May 26, 2005

Review: MailFoundry 1100 anti-spam appliance

Author: Craig Zeigler and Jem Matzan

Fighting spam in a corporate environment has become a significant annoyance. Software remedies such as SpamAssassin work decently, but require a lot of training before they become effective -- then they need to be re-trained as new spam hits the net. Even then there are false positives with some anti-spam solutions, which can be worse than the problem it's meant to fix. In addition to spam, there are email-borne viruses, Trojan horses, and other dangers to cope with. These problems require more software, which has to be monitored and configured. Wouldn't it be better to have a hardware device that you can just plug into your network and take care of it all for you? I've just spent a week with one such device: Solinus' MailFoundry 1100 email filtering device.

The 1100 isn't MailFoundry's most powerful model, but the software remains the same for all of their email filtering hardware. The 1100 is a based on the Sun Fire V100, which has a 550mhz UltraSPARC IIi processor with 512MB of SDRAM and an 80GB IDE Seagate hard disk. Basically it's a lightweight, 1U rackmount Sun server with a small footprint. All it does is filter email; it is not a mail server or proxy.

Capabilities and market focus

According to Solinus, this unit is capable of processing one million messages per month, which breaks down to about 33,000 messages per day. From what I have been able to ascertain, the MailFoundry 1100 is not capable of handling the high range of that estimate, and is best suited for a use in small and medium-sized businesses. After discussions with the technical folks at Solinus, they agreed that 800,000 messages a month is a more realistic ceiling for the MailFoundry 1100: a figure which is still acceptable for the target market. Solinus sells MailFoundry on more powerful machines for its high-volume customers.

There is little you can do to modify this machine, and there isn't anything inside of the machine that needs tweaking. This unit is sold as an appliance so that the admin has to put little or no effort into setting up and configuring. You mount it in your rack or secure it in your usual way, plug it in, turn it on, spend a few minutes setting it up, and cease worrying about email annoyances. Part of the reason you can do that is that Solonis is updating it for you behind the scenes, via an encrypted link.

Setup and configuration

There really wasn't much I had to do to set up the MailFoundry 1100's software. According to the directions, I had to plug another computer directly into the management port on the system and set its IP address to something compatible with the 1100. From there, I could configure the system to work on the network. I found this to be a bit irritating, but I can understand why it is set up that way. Most appliances allow you to simply plug it into the network and access it that way, but most sysadmins would never plug an untested, unconfigured machine into a live network, which is why I couldn't be too upset about having the extra step.

When I connected to the system, I had to give it an IP for the normal network, tell it which domains it was responsible for, and where the mail servers were. The documentation that came in the box was very well written, making the entire process even easier.

Features

MailFoundry 1100 gives the admin several options when dealing with spam and virus messages. The spam options include having the MailFoundry system collect all spam and send it as a MIME digest to each user at a given time throughout the day; append a header to the message; append a subject to the message; or simply delete it. I chose to append a subject to the message, and have the mail clients do their own filtering based on that. The reason for that is our mail server -- Mercury NLM for Novell NetWare. If I were using a Linux mail server, I would have chosen to add a header to the message, and then allow the mail server to filter the messages based on the header.

When I spoke with the CEO of Solinus, he told me the hard drive in the 1100 is used to boot the system, which runs a version of Solaris. The hard drive is also used to store queued messages if you choose to have the machine collect all the junk mail and send it as a digest.

The MailFoundry software treats spam and viruses as different kinds of problems. For viruses, the default setting is to clean the message and send it on to the users, but it can be customized. The other options are to clean the message and append a subject to the message; quarantine the message; or simply delete it. I didn't care for the quarantine option because then I'd have to periodically go in and clean all of those messages out. My choice was to clean the message and append a subject for the mail clients to filter for.

Usage

The user interface on the MailFoundry 1100 is well conceived. The login page is simple and easy to use. After logging into the machine, you are taken to the main status/summary page. This shows results and statistics for the past 3 months, and another set of data for the past 12 months. There is also a navigation menu along the left and top of the page. From this page you can do any necessary configuration or reporting.

The MailFoundry 1100 has a reporting system that seems to be geared toward billing, but I found the detailed reports and summaries
(Click here to see the reports in PDF format)
to be useful. By clicking on the graphs, you can see detailed information on each managed domain, and then break that down further and see a summary for each user of each domain. All of these pages can be easily printed and sent to management for review with almost no trouble. It was nice to see graphs being done on the fly instead of having to create them in a spreadsheet when the boss wants to see mail statistics.

Accuracy

I had the machine in service for a little over a month, and it missed a total of 3 messages in that time. The frustration came not from the false positives, but that there was no obvious way to correct the problem. When I called tech support, they mentioned that I simply had to forward the message with the headers intact to an address at Solinus where a human would take care of the correction. They were happy to accept just the headers for the message so no sensitive information was shown to people outside of my company.

For the most part, I was very happy with the accuracy. The fact that it classifies each message not just as "spam" and "not spam" was a bonus. This system will catch those irritating phishing scams, RFC compliance issues (mal-formed email), normal spam, and the multitude of other bad things we want to keep from our users.

My boss asked me for a simple accuracy percentage, which is not available on this machine. That is something my bosses were used to seeing with the normal junk mail filtering system. When I asked about this, the Solinus people informed me that it was on the future improvements list, but was not there just yet. Their reason for this is that the classification isn't black and white -- the system deals with junk mail, spam, scams, and other undesirable email in different ways.

Conclusion

All things considered, I was very happy to have the chance to have one of these machines on my network. On the surface, the MailFoundry 1100 seems to be quite expensive for a mail filtering system. After considering the wasted time dealing with our mail system as it is, the "break even" point for the cost of the MailFoundry device is less than 12 months. Solinus charges U.S. $2000 for the system and $500 per year for maintenance. This isn't a bad price since this is not an entirely scripted system. Humans are editing and updating the spam and virus filters. The machine gets updated every couple of days via SSL. Solinus also requires SSH access to the system to manage the system and repair it should something go wrong, but this can be turned off when not in use.

I'm not sure I like the layout of the system, as its supposed to be an appliance. It is booted from the hard drive, which poses a risk of drive failure. Such a problem would stop email from coming into the network. From what the folks at Solinus told me, the MailFoundry 1100 is being replaced by the 2100. The major differences between the two are that the 2100 is booted from flash instead of a hard disk; instead of a single drive, two hard drives are mirrored as a safety precaution; the drives are user-replaceable and do not require disassembly; and instead of Solaris, the newer machines use a custom Linux distribution. Lastly, the MailFoundry 2100 is not based on a Sun machine. By getting away from Sun Solaris and into Linux, the MailFoundry devices cost less to make and gained a tenfold increase in performance.

Solinus also offers larger versions of the 2100 to deal with higher volumes of mail. All of the software is the same, with the difference being only the hardware. So if you're on a higher-volume network and need something a little more robust than 800,000 messages per month, it's available to you.

Overall the MailFoundry 1100 was a competent machine that did everything I wanted it to, and the service was also agreeable. The cost is justified -- just by saving time, the device will have paid for itself within a year. Best of all, I can cross off "email content problems" from my list of concerns as a sysadmin.

Device Email filter
Manufacturer Solinus, Inc.
OS Support Machine is OS independent; controlled from a Web-based interface
Market Small/medium-sized businesses
Price (retail) U.S. $2000, plus $500 per year for the filtering service and maintenance
Previous version N/A
Product Web site Click here for the products page
Click Here!