If your organization uses Active Directory or an LDAP directory, you can automatically import users via LDAP. Users are also automatically given access to their e-mail quarantine so that they can release messages or add them to a whitelist or blacklist. The administrator can set up reports so that each user receives a daily e-mail listing quarantined messages; that note also links to the quarantine store so users can release e-mails.

The Bottom Line IBM Proventia Network Mail Security System MS3004, version 1.0 IBM Internet Security Systems, iss.net Good  7.6 criteria score weight Manageability 8 25% Performance 7 25% Ease-of-use 7 20% Setup 8 20% Value 8 10% Cost: Starts at $10,500 with licenses for all functionality starting at $7.08 per user. Multiple all-inclusive bundles to support enterprise environments start at $20,300. Platforms: SMTP Bottom Line: The MS3004 appliance integrates well with Active Directory or LDAP networks and includes very good intrusion prevention and firewall features. Anti-spam performance is good but not exceptional, with a relatively high rate of false positives. About our Reviews and Scoring Methodology

Help features in the administrator’s console are well done, but there is no help available to end-users accessing quarantine. Admins should plan on doing extra training to head off questions early or expect lots of phone calls from end-users.

Policy management tools add good flexibility for dealing with spam: You can create new policies as needed, as well as modify default policies. For instance, foreign languages can be blocked or allowed by language. This blocking produces mixed results if one e-mail contains multiple languages, however. Messages containing both Chinese and English, for example, will not be blocked even if Chinese is set to be blocked.

Rules and policies can be made very specific, such as blocking certain types of incoming attachments or specific phrases. As an alternative, the MS3004’s default heuristics work well.

Reporting is limited to predefined reports: executive summary, traffic monitoring, policy configuration, top 10 policy responses, top 10 analysis modules, top 10 recipients, top 10 spam senders, top 10 e-mail viruses. Reports can be saved as PDFs but not as comma-delimited or Excel files.

I’d like to see the M3004 support more report types (such as percentage of spam versus real e-mail) and offer custom reports, and the ability to save reports as Excel or CSV. Most anti-spam products I’ve tested do this, including Symantec/Brightmail, Mirapoint, and IronPort.

Beyond spam
In addition to anti-spam, anti-virus, and anti-phishing, the MS3004 appliance also offers IPS and application firewall capabilities. These will protect an Exchange server providing Outlook Web Access services.

During my test period, the intrusion prevention module detected and stopped more than 1,100 attacks on the mail server, the Exchange server, and the Web server running on the Exchange server. These included SMTP-based attacks, application-layer attacks (such as buffer overflow attacks), URL spoofing attacks, and HTML-based attacks.

I was impressed by how well the IPS/firewall features worked, but these features are no longer unique or even unusual in this market. They’re an increasingly necessary bonus, unless your company has an application-level firewall as part of another product.

I found the MS3004 to be an effective tool for fighting e-mail-borne attacks, as well as for securing an Exchange or other e-mail server against direct attacks. Although its anti-spam false positive performance is not good, a lot of the false positives would disappear over time as users updated their whitelists.

If you’re looking for a spam-fighting system, I’d suggest checking out the more accurate Mirapoint or Symantec/Brightmail products. But given its combination of e-mail security, IPS, and firewall in a single appliance, the MS3004 is a good value overall.