Product Reviews

Eating up Spam

Tumbleweed’s hardware has a hearty appetite.

As its name indicates, The Tumbleweed anti-spam appliance is an e-mail firewall, separating your internal e-mail servers from the Internet. All incoming Internet e-mail must first filter through the anti-spam server before passing through to your internal network.

Setting up the appliance (which the company calls Tumbleweed MMS) was fairly straightforward. All I had to do was plug the box into the network and ask my ISP to change the DNS Mail Server (MX) records for my domain so all incoming Internet mail goes directly to the anti-spam appliance’s built-in SMTP service. Then I set up the appliance to relay messages not rejected by the anti-spam and policy engines to my Exchange 2003 server.

The appliance itself is nothing more than a rack mount computer (the model I reviewed had dual processors and 1 GB RAM) running Windows 2000 Server, on which is installed Tumbleweed’s MMS 5.5 E-mail Firewall Service and the anti-spam add-on. These services store all configuration and tracking data in a SQL 2000 database. You configure the services with a Javascript-enabled Web browser. The admin Web site can either run under Microsoft IIS or Sun’s One Web server. After authenticating to the appliance, you’re presented with the main menu shown below.

GoverLAN
The Tumbleweed MMS main screen. (Click image to view larger version.)

It’s crucial to make sure MMS’s SMTP service isn’t functioning as an open relay, which spammers can then hijack and use to send spam to Internet victims. You can prevent an open relay by configuring it to relay incoming e-mail only to the internal network. An open relay may get the appliance blacklisted on mailabuse.org as an offending spammer, and Internet users that query the blackhole list may reject all e-mail coming from your open relay. The Tumbleweed appliance itself can be configured to query this list for other open relays before accepting inbound e-mail, but you have to pay a subscription fee for this access. The bottom line is you don’t want your anti-spam server to dish out the same spam it’s trying to prevent.

When an inbound message arrives, the anti-spam engine adds a header, which rates its spam potential. The header could be “adult content,” or it could simply be rated at a “high” or “moderate” confidence level of being spam. You create three base MMS policies to examine these attached headers, then dispose of the spam in some way. To create these policies, you define what criteria will “catch” an e-mail, such as checking for the appropriate header. Then you determine what actions will be performed, such as detaining the e-mail for a period of time before it’s automatically released or quarantining the e-mail until an administrator releases it, deletes it or returns it to sender. Policies can be applied to specific users (importable from an LDAP data source), e-mail domains or to folders, which can be used to group users and domains.

The appliance also does virus scanning using a McAfee plug-in that automatically updates itself with the latest virus signatures. I tested the anti-virus filtering using four different test viruses from the European Institute for Anti-Virus Research (text file, .com file and two .zip files), and it successfully stripped out the viruses and sent warning messages to both the sender and the recipient. The appliance also has a separate spam auto-update service that downloads the latest spam detection updates from the Tumbleweed message lab.

The Tumbleweed appliance is said to employ advanced algorithms and heuristics to filter out spam, while letting the good e-mail through. I put it to the test over a three-day period, and out of 729 spam messages, the appliance correctly filtered out 699, allowing 30 to go through-a “false negative” rate of 5 percent, which is fairly impressive. Even more impressive was the false positive rate, which was 0.

Tumbleweed’s high-performance SMTP server and anti-spam engine are highly effective in filtering out both e-mail spam and attached viruses. The Web-based interface is intuitive, and the user configurable policies are powerful and flexible. By automatically updating itself with the latest spam detection algorithms, there’s little administration overhead once configured. The anti-spam engine is the most viable anti-spam detection solution I’ve seen to date.

About the Author

James Carrion, MCM R2 Directory, MCITP, MCSE, MCT, CCNA, CISSP has worked as a computer consultant and technical instructor for the past 16 years. He’s the owner of and principal instructor for MountainView Systems, LLC, which specializes in accelerated Microsoft Certification training.

comments powered by Disqus

Reader Comments:

Tue, Oct 5, 2010 Rob

Try Forefront Protection for a few dollars a month per user - it's currently blocking >96% of mail as spam, policy rules are a snap, 24/7 support, it's great!

Thu, Apr 29, 2004 Andy India

Do not know much about the product as evaluating Tumbleweed, another eval is for Trend Micro's SPS 2.0. Lets see who wins

Fri, Mar 5, 2004 jesse adams California

YOU SUCK BIG BLACK HARRY BALLS

Mon, Jan 26, 2004 HealthCare Georgia

We are evaluating the 5.6 MMS / DAS solution and have found the experience to be very positive; from first contact with Tumbleweed through today has been VERY pleasant. An A-Plus-Plus for performance! - Excellent Support all around! - No other solution comes close when you do all your homework and crunch the numbers. These guys are not newbies like some other companies products.

Tue, Dec 23, 2003 Beatrice Bumble Idaho

Sure, follow the Network World link on Tumbleweed's site, and look at who topped Network World's lists. It wasn't them. Tumbleweed was 9th in Accuracy, 8th in False Positives, 4th in delivery rate, and magically still managed to come in 2nd overall. Personally I wouldn't buy something 2nd best that costs $8000.

And that's not even a long-term eval.

Tue, Dec 23, 2003 Dilbert Weed Omaha

Any solution is better than none, so don't you think a reviewer who says, "Best I've ever seen" needs to disclose exactly what they've seen? And of course Tumbleweed has their marketing guys putting comments here, that's just par for the course these days it seems. Is anyone really surprised?

Fri, Nov 14, 2003 Anonymous Anonymous

i like playing with myself at night...


...just to illustrate that anyone can post to these reviews, half of these could be fake...

Sun, Nov 9, 2003 tcvd gryp nederland

thanks

Thu, Oct 9, 2003 Chris Lindloff

We use MMS 5.5 with DAS and it has killed 99% of SPAM. The false positives are almost nil. The few that we do get, are because the email does look like spam. We just white list them after that. We do about 10mil messages a month through our two servers, of which about 4.5mil are SPAM. This a great product all around, and very fast.

Tue, Oct 7, 2003 Anonymous Anonymous

There are other server solutions to look at too. I saw an article on www.CleanMessage.com without the high price tag.

Tue, Oct 7, 2003 Anonymous Anonymous

Does it cost $8000?

Sat, Oct 4, 2003 Anonymous Anonymous

We have found MMS to be a very effective anti-spam tool. It is easy to use, and as the article says it has a low false positive rate.

Wed, Oct 1, 2003 Anonymous Anonymous

To much work is needed to manage and run MMS. It has had to many internal errors and the support from the company is less then stellar. but when it works it works well.

Wed, Oct 1, 2003 Verges K Dallas

As an existing customer of the product, we have found it to be very robust and useful for anti-spam, anti-virus and for compliance to regulatory standards. Since it uses native SMTP, it merges into any messaging environment - Domino, Exchange, Iplanet, Critical Path

Wed, Oct 1, 2003 Larry D Kerrville

Not an exchange user, but it sounds like the solution is not any better than the built in solution from IPSwitch's i-mail. I am going with InBox Lock as my anti-spam solution.

Tue, Sep 30, 2003 Mike D. Anonymous

Sounds like the guy who made the negative comments works for Tumbleweed's competition :)

Tue, Sep 30, 2003 Jeremy W. Anonymous

I didn't even know that Zixit had a SPAM solution. I thought they just did secure email. Am I wrong?

Tue, Sep 30, 2003 John M. Anonymous

When did you use it? It must have been a long time ago. The SPAM filters completely automate the process, there are no rules to maintain, and it is so simple to setup and use. Performance is quite amazing too, I also saw the SPAM review by Network World and it shows the performance rankings at the top.

Mon, Sep 29, 2003 Anonymous Anonymous

Well written, but I disagree. We used Tumbleweed at a large pharmaceutical co., and my recommendation (they'd already decided to do so) was to rip it out. In short: did not do a good job of filtering - sev 1000 users, tons of spam - it was very very slow, and the pile up of garbage was so great that every few days someone had to delete all the bad messages by hand. The heuristic filtering was not very sophisticated, and could not catch much of the spam from late last year... Setting up your own rules is extremely time consuming. I do not believe that the newer version would fix all those weaknesses.

Mon, Sep 29, 2003 John D. Anonymous

In our company we are using the Zixit anti-spam product but we are not satisfied with the false positive rate. Maybe that's an alternative we should try.
Thanks.

Mon, Sep 29, 2003 Anonymous Anonymous

Would like to know more about false positive rate and false negative rate with a much higher throughput of spam.
Still very interesting.

Mon, Sep 29, 2003 Anonymous Anonymous

very instructive and detailed.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.