The latest versions of GFI MailEssentials and MailSecurity still seem to have some serious design flaws, in my opinion.
I had another server this week stop responding; MSEC had managed to fill the Quarantine folder with all the junk that comes in. A quick a dirty Google search tells me that its supposed to keep only 4 days worth of files - this is definitely not the case! There were WMVs, MPEGs (I have my filters dump all that junk since no one at this company should need access to such files!) filling the system drive. Almost 6 GB of it.
They also tell you to "manually" compact the Access database that is supposed to keep track of all these attachments for the "Moderator Client." Give me a break. The world's dirtiest interface... what kind of system administrator has time to click through that thing looking for email? "Take your IIS Admin service offline during off-peak hours. Defragment the database in Access." Really? This is a Microsoft Certified Partner's application?
The "live" monitors for MailEssentials and MailSecurity should have context sensitive links. You should be able to see what filters were sequentially applied to email... (ie. Keyword: PASS, Headers: PASS, SPF: Fail [reason:]). Simply telling me that mail was "processed successfully" seems completely useless. They haven't improved this from as far back as version 6, as far as I know.
The POP3 interface suffers from the same problem, forcing the admin to go digging in lots of other windows.
Definitely bloatware. I bought a nice fat maintenance contract, hoping that they eventually, slowly, gradually clean this mess up.
The detection rates seem okay. Once again, it'd be nice to see the result of filters from an administrative perspective instead of having to watch users' mailboxes to watch for the [SPAM] header.
In GFI's defense, I've used the latest version of Symantec Mail Security. I couldn't get a hold of a "premium antispam" license, but its clear that this also lacks some serious, but necessary reporting features. If I wanted to, I should be able to intercept mail as it came in and override GFI's "rules". I have yet to encounter something like this.
I also don't understand why everyone seems to like to write their own SMTP engines. A search of SecurityFocus reveals a plethora of security issues with these "custom" IIS SMTP proxies. Who are they kidding? Run Microsoft IIS SMTP and add your filters as an event sink! Its proven and stable. Why re-invent the wheel?
The only place I'd ever deploy stuff like Paessler's antispam, Symantec Brightmail's SMTP engine, or even F-Secure's antispam products are inline, behind a perimeter Microsoft IIS SMTP. I don't like 3rd party code - especially code with nasty track records. Has anyone used McAfee's stuff? Or any others?
Microsoft's perimeter SMTP says this:220 IGR-IMC-02.redmond.corp.microsoft.com <Inbound SMTP Virtual Server> Wed, 23Feb 2005 16:53:52 -0800They hacked up the banner? Or are they running something else...?Just for fun, I checked my Symantec Mail Security Brightmail 4.1 and got this:220 mailserver.justinho.com SMTP; Wed, 23 Feb 2005 19:58:15 -0500mx-a.brightmail.com greeted me like this:220 [216.10.194.106] ESMTP
Very strange.There's some cool stuff here though, that I came across:http://blogs.msdn.com/exchange/archive/2005/01/24/359677.aspx
A document from Microsoft Entitled "Security at Microsoft" (whitepaper) says:OTG’s approach to managing virus risk goes beyond filtering software alone. The layered defense includes deploying antivirus software on all desktop computers, servers, e-mail gateways, internet gateways, and Personal Digital Assistants (PDAs). Computer Associates eTrust is used on all desktop computers and fully managed servers, except the gateways, which run Trend Micro InterScan Viruswall and also Brightmail software. About 5 million inbound e-mail messages are scanned every day. On average, 800 viruses are stripped per day, and approximately 2.4 million junk e-mail messages are filtered per day... OTG manages intrusion detection with a number of third-party and internally developed programs and tools, including Microsoft Audit Collections System (MACS), BlackICE and RealSecure from Internet Security Systems, and proxy traffic monitoring and antivirus software.
There's my answer then. I'll go digging for a copy of Trend Micro's InterScan Viruswall sometime... if that's what Microsoft runs at the perimeter, and, considering how much of the world "hates" them, I'm pretty sure the solid and stable. Maybe put Symantec's Brightmail SMS proxy behind it inline before my Exchange boxes?