|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Stop spam at the server: 5 packages tested By Matt Tett, Technology & Business magazine August 11, 2003 URL: http://www.zdnet.com.au/reviews/software/internet/soa/Stop-spam-at-the-server-5-packages-tested/0,139023437,120277052,00.htm
 
Spam drives users crazy, makes life difficult for mail administrators, and drives up costs. We evaluate five packages that aim to ease the burden on your mail servers.In this review we take a look at the software that attempts to take unwanted e-mail and puts it into a can--and not the type with the easy-to-open key, either. For some reason these annoying e-mails have increasingly been making more and more headlines over the past few months (while the actual level of spam has not really increased that much, or at least that's what some researchers say.) There are many different categories of spam from the "go all night like a stallion" from those companies who obviously fail to realise that I personally don't need any help in that department to the "This is not a get rich quick scheme but you can make US$50,000 in 10 easy steps" that immediately make me think "if it's that simple, what am I doing here?" These then escalate to the more directly fraudulent and malicious scams going around such as the notorious 419, advanced fee, or Nigerian scam that has apparently netted some shifty characters some relatively easy money. (For more information see one example here or another example here.) Other e-mail that also falls into this unwanted/undesirable e-mail category and is virtually impossible to stop is hoax mail. Hoaxes are e-mails purporting to warn and inform e-mail recipients of a virus, worm, or security issue with your PC and urging you to immediately forward the e-mail to everyone in your e-mail address book, local community, and then greater metropolitan area. These can also have damaging effects, particularly for less experienced users, because some hoaxes encourage the user to delete files in the belief that they are infected with a virus. (For more information see Symantec's hoax centre or HoaxKill). Anti-spam products
How do they work? Reverse lookups IP blocking rules Rules can be tricky to setup and administer and time consuming as well, and as mentioned are generally applied after an unwanted message has already gotten through or been quarantined. The second way of applying rules is semi-automatic: there are companies who provide blacklists of domains and IP addresses that are known havens for spammers to send their bulk e-mails out from. These black lists can be used as plug-in to spam filtering software, to provide up-to-date blocking and trashing of unsolicited e-mails. These black lists can prove to be a bit of a double-edged sword. Even though they can easily provide a readily updated and quite thorough list of domains and IP addresses to block, they may also automatically block some quite legitimate services that are trying to get through. What's an open relay? Most recent releases of mail server software have a separate section for configuring specific "relay" domains; these are single or multiple domain names and/or IP address ranges that the particular mail server is allowed to send mail for. You may have noted the "message could not be sent--relaying denied" error if trying to send e-mail from your notebook on an unfamiliar Internet connection such as in a hotel or at a conference. However, not all mail administrators do this correctly, and if poorly set up, the server will relay mail from external IP addresses, an open invitation to spammers. Blacklist providers--at least in theory--monitor for open relay servers and if they find one, it's added to the blacklist. Once an IP address or mail server is blacklisted, the administrator is usually notified, as naturally they may want to rectify the open relaying issue and have themselves removed from the black list. This can be a big issue for mail administrators. If your mail server is put on a blacklist, then companies using that blacklist service to filter spam will not receive any mail from your server, no matter how legitimate it is. And this problem can take days to fix: firstly you need to fix your relaying problem, submit your request for testing and removal from the blacklist, and then wait for the test to pass and the IP address to be removed from the black list, and then wait again until the blacklist end-user updates its blacklist file on the anti spam application. So you can see that blacklists, while providing a handy tool to anti-spam applications, can also cause issues too. Another factor to take into consideration is that these blacklists are not regulated or held to any standards, so it is worth checking the background of the company that you are subscribing to that is providing these blacklists. Find out how regularly servers are checked and updated, and what testing they take to ensure that a mail server that is reported to them is actually allowing spam relaying, and not just a victim of a rogue user who decided on a whim to get into the business of spamming. Heuristic scanning Anyway, enough of the background, let's have a look at the products. We received spam filters from the following vendors: SurfControl, McAfee, NetIQ, GFI, and Clearswift. We installed all these applications onto a generic Intel Pentium 4-based server running Windows 2000 Advanced Server. This ran in conjunction with a Digital server running Microsoft Exchange 2000, via a live test e-mail system running records from external name servers across the internet. Clearswift MailSweeper v4 for Exchange and MailSweeper v4.3 SMTP with Spamactive
The first that we look at is the MailSweeper v4 for Exchange. Once we had downloaded the MailSweeper software and unzipped it, we first needed to install the Mimesweeper Technology software before proceeding onto the MailSweeper installation. Part of the Mimesweeper installation requires a server restart. Once the server has restarted, you can then open the actual MailSweeper installation program giving you a choice of four modes for installation, one-to-one, standalone, distributed, and remote management. We chose standalone although the recommended installation in this case would be one-to-one having separate mail and anti-spam servers. An interesting note: our installation wouldn't proceed until we installed Microsoft Outlook XP on the server, which seems a bit odd. Configuration and administration is via the Mailsweeper for Exchange 2000 console. This console allows you Windows Explorer-like control of the application via similar windows and tasks. You can also start and stop the receive services and check the status via command prompt instructions. Mailsweeper operates its initial rule set from a policy-based application, including several default policies designed to get you up and running and teach you the basics to policy creation. The second application that we had a look at from Clearswift was the Mailsweeper v4.3 for SMTP with the Spamactive option. Spamactive, as its name suggests, is targeted directly at the prevention of spam, whereas the MailSweeper v4.0 for Exchange had a spam definitions policy file but was not as targeted as Spamactive itself. Installation of Mailsweeper v4.3 for SMTP was similar to that of v4.0 for Exchange differing mainly with a part of the install/config routine allowing you to specify which type of scanning you would like to implement on mail messages being processed by the application. Spamactive (being a separate application) then needed to be installed. This was a straightforward exercise. Once that is installed you can then create a new policy classification for spam under MailSweeper and also add a new incoming mail scenario and add the Spamactive Anti-spam filter configured to your needs. Overall the Mailsweeper application's installation and configuration routines while readily performed were somehow clunky and not very smooth, particularly requiring the installation of multiple applications and associated server reboots. Something to note, however, is the availability on the Clearswift Web site of downloads such as power tools which provide utilities and tools for administrators to create black lists and filter Web and mail content, and also a utility to allow remote Web monitoring of the application. While most of these features are built into some of the other applications in the review, they are not as individualised as the power tools download. This application seemed to us to be a programmers' application and not as refined as most. This is not to say it was not functional, just more complex to set up and configure than it really needed to be. Clearswift's support was very good and responsive to our requests.
GFI MailEssentials for Exchange/SMTP 8
MailEssentials configuration and monitoring are two separate applications. The overall configuration and already included databases of criteria for allowing/denying mail are very detailed and quite extensive. There is also the ability to import and implement black and white lists and also text files of keywords to use in the scanning of both the body and/or the subject headers of the e-mail messages. GFI has even included the ability to block e-mails that use different language character sets. With the separate monitoring window, administrators can have this open in the background to quickly monitor the status of the application and also the number of e-mails processed. The blocking control of the messages is relatively straightforward, either sending the files to a directory specified by the administrator, redirecting them to another e-mail account, or by deleting them totally. Overall this is a very neat and tidy package that is relatively simple and straightforward to install and configure. The well-designed administration console makes what could be quite a difficult task more logical and easier to complete, while the separate monitoring window enables the administrator to see the exact status of the filtering application while it is running.
McAfee SpamKiller for Microsoft Exchange Small Business v2.0
Configuration was equally easy with a simple step (once the application is installed) of adding the existing users and/or groups into the SpamKiller user group section of the Active Directory service. Note that SpamKiller has a limitation of 500 users per server. A simple test e-mail from an external source is then sent to the server and providing that checks out then the installation and configuration has been successful. The administration console for SpamKiller is very simple to operate and understand. However the specific individual rule commands may seem a little daunting at first. A quick read of the 38-page product guide PDF (that is installed with the application) gives you an understanding of how to progress and create custom rules. The application comes come with a vast array of pre-defined rules, as well as allowing the administrator to specify additional downloaded blacklists and whitelists. While far simpler to install and administer than some of the other packages in this roundup there are certain features that could be further refined, such as the creation and administration of rules. This however is more of a design/operability issue than a functionality issue and some administrators may be more than happy with the current design.
NetIQ MailMarshal v5.5
Installation is certainly more involved and difficult than the likes of McAfee and GFI's products, however NetIQ has managed to keep it as simple as possible yet still maintain the installation and configuration features that a system administrator requiring a package of this level would need to control. After some of the initial configuration is completed as part of the installation, such as defining internet domain(s) and relaying/forwarding hosts/ports the main MailMarshal configurator is launched. Overall the main configuration of this application is fairly straightforward with excellent assistance given in the manual and also via the application's help system. You can define wildcards within the rules as well as blocking individual categorised domains, users, junk mailers, etc. The application status is monitored via a separate application, the MailMarshal Console. This console provides a wealth of resource information to the operator. For a such a fully featured and powerful application, the design and implementation is quite amazing. The documentation left nothing to be desired and the overall look and feel of the whole process was quite impressive.
SurfControl E-Mail Filter v.4.5.
This is where if anywhere in the installation you can go wrong. It's possible to set up a continuous loop of mail back to itself, which is something that I managed to do inadvertently in my fervour to get the package running. Thank goodness SurfControl has easily viewed status windows and also an individual control panel that allows you to start and stop each of the three services individually (receive, rules, and send) so it was a simple matter of stopping the send service temporarily while we rerouted the ports correctly. Once the installation and configuration have been completed you can begin to set up the individual rules that will administer your filter system. There are no rules set up by the application as default. The rules are extremely powerful, giving control options above and beyond that of traditional offensive spam. The administrator can implement such rules as file size, tracing competitor e-mails both to and from your company, and job search rules. This could be seen by some employees as an invasion of their privacy and rights, however providing they were notified as part of their work policy that their e-mail messages may be tracked based on these types of information, then why shouldn't the user beware? Particularly in this day and age of productivity gains through marginal time and resource cropping. Overall the package was very well documented, easy to set up and administer, and quite a flexible solution. Again of particular note was the well designed main interface window that shows the administrator the real time flow of traffic through the application. Another feature of interest was the Web interface for monitoring and viewing the application status, allowing system administrators to view the application from wherever they had access to a live Internet browser.
Final Words
Another distinguishing feature of these applications is that the companies involved in manufacturing and distributing them are very pro-active and hands on offering in several cases to even send pre-sales engineers onsite to demonstrate and run through the features and benefits of their particular application. Believe it or not, this is quite exceptional for us during a review, particularly when it comes to server software such as this. Of particular note was a Clearswift technician who contacted us immediately when we e-mailed a request for help. We also received a follow up call from the local Mail Marshal distributor, following our download of their evaluation key from the Web site. These types of examples and experiences go to show that there are still some industry sectors that are devoted to customer service and support. Clearly there are two distinct types of spam filtering available. Firstly, there are the small to medium enterprise (SME) level packages; then there are the larger scale applications more suited to a multinational, large educational institution, or SME that is planning to grow and wants to implement a strong foundation from the beginning so as to avoid the interruptions and possible hassles that changing in midstream can cause. The lighter packages more suited for SMEs would be the likes of MailEssentials and SpamKiller, whereas MailMarshal and Surfcontrol cater for the larger scale applications. Whether you like it, hate it, or are indifferent to it, spam (unsolicited e-mail, junk e-mail, e-mail advertising, broadcast e-mail marketing, call it what you will) is a fact of our Internet experience. The packages that we tested here all go some way to reducing the pain for those of us who find it annoying or detrimental to the businesses resources. However none can effectively claim to remove 100 percent of the spam flowing through the mail server. Certainly the packages that involve up-dateable black and white lists go some way to help, but similar to anti-virus packages they would need to be regularly updated as the opposition is always finding new ways around the defences. n Sample scenario We'll also award an Editor's Choice to the clear winner in the enterprise-level packages: NetIQ MailMarshal. Its thorough documentation and powerful feature set combined with its relative ease of installation, configuration, and administration make it a hard application to beat. Subscribe now to Australian Technology & Business magazine.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RMIT IT Test Labs is an independent testing institution based in Melbourne, Victoria, performing IT product testing for clients such as IBM, Coles-Myer, and a wide variety of government bodies. In the Labs' testing for T&B, they are in direct contact with the clients supplying products and the magazine is responsible for the full cost of the testing. The findings are the Labs' ownâ€"only the specifications of the products to be tested are provided by the magazine. For more information on RMIT, please contact the Lab Manager,