Running e-mail through a gauntlet

Installing the IronPort appliance is a snap, although small-network administrators may be frustrated by the requirement that the management interface be on a different subnet from the e-mail server. A wizard guides you through the initial configuration, and setup of the various features is clear and straightforward, with in-line help that is actually useful.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

The appliance can synchronize with an LDAP directory or Active Directory to verify whether incoming e-mails are addressed to valid users. This not only allows IronPort to stop directory harvest attacks but reduces loads on e-mail servers because e-mail to invalid users is dropped before the e-mail server sees it.

IronPort uses SenderBase to prefilter incoming mail -- the idea is not to stop all spam but to reject messages that are from known spammers before they enter the network. After a message has been accepted, it goes through several filters -- the Symantec/Brightmail anti-spam engine, the Sophos anti-virus filter, the virus outbreak filter, and content filters that can be based on a dictionary of phrases, as well as a list of unacceptable attachments.

Setting up policies for content filtering of incoming or outgoing mail is easy. You can create a list of words or phrases and a list of attachments that you’d like to prohibit. You can easily create multiple policies so that, say, HR is notified when someone sends an e-mail containing offensive language, or the CEO is notified when someone alludes to a product that hasn’t been released yet. IronPort also offers turnkey HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley filter sets for compliance with these regulations.

The IronPort is also simple to set up in a clustered environment. A peer-to-peer architecture means you have “n + 1” fail-over rather than needing a pair of devices in an active/passive relationship to provide redundancy. Management of all IronPort devices in your network can be done through a single console. In addition to excellent monitoring and reporting, you can track individual messages as they flow through your network, an invaluable tool for troubleshooting problems.

The IronPort turned in an excellent performance, producing only one false positive (a bulk e-mail) and catching 93 percent of spam, with no tuning necessary. The system is easy to set up and configure, and it includes a great set of tools to ensure the security of e-mail for large organizations.

Mirapoint Message Server v. 3.5.9-GR

Mirapoint has two lines of appliances, the RazorGate line, which is strictly an e-mail security gateway, and the Message Server line, which includes an e-mail server along with the security features. I tested a Message Server appliance; the product directly comparable to the IronPort would have been a RazorGate box.

Mirapoint’s MailHurdle system uses a different approach to prefiltering than the IronPort’s Reputation Filters. Rather than comparing the IP address of the sender with a database of spammers that must be updated regularly, the Mirapoint system keeps track of valid combinations of sender IP address, sender name, and recipient, allowing known-good combinations to pass and challenging messages with unknown combinations with a resend request. Because normal mail servers will resend the message a few minutes later, whereas most spam servers won’t retry, this technique can stop as much as 70 percent or so of spam with no updates required.