Comparison of SA and commercial solutions

["Aecio F. Neto" <ae...@uol.com.br>]

Hi, there.
Is there any *good* and *trustable* comparison between SA and other 
commercial solutions?
Any feedback much appreciated.

Regards

Re: Comparison of SA and commercial solutions

[Martyn Drake <ma...@drake.org.uk>]

Steven Dickenson wrote:

> You might be able to get your security group to take responsibility for 
> it.  Many enterprises now consider first-line email servers something of 
> an application-level proxy, particularly first-line servers that handle 
> spam and malware filtering.  In these cases, they're usually handled by 
> the security department.

I handle the security for the most part.  However, it's a decision 
that's out of my hands.  Besides which if things do go wrong I can't 
take any of the blame for it ;)

> I would imagine given the choice of an Exchange front-end server vs. a 
> Linux-based SMTP gateway, they'd jump for the later.

Absolutely.  But the in thing these days is shared calendars.  Yes, 
there is indeed many solutions that can be implemented in Linux but (a) 
the IT department doesn't have much Linux experience if at all, (b) the 
users of the shared calendaring system are mainly Windows users running 
Outlook anyway and (c) the email/communication systems is more of an IT 
thing than the department that I work for (we manage production systems 
rather than IT related stuff - the only reason we ended up running the 
mail system was due to the IT's lack of Linux/mail server experience so 
many years ago).

M.

Re: Comparison of SA and commercial solutions

[Steven Dickenson <st...@mrchuckles.net>]

Martyn Drake wrote:
> Ironically, after many years of faithful Linux use we're going down the 
> Exchange route and mail handling to be given over to another department. 
>  I doubt we'll see a SA Linux box there.  Oh well.  I'm used to 
> disapointments over the years, so it wasn't too much of a surprise to me.

You might be able to get your security group to take responsibility for 
it.  Many enterprises now consider first-line email servers something of 
an application-level proxy, particularly first-line servers that handle 
spam and malware filtering.  In these cases, they're usually handled by 
the security department.

I would imagine given the choice of an Exchange front-end server vs. a 
Linux-based SMTP gateway, they'd jump for the later.

- S

Re: Comparison of SA and commercial solutions

[Martyn Drake <ma...@drake.org.uk>]

JamesDR wrote:

> As far as ease of setup? When I first started with SA I was more of the 
> doze admin than the Linux admin. 

I've been doing Linux stuff since around 1996/1997 and have my own 
dedicated server that I get to ruin^H^H^H^play with before rolling it 
across work-related matters.  I'd been using SpamAssassin for some time 
in a personal capacity and in fact it was probably one of my first 
suggestsions at work that we use it.  The typical argument of having 
people maintain it versus an appliance did come into play.

Ironically, after many years of faithful Linux use we're going down the 
Exchange route and mail handling to be given over to another department. 
  I doubt we'll see a SA Linux box there.  Oh well.  I'm used to 
disapointments over the years, so it wasn't too much of a surprise to me.

As for upkeep, SA hasn't given me much work to do to be quite honest. 
It pretty much runs itself and the mail server hasn't so much as bulked 
with the workload yet.  I've never had any complaints about it's ability 
to detect/catch spam or false positives.  And has been said by a few 
others - you can't buy the kind of support (of which many of the 
appliance vendors wanted outrageous sums to be given over to them) that 
you get here or mostly any other public mailing list/forum/newsgroup for 
that matter.

M.

Re: Comparison of SA and commercial solutions

[JamesDR <ro...@bellsouth.net>]

Martyn Drake wrote:
> Aecio F. Neto wrote:
> 
>> Is there any *good* and *trustable* comparison between SA and other 
>> commercial solutions?
> 
> 
> I looked into a few dedicated commercial spam appliances, but most (but 
> not all) of which used a customised version of SpamAssassin as part of 
> their detection process anyway.  MessageLabs was outrageously expensive, 
> and we didn't particularly want to have mail going through third-party 
> servers.
> 
> In the end it was far better to do it myself with SpamAssassin, RDJ, 
> limited RBL and a few other tweaks, and that's how it's been so far.
> 
> Regards,
> 
>     Martyn
> 
As far as ease of setup? When I first started with SA I was more of the 
doze admin than the Linux admin. I read the directions, and could figure 
out stuff for myself. If their box/software goes titsup (like anything 
tends to do) are they going to be there that second to fix it? I'd guess 
no. So you would be either left wide open, or block business. And yes, 
you could do a really expensive clustering etc with their equipment/sw 
but what does this bring you? The black box. You plug it in, hope it 
works, and if it doesn't you are at the mercy of 'them' (men in the 
black suits ;-D )
So from ease of install (started at 2.5) from the get go, if you read 
the directions, and some of the how-tos out there. SA is the way to go. 
Like a poster said earlier, 2hrs if cpan is slow and you are on your 
feet running. If they pay you per hour of $21, this anti-spam solution, 
at the get-go, cost them hw + $42. Not too shabby for something as 
complex, yet, effective as spamassassin (complex in that it does a lot 
in trying to catch spam.) I only spend about 1/2 hr a day checking logs, 
and the spam folder (all spam is dropped there) for FP's, nary a FP per 
half year ends up there.
Stay with SA. Get good hw for what they want to spend the money on -- Or 
a company car ;-D

-- 
Thanks,
JamesDR

Re: Comparison of SA and commercial solutions

[Martyn Drake <ma...@drake.org.uk>]

Aecio F. Neto wrote:

> Is there any *good* and *trustable* comparison between SA and other 
> commercial solutions?

I looked into a few dedicated commercial spam appliances, but most 
(but not all) of which used a customised version of SpamAssassin as 
part of their detection process anyway.  MessageLabs was outrageously 
expensive, and we didn't particularly want to have mail going through 
third-party servers.

In the end it was far better to do it myself with SpamAssassin, RDJ, 
limited RBL and a few other tweaks, and that's how it's been so far.

Regards,

	Martyn

-- 
Martyn Drake
http://www.drake.org.uk
http://www.imdb.com/name/nm1279160/

Re: Comparison of SA and commercial solutions

[Loren Wilton <lw...@earthlink.net>]

> Is there any *good* and *trustable* comparison between SA and other
> commercial solutions?

It depends on what kind of comparison you are interested in.  Every few
months some magazine or online info service will run a comparison of various
spam tools, and the report of their report ends up generating a considerable
amount of traffic here.  ;-)

It should be noted that many commercial spam devices actually use some
version or other of SA as the main engine; possibly with local patches from
the spam tool supplier.  Thus it should be expected that the commercial tool
and SA will be reasonably equivalent in ability to prune spam from the mail.

The main difference in the commercial solutions, as best I can tell, is ease
of installation and use compared to SA.  Basically, you are paying someone
to package SA (or some other spam engine) along with a usually complete mail
solution, and also usually a rule updating service.

So the commercial solution becomes somewhat of a "no brainer" to install and
administer, since it is a packaged solution, and most of the administration
is actually done by the company you bought it from.

On the other hand, SA in the raw can be a little challenging for someone new
to mail processing.  There are hundreds or possibly thousands of assembling
a mail processing chain, and everyone has their favorite method.  There is
no "one standard vendor-supplied way" as there is in the PC world.  This
means that every new mail admin has to a) find out what the possible
solution are (no mean feat in itself), b) decide which one(s) are likely to
be best in his case, c) find all of the necessary parts for the solution, d)
install all of the parts, with their various requirements, e) get it all
working together, and f) keep it all working on each minor upgrade of any
part.  This isn't trivial if being a mail admin is supposed to be a very
minor part of your main job description.

So the overall comparison boils down to: SA is free in terms of download
cost, but not free in terms of admin hours spent installing, monitoring for
upgrades, and similar (although RDJ has greatly helped in allowing somewhat
automatic rule updates).  The other tools can cost a lot, but generally
require very little administration time, and generally you don't have a lot
of options in their setup.  Both are usually pretty good at catching spam.

        Loren