Unfortunately, it is also a very convenient and cheap medium for distributing mass mailings. This means that a lot of work time can be wasted in sifting out the unwanted and unsolicited material.
Email is also an excellent way for an organization's employees to distribute viruses and other unwanted software, whether or not the unwitting employees actually intend to.
There are a number of email filtering software products available, and plenty of anti-virus programs to help deal with these problems.
Some firewall appliances might also offer these features, but the rapidly increasing volumes of email make a good case for using a dedicated appliance that provides all these features in one box.
A dedicated mail firewall, by providing all the necessary features in one place, can reduce the administration overheads and problems associated with having software solutions installed across several internal systems and also offload some of the internet traffic from the main firewall devices.
BorderWare's MXtreme Mail Firewall sets out to address these problems. The MX-400 model, which is aimed at the mid-range enterprise, features an Intel Pentium 4 processor with 508 MBs of memory, 40020 MBs of RAID 1 disk storage and a Gigabit Ethernet connection in a standard 1U rack- mountable case.
The device can be used in several modes, either behind a firewall or in parallel with it, or out in a perimeter network or demilitarized zone (DMZ).
Installing the device is a simple process. The initial configuration process, which sets up the device's IP address and time zone details, requires a keyboard and monitor to be connected to the device.
Once this process is complete, the rest of the set up process can be carried out using a web browser over a Secure Sockets Layer (SSL) connection.
The MXtreme system has a number of anti-spam features that include source and content filtering and attachment blocking. It can also make use of the Distributed Checksum Clearinghouse and can apply Statistical Token Analysis techniques to the message contents.
It is also possible to create and apply local rules that modify the processing to take account of local knowledge and circumstances. The system allows the creation of local whitelists and blacklists.
We tested these features using a number of recent spam messages collected from various mailboxes. Most of the unwanted messages were trapped by the system and it was easy to add new rules to block the others.
Ordinary messages were passed through the system without problems. These built-in anti-spam features can be complemented by the BrightMail Anti-Spam system. This optional extra is provided on a 30-day evaluation license.
The system can use the Kaspersky anti-virus software as an optional extra, and a copy is provided on a 30-day evaluation basis. Malformed email messages are sometimes used to conceal content and attachments from anti-virus software and are often used to mount denial-of-service attacks on the server itself.
The system can be set up to check all messages and reject any that are incorrectly formed. Mail attachments can be processed in several different ways, enabling the administrator to determine how various types of attachments should be handled and what action will be applied to them.
The system can interface with a number of popular email clients and also provides its own BorderPost system, which uses a web browser as its client.
A number of administrative functions are provided, including an archiving feature that allows copies of all messages processed through the system to be sent to a specified address for storage.
A reporting system provides status details and traffic statistics as well as detailed information about the processing applied to each message.
A report generator facility is included that allows the administrator to set up and produce customized reports as needed. All system administration and configuration functions are restricted to users with appropriate privileges.
These privileges can be distributed among several users, so that routine tasks such as viewing and generating reports can be delegated to users with fewer privileges while reserving full administration rights for system administrator accounts.
The MXtreme system can be used as a mail server in its own right, maintaining client mailboxes and providing POP3 and SMTP services to clients as well as acting as a distribution center for internal mail servers. Even when it is not acting as a mail server, the device can process outbound mail as well as inbound.
This could help prevent a virus from spreading out to the internet from the local network if it becomes infected and perhaps stop an employee running an unauthorized mass mailing system on the organization's equipment.
There is no failover facility (the vendor tells us "stateful queue failover" will be available in v4.0), although the system does allow the administrator to configure a link to an interruptible power supply in order to perform an orderly shutdown if a power failure occurs.
BorderWare also provides an automatic update service called "Security Connection", which can provide details of new software updates and patches as they become available.