Mail Server Spam Filtering

[Sikh]

I have seen increased amount of spam from the domains *.us, *.co.uk, *.asia, etc. Currently I am running a IMAP Based Mail Server with Spam Assassin doing the filtering. Its been doing great until now. Im trying to block everything from the above domains and everyday theres a new domain or two sending spam to the popular addresses on the mail server.

Whats the best way I can attack spam before it gets to the mail server? Having the mail server do the spam filtering is not helping anymore, so I would like to block / filter before it goes to the mail server and gets delivered to the users inbox.

 

Any help is appreciated. Preferably I would like a solution that works on Unix/Linux. 

[+BudMan MVC]

"Whats the best way I can attack spam before it gets to the mail server? "

Where is your mail server? Are you worried about the pipe to the mail server being filled up with spam, or is just your mail server overloaded and want to put a new scanner in front of this server at the same location?

There are plenty of services to filter email before it gets to your mail serves. Some even free ;)

http://www.mxguarddog.com/

MX Guarddog will filter incoming email, forwarding only clean email to your mailboxes - for free!

Others are not free

http://mailroute.net/

Some are major players, some just resell major players networks, etc. etc.

If you want to run your own, you could always run it off your network on vps, host, amazon aws, etc. Or just on a box in your network to take load of email server, etc. While blocking those domains might seem like a simple solution - if you don't want mail from anything.us you might be ok.

[Sikh]

"Whats the best way I can attack spam before it gets to the mail server? "

Where is your mail server? Are you worried about the pipe to the mail server being filled up with spam, or is just your mail server overloaded and want to put a new scanner in front of this server at the same location?

There are plenty of services to filter email before it gets to your mail serves. Some even free ;)

http://www.mxguarddog.com/

MX Guarddog will filter incoming email, forwarding only clean email to your mailboxes - for free!

Others are not free

http://mailroute.net/

Some are major players, some just resell major players networks, etc. etc.

If you want to run your own, you could always run it off your network on vps, host, amazon aws, etc. Or just on a box in your network to take load of email server, etc. While blocking those domains might seem like a simple solution - if you don't want mail from anything.us you might be ok.

 

Bud,

 

I would like to run it in a VM or a physical server in front of the mail server in the same network. I want to mainly take the load off as the CPU is spent processing the spam and messages sometimes get delayed for a few minutes and users start complaining. They don't understand not everything is instant. So I am looking for a solution, be it free or paid to make this work. Free will most likely be approved right away (.....) and paid will take time and all that management ######. I just want to put something in and have it start working. If I have to fine tune as it starts working thats fine with me.

 

Blocking the trouble domains is helping a lot, but since the increase amount of spam from all different types of domains and tld's, its getting harder to filter it. So I would like something that can keep up with it.

 

Thanks,

Sikh

[+LogicalApex MVC]

GFI Mail Essentials is an option I'm looking at to replace my Forefront Protection on Exchange since it has been mothballed.

 

I'll keep an eye out for other suggestions that appear in the thread as well. My requirements are similar... The solution must run locally in a VM.

[ranpan]

Along the same lines as what Bud posted.... At work we use www.spamhero.com to filter the mail before it hits our servers. Best spam filtering I have ever seen. It's a paid solution but it is well worth it.

[dragon2611]

Been using Postlayer (End user version of Mxforce) cloud filtering and find they seem to catch most of the junk.

Found their support to be pretty good as well.

 

Used AVG's Cloudcare Antispam before that whilst it does also catch most stuff, there was a couple blatent spam messages they missed and their standard response seems to be to claim the message was sent directly to the mailserver bypassing AVG, dispite it showing quite clearly in the headers it had passed through their scanning service.

 

In the end I switched to postlayer as they're cheaper with a better interface and seem to do a slightly better job of actually catching stuff.

[sc302 Veteran]

barracuda spam filter has a physical appliance as well as a virtual appliance.  another option would be cisco ironport.  postini if you don't want to host something yourself.  I was never impressed with gfi antispam (lots of false classification going on with that one). 

 

I would try spamassassin if you want free:

http://spamassassin.apache.org/

[Sikh]

GFI Mail Essentials is an option I'm looking at to replace my Forefront Protection on Exchange since it has been mothballed.

 

I'll keep an eye out for other suggestions that appear in the thread as well. My requirements are similar... The solution must run locally in a VM.

 

It looks like a nice software package but its windows only

 

Along the same lines as what Bud posted.... At work we use www.spamhero.com to filter the mail before it hits our servers. Best spam filtering I have ever seen. It's a paid solution but it is well worth it.

 

I would love to use this or mxguarddog but the ceo wants it local to us and not "in the cloud"

 

Been using Postlayer (End user version of Mxforce) cloud filtering and find they seem to catch most of the junk.

Found their support to be pretty good as well.

 

Used AVG's Cloudcare Antispam before that whilst it does also catch most stuff, there was a couple blatent spam messages they missed and their standard response seems to be to claim the message was sent directly to the mailserver bypassing AVG, dispite it showing quite clearly in the headers it had passed through their scanning service.

 

In the end I switched to postlayer as they're cheaper with a better interface and seem to do a slightly better job of actually catching stuff.

 

Thanks for the input

barracuda spam filter has a physical appliance as well as a virtual appliance.  another option would be cisco ironport.  postini if you don't want to host something yourself.  I was never impressed with gfi antispam (lots of false classification going on with that one). 

 

I would try spamassassin if you want free:

http://spamassassin.apache.org/

 

Im running spam assassin right now on the same mail server. Do you think it would make a different having spam assassin on its own server filtering the mail and delivering it after?

[+BudMan MVC]

" I want to mainly take the load off as the CPU is spent processing the spam and messages sometimes get delayed for a few minutes"

So your adding more horse power to the problem in hopes that will make email faster for the users? Question for you - how much email do you handle in a day? 1000 emails, 10k, 100k, 1 Million?

How big is your pipe to your server.. Filtering the email after it has been delivered to your server be it same box or multiple boxes still means the message went down your pipe, etc. I would suggest you get a big boy that all they do is deal with spam as service in the cloud.. Let them accept your mail, filter for spam and just send on the good stuff to your server. Now your server is going to be doing nothing but handling good mail, and your pipe is less full because junk is not being sent down it.

Most services all for web url mailbox to look through spam if something goes missing, etc.

But if you want to just add more horsepower solve the problem then just move your SA setup to a different box..

[sc302 Veteran]

Absolutely offload spam assassin to a different server. You are loading up that server with spam filtering.

[Sikh]

" I want to mainly take the load off as the CPU is spent processing the spam and messages sometimes get delayed for a few minutes"

So your adding more horse power to the problem in hopes that will make email faster for the users? Question for you - how much email do you handle in a day? 1000 emails, 10k, 100k, 1 Million?

How big is your pipe to your server.. Filtering the email after it has been delivered to your server be it same box or multiple boxes still means the message went down your pipe, etc. I would suggest you get a big boy that all they do is deal with spam as service in the cloud.. Let them accept your mail, filter for spam and just send on the good stuff to your server. Now your server is going to be doing nothing but handling good mail, and your pipe is less full because junk is not being sent down it.

Most services all for web url mailbox to look through spam if something goes missing, etc.

But if you want to just add more horsepower solve the problem then just move your SA setup to a different box..

 

Not necessarily horse power but the fact that I'm doing all of the filtering and handling on the same server was fine when we were handling 1k emails, now we are easily handling 10k, half are now legitimate and other half are spam. As we keep growing so quickly, I can see us taking in 10k legitimate emails before october.

 

The pipe (WAN) is 20mb fiber, and the pipe(LAN) is 2gb on the server. Its definitely not network traffic or network bottleneck on the server itself.

 

 

Absolutely offload spam assassin to a different server. You are loading up that server with spam filtering.

 

Figured that would help. Thanks for the help. Going to start a vm in-between all the ###### I have going on and see how it goes. Being the only IT person for a SMB (150-200) is SO MUCH FUN

[Roger H. Veteran]

I was the "computer guy" for a SMB also and wasn't hired for IT but certainly got utilized once they figured out I was capable. In any case, I loved it. It would have been even better if I was getting paid an IT manager salary.

In any case how powerful is this Server? My old Dell 2950 was getting 8-10k positives a day had no issue keeping up. a total of 12-15k emails per 24hrs. Then again I had Exchange 2010 on that machine and then bumped it to Ex2013, all in VM at that.

Lots of larger emails too as they were mostly images and PDFs.

[grunger106]

I use Everycloud (used be call AntiSpamEurope) good service, nice people, about ?14 P/U P/A.

I also use Symantec's filters on a couple of clients (Used to be MessageLabs) great service, but more bureaucratic when it comes to getting things done and more expensive.

[Praetor]

I've been using Exchange Online Protection (EOP), as it was formerly know as FOPE (Forefront Online Protection for Exchange), from big clients to small SMB. The amount of SPAM reduced incredibly, since all the mails are processed first on Microsoft, sanitized and then delivered into the on-premises exchange servers. 

 

 

now, if you don't want anything in the cloud in can use an spam filtering appliance, like PineApp, since it will offload that from the server - put it on the DMZ and it will deliver only the sanitized mails into the organization.