Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Survey: Spam Filtering Solutions 1

Status
Not open for further replies.
MichiganRon

MichiganRon

MIS
Aug 27, 2001
502
US
It's the same growing problem that every email administrator has been facing recently...SPAM! In light of the recently signed (pro-mass marketer) legislation, I wanted to reopen the discussion on anti-spam solutions.

I'm looking for the following information:

[ol][li]What version of GroupWise do you use?[/li][li]Approximately how many users does your system contain?[/li][li]What solution(s) are you using?[/li][li]How much success have they had with the product(s) you're using? On a scale of 1-10 (ten being completely satisfied), how satisfied are you with your current solution?[/li][/ol]Any other information you might think is pertinent to this discussion would be helpful too.

Okay, here goes:

[ol][li]We use GroupWise 6.0 SP3 but will be upgrading to 6.5 SP1 next week.[/li][li]We have approximately 200 users.[/li][li]We don't really have a SPAM filtering solution at this time. We are running GWAVA 2.5 but only use it for virus filtering.

Last year I tried to get the heuristic engine in GWAVA configured to slow the influx of spam but I found that it was completely sucking my time away and we abandoned it.

We're going to try out the junk mail handling features of 6.5 to see how well they work. In the mean time, we're open to trying other solutions, like SpamAssassin, but haven't made any decisions yet.

We've also recently instructed our users to start "opting out" of the emails, where available. My boss started doing it a couple months ago and claims that the amount of spam that she gets has been dramatically reduced.[/li][li]Since we currently don't really have any anti-spam solution in place, I'm sure that our users would give us a 0 on a scale of 1-10[/li][/ol]Your input to this discussion is greatly appreciated.

Thanks,
-Ron

We all play from the same deck of cards, it's how we play the hand we are dealt which makes us who we are. -Me

murof siht edisni kcuts m'I - PLEH
 
Sort by date Sort by votes
1. We just upgraded to v6.5.1.

2. As of to date we have 4,692 users on the system. We probably will have to offer e-mail to our students, 40k plus. If that is ever approved we already have a NetMail system in place and waiting.

3. We looked for over a year for a solution to the spam problem. I believe we have auditioned every software/hardware possibility that there is. We finally settled on a product called Barracuda. The Barracuda Server is an SMTP gateway that works in any network (Novell, UNIX, Mac, Microsoft). All updates are done automatically based upon the times you specify. And best of all, it only takes 10 minutes to install. Which we will be doing when I get back from Provo.

4. Since we have not installed the product, a satisfaction rating can not be given @ this time. But if it lives up to it's claims, then it will be the best purchase we have made since we paid $500.00 for Guinivere (the best pound for pound AV solution I've seen).

FarOut
V-Peace-V
 
Upvote 0 Downvote
1. Gw6.0 sp3
2. 240 users
3. Guinivere with spamassassin, it cuts about 60-70% of our spam, and I have been "teaching" it through the bysian filtering to slowly tighten it up.
 
Upvote 0 Downvote
1. GW6.5.1
2. 45 Users
3. Guinevere with Spam Assassin. Totally agree with FarOut about Guinevere being the best value antivirus/antispam solution. Esp now the upgrade I installed recently makes it MUCH easier to whitelist email addresses.

Emily
 
Upvote 0 Downvote
I manage 2 different systems, GW 6.0.3 w/40 users and GW 5.5.5 w/3 users. I run Gee Whiz v1.4.2 on the GW 6 system for both AV And Spam. I run GWGuardian SBS on the GW 5.5 system.
I've been pretty happy with Gee Whiz so far, (v1.0 -v1.4.2) over a year now. It offers SA rules w/Bayes scoring, White/Black lists, RBL scoring, Filtering and Signatures. Also can use the AV program of your choice.
GWGuardian SBS has been another story alltogether. The cost factor ($99.00) was a plus as I only have about 3 users w/6 mailboxes total and it came with McAfee NetShield. I can add to the Black list and use Surf Control catagories to stop Spam but the SF catagories are so general that it was holding a lot of legit messages from customers. Also the SBS program has been pulled from the web site so support is nil. But it is blocking at least a good portion of the junk.

HTH
Ken
 
Upvote 0 Downvote
Hi,just thought i'd clarify something to avoid casual readers making their spam even worse! I assume when you say 'opting out' of emails you mean emails such as weekly newsletters and suchlike from people you've ordered from. This obviously makes sense, but completely avoid clicking the "click here to unsubscribe" hyperlinks within unsolicited emails offering cheap drugs, manhood extensions or whatever they might be trying to flog you!

All this will do is confirm that your email is in fact valid and invite more spam your way, as they can then sell on your address as a 'confirmed'.
 
Upvote 0 Downvote
Manim,

Yes, opting out is only advised for legitimate mailing lists, NOT SPAM.

-Ron

P.S. I've just subscribed to and have begun forwarding my spams to them. Has anyone had any good/bad experiences with SpamCop?

We all play from the same deck of cards, it's how we play the hand we are dealt which makes us who we are. -Me

murof siht edisni kcuts m'I - PLEH
 
Upvote 0 Downvote
FarOut,

I've found Barracuda at and find it intriguing. I'd be interested in hearing about it's performance. Does there seem to be any latency? If so, how much? Is it doing a good job at stopping spam & viruses? Have you been getting many false-positives? Any other pertainant information.

Thanks a bunch,
-Ron

We all play from the same deck of cards, it's how we play the hand we are dealt which makes us who we are. -Me

murof siht edisni kcuts m'I - PLEH
 
Upvote 0 Downvote
Hey Ron,
I received the Barracuda system in on the day I left for Provo to attend a Novell ATT session (1.19.04). So we have not installed it yet. But will be doing so this week coming up. I would be more than happy to post any negative/positive findings. I am anxious to get it installed myself. We looked @ everything from Surf Control to Messaging Architects. I must say it looks good on paper, but so don't a lot of solutions. Have a good one!

FarOut
V-Peace-V
 
Upvote 0 Downvote
Version =Groupwise 5.5
users = 50
Solution: at present im just blocking by individual clients in a Rule ( v early stage) but im thinking surely this coulbe done via the main server?
Users are maybe 6/10 pleased
 
Upvote 0 Downvote
We are currently running the Barracuda 400 firewall. We are very happy with its performance. We where using GWAVA on our Netware server. GWAVA turned out to be way too much time for upkeep. I was spending everyday going through the quarantine folders to forward legit mail. The content filters are a joke, and the spam heuristics where lacking. I am sure it would be a great product if you have a dedicated person to manage GWAVA 24/7.
GWAVA did do a fine job for virus protection along with McAffee.
Barracuda seems to be performing very well. The cool thing is you can set it up so the end user has control over thier own quarantine mail, black lists, white lists. We have around 2000 users and have not noticed any lag time.
 
Upvote 0 Downvote
1) GW6sp3
2) 150 users
3)We have SpamAssassin on our Firewall. Pretty happy with its black and white rules but thought we would like a little more control based on users. Purchased GWAVA last month and just getting started using it. Still have SpamAssassin on the firewall so we are two deep, therefore GWAVA isn't seeing the first wave but has caught some of the stuff that has gotten through. Still adding some exceptions and learning "best practices".
4) 7 - probably trending upward as we learn more about GWAVA.



 
Upvote 0 Downvote
Just installed Barracuda. Works fine so far 8/10

Groupwise 5.5 (60 users)
Bordermanager 3.6
novell 5.1

Tried Gwava, spam filter gives a lot off server abends so we abanded Gwava.

------------------------------------
When in doubt, mumble
When in trouble, delegate
------------------------------------
 
Upvote 0 Downvote
Here's what we use:

1. GroupWise 5.5EPSP5 running on Netware 6.0SP3
2. Approximately 80 users
3. Tried GWAVA, after seeing it in a presentation. Thought it was "way cool", but after using it - it just wasted my time filtering through the quarantine. Now using Gee Whiz. The Anti-Virus connection works great too. FYI: I'm the IT Tech/Mgmt for the whole firm.
4. Total success with GeeWhiz. So far my users love it. I'd give it a 9/10 for making my life easier.

GeeWhiz 1.4.3 is great (was running 1.4.2 and the upgrade went flawlessly). Anyhow, between the Bayesian and SpamAssasin rulesets, it works great. I've got it configured to auto delete at 12 points, and any RBL gets a +10 modifier on it right off the bat.

Best off, it's an .NLM. No client machine to worry about. No workstation license. It does use the "third" directory, so if it dies, mail stops processing. That is once bonus that GWAVA had over this, but this is also less than half the price, and much easier to configure. No need to put in another firewall, or setup SpamAssasin by itself on a linux box.
 
Upvote 0 Downvote
Dr.,
I tried GeeWhizz in it's earliest stages of development. I found that the AV portion then was more than adequate. But, when I combined the filtering portion with it I started getting lockups/abends and unexplainable problems on the server (which was NW 5.1.x then).
I am glad to hear that they are getting the product settled.

FarOut
V-Peace-V
 
Upvote 0 Downvote
GW 6 SP3
225 users
We use Mailsweeper SMTP which has an ANTI-SPAM solution included. It has real-time updates and sits in our DMZ. It cathes about 97% of our SPAM. We filter over 200,000 SPAM messages a month with no interventio on our part. We have less than .005% false positives. Works great but the setup takes some playing with. Not too expensive.

Good luck.
 
Upvote 0 Downvote
FarOut,

Have you had an opportunity to install and configure Barracuda? If so, how is that working out for you?

-Ron

We all play from the same deck of cards, it's how we play the hand we are dealt which makes us who we are. -Me

murof siht edisni kcuts m'I - PLEH
 
Upvote 0 Downvote
I started using a couple blacklists a few weeks ago and have had some success. I started out using BL.SPAMCOP.NET on 2/4/04. 6 days later I started using SBL-XBL.SPAMHAUS.ORG in conjunction with SpamCop. All of our mail is now checked by both blacklists.

SpamHaus seems to be a bit more effective; meaning that it is stopping more mail and has fewer false-positives. To date, over 12,800 emails have been stopped with a combined false-positive rate of 0.343%. Not too bad for just using blacklists.

However, I'm SURE that there are many more spams getting through. So, I'm still looking for a more permanent solution.

-Ron

We all play from the same deck of cards, it's how we play the hand we are dealt which makes us who we are. -Me

murof siht edisni kcuts m'I - PLEH
 
Upvote 0 Downvote
Ron,
Sorry for the delay in posting our findings on the Barracuda 400 Firewall. I just wanted to make sure we had collected enough data to give an honest assesment. We have had Barracuda in place and in a blocking mode (comes out of the box just tagging spam e-mails) for 3 weeks now. As of this morning we have blocked 380,765, and allowed 116,468 e-mails. Doing spot checks in the message logs I have yet to find a blocked e-mail that should not have been blocked. Barracuda gives you the option of using several RBL sites. We currently have the system using sbl.spamhaus.org and xbl.spamhaus.org. You could also select relays.ordb.org or bl.spamcop.net, though Barracuda states "We do not recommend the others, relays.ordb.org or bl.spamcop.net, as they sometimes may block legitimate email". Their words not mine. The setup and fine tuning of the Barracuda system is downright easy, even with the lack of documentation. The time from unboxing to having the Barracuda firewall on-line was about thirty minutes. I am slowly decreasing the Spam Score threshhold that Barracuda uses to determine a definite spam e-mail. This is of course is where I would expect to start seeing false positives. But that is where we will have to decide just how fine a line we want to walk. For the AV side of the system I would give it a "B" to "B+". I say this based upon the fact that we had and still do have Guinivere in place as an additional filter for e-mail viruses. We noticed that when Barracuda first went into place that Guinivere was catching infected e-mails that had got past Barracuda. But in defense of the Barracuda system that was the premeir of Bagle and Netsky. And I had the auto update for AV definitions set to be performed on a daily basis. I have since set the update interval to hourly. We still use Guinivere and will until the day she dies. It just makes for a good safety net. Plus she has become a faithful piece of software and has literally stopped hundreds of thousands of infected e-mails. Barracuda also does auto updates to it's spam definitions based upon your selection of either an hourly or daily time schedule.

The only problem we have experienced so far is with large attachments. We restrict inbound and outbound e-mails to 2meg. Unless a user is put on the allow list under GWIA. We had a user that was on the allow list and was unable to receive an e-mail with a 32meg attachment. Barracuda has a hard coded maximum size limit of 100meg on e-mails. I am working with Barracuda Networks to get this resolved. If anyone else out there has seen this and has found a cure I would more than appreciate any information as to the cure. All in all I would have to give the Barracuda system a A-. Especially when you take into account that the system only cost us 4k dollars. And that was for their largest model, the Barracuda 400 Firewall. If asked whether I would recommend Barracuda, as of right now I would have to say yes. Well I am starting to bore myself so I know it's time to quit. If anyone else has any additional information, good or bad, I personally would like to know. My work e-mail address is Sextonm@mail.ips.k12.in.us.
Later!

FarOut
V-Peace-V
 
Upvote 0 Downvote
FarOut,

Thanks A BUNCH for your detailed response. I plan on taking your information to my boss and recommending a test of Barracuda soon.

I have one suggestion. I noticed that you said you were using xbl.spamhaus.org and sbl.spamhaus.org. I took that to mean that you were using them as separate lists. If this is the case, you may want to use the combined list of sbl-xbl.spamhaus.org instead. Barracuda would only need to check one list instead of two, which may speed up processing slightly. Check out for more info.

I agree with Barracuda's manufacturer that SpamCop and ORDB block more legitimate emails. We have seen significantly more false-positives with SpamCop than SpamHaus. We tried ORDB for a few hours and saw several false-positives. Actually, if I'm not mistaken, SpamCop get's their list from ORDB.

Thanks again for your invaluable information!!

-Ron

We all play from the same deck of cards, it's how we play the hand we are dealt which makes us who we are. -Me

murof siht edisni kcuts m'I - PLEH
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nikanjyl25
  • Locked
  • Question
Spam Mail
Replies
0
Views
62
nikanjyl25
nikanjyl25
kcobean
  • Locked
  • Question
How are they doing it? Qmail spammers, but I'm not an open relay!
Replies
1
Views
188
Noway2
Noway2
nvrpc
  • Locked
  • Question
Eudora SPAM
Replies
1
Views
54
jlockley
jlockley
pray11342
  • Locked
  • Question
Firewall generating Spam?
Replies
1
Views
57
smoppett
smoppett
deankn
  • Locked
  • Question
Filter Outgoing Spam
Replies
0
Views
35
deankn
deankn

Part and Inventory Search

Sponsor

Back
Top