Mailing List CGatePro@mail.stalker.com Message #97259
From: Wayne Gamble <rfecgate@rfe.net>
Subject: Re: Off Topic: SPAM appliances
Date: Wed, 18 Feb 2009 14:24:12 -0600
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.930.3)
We've had good results with our Barracuda.   We use our firewall to route port 25 to the Barracuda so no MX changes were necessary. As I recall it only took about two hours to set up everything.  It only handles inbound mail so no other changes were necessary.

Setup was pretty straightforward and we had no problem getting it to verify user accounts via ldap.   And should you need it their support is excellent.  I think they still offer evaluation units so you can try before you buy.

 - Wayne




On Feb 18, 2009, at 10:22 AM, Karl wrote:

Hi Hisham,

We are based in Doha but our main cluster is back in Canada.

We have used a variety of appliances but always with anti-spam running on CGP as well although if you are providing email to a large number of users then this may not be possible.

We use the Cisco ASA5520 with Content Security as our border device and it simply adds Spam: to the subject line of suspected emails.  We do not integrate account-level checks with CGP but that would be easy enough to do.  Most appliances do not require accounts.

The Cisco is entirely passive.  There is simply a rule in the firewall side that sends all SMTP / IMAP / POP traffic to the Content Security module.

We run RBL checking on CGP and this, combined with valid account checks, filters out virtually all of our spam.  Then finally we run SpamCatcher on the CGP servers to add fine grained headers for users to configure rules.

I have also had experience of using the Barracuda appliance.  This has a finer level of scanning than the Cisco but we find it considerably more expensive.  With this, you can either change your MX records or, if the servers are behind a firewall / layer 3 device, divert the SMTP port to the Barraccuda.

Whether you forward outgoing mail through the appliance too is up to you.  Some people do this for virus scanning and to prevent spam originating from your cluster.  You would set the smart host as you have it specified.

Karl

On 2009-02-18, at 4:45 AM, Hisham Al Saad wrote:

Hi,
 
This might be off topic, however I would appreciate any highlights.
We are investigating best appliance based solution for our 2x2 CGP dynamic cluster to act as an Anti-SPAM/Anti-Virus front-end for incoming/outgoing emails.
 
1-      Which appliance vendor is most reliable/compatible with CGP (Ironport, TrendMicro ….etc ? any experience with them ?
2-      What is the best way to synchronize accounts between CGP and the appliance (LDAP… etc) ?
3-       For diverting incoming traffic to the appliance we change MX records to the appliance address, how about outgoing emails, do we need to setup  a “Smart Host” by changing the SMTP>Sending> Forward to [appliance address] on CGP?
 
Thanks in Advance J.
Hisham


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster