Mail AV & Spam Recommendation

Discussion in 'Business & Enterprise Computing' started by Rea:Per, Jan 27, 2016.

  1. Rea:Per

    Rea:Per Member

    Joined:
    Mar 27, 2011
    Messages:
    321
    Location:
    Sunshine Coast
    Hi Everyone,

    just looking at our spam filtering, Mail security & AV.

    Currently have an on Prem Exchange 2013 with ~60 Mailboxes
    mail is directly delivered to server.
    Mail flow is averaged at around 600 Sent and 1,000 Received per day

    We are wanting to look at adding some decent Anti Virus/Malware protection & Spam filtering.

    Symantec offer their "Symantec Mail Protection" app that installs on the exchange server.

    Trent Micro I believe offer a hosted mail exchanger to bounce exchange through.

    what are people's thoughts / experiences and recommendations?
     
  2. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,433
    Location:
    Brisbane
    If it has to be on-prem - We use Symantec Message Gateway Appliance in a 3 way cluster.
    Its tops.

    Ironport used to be good, but its going on 6 years since i've used one now.

    Don't ever install any piece of shit onto your Exchange environment directly - pretty much every piece of crap will eventually break your exchange and make you pull your hair out.


    But seriously - just spend the money with Symantec.cloud and be done with it.

    Trend everything is shit.
    Sophos can eat a dick too.

    Basically if you don't make an appliance, you suck and get off my lawn.
     
    Last edited: Jan 27, 2016
  3. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    I have a religious hatred of things that interfere with Exchange's mail flow.

    %99.9 of the issues I used to see with exchange were caused AVAS systems that sat on the exchange server.

    A hosted solution is the way to go, It ticks all your boxes as far as Virus and Spam protection go.

    Work out your needs, and check with a few of the hosted providers for the one that best meets them. I've heard good things about Mimecast.
     
  4. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,433
    Location:
    Brisbane
    I just have a religious hatred of people thinking they know better than Microsoft when it comes to their own product.

    Also having to fuck with Exchange because some idiot thought they were clever.

    I've been up working since 5 am. I hate life. Responses are extra short.
     
  5. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,373
    Location:
    Brisbane
    Ditto.

    Hoping someone who runs one today could comment on how well they work lately, and if the Cisco buyout changed things much.
     
  6. m0n4g3

    m0n4g3 Member

    Joined:
    Aug 5, 2009
    Messages:
    3,742
    Location:
    Perth, WA
    We use a hosted gateway. Mimecast is what we use and it's pretty damn good. Before this company I used mxlogic and it was reasonable, BUT now it's been bought by McAfee, so not sure it's going to be worth anything either.

    We haven't had a single instance of cryptolocker come through, and there's been very minimal spam make it through too.
     
  7. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    MXLogic remained mostly independent of Mcafee, Service was good, support was poor. but since IBM Intel Bought mcafee, they have decided to wrap up their hosted mail service and are directing people towards Proofpoint, who I've not had any experience with.
     
    Last edited: Jan 27, 2016
  8. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    Trend's hosted anti-spam is actually not too bad. I've only dealt with it in a small install with no AD integration, but it wasn't anywhere near as painful as I expected it was going to be. As much as I can't stand Trend's software, I would definitely not discount Trend for hosted email scanning.
    Unfortunately the sales part of it was very painful. Between Trend and Ingram, there's a whole lotta stoopid.

    We use AVG's hosted email scanning at work, but we get it for free as a reseller. I wouldn't recommend it for anyone using more than maybe 5-10 mailboxes.

    Something I would suggest though - whatever you go with, I'd be mixing vendors for hosted email AV and local client AV. Gives you 2 chances for vendors to have updated for new stuff.

    Edit: Doesn't Intel own McAffee, not IBM?
     
  9. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    67,371
    Location:
    brisbane
    We are using Symantec.cloud, works extremely well coupled with a client side proxy for web filtering as well.

    Support is really, really good too. 24*7 365 with Aussie support during business hours and I think UK out of hours if you ever need it.

    Only reason I wouldn't use it is if I required onsite everything for compliance.

    FYI, Telstra are a reseller so that's convenient as well.
     
  10. OP
    OP
    Rea:Per

    Rea:Per Member

    Joined:
    Mar 27, 2011
    Messages:
    321
    Location:
    Sunshine Coast
    Thanks for the reply,

    I do like the idea of a cloud based scanner and I assume you just configure your server's public IP with the cloud provider and then change the domain's MX record to point to the cloud provider.

    I'll check out Symantec.cloud (Email Security.cloud)
    anyone have a recommended Symantec partner to talk to?

    EDIT* telstra partners hey? i'll give them a call to organise a sales demo / spiel.
     
    Last edited: Jan 27, 2016
  11. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,183
    Location:
    Melbourne
    Pretty much this.
    Setup a connector from the Cloud provider to your public IP address
    Change your MX to point to the cloud provider
    Setup ingress filtering on your firewall to only allow port25 traffic from your cloud provider's ranges,
    Setup a "Smarthost" or connector, to route all traffic to your cloud provider ;
    setup egress filtering to only allow traffic from your exchange server to put 25 on the cloud provider ranges ; block all other outbound destn 25

    I am a telstra partner and can possibly set you up with a trial (I'd have to look) but haven't really dealt with it at all - PM if you wish
     
  12. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    67,371
    Location:
    brisbane
    If you do go with them, never talk to T's "support" ring Symantec direct - like most things they are completely inept.

    If you have an AE just hit them up.
     
    Last edited: Jan 27, 2016
  13. OP
    OP
    Rea:Per

    Rea:Per Member

    Joined:
    Mar 27, 2011
    Messages:
    321
    Location:
    Sunshine Coast
    Thanks TehCamel for the info. I would never had thought to restrict the mail traffic in our firewall.

    but as power suggested I have emailed our Account Exec & Technical Asset to arrange a demo & pricing info.
     
  14. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,433
    Location:
    Brisbane
    Pretty much any third party app that interacts with the Transport queue is likely to fuck everything to pieces when you get any real load through it.
     
  15. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,773
    Location:
    3350
    Another vote for Symantec.Cloud 5+ years and its been flawless.
     
  16. digian

    digian Member

    Joined:
    Jan 20, 2003
    Messages:
    413
    Is Symantec.Cloud the new name for MessageLabs? Or did they finally ditch MessageLabs and move to their own hosted BrightMail appliances instead?

    If it's just a re-branded MessageLabs, run for the hills. Or just run either way. Last I heard, the top end of town all hated MessageLabs with a burning passion and was furiously jumping ship, most began re-surfacing in another bigger sinking ship known as office365.

    ProofPoint and IronPort *were*, and I suspect will still be your only serious options, see Gartner <magic-quadrant.jpg>. Especially ProofPoint since they acquired EmergingThreats in 2015 who were and still are the leaders for malware signatures. If you haven't heard of ET, its basically the Enterprise grade set of snort/suricata signatures, or the signature wholesaler to the rest of the security industry, as it were.

    As for AV, in an enterprise you can either paint it red, paint it yellow or go for trend. All 3 of which have terrible, terrible signatures and detection rates... but their ease of use keeps sysadmins happy and keeps them in the market lead. If you actually care though and want serious detection, and are happy upsetting your sysadmins a little, go KAV, NOD32, Avira or BitDefender. Refer to virus bulletin or av-comparatives for benchmarks over recent years to back up what im saying.
     
    Last edited: Jan 29, 2016
  17. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    I had heard of EmergingThreats, but never heard of Proofpoint up until Mcafee started telling MXLogic customers to go there.

    The proofpoint experiences of most MXLogic customers I've communicated with haven't been glowing.
     
  18. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,773
    Location:
    3350
    Symantec.Cloud = Messagelabs for the last few years. I'd love to know what the "top end of towns" issues are with it because I've not encountered anything that would push my somewhere else.
     
  19. samus

    samus Member

    Joined:
    Jun 3, 2002
    Messages:
    1,264
    Location:
    Baulkham Hills, Sydney.
    This,

    I run the symantec appliance on premises, as a VM. it comes as part of the endpoint protection suite, so it makes it really, really cheap, I moved away from messagelabs because of it.

    for 60 users, Messagelabs (symantec.cloud same thing) works out more expensive over 3 years than a endpoint protection suite sub, and you don't have to send AD data over the WAN. You get the av stuff as a bonus.

    Though messagelabs will hold mail for you if your link dies.

    if nothing else, it's worth considering.

    M.
     
  20. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,373
    Location:
    Brisbane
    When I inherited the place I'm working for now, they had a grossly-out-of-date Exchange setup, with MessageLabs protecting it.

    I can't say anything bad about MessageLabs. Largely "fire and forget" setup, and was very likely the only thing keeping said grossly-out-of-date Exchange setup alive and safe.

    Also, I'm still interested to know if anyone reading this uses IronPort today. I used it ages ago, and most folks I talk to are in the same boat. Keen to know if it's still OK under Cisco's management.
     

Share This Page

Advertisement: