv3r Posted March 2, 2009 Report Posted March 2, 2009 To add to this, I am looking at the Smoothwall option for when I hope to bring our email in house as my UTM-1000 will work nicely with it (or flippin hope it would or else Gav's in for it;)) Hi John We will probably go down this route also in the summer. I use Powerful eMail Filtering, Virus & SPAM Protection | CensorNet MailSafe currently but might as well use the UTM after all its paid for and will save me money on renewing Mailsafe product. I am not sure what the load would be like for 120 staff and 1400 student accounts as well as continue to filter and if its possible to filter two separate mail servers (staff and students), but thats all part of the trial I guess
john Posted March 2, 2009 Report Posted March 2, 2009 Talk to the guys at Smoothwall about it, if you have the UTM1000 I'd think it would be fine, its a very beefy spec box. I haven't used the mail stuff before, but the pricing Gav sent me looked very good to say I already have the box (or will have once we've got it and trialled and paid for it) so I am confident if Smoothwall are willing to put there name by it and sell it that they trust it as a good product as if it was pants they risk upsetting a lot of people quickly, so I'm sure it will all be good and work well. Based on sizing when being honest i'd get away with the new baby UTM-300 but as I told Gav and he confirmed that tbh that I should get the big one really as its got such good throughput etc that I should look at that and I did and have worked it out for that, as at the end of the day I could end up with 2 or 3 external feeds into it, 20 staff VPN'ing into it, Mail Filtering, Web filtering, virus scanning, caching, report creating etc etc etc so as you can see the list of potential is great for it, we have 250 workstations max and around 550 users at present so not a huge number of workstations but the potential for future is there with the bigger box.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now