MS Exchange anti-spam review

Much of the traffic that this blog gets is from people searching for anti-spam solutions on Exchange. I have had years of experience with this, so I thought I would occasionally try and post up some reviews and thoughts on various solutions available to Microsoft Exchange 2000/2003.
Please note that these are my own opinions and your own opinion may differ, as may your experience with any given suggested product. Also note that this is the short list of major tools I have seen used on Exchange most frequently - I am quite positive there are more, but I just do not have much experience with them and therefore can't say much about them good or bad.

Spamassassin on Exchange
I had been using Spamassassin an a FreeBSD system for a few years when I set out to try and get it working on an Exchange 2000 box. I wrote a hack that allowed that to work, and have documented that before on this site (here and here for example).
For a small amount of mail (certainly say within a thousand messages a day, each, for 20 users) this solution works pretty well, especially once you get it tweaked and have your white/black lists worked out and the Bayesian filters trained.
As noted by this person who tried it, it takes less than a second per email, so the better your hardware, the more you could theoretically handle. Also as that same person notes though, there are better solutions - they ended up switching over to SpamStopsHere (something I will try and cover at a later date since I don't have any personal experience with it, yet).
Do note that the best part of this option is that it is totally free and allows the admin to tinker with it and have as much control as they like. This is admittedly not always a good thing.

Built-in Features for MS Exchange 2003
Exchange 2003, especially post Service Pack 2 and 3, has some pretty nice tools built into it for blocking spam. It can query real time black lists, has an intelligent message filter (which is MS's variation on Bayesian filtering), and it makes use of Sender ID as well.
As with any of the solutions, once you get the tweaks in place and modify your white/black lists, it works pretty well.

Symantec
I must note that I haven't used Symantec's antispam solution(s). So this is not a review of their product(s) in any way in terms of that - but it is a review in the broad sense of that I refuse to let any company for which I have purchasing authority buy any Symantec product. I have had years of nothing but awful experiences with them, and I refuse to further bother with them.
So while perhaps in the past year or two they have dramatically changed, become wonderful people, and have the best product in the world - I suspect that the reality is that they are still awful.
Again, note that this is dripping with personal opinion, feel free to ignore it.

Trend Micro
Similar to Symantec above, but with a variation - I love these guys. We used their anti-virus product on Exchange and it was absolutely beautiful. Easy to install, easy to maintain, great features, and it worked perfectly. I loved it.
But... (there is always a but) we decided we wanted to upgrade to their more complex solution and get their anti-spam features in there as well. Essentially meaning that we wanted to give them more money and they would then in turn take it and do whatever it is they do with money. Presumably roll around in it and squealing with glee, I don't know.
But no, their customer service and sales department is awful and they were so rude and condescending that I cut off the transaction and am done with them. I still use them for personal computing needs, the PC-cillin Internet Security product is a good product for the price - but I won't be using them for Enterprise level applications since I don't want to reward their poor service.

McAfee
On the flipside of the other two, I don't really like McAfee in general and have heard of many issues with them. But one client of mine wanted to use the GroupShield product because that is what another consulting group for them recommended. They weren't going to be interested in anything else, so this is the route we went. The customer service wasn't relevant since I dealt with this other consulting group, and then off we went, installing it on Exchange 2003.
The install was "easy" although it took about 7 tries. I couldn't tell if this was a difficult install process, if this server was special, if the person installing it was clueless (I was on site, but not doing the install), or if the product was faulty. After looking back on it - I am going with the fact that the user was clueless (she messed up several other installs that week and so I think she hadn't done them before).
Once installed, configured, the white/black lists are setup correctly, etc - then the product works great. BUT (always the but) the UI is absolutely awful. It runs in Java and is extremely slow (on an 8 processor 3Ghz machine with 8GB of RAM, nothing should be slow) and it is not at all intuitive. It also will toss your settings and other times will warn you that you will lose changes made, but then it won't show you the changes you made - the easiest way around this is to make changes, save, and then exit the app, and then go back in. Suffice it to say, the interface is just extremely painful. On the good side, once you have it setup to your liking, you don't need to go in there that often - especially if you keep your white/black lists in separate text files and as you update them, you can occasionally just go in and reimport those instead of having to use their interface for adding.
I am torn on this product - it works really well in some respects, but it is literally painful to use in other respects.

This is enough for now - this is a long entry and has a lot of pure opinion content in it. I would rather have a few posts of factual references before I veer off on another opinion based rant... for now.

Posted by Eric at September 25, 2006 09:46 AM | TrackBack