Welcome to Pegasus Mail & Mercury Sign in | Join | Help

Peter Strömblad

Peter lives in Sweden and is an independent contractor with hosting services.
Network efficiency and spam fighting

We have Symantec SMSSMTP, as our mx hosts - charge nothing for the service, and it has filtered a total of 96% spam, straight down the waste bin. Does it do it's job? Sure does! - Should I complain? - yeah, because I expect more from such a costly product.

There hasn't been one false positive, still I'm bugged when my users get anything from 1 to 10 emails a day, from themselves, or the dreaded UPS tracking numbers - we seldom use UPS here, or when I get 30 spam messages in Swedish, that wasn't tagged because the reputation engine is tweaked for English words ... Our users are bugged to, but especially buggered am I when I need to administer the darned thing - it draws an enormous amount of resources. Even with 2GB of RAM, I still can't configure the thing without turning every processing module off.

I'll also be very honest, I haven't tested Lukas bayes filters, nor graywall or Clam. I bet they work ok, but as I understand - and this may be wrong - we host so many domains that it is impossible to work with domains manually, and SpamHalter needs domain administration manually and has no reputation service, and you need to combine it with some form of free dnsbl, and all lack dns spoofing controls, or reverse lookups, or spf configurability, - also Mercury lacks native support to relay domain based e-mails inbound/outbound - and again, there exists a daemon for this that made the light recently, but I feel I need something that I can operate easier, and also integrate with our back-end administration. - So in this area, for critical inbound e-mail traffic/filtering there is no cost effective solution in doing the labor manually each day - my users would definitely leave...

This leaves me to choose a box or virtual server product from Cisco, Symantec or others that I do not know much about yet.

So I was invited to a seminar in Malmo for a Swedish product, marketed all over the world, that on the surface looks like just the thing. In my world we've historically said, ok can test, or - ok looks good but we'll wait, and then at last ok - now it looks like it is usable. Meaning, it takes a darned long time to make something not just work, but also be usable - anyone remember Windows 98? - or maybe I should call it Sindows 98, because when Windows 98 SE came, that was something else - then Windows 98 was actually better than Windows 95.

So the products I'm talking about is the spam prevention gateway from HalonSecurity.Com. On the surface all looks good, but I'll cut straight down to the core - when they start talking teckie-limbo, I follow - and this is where I either leave a seminar or stay. In this case I understand the potential fully, as I totally understand and appreciate the technology they have invented behind the scenes. The Halon programmers have implemented their long time standing firewall technology into the spam prevention box, combining the two worlds into one. This is the same as a total integration of GrayWall and connection control into one single layer. Now if you think that's something, then I'd say that wasn't what blew my chimney - it was the fact that they rotate the connection pool, come again? - ! -- They rotate the connection pool, meaning they implement token ring ideals at the connection level - and this makes it impossible to DDOS the appliance. And, if that doesn't blow your chimney, then the entire configuration and management is reachable via SOAP - and that I know I can integrate - just like the Borg, assimilated it will be.

So in respect to any server based product, like Mercury, you can compare the connection control mechanisms in place in Halon - that exist uniquely for each module in any "normal" Mail server product, that you combine them all into one, with one single point of administration, rule set and monitoring. It is one base layer that has one sole purpose, to receive traffic - or reject it based on rules, static or cached, - and send the prompt response. As all of you know, the prompt response can be delayed, and this is where the second layer comes into play, that determines if the packet content is valid - be it obscure packet data, or wrong authentication, then send the prompt response.

As a side note; I'm very seldom blown or impressed today with software innovations, but this spam prevention gateway product is defenitely worth a test run.For all you who know about cultural differences, Swedes in general are not a competitive people, and this applies here as well. I promise it's worth a look.

 I can't wait to get my hands on it for a full scale test as front for our Mercury installations, our Symantec licens expires soon...

 Cheers / Peter

Posted: Friday, May 29, 2009 11:53 PM by Peter Strömblad

Comments

Sebby said:

Wow!  They have you sold, don't they?  The marketers have done their work well. :-)

In case hardware turns out to be the problem, do look at:

https://console.aws.amazon.com/

There can't be a much cheaper or easier way to get a server with decent spec even at the lowest end on an as-you-need-it or reserved basis, on which to run whatever the hell you want, to do spam and virus filtering.  Oftentimes that's all a Windows shop needs to be happy.  You may have to put in some elbow grease, but if you're up for it, and want to have fun in the process, do give it a try.

Cheers,

Sabahattin

PS: I am not employed (by anybody, and certainly not by Amazon).

# July 5, 2009 1:02 PM
Anonymous comments are disabled