Exchange 5.5 SPAM FILTER needed

[FieldSanitation]

We have over 2000 mailboxes in our exchange servers (redundant system) and are now going to begin filtering what kind of language and incoming emails (pr0n/spam) will be accepted in to our users. I have looked over a few sites, and some vendors actually charge you more per user!!?? Anyways, I'm looking for a solution that will be manageable and easily tweaked. Any and all comments are welcome. I'm not the Exchange Admin for us, (he's on vacation) but I am doing the legwork so that it will be easier for the whole team to make a decision quicker. Thanks.

Joey

 

[AlexIT]

I recommend an SMTP gateway to my clients. This is its own server that sits between firewall and Exchange 5.5 and does the filtering. I prefer Mail Marshal software as this has a good default rules. You usually only need to tweak a couple of points to eliminate 90% of the spam. This method also allows for RBL lists (MAPS is a pay service for this.)

Using the rules with a list of known spammers is the best chance you have at stopping 95% of the spam. Yes, these packages cost on a per-user basis, but they do allow concurrent users, so get a trial running and you can see how many users are connected at once.

Alex

 

[FieldSanitation]

So should the Mail Marshall-type service be run on a standalone machine/dedicated server? Or can I suggest we funnel the email via another server (DNS/DHCP/FILE/whatever) and then through the exchange? I looked at XWALL which doesn't seem to have a user limitation... what is the purpose on a user limitation/license issue when the program is running on a specific box?

 

[toetag]

There are several good Spam filters for exchange. The one we use is GFI mail essentials.

It sits as a standalone machine and acts as our "gateway" or marshall to stick with the post. all it does is accept email for our domain, deem it spam or not, if not spam relays it on to our exchange server with the internet connector on it. It was relatively easy to configure and get up and running.

The only thing i could suggest when looking for one is one that has reverse DNS lookup to validate mail. spammers that fake domains or change the domain names per each bulk mail (ie: bob1.com, bob2.com bob3.com) wont be accepted at all if it can't validate the domain.

 

[AlexIT]

I know that Mail Marshal can use PTR records to validate the sender e-mail address. However, because of the gateway SMTP server our own PTR record doesn't always match the traffic from our server, using that to verify can cause some good mail to be spam and rejected. I prefer to use a good RBL service and then apply rules to filter spam. Someties you get fake records, and then spam sneaks in but that is unavoidable...

Alex

 

[DSpen]

Go to

http://www.nemx.com

they provide filtering software which runs on the same server as Exchange, it allows you to filter on sender, receiver, keywords, subjects, attachments,etc and you can choose what to do, e.g. delete message or just attachment, forward to another user, copy to another user, or even quarantine the email. This software also checks senders IP addresses against Relay Block Lists on the web. I use the quarantine feature to stop all incoming emails with .exe, .scr, .hta, .bat , .pif attachments which stopped the bugbear virus from getting through last week. Good job I did this 'coz there were so many of these emails coming in.