http://assp.sourceforge.net/

What we've done for some customers is setup a frontend spam filter using Linux tools like Postfix, Amavisd-new, ClamAV, Maia MailGuard, and so on. This could run on a NAT firewall or dedicated server. Postfix sends all mail to Amavias/SpamAssassin for filtering, then transports it to the internal Exchange server... works great. Trapped spam (quarantine) can either be delivered to the 'Spam Administrator' in Exchange, or simply tagged so that each user can add their own filters to match something in the headers or subject. Could be combined with an integrated Exchange spam filter to provide multiple layers of scanning.

Ya, I thought about a solution like that before implementing this, but I decided I wanted the SBS box to receive the mail directly. In front of it is a commercial firewall in which I don't have the luxury of being able to install such gateway software. And I quite frankly don't want the hastle of another piece of hardware to simply handle the spam filtering. An integrated system built into Exchange as a connection filter is just fine.

Isn't it a bit "iffy" to have ALL mail coming straight to Exchange? Wouldn't you want something further upstream filtering out EXE's and the like? I've never used IMF so don't know how well it handles that kind of thing, but something protecting the front of the SBS Exchange server feels warmer and fluffier to me..

Why? Exchange can revoke emails with attachments it isn't willing to accept just as easy as a Linux server can. Actually, Exchange does that out of the box... you have to manually go configure support for it in postfix's header_checks configuration file.

My SBS box is fully protected from the outside world except for the Exchange SMTP port and an authentication login port to the network. There is NOTHING that Linux can offer to make it "better". Only different.

I used to think I could solve everything with Linux. Then I realized that although that may be true, the question is WHY. It's more costly to have ANOTHER box I have to manage, maintain and monitor when I don't have to. There is a place for Linux on my network (ie: my Defect Tracking Server running FogBugz, and my Source Control Server running Subversion).

The only reason I would feel "warmer" is the fact I would have ANOTHER server heating up the server room. It's hot enough as it is... I don't need another unnecessary box in there.

I'd have to agree with Andrew here... most of the SBS boxes I manage don't have anything in front of them for SPAM filtering. Customers who want spam-filtering with the smallest investment, I use IMF for, with notable success. Moving up the chain to larger environments... customers who might be just a little too big to hit the SBS sweet spot... I typically recommend something like the Barracuda Spam firewall, or some other Spam Assassin-based device.

Having something at the perimeter to do some extra filtering is nice; but before you make a recommendation, you probably need to do some perfmon auditing and see how your SBS machine is handling its current workload. Something else to think about; if you’re doing a good volume of email on a “small” network… (maybe 10,000+ emails daily) you might actually get a performance boost by setting up IMF, in terms of decreased antivirus scanning (assuming you’re scanning mail coming into the Exchange message store).

While I haven’t looked ORF Enterprise before, the price certainly seems right… but again, I like IMF for free, and Barracuda if there’s any type of budget available. ORF looks like it fills a niche; I’m just very wary of anything designed to “help” Exchange do its job, that wants to live on one of my Exchange servers. Just call me cautious I guess.

I'm not talking linux linux linux :)

We reused one of our old servers from our upheaval from NT4. It's running 2003 now with Surfcontrol and having seen that ASSP posted above, that too! I'd like to drop SC as it's too much of a "black box" for my liking, but ASSP works amazingly well (and the fact the users can train it themselves is an added bonus :) )

I'm going to look into IMF today and find out if that's worthwhile taking over from SC (with ASSP in front of that still).

I look at Exchange as an internal server, with the filter in front of it as a kind of firewall, I guess?!

Dana,

Sounds like you need to move out of the basement... or move the heaters out into a colo or something. :-)

The "hastle" of having another box running is semi valid... but now you've still been fighting and hastling to improve spam filtering on the Exchange server... so no time gains. IMF sounds like a great idea, but adding all kinds of 3rd party packages to provide services like extra filtering just bog down the server and make it more complex - and harder to troubleshoot and fix/restore in a pinch. When running on a seperate server with Postfix, I can easily determine that something is not running properly (thanks Nagios) and bypass with with a 2 change in the Postfix config. To each admin their own :-)

A lot of people report great success with FrontBridge as far as reliability, accuracy, reporting, managability, and performance goes. I see they were just acquired by Microsoft.

I am a GFI reseller, and I have never had a problem getting it up and running on any box, including an SBS server. It is my spam and antivirus solution of choice for Exchange (Mail Essentials for spam, Mail Security for AV). The most powerful part of the program is the bayesian filter, and it does take some not-too-well-documented setup to get it running quickly, since it has to learn what each system considers spam.

I would be happy to discuss it with you if you would like more feedback.

We use a Baracudda Device. We use this and we setup our clients to hit our device and only forward on the good emails to them. This has worked out quite well for us and our clients.

We use IhateSpam,

The new version (1.7) uses both the Giant Engine and cloudmarks....So far I have seen only 1-2 spams instead on 30-40 in my mailbox