Anti-Spam/Anti-Virus Plugin or Integration from within SWA

[jaime.pinto]

I've searching a way to possibly give our users a tool for them to blacklist/whitelist emails as they see fit, and that would facilitate the spam "learning/training" of the system. I'd prefer if it was integrated at least from within SWA, as a plugin (Similar to yahoo/rogers in Canada). Futhermore, a way for users to see what is in a quarantine list of virus, so they can decide whether on not to read the email.

Below are some references I found on this forum, which for most cases require some by-hand modification of the sendmail and amavisd configuration. Here is are a link to a collection of independent and stand-alone web based tools to control their behavior individually.

http://www.ijs.si/software/amavisd/#contrib
http://www.scalix.com/wiki/index.php?ti ... Mailwasher
viewtopic.php?t=2732&start=0
http://www.spamtitan.com/

Has anybody gone through the exercise of trying to get a project such as this going successfully, and could make some recommendations to us?

I definitely would prefer an "plugin" if available, where people could just click on the email to blacklist or whitelist. Otherwise something like a common JUNK folder to all, so that people cold drag the spam emails to and periodically it would be processed and classified as spam thereafter. By the same token, a NOT_SPAM folder that users could put a copy of the wrongly classified spam email. A stand alone web based option would be the last on the list.

Thanks
Jaime

[friedmar]

I totaly agree,

the scalix method described in
http://www.scalix.com/wiki/index.php?ti ... -New_HOWTO
http://www.scalix.com/wiki/index.php?ti ... amAssassin
seams to work. But I doubt that enduser could live with this method.

We need something more simple like a buttom saying SPAM or NonSPAM.
Also the complete basic configuration for spam and antivirus should be included in the scalix setup/install.

Friedmar

[mikevl]

What could be more simple than draging a spam message from your inbox to the Junk Email folder?

And occasionally checking the spam folder for false positives

In reality we get very few false positives. 1 every few weeks or so.

Seems simple enought to me

My 2c

Mike

[jaime.pinto]

Things have been very quiet on this thread.

I still have a problem to deal with: spam/virus emails getting through, regardless of the ClamAV/SpamAssassin efforts from within scalix/sendmail. Users seem defenseless against this annoyance.

Maybe this is not an easy issue to deal with. I was looking into the black/whitelist option for the users, but maybe a better approach is not to deal with that at all...

Has anybody tried scalix with PerfectMail?
They claim to have a frontend appliance to do the job, transparent to the user. Does anyone have any experience with the logistics of the integration with scalix, and how effective it is?
http://www.xpmsoftware.com/index.php/xpm/filter/specs

Thanks
Jaime

[lkarnis]

Folks:

My name is Larry Karnis and I am the president of XPMsoftware, the publisher of PerfectMail. As I am a vendor and this is a public forum, I will limit my posts to information relevant to the Scalix community. I will do my best to keep the marketing content down to 0%. I will also provide input on our approach to antispam including what (we believe) works and what (we believe) doesn't work.

Jamie Pinto was asking if anyone has tried PerfectMail with Scalix. We have one customer who is using PerfectMail to protect Scalix and they report very good results. I won't post their experiences unless I am asked (to avoid the perception of marketing).

We now offer PerfectMail on DVD for installation directly onto customer kit (physical or VMware virtual servers). We will send out DVDs to any interested party to try at no cost or obligation. The DVD will include a 60-day evaluation license so you will have plenty of time to put PerfectMail (and our support) to the test. All you need to try our software is any P4 desktop (1.4ghz or better) with a DVD reader, 256mb of RAM and 10+gb HDD (or a similarly configured Virtual Machine). This configuration will easily support 500+ users. A faster CPU and 512mb RAM will easily support 1,000+ users.

I would appreciate the opportunity to work with any member of the Scalix community who would be interested in conducting a test of PerfectMail. If you are interested in conducting such a test, or simply wish to try PerfectMail for free, please contact me.

As even the offer of free trials could be interpreted as marketing, I will not mention free trials again unless asked.

Regards,

Larry

[florian]

Hi Larry,

thanks for your post; I might be expressing personal opinion here (as I should check back with our marketing department to make such things official), but I don't see any problem with marketing information appearing on this forum as long as ...

a) they are clearly marked as such (yours is!)
b) they are not advertising competing products (even that would not really be bad per se, but I think it would just be bad style. I would personally never do that on a competitors forum or website)

So... I think this is fine.

Actually, if you believe your product works well with Scalix and see it as a useful extension for our users and customers, we do have a program called Scalix Ready where we engage with other ISVs for mutual certification (which the leads to website listing, etc.). I can provide you with contacts inside Scalix to go for this (would be through product marketing, etc.).

So... if there is anything I can do to make all this more useful, let me know.

Cheers,
Florian (Director Product Management, Scalix Corp.)

[swordfish]

I've searching a way to possibly give our users a tool for them to blacklist/whitelist emails as they see fit, and that would facilitate the spam "learning/training" of the system. I'd prefer if it was integrated at least from within SWA, as a plugin (Similar to yahoo/rogers in Canada). Futhermore, a way for users to see what is in a quarantine list of virus, so they can decide whether on not to read the email.

Below are some references I found on this forum, which for most cases require some by-hand modification of the sendmail and amavisd configuration. Here is are a link to a collection of independent and stand-alone web based tools to control their behavior individually.

http://www.ijs.si/software/amavisd/#contrib
http://www.scalix.com/wiki/index.php?ti ... Mailwasher
viewtopic.php?t=2732&start=0
http://www.spamtitan.com/

Has anybody gone through the exercise of trying to get a project such as this going successfully, and could make some recommendations to us?

I definitely would prefer an "plugin" if available, where people could just click on the email to blacklist or whitelist. Otherwise something like a common JUNK folder to all, so that people cold drag the spam emails to and periodically it would be processed and classified as spam thereafter. By the same token, a NOT_SPAM folder that users could put a copy of the wrongly classified spam email. A stand alone web based option would be the last on the list.

Thanks
Jaime

I really think you are heading in the wrong direction with this. I have never seen a production environment where allowing the users to whitelist/backlist messages and build there own spam recognition as a success of blocking spam. All of the current solutions to provide such capability are based on either whitelisting/blacklisting e-mail senders and/or building custom per user Bayesian databases. With the current spam trends neither of this is good enough to block spam successfully. Most of these systems come with quiet extensive documentation explaining "best practices" as a user manual on what to classify as spam and what not. Try to explain all those "best practices" to an engineer, who is overworked on a company important project or CEOs which just didn't click the messages the right way to classify them... Are you going to turn back and tell them - "You guys are all stupid and that's why you are still getting spam"?
In my opinion the spam blocking task should be the sysadmin responsibly. Scalix is an e-mail system and as such it'll be very difficult to make it an antispam system at the same time. Some years ago the opinion was that in future the firewalls will be build into the routers and the firewall companies will go down. Instead today as we see the routers are still doing the routing and the firewalls are still doing the firewalling. The same is with Scalix. Scalix should do the e-mailing plus all the other nice company wide useful features and let another device do the spam blocking. I'm not affiliated with them at all but we use Barracuda spam firewall at the front of Scalix and other mail servers. The device has Outlook plugin to allow the users to classify messages as spam and not spam, however I always switch that feature off and never allow the users to use it. I didn’t even care to test the plugin with Scalix configured Outlook profile because I don’t want to give users such capability. The device is capable (with right administrator configuration) to block over 99% of the spam without any user intervention and it can give the users ability to see quarantined messages.
Yahoo and the rest are free mailers and for them allowing the users to do classification is more than marketing trick than anything else. In a company production environment - which is the target of Scalix customers this solution is not viable.
So, in my opinion the best direction to go is to find yourself a good antispam vendor, install the solution and manage it properly. Only that will block the spam up to a satisfactory level for everyone.
Again - all of the above is based on my working experince and it's only my own personal opinion.

[jpreston]

swordfish,

Yeah, I'm going to have to chime in against your opinion. I don't think we're referring to pulling the task completely away from the sysadmins, just the day to day spam filter options. The problem even with Barracuda systems is that the interface for accessing their spam messages is different than the interface they use to check their mail. This is an ADDED step in the process, and in many cases unwarranted. No offense, but it seems like you either do not work for a large company (500+ employees) or your average users are tremendously more tech savvy than anywhere else in the world.

I currently run two mail systems, one Sun JES system using a Barracuda and one Scalix system, using MailWasher. Both spam filtering solutions use a web front end for quarantine and spam filtering configuration as well as allowing users to maintain a personal whitelist/blacklist.

The debate isn't giving the user total responsibility of their spam training or individual bayesian filtering configuration, merely a unified method of completing the day to day operations such as whitelisting, blacklisting, quarantined message retrieval/viewing and the ability to report "junk" or "spam" to further the accuracy of the spam filter.

I don't know how many thousands of times with both system I manage I get the "can you add this person to my whitelist?" or "I had a spam message blocked, can you get it for me?" If you enjoy these types of questions, kudos to you, I for one am too busy to PERSONALLY monitor, manage and maintain a single users spam box (outside of my own). I am *NOT* a fan of the "go to the spam filter site, login and do it yourself" answers. However, if the user had that ability from even just the SWA in a manner that was both easy to use and intuitive, it would knock at least half of the time consuming problems out of the way allowing me to focus on things more important.

Just food for thought.

Joshua.