Sonicwall PRO 5060
This is a solid, high-performance firewall with lots of security features.
No other form of email filtering other than blacklists and whitelists.
A good choice for a firewall, but it does leave the email server with some filtering work to do.
This is a firewall with anti-spam facilities, rather than a dedicated mail filtering system. Installation and set up is straightforward, with Sonicwall's installation wizards to guide you, but it did insist on installing our mail server in a perimeter network (aka DMZ), which may not suit everyone.
This set up simplifies operations and cuts the amount of tinkering required to integrate the systems, since there is no need to change any existing Domain Name System (DNS) records.
The anti-spam features contain no surprises, offering the tried and tested blacklist and whitelist options, with real-time links to anti-spam services such as the Spamhaus Project, which provide frequently-updated databases of known spam sources.
But since our spam generating system obviously does not appear in these databases, all our email arrived at the target mail server without any problems.
The system's default for email is to allow everything through, whereas a dedicated mail gateway might choose to block everything. The PRO5060's email filters check email attachments for viruses and quarantine suspicious items, they don't perform statistical analysis or pattern matching on the text. But it had much greater success when we added our generating system's details to its blacklist.
In a real installation, this would be much more effective, especially with the real-time links. Blacklists can never provide the whole answer, but they can significantly reduce the volume of spam traffic arriving at the server. This cut in workload would allow the mail server to apply further filtering techniques to incoming mail while maintaining a good throughput.
It had no luck at all with our Directory Harvesting attack. It logged all our email connections, but was unaware of anything unusual going on, and we could collect all the addresses we expected to see.
This, too, is something that the mail server itself could reasonably deal with.
The PRO 5060 can provide comprehensive activity reporting, and easily highlight any unusual email traffic volumes, but cannot analyze email activity in detail or archive the traffic.