Another vote for Barracuda here. It's a fire and forget solution that just works. My new company is migrating from On-prem exchange to Exchange online and I'm nervous. Hoping their spam filter is as good as the Barracuda devices we've used in the past. -Derek
On Mon, Oct 27, 2014 at 2:05 PM, Starchy <star...@gmail.com> wrote: > Spam fighting is pretty much the bane of my existence. I manage one of > the oldest active domains on the Internet, our threat model precludes us > from using external services or proprietary vendors for anything > touching email, and some of my users have strong feelings about anything > resembling blacklists. > > This latest surge might give us a change to revisit our use of RBLs, but > avoiding false positives is also important to us, and I've seen a few of > the RBLs block us for strange reasons. As nice as the experience Gmail's > spam filtering provides is, I've missed a number of important emails > over the years thanks to how many false positives it generates. > > I'd love to be able to farm things out to Barracuda or IronPort, but for > now the best I've been able to manage is endless tuning of SpamAssassin > with Pyzor. If anyone else is going the self-hosted, open source route > and found something more effective, I'd be interested in hearing about > that, myself. > > On 10/27/2014 10:04 AM, Tom Perrine wrote: > > TL;DR > > > > anti-junkmail systems that use a larger sample size win over what you > > can do in your email client, or in a single standalone email system. > > Most of the appliance/server/cloud products that incorporate a wider > > view than just your domain(s) seem quite comparable and pretty good. > > > > ... > > > > I think we've all been learning the same things, perhaps by different > routes... > > > > Content analysis (including Bayesian) will only get you so far, unless > > you have a really big sample set. > > > > Reputation systems, for better or worse, seem to be the major > > "winners" for email filtering, but you need a "wide telescope" (AKA > > lots of participants) to do a good job. Obviously there's some > > contextual analysis going on behind the scenes, along with other > > techniques, but the sample sizes available to the reputation systems > > are on a completely different scale than what a person, or even large > > business can do themselves. > > > > Years ago I "outsourced" several of my email addresses to Google, just > > because I was tired of maintaining a hodgepodge of anti-SPAM tools all > > cobbled together. Its gotten MUCH easier to do this now; almost all > > the tools play together much better and all install/integrate much > > easier, but I've got more interesting things to do than maintain > > anti-spam systems for my 5 home users :-( > > > > The reputation systems built into Barracuda are pretty good. Most of > > the people I've spoken to who are small-mid sized seem to like them. I > > know of a .EDU that deployed a bunch of Barracudas to protect their > > individual departmental mail servers and were very happy with them for > > a few years. > > > > For larger enterprises, IronPort seems to be popular. We've run them > > here for years to protect (at one time) about 5000 mailboxes. This > > might have been doable on Barracuda, but was quite easy on IronPort. > > The last time I looked (last year?), we were rejecting about 95+% of > > inbound connections at TCP SYN time due to the IP level reputation > > filters. I was seeing about 1 SPAM/month on that system. > > > > I believe that IronPort makes part of their reputation system publicly > > available? If so, that's an RBL I should add to my home system :-) > > > > Google's reputation system is well hidden but seems to have done a > > good job of crowdsourcing SPAM detection to the users :-) I've seen > > emails show up in the header list that were obviously spam, which I > > didn't open. I went back anywhere from 15 minutes to 2 hours later, > > and the SPAM messages had vanished. Obviously enough people clicked > > "SPAM" on those messages to train the Google system which went and > > retroactively cleaned the mailbox. That used to happen about 2-3 times > > per month, I haven't seen that happen in the past 6 months. > > > > Microsoft's cloud solution seems to do pretty well. We use it for > > fronting Exchange, and we usually see about the same amount of > > SPAM/malware as the other solutions. There's the issue that you're > > sending all your email via Microsoft to do content analysis, which > > might matter to some. But that's going to happen with all the cloud > > based systems. > > > > We have a group that is currently using MessageLabs, anecdotally, they > > see the same kinds of defense "quality". > > > > Every once in a while the SPAMers will spin up a new botnet, and we'll > > see a spate of SPAM get through the MS and the IronPort solutions for > > a few hours or days. I think we've seen this about 1 a year, for about > > 2 hours-2 days, depending... It always seems to coincide with media > > reports of "SPAMMERS HAVE CREATED A NEW 100K SKYNET BOTNET TO DELIVER > > SPAM!!! OMG!! RUN!! MAILPACOLYPSE!!". Aaaand a day or two later, we're > > back to normal. > > > > So, from my limited perspective, anti-SPAM is like anti-virus: it's > > become a commodity, there are several good products that will have > > (mostly) comparable quality. Like AV, there's really not much need to > > roll your own, unless you need an open source (free) product, in which > > case it's gotten easier. > > > > Sorry for the long-winded answer, hope it was helpful. > > > > > > > > On Mon, Oct 27, 2014 at 4:24 AM, Edmund White <ewwh...@mac.com> wrote: > >> There isn’t too much to it. These days, spam filtering should be pretty > >> hands-off, and some of the old-school approaches are outdated. > >> > >> I’ve been selling and deploying Barracuda Spam filter appliances to my > >> customers since 2007, and using their Cloud filtering solution for the > past > >> 18 months. It’s all works very well and is transparent to the users. I’m > >> happy with Barracuda’s RBL, which is the core of the product. > >> Inbound/outbound, spooling, LDAP and multiple domains are all > supported. The > >> usual content, source/destination switches are in place. Analyzing > headers > >> is easy, and the interface of both the appliance and cloud solution is > >> intuitive enough for me to hand over to customers to self-manage. > >> > >> Barracuda Cloud: > https://www.barracuda.com/products/emailsecurityservice > >> Barracuda Spam Firewall: > https://www.barracuda.com/products/spamfirewall > >> > >> The approach to training the spam filter and initial deployment is > different > >> these days. I used to spend hours training the filter to discern SPAM > from > >> HAM and engage the Bayesian database to influence scoring on the > Barracuda > >> appliances. Nowadays, Barracuda recommends that Bayesian filtering be > left > >> off. The RBL (BRBL) has gotten that good. False-positives are > infrequent. > >> The Barracuda “Intent Analysis” feature handles the phishing and > suspicious > >> URL and header scanning. See: http://www.barracudacentral.org, as they > >> leverage their Web filter URL classification data for the spam filters. > >> > >> Right now, the Barracuda appliances are still in the $3k+ range for the > Spam > >> firewall. It’s high and the licensing policy and reliance on cheap-ish > >> hardware isn’t worth it. I’ve let most of my appliance’s contracts > lapse and > >> moved filtering to the Barracuda cloud solution. This also cuts down on > mail > >> bandwidth; a perfect application for a cloud service. My cost has been > >> around $8/user/year, billed in blocks of 100 mailboxes, but I think it’s > >> negotiable. Far less expensive than the appliance if your business is > okay > >> with offsite. Retention is 30 days, I believe. I’ve had one short 4-hour > >> outage of the service in the past 1.5 years. > >> > >> I manage mail systems for 35 companies. I probably look at the spam > filters > >> 1-2 times per week; usually to whitelist a vendor sending mail from a > >> residential broadband line. It’s interesting to deal with other > >> organizations and their filtering solutions. I’ve learned what NOT to > use > >> based on that. Otherwise, my decision process has been based on > mindshare, > >> mail volume and ease of use/management. Barracuda deals with a lot of > mail. > >> Google deals with a LOT of mail. Microsoft’s servers deal with a ton of > >> mail. I’ve had problems with some firms who are on the Microsoft side. > Very > >> few issues delivering to gmail and Google Apps types. Lots of problems > with > >> people who rely on bad RBLs or have misconfigured mail servers. > >> > >> -- > >> Edmund White > >> e...@ewwhite.net > >> > >> From: "Edward Ned Harvey (lopser)" <lop...@nedharvey.com> > >> Date: Monday, October 27, 2014 at 5:56 AM > >> To: "tech@lists.lopsa.org" <tech@lists.lopsa.org> > >> Subject: Re: [lopsa-tech] How to choose Junk Filter? > >> > >> No response? > >> > >> > >> > >> Surely people here must be using junk filter products? How do you go > about > >> choosing what product to deploy? > >> > >> > >> > >> > >> > >> > >> > >> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] > On > >> Behalf Of Edward Ned Harvey (lopser) > >> Sent: Friday, October 24, 2014 10:14 PM > >> To: tech@lists.lopsa.org > >> Subject: [lopsa-tech] How to choose Junk Filter? > >> > >> > >> > >> Do you perceive a quality difference between various junk filtering > >> products? > >> > >> > >> > >> Whether you do or don't notice the difference, do you think there's > room for > >> improvement? > >> > >> > >> > >> How do you choose what to deploy? > >> > >> > >> > >> I am looking at these guys - http://www.astraid.com/phishingguardian/ > >> > >> Although our existing spam filters are pretty good with MS and Google, I > >> *do* think there's room for improvement, and in particular, these guys > are > >> security-centric and claim to be better for preventing Phishing and > Social > >> Engineering Attacks. > >> > >> > >> > >> Even if they are better, even if I personally come to believe they are > >> better... How do you go about making your decisions about this sort of > >> thing? > >> > >> > >> _______________________________________________ > >> Tech mailing list > >> Tech@lists.lopsa.org > >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > >> This list provided by the League of Professional System Administrators > >> http://lopsa.org/ > >> > > _______________________________________________ > > Tech mailing list > > Tech@lists.lopsa.org > > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > > This list provided by the League of Professional System Administrators > > http://lopsa.org/ > > > > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > >
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
