Mailing List CGatePro@mail.stalker.com Message #97266
From: Lyle Giese <lyle@lcrcomputer.net>
Subject: Re: Off Topic: SPAM appliances
Date: Thu, 19 Feb 2009 10:28:33 -0600
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
The barracuda can do account verification via LDAP or smtp verification.  CGP's LDAP does NOT work properly out of the box for LDAP verification, btw.  But Barracuda's smtp verification does work with CGP.  With the Barracuda in front, using outside and internal RBL's we reduce the load on the content filters and therefor reduce the load on CGP itself by limiting the volume of email hitting the mail servers.

However we have found no one method will find and capture all spam.  On CGP, we use ClamAV with selected antispam addon definations for additional filtering. And recently had to embark on a project to add content filtering to the Barracuda for subject and body content.  We have had the most success with the subject filtering than with body or url(called intent on the barracuda) filtering.

Lyle

Wayne Gamble wrote:
We've had good results with our Barracuda.   We use our firewall to route port 25 to the Barracuda so no MX changes were necessary. As I recall it only took about two hours to set up everything.  It only handles inbound mail so no other changes were necessary.

Setup was pretty straightforward and we had no problem getting it to verify user accounts via ldap.   And should you need it their support is excellent.  I think they still offer evaluation units so you can try before you buy.

 - Wayne




On Feb 18, 2009, at 10:22 AM, Karl wrote:

Hi Hisham,

We are based in Doha but our main cluster is back in Canada.

We have used a variety of appliances but always with anti-spam running on CGP as well although if you are providing email to a large number of users then this may not be possible.

We use the Cisco ASA5520 with Content Security as our border device and it simply adds Spam: to the subject line of suspected emails.  We do not integrate account-level checks with CGP but that would be easy enough to do.  Most appliances do not require accounts.

The Cisco is entirely passive.  There is simply a rule in the firewall side that sends all SMTP / IMAP / POP traffic to the Content Security module.

We run RBL checking on CGP and this, combined with valid account checks, filters out virtually all of our spam.  Then finally we run SpamCatcher on the CGP servers to add fine grained headers for users to configure rules.

I have also had experience of using the Barracuda appliance.  This has a finer level of scanning than the Cisco but we find it considerably more expensive.  With this, you can either change your MX records or, if the servers are behind a firewall / layer 3 device, divert the SMTP port to the Barraccuda.

Whether you forward outgoing mail through the appliance too is up to you.  Some people do this for virus scanning and to prevent spam originating from your cluster.  You would set the smart host as you have it specified.

Karl

On 2009-02-18, at 4:45 AM, Hisham Al Saad wrote:

Hi,
 
This might be off topic, however I would appreciate any highlights.
We are investigating best appliance based solution for our 2x2 CGP dynamic cluster to act as an Anti-SPAM/Anti-Virus front-end for incoming/outgoing emails.
 
1-      Which appliance vendor is most reliable/compatible with CGP (Ironport, TrendMicro ….etc ? any experience with them ?
2-      What is the best way to synchronize accounts between CGP and the appliance (LDAP… etc) ?
3-       For diverting incoming traffic to the appliance we change MX records to the appliance address, how about outgoing emails, do we need to setup  a “Smart Host” by changing the SMTP>Sending> Forward to [appliance address] on CGP?
 
Thanks in Advance J.
Hisham



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster