Running e-mail through a gauntlet
IronPort and Mirapoint appliances address manifold threats
Mirapoint’s MailHurdle system uses a different approach to prefiltering than the IronPort’s Reputation Filters. Rather than comparing the IP address of the sender with a database of spammers that must be updated regularly, the Mirapoint system keeps track of valid combinations of sender IP address, sender name, and recipient, allowing known-good combinations to pass and challenging messages with unknown combinations with a resend request. Because normal mail servers will resend the message a few minutes later, whereas most spam servers won’t retry, this technique can stop as much as 70 percent or so of spam with no updates required.
Mirapoint includes installation support in its pricing, although the wizard-based installation process is clean and clear enough that help may not be necessary for experienced administrators.
The Message Server includes an e-mail server with POP and IMAP functionality, and it supports Outlook mail clients, as well as other standard clients, such as Eudora and Thunderbird. Users can also access their e-mail, calendars, and address books through a Web portal. The Message Server can synchronize with corporate directories, including LDAP and Active Directory.
The Message Server offers a flexible and scalable e-mail solution and an excellent user experience. It offers shared calendaring, auto-addressing through a standard company address book, as well as individual address books, shared mail folders, and the ability to allow users to search for false positives and maintain their own whitelists and blacklists. Sophos anti-virus filtering is maintained for all whitelisted messages, as you would expect.
The system includes a nicely integrated backup system that allows selective restores of individual mailboxes. Like IronPort’s appliance, the Message Server supports “n + 1” clustering, so it is also highly scalable.
Although initial anti-spam performance included a relatively high number of false positives compared with the IronPort, whitelisting the senders was easy, and within a few days, the number of false positives dropped. After five days of testing, the Mirapoint snared only two additional false positives, both bulk messages.
Security features are strong, with content management, virus protection, directory harvest attack protection, and an HTTP proxy that brings additional security to Web access. Message Server also validates recipients against a directory to thwart directory harvest attempts.
Creating policies for filtering mail based on content or attachments is simple and straightforward, and the tools are powerful. For example, “wiretaps” make it easy to monitor all e-mail coming to or from any address. Anything that the content filters catch is quarantined for review by the appropriate manager.
Either of these appliances will provide excellent e-mail security for companies of pretty much any size. The Mirapoint Message Server combines an easily managed and capable e-mail/calendar server with excellent e-mail security features. For admins who already have an e-mail server, the RazorGate series provides the same set of excellent security features without the mail server.
The IronPort C-Series delivers excellent anti-spam results right out of the box, with no tuning necessary. It also provides great monitoring and troubleshooting tools. The Mirapoint system needed tuning to boost accuracy and weed out false positives, but after a couple weeks of breaking in, it should achieve similar levels of performance.