6 May 2008 - 2:37Choosing an Entry Level AntiSPAM Appliance

Like most technology companies we like to keep as many things in-house as possible; this allows for more control, new opportunities to do R&D that may help evolve our knowledge to come up with a better solution when appropriate. However, thankfully our network operations team has the common sense to pass when they should. So years ago we decided to tame our desire to explore on-site spam management using Open Source SpamAssassin with Postfix or Qmail, etc. Instead, we simply delegated the task of dealing with SPAM to a third-party vendor. By pointing MX records to a third party and only accepting emails from the vendor’s SMTP servers, we had it made — a simple working solution to can SPAM.

After a few years of nearly forgetting the SPAM problem, we were recently shocked to receive an email from our former outsourced anti-spam vendor — peertopeer.net. They informed us that one of our customers is receiving a large amount of spam, which is causing their servers to bog down and thus they have no choice but to terminate our customer’s account or charge us $199/month to upgrade our customer’s account. We informed our customer about this matter and they told us that they do not have any ideas about why they would get a large amount of incoming SPAM from outside. Since we did not have access to the raw logs from our vendor, we had no way to investigate this any further. We had following conclusions to draw:

• Our customer has become a random target of some spammer
• Our customer is being attacked by someone
• Our vendor is being a greedy

We decided that only solution we have in our hand is to find another vendor to deal with the situation. However, one of our guys decided to explore an in-house solution and realized that there are quite a bit of advancements in the last few years in terms of pricing and availability of small size anti-spam appliances to deal with 50 to 200 email accounts. We decided to explore this path of regaining control over spam matters and launched a small product review project. We would like to share some of our findings below.

We identified the following vendors as our potential appliance vendor:

• IronPort - a well-known vendor that we know from our past lives dealing with high speed email engines such as PowerMTA from port25.com and IronMail from IronPort
• Barracuda Networks - a trusted vendor from which we purchase network gears such as load balancers
• MailFoundry - a new player from our prospective
• Red Condor - another new player

Our customer has less than 100 email users and therefore we decided to look for the entry-level appliance that can deal with such a load without any hiccup. We set a modest wish list as follows:

• 1U footprint
• Automatic update for SPAM signatures
• Bi-directional (inbound and outbound) processing of SPAM
• Reasonably priced: less than $2000K
• Not just a Linux box with SpamAssassin - something beyond what we can do in a day or two
• No restrictions on number of domains - as our customer has a few domains
• Domain level control of filter rules
• Anti-Virus support — good to have

IronPort: Not Much Luck

Even though we knew IronPort would have a good solution as they are well established in email appliance marketplace, we did not find much luck with them; they seemed to have changed since they cashed in from Cisco. Besides, we knew IronPort is more geared towards the “Cisco” crowd — the highend of network geers that only large enterprise and government can afford.

Barracuda Networks: Spam Filter 100 - 200

After speaking to a sales engineer at our preferred reseller — Virtual Graffiti (BarraGuard.com), we realized that this might be really a Linux box with SpamAssassin on it. A little googling showed that many are unhappy with “tuning” the systems, so we decided to pass on them.

Red Condor: MAG1500 (Nice)

When we contacted a sales engineer at Red Condor, it was nice to speak to someone directly involved with the product. It was clear Red Condor could do what we wanted. More over, they had some nice failover feature and a very promising upcoming branding feature that made dressing up their user interface easy. We were impressed by their feature set and really decided against them on the basis of price alone as it exceeded our budget by $500 bucks.

Mailfoundry: 1150 (Right Features and Just Right for the Price)

Even though the engineer we spoke to was not forthcoming with a straight answer about true meaning of the “recommended user limit of 200″ statement on their Web site, it realized that they really do not have a hard limit of 200 users for their entry level box!

The engineer at mailfoundry repeatedly stated that he cannot answer our questions: what if we have 210 users? Will the system block the 10 users that are beyond the capacity? He only stated that they “recommend” 200 users for the 1150 model. There is no hard limit on how many domains that can be using the 1150 appliance either. We also liked the fact that their box has following features:

• Boots of flash memory instead of a hard disk - less likely to fail
• Uses mailfoundry’s own scan engine - MessageIQ — instead of SpamAssassin
• Uses their own mail transport agent (MTA)
• Claims to use server-class motherboard and dual core CPUs unlike Barracuda Network’s appliances

We have already placed order for the 1150 and expect it to be here in a few days. We will update this post based on our real experience with the system. So stay tuned.

Update: May 08

Even though we ordered the unit via their online order system, the next day we received an email from their sales asking us to go through the 30-day EVAL period and sign and fax paperwork! We thought we already “ordered” a box! Look like they insist on doing the trial even for customers who have “paid” in full! Besides, we hate fax! Also, when we asked about the mail capacity per month for the 1150 box, we got a huge email from them without giving us straight answers. Still no box.