MXtreme Mail Firewall 800
Strengths: True enterprise-class filtering with impressive power and good integration with existing corporate systems.
Weaknesses: Enterprise power and range of options might make device confusing for some smaller firms.
Verdict: An excellent choice for enterprises.
The enterprise-class MXtreme is a 2U rack-mounted unit. Perhaps surprisingly for the largest device we examined here, the fan noise was not as bad as some of the smaller units, but definitely loud enough to warrant being housed in a server room.
The unit ships with what we regarded as the most comprehensive documentation of all the systems analyzed in this test.
Among these weighty tomes we were pleased to find a very well-written, quick-start guide, along with a list of release notes that detail an impressive set of new features. These features include outbound message signing, improvements to inbound header options, BorderWare Security Network (BSN) whitelisting, BSN relay checks, enhanced Language Support and DNS ordering.
The guide prompted us to connect a monitor and keyboard directly to the back of the unit. After that, boot-up took us to the initial configuration interface, which allowed us to set the host name, gateway and domain name server settings. The IP address is pre-assigned, but can be changed.
Having made these changes, we were able to move on to the browser-based management console. From here, after we had changed the administration password, we came to the main console that was distinguished as a very simple and clearly laid-out interface.
A basic configuration page provides all the options to enable an administrator to specify login security, including strong authentication, such as CryptoCard, SafeWord and SecurID.
We set up local accounts for users and allocation quotas, which was simple and well-ordered using the clear GUI. Again, strong authentication was an option. We can also enable or disable POP3 or IMAP services, although it is necessary to reboot the device for these changes to come into effect.
The main home page shows up the activity of mail flowing through the unit. We can set the unit to integrate with directory servers, such as Active Directory, and also bind to an LDAP server on port 389 or a secure LDAP server on port 636.
Finally, we were curious to note that a product update stated it removed DomainKeys and SPF from the device’s spam training due to their "unreliability." The firm assures us the product still supports both, however, as well as its regular filter options.