Messaging systems such as Microsoft Exchange Server 2010 are becoming more adept at dealing with spam and viruses, but generally they still need support from additional products. SpamTitan is a filtering product that runs on its own machine rather than on the messaging server; it sits in the message path to receive mail from the Internet and to forward mail from internal servers. It includes content filters based on MIME type and attachment type.
Installation and Setup
The installation process can be carried out either by downloading an ISO file and installing it on its own server or by downloading a pre-prepared virtual machine (VM) that runs on the VMware virtualization platform. For my testing, I downloaded the ISO file and installed it on a Microsoft Hyper-V VM. The hardware requirements for SpamTitan are very low. An old machine with a Pentium 4 CPU and 512MB of RAM should do just fine.
Installation is relatively straightforward, although dealing with the FreeBSD OS might be unfamiliar and feel clunky. However, if you read the documentation carefully, you shouldn't have a problem. The documentation is accurate, but it could be written or organized more clearly in places—for example, when explaining how to set up the disk partitions.
After installation, you must configure basic networking information and then define how the system should route mail. This process is easily done by following the system setup chapter of the administration guide, which should have you up and running in about half an hour. The documentation is adequate, although a little more detail in some areas—for example, the LDAP setup section—would have been nice, and on occasion it was necessary to jump to later chapters to fully understand the required settings.
SpamTitan uses two antivirus engines, ClamAV and Kaspersky, which throughout my testing caught all viruses they encountered. For spam filtering, SpamTitan uses many technologies, including Realtime Blackhole Lists (RBLs), whitelisting and blacklisting, a variety of email Request for Comments (RFC) compliance measures, and Bayesian analysis, which can all be enabled to support the built-in spam-filtering engine.
What's particularly useful about SpamTitan is the granular nature by which policies can be applied. You can configure different spam- and virus-filtering settings for different email domains and systems. You can also configure outbound disclaimers for each domain and customize the notifications received when an email message breaks a policy.
For high-availability setups, you can cluster two or more SpamTitan machines, with up to eight nodes clustered reported in production. However, clusters are supported only in the same site rather than in different geographic locations.
Performance and Reporting
SpamTitan works well for daily use. Administrators will find the web interface easy to use and well organized, as Figure 1 shows. You'll find that the online help, available through links on each dialog box, is more up-to-date than the PDF-based documentation.
Since I implemented SpamTitan, I've received very little spam—certainly less than 1 percent of mail received. Perhaps even more importantly, after I whitelisted a couple of mailing lists that occasionally had been blocked, I've had no other false positives. All viruses received have been correctly filtered.
SpamTitan has a range of options for notifying users and administrators of what's going on in the messaging system and with the mail that flows through it. For end users, notifications take the form of regular email messages detailing items that have been filtered and giving the option to delete, whitelist, or deliver those items.
The web interface lets users manage their personal whitelists and blacklists and search their personal quarantine area. When carrying out a quarantine search, users can narrow the results by sender, date range, and filter type. From the results, you can deliver, whitelist, or delete messages just as you can from a notification email message. One thing I found irritating was that although you can sort by spam score and date, you can't sort the results by sender address to find all instances of mail coming from a blocked mailing list.
Updates to virus and spam signatures are automatic; however, updates to the system software are not. In fact, you'll need to take care with this process because unless you have a clustered system or another way of maintaining mail flow, this procedure will require downtime.
Finally, the SpamTitan software includes a variety of reports with information such as top email recipients, top spam recipients, top viruses, and top spam relays. Teports are available manually but can also be scheduled for regular delivery to management. Even better, these reports can be output as a PDF or even in a spreadsheet to allow further data manipulation.
A Solid Choice
SpamTitan is quick and easy to set up and works well with limited configuration. It has good granularity of policies and a simple UI for both administrators and end users. I recommend SpamTitan as a cost-effective way to protect your organization from email-borne threats.
