A Ninja at the Gate
Messaging Ninja keeps a watchful eye on the e-mail moving in and out of your Exchange network.
1: Virtually inoperable or nonexistent
5: Average, performs adequately
Since everyone relies so heavily on e-mail for both internal and external communication,
it's a prime target for anyone from petty hackers to professional criminals.
Protecting your e-mail infrastructure against these threats adds an additional
set of complex tasks to an already overburdened workload. Mail server administration
has grown from a single task for a single admin to a multifaceted strategic
effort that requires an entire dedicated team.
Microsoft's Exchange Server is the predominant e-mail platform because of its
integration with Windows, scalability and rich feature set. Exchange 2003 is
the latest and greatest so far. (Look for Exchange 2007 later this year.) However,
it sorely lacks tools to protect mail servers and users from attacks.
There are a number of products available today that provide you with varying
degrees of assistance. Most of the enterprise-class anti-virus software companies
have plug-ins or stand-alone utilities for scanning mail. Other products help
you create and manage blacklists and white lists (for blocking or allowing all
messages based on the source of the e-mail).
Using a combination of products can be time consuming, and having multiple
pieces of software installed on your Exchange servers creates additional levels
of complexity in terms of administration and troubleshooting. Ideally, you would
have a single product to help manage as many of these issues as possible. One
such product is the Messaging Ninja from Sunbelt Software.
Many Tasks, One Tool
Messaging Ninja is a policy-based Exchange add-on that includes filtering, virus
scanning, incident reporting and phishing protection -- among other things.
Basically, Ninja's functionality covers four main areas:
- Attachment Filtering
Messaging Ninja is really a series of services that you install on your Exchange
server(s). There are also Exchange plug-ins and various management components.
For reporting purposes there's a database back-end, which can be either Microsoft
Access or Microsoft SQL Server. If you choose Microsoft Access, it will automatically
deploy an Access database on the Exchange server. If you choose SQL Server,
you'll need to have an installation already in place, as well as the connection
You'll need to install Ninja on each of your Exchange servers to fully protect
the entire environment. Ninja supports clusters in the Active/Passive configuration,
although the application isn't fully cluster-aware and requires some special
handling to run correctly on a cluster. Fortunately, Sunbelt has very straightforward
documentation to accomplish this type of installation.
After installing Messaging Ninja, you use a Microsoft Management Console (MMC)
snap-in to configure settings, manage policies and view reports. Because of
the familiar interface, configuring Ninja is a matter of simply walking through
each node in the explorer on the left side of the console and creating or editing
policies and configurations to enable or disable functionality.
Besides the primary MMC console, Ninja includes a few extra wizards to help
with various tasks. There's a quarantine viewer you can configure to display
quarantined items from multiple Ninja servers, a report viewer that displays
input from multiple servers, and several small console applications you can
use in conjunction with Sunbelt's support group to capture information about
the server. The management console also has quarantine and report views, but
those views are specific to the server you're managing.
Sorting Through Spam
Ninja lets you create custom spam policies that apply to different recipients.
Configuring these policies includes setting quarantine actions and locations.
You can also specify whether or not users are allowed to create personal block/allow
lists. Each policy has a collection of rules that are applied to all messages
received by the recipients configured to use that policy.
[Click on image for larger view.]
|Figure 1. Messaging
Ninja's anti-spam component gives you a full summary of its spam filtering
For example, you can add a rule specifying that all messages coming from a
certain IP address with the word "Widget" in the subject line will
be automatically deleted. In fact, you can even specify a specific string for
any text-based field (like body, subject, or attachment name).
Even better, you can use a regular expression to search for any type of string
that matches a specific pattern. Using regular expressions, you can filter mail
based on any number of combinations of character strings. This allows for a
higher level of flexibility than a simple string match.
Once you've created your custom policies, Messaging Ninja will add recipients
to each policy. At that point, you can enable or disable policies with a single
click, changing filtering behavior for all of the configured recipients without
having to manage each individual user.
As this review
went to press, Sunbelt was getting ready to release version
2.1 of its Messaging Ninja. Here's what's coming in the new
• Global Disclaimer: You can now add a disclaimer
to all outbound e-mail. You can also bypass the disclaimer
on a per-message basis or specify its use for certain recipients.
• Policy-Based Disclaimers: Policy-based disclaimers
let you use different disclaimers for groups of users.
• Disclaimer Templates: The templates let you
set up disclaimers using HTML or plain text. Template samples
include legal disclaimers, virus warning disclaimers and copyright
• Updated Anti-Spam Engine: Cloudmark's latest
engine blocks current spam variants like image spam.
• Console Enhancements: The updated console
has new database management tools, enhanced proxy support
for systems that utilize NTLM authentication and new report
Virus scanning is one of the most important aspects of mail management, and
usually the highest priority item in any Exchange environment. Ninja provides
two virus-scanning engines: BitDefender and Authentium; and registers both of
these engines with Exchange, which enables both to scan all messages.
You can enable and disable either of these engines as needed. Other configuration
options include setting file size limits (scanning a 6MB file can take a while,
so you can just quarantine it and move on), nested file scanning limits and
configuring custom messages. The custom messages use basic variable replacement
to let you customize the message end users see when one of their messages has
been cleaned or quarantined.
You can also configure actions for handling attachments based on file type.
For example, you can choose to quarantine, delete or deliver any of the following:
corrupt compressed files, encrypted compressed files, encrypted messages or
infected digitally signed messages. You can also start a full scan of the Exchange
Information Store from the Antivirus configuration screen if needed. Obviously,
you should only do this in very specific circumstances, as this level of scan
will have a huge impact on performance.
Finally, you can create customized notifications to send based on specific
actions taken on individual messages. You can have notifications sent to anyone,
and use other variable-based methods of text replacement to create messages
that describe actions taken.
One of the most frustrating issues for users is the inability to send attachments
to co-workers or clients. Your users have to send everything from spreadsheets
to console applications every day via e-mail. Unfortunately, many of these file
types can contain harmful code and therefore represent a serious threat to our
The only real way to defend against threats posed by attachments is to strip
specific types of attachments from e-mails. Ninja specifically addresses the
need to balance threat management against user productivity by allowing policy-based
attachment filtering. You can specify which file types to filter. You can also
choose to filter them inbound or outbound and internally or externally, based
on your requirements.
Ninja also provides Suspicious Mail Attachment Removal Technology (SMART) rules,
which can detect the file type of an attachment regardless of the actual file
extension. This will prevent users from working around policies by renaming
files. As with spam management, administrators can apply policies to specific
users (or groups of users), and enable or disable policies with a single click.
Roll the Reports
After all this e-mail activity, you'll want to know what Messaging Ninja has
done. Ninja includes a set of established reports that provide you with feedback
on a number of metrics, including viruses detected, file extensions encountered,
items quarantined and details on spam processed by the Exchange server.
You can configure all the reports for a specific date range, and change the
value on reports that include a specific number of items, like "Top 10
Viruses Found." You can preview or print reports directly from the management
console and export them to any of a number of standard formats.
You can also restrict access to certain reports based on Active Directory groups,
which gives you a degree of security around report access. Unfortunately, there
isn't any custom report generation currently supported in Messaging Ninja. Perhaps
that will be included in a future version of the product. If you use SQL Server
as the back-end, you could create custom reports using a third-party reporting
tool such as Crystal Reports or Microsoft Reporting Services.
As an Exchange administrator, you have enough to deal with when it comes to
managing your environment. Sunbelt's Messaging Ninja provides a comprehensive
solution that can help you manage spam, scan for viruses, and filter attachments
-- and report on all this activity with very little administrative overhead.