Product Reviews

Eating up Spam

Tumbleweed’s hardware has a hearty appetite.

• By James Carrion
• 10/01/2003

Setting up the appliance (which the company calls Tumbleweed MMS) was fairly straightforward. All I had to do was plug the box into the network and ask my ISP to change the DNS Mail Server (MX) records for my domain so all incoming Internet mail goes directly to the anti-spam appliance’s built-in SMTP service. Then I set up the appliance to relay messages not rejected by the anti-spam and policy engines to my Exchange 2003 server.

The appliance itself is nothing more than a rack mount computer (the model I reviewed had dual processors and 1 GB RAM) running Windows 2000 Server, on which is installed Tumbleweed’s MMS 5.5 E-mail Firewall Service and the anti-spam add-on. These services store all configuration and tracking data in a SQL 2000 database. You configure the services with a Javascript-enabled Web browser. The admin Web site can either run under Microsoft IIS or Sun’s One Web server. After authenticating to the appliance, you’re presented with the main menu shown below.

The Tumbleweed MMS main screen. (Click image to view larger version.)

It’s crucial to make sure MMS’s SMTP service isn’t functioning as an open relay, which spammers can then hijack and use to send spam to Internet victims. You can prevent an open relay by configuring it to relay incoming e-mail only to the internal network. An open relay may get the appliance blacklisted on mailabuse.org as an offending spammer, and Internet users that query the blackhole list may reject all e-mail coming from your open relay. The Tumbleweed appliance itself can be configured to query this list for other open relays before accepting inbound e-mail, but you have to pay a subscription fee for this access. The bottom line is you don’t want your anti-spam server to dish out the same spam it’s trying to prevent.

When an inbound message arrives, the anti-spam engine adds a header, which rates its spam potential. The header could be “adult content,” or it could simply be rated at a “high” or “moderate” confidence level of being spam. You create three base MMS policies to examine these attached headers, then dispose of the spam in some way. To create these policies, you define what criteria will “catch” an e-mail, such as checking for the appropriate header. Then you determine what actions will be performed, such as detaining the e-mail for a period of time before it’s automatically released or quarantining the e-mail until an administrator releases it, deletes it or returns it to sender. Policies can be applied to specific users (importable from an LDAP data source), e-mail domains or to folders, which can be used to group users and domains.

The appliance also does virus scanning using a McAfee plug-in that automatically updates itself with the latest virus signatures. I tested the anti-virus filtering using four different test viruses from the European Institute for Anti-Virus Research (text file, .com file and two .zip files), and it successfully stripped out the viruses and sent warning messages to both the sender and the recipient. The appliance also has a separate spam auto-update service that downloads the latest spam detection updates from the Tumbleweed message lab.

The Tumbleweed appliance is said to employ advanced algorithms and heuristics to filter out spam, while letting the good e-mail through. I put it to the test over a three-day period, and out of 729 spam messages, the appliance correctly filtered out 699, allowing 30 to go through-a “false negative” rate of 5 percent, which is fairly impressive. Even more impressive was the false positive rate, which was 0.

Tumbleweed’s high-performance SMTP server and anti-spam engine are highly effective in filtering out both e-mail spam and attached viruses. The Web-based interface is intuitive, and the user configurable policies are powerful and flexible. By automatically updating itself with the latest spam detection algorithms, there’s little administration overhead once configured. The anti-spam engine is the most viable anti-spam detection solution I’ve seen to date.