In my previous two articles on this subject (located here and here) I discussed how it is important to be aware of both internal and external attacks against your Exchange server and what forms they can take. I also went through some of the monitoring systems that you can put in place to help you diagnose issues and what you can do to alleviate problems caused.

What I would like to do in this article is to finish off with a few elements which you can use to further secure your SMTP virtual server and then move onto how you can help secure your Exchange Server from SPAM.

This article is a monster (in terms of length) so, for your convenience  I have placed a downloadable copy of the trilogy here in PDF Format:

Exchange 2003 – Spam Articles – 3.11 MB

Further Precautions that you can take with you Virtual SMTP Server:

In large environments it is not uncommon for Applications and Systems to be in-place that need to be able to “bounce” a notification e-mail off of the SMTP virtual server of you Exchange Server. For example where I work we have a financial application which sends notifications out to designated people when the have an invoice that requires authorisation. Now many organisations that I have been to essentially focus their attention of protecting their Exchange server from External attack – however do little to secure the mail environments from internal misuse (please see the first part of the series for a greater discussion on this) – It is also worthy of note that organisations that have Software that need to relay internally are the worst offenders for leaving their Exchange SMTP virtual Server unprotected.

What I recommend is if you use VLANS within your company or indeed operate different IP addressing ranges for your servers and clients – you should implement connection control on your Exchange server.

Unlike restricting relay on your Exchange Virtual server – connection control will actually prevent unauthorised machines from connecting to the SMTP server in the first place.

Connection control can be configured by using the following process:

Open the Exchange System Manager and navigate to [ Administrative Groups -> First Administrative Group -> Servers -> -> Protocols -> SMTP –> Default SMTP Virtual Server ]

Right click on the entry for the the Default SMTP Virtual Server and from the context menu that appears choose “Properties” – see below

Upon choosing “Properties the following dialog box will appear – choose the “Access Tab” and then click “Connection” button from the “Connection Control” area – see below:

When you have clicked on the button you will be presented with the following dialog box:

At this stage the configuration of your network and Exchange environment will perhaps play a part in how you proceed from here, below are a few examples (and I STRESS examples) of network + Exchange configurations and how you can use Exchange connection control to help you (your own configuration may not specifically match the examples below – however you might be able to see a way in which it will be useful within the context of you own environment):

Example 1: [ Internal Servers that need to use SMTP on your Exchange Host + a DMZ based SMTP Forwarder ]

The following scenario consists of the following elements:

• An SMTP host in the DMZ that forwards all mail for your domain to an Exchange server behind a firewall (this does not have to be an Exchange host)
• Single (or perhaps multiple) backend Exchange Database Servers
• Single or multiple servers internally that need to connect to and then relay mail via the internal Exchange servers SMTP Virtual Server
• All internal hosts may exists in the same IP Address ranges

Lets assume that considering the above the following is true:

• e-Financial Server = 192.168.1.1
• Mailbox Server = 192.168.1.2
• Normal User = 192.168.1.3
• DMZ SMTP Host has a NAT’ed Address on the Network = 192.168.1.245

In order to secure Connection control for the above configuration select the “Only the list below” radio box like so:

Then I would click on the “Add” button which would open the following interface:

Here I would choose the “Single Computer” option and enter in the IP address of the e-Financial Server then click on the “OK” button which would return me to the Connection Control dialog box which will now look like the following:

I would then repeat the process for the IP addresses of the following server from the diagram above:

• DMZ SMTP Host

When the configuration is completed you will end up with a backend Exchange server which will only accept SMTP connections from the DMZ host (which in turn means Internet Mail) and from the e-Financial server.

Client machines on the network will not be able to connect to the SMTP server and therefore cannot abuse your server internally.

Under this configuration you would still need to take precautions with the DMZ host to ensure that it cannot be used as an Open Relay, however from an internal perspective you are a little more secure.

Example 2: [ Internal Servers that need to use SMTP on your Exchange Host split into VLANS with separate IP Ranges + a DMZ based SMTP Forwarder ]

The following scenario consists of the following elements:

• Two VLANS with personal IP Address Ranges – one VLAN is for Clients, the other is for Servers
• Single (or perhaps multiple) backend Exchange Database Servers
• Single or multiple servers internally that need to connect to and then relay mail via the internal Exchange servers SMTP Virtual Server
• An SMTP host in the DMZ that forwards all mail for your domain to an Exchange server behind a firewall (this does not have to be an Exchange host)
• A provider (such as Message Labs) sending mail onto your DMZ SMTP host

 

Lets assume that considering the above the following is true:

• The servers on the servers VLAN will have an IP address the range of 10.32.66.x
• The client(s) in the client VLAN will have an IP address in the range of 10.32.23.x
• The DMZ SMTP host has a NAT address of 10.32.66.10
• The DMZ SMTP host is configured to ONLY accept connections and relay from the Message Labs towers

In order to secure Connection control for the above configuration select the “Only the list below” radio box like so:

Then I would click on the “Add” button which would open the following interface:

Here I would tick the “Group of computers” radio button and then enter in the subnet details of the Server VLAN. In doing this I will accomplish the following:

• All Servers on the Server VLAN will be able to use the Exchange SMTP Virtual Server (which includes the NAT address of the DMZ host)
• No other computers will be able to connect to the SMTP server

Connection Control Summary:

As well as using the “Only the list below” functionality of Connection Control you can also invert the configuration to “All except the list below” – by using this functionality you can configure single computers or indeed ranges of computers that are not allowed to connect to the Exchange SMTP server. Additionally you can also use the “Domain” configuration and ban computers reporting to be from certain domains from establishing a connection.

As I mentioned before, the above configurations may not match your specific needs, however I advise that you experiment with the tools (in a Lab first of course) to find a solution which fits your needs.

I also advise buying Henrik Walther’s “Securing Exchange 2003 and OWA” book (Syngress) which contains an excellent chapter on securing SMTP virtual servers (and much more besides).

SPAM – No Remorse – Just Kill it:

SPAM, it is a Mail Admin’s greatest enemy and headache.

In this next section I would like to go through some steps that hopefully will help turn you into SPAM’s greatest predator. In this section I would like to cover the following:

• What is spam?
• The IMF
• SME (Small to Medium Enterprise Solution) – SpamFighter
• Third Part Vendors

What is Spam?

SPAM is typically contained within a tin (with a nice key on the side or top), it is red(ish) in complexion and is made from the meat of the SPAM cow (so I am told) and was covered in depth by Monty Python (it’s worth watching the entire episode). When it hits your Exchange server can leave a dent (if still in the tin) or a nasty mess (if minus the tin).

Seriously though, SPAM (or SPAMMING) is the abuse of Messaging (although it is most prevalent in e-mail) systems to send large amounts of bulk Messages to various, often unrelated recipients with mostly spurious advertising (such as Viagra, Porn sites, Insurance). The best way to think of it is electronic “Junk” mail.

SPAM is un-popular not just from the stand point of administrators, but users of mail systems as they generally do not like receiving e-mail questioning the size of their genital’s and mammary glands, and in large enough numbers can cause serious problems for mail servers.

Remember SPAM does NOT look like this (the popular meat based product is far more tasty, welcomed and useful than the type of spam that I am discussing):

Basic SPAM Reduction – Intelligent Message Filter:

SPAM in many cases is an organised business where the largest proliferators making big money from their exploits (and in some cases potentially subsidising organised crime), in addition they are constantly finding and rotating methods of influtration into mail systems which pertain to use “state of the art” Spam protection so from this point forward you should note that there is a chance that you will receive some degree of Spam no matter how well you are protected – however the level received is directly dependent on how well you protect yourself.

Natively (From SP1) Exchange Server 2003 does have a degree of SPAM protection which manifests itself in the form of the Intelligent Message Filter.

Exchange 2003 Servers Service Pack 1 introduced compatibility for the IMF (Intelligent Message Filter) which was available as a separate download, however Exchange 2003 SP2 the IMF was fully integrated into Exchange.

In this article I do not intend to go over the installation or configuration of the IMF the main reason being that Daniel Petri has produced a number of truly excellent articles which deal with almost every aspect of its configuration and I do not wish to duplicate any of his work.

The following however are my essential reading recommendations from his site on the IMF:

• Installing the IMF – For people whom do not wish to Install SP2 for Exchange
• Block Spam with the IMF – Good Guide to using the IMF
• Configuring the IMF In Exchange SP 2 – To configure the IMF in SP 2
• How to install the IMF in Exchange SP 2 – Great article for situations where upon installing Exchange SP 2 the IMF does not appear
• Updating the IMF in Exchange SP 2 – Get automatic updates to the definition files for the IMF in SP2

Additionally to the above – I also recommend that you download the Operations Guide for the IMF from Microsoft which is located here: http://www.microsoft.com/downloads/details.aspx?FamilyId=B1218D8C-E8B3-48FB-9208-6F75707870C2&displaylang=en

Small to Medium Enterprise Reduction – SPAMFIGHTER (or SEM SpamFighter Exchange Module):

Earlier last year I was contacted by a company whom are based in Denmark whom produce a product called SPAMFIGHTER. SpamFighter is marketed as one of Europe’s leading anti spam programs protecting over 4 million users in 221 countries. They asked me if I was willing to test SPAMFIGHTER on their behalf and if I found it to be of note -bring it to the attention of readers of my Blog.

Now this is (was) new ground to me, as I wished to keep this blog (as best I could) away from being a means to make money – and perhaps reduce the risk of recommending sub-standard products to a large user base, so before I go ANY further I would like to reassure you all of the following:

• I have spent a very long time looking at SPAMFIGHTER before I would mention it on the blog – the main reason for this is that I wished to ensure that it met my own personal standards of functionality – and also so I could put it in a correct recommendation context (for example – is it good for the home, or SME, or Large Enterprise).
• I have not, and will not receive ANY form of financial renumeration for going through SPAMFIGHTER here on the Blog – I don’t do that sort of thing.
• I may recommend 3^rd party products in the future, however, they will be in the same context of SPAMFIGHTER where I have road tested them in a production scenario – if they suck I will tell you.

I have been using SpamFighter on my home based mail server for the past few months.

On average I receive around 150 normal messages per day to my personal domain, however my average SPAM traffic is perhaps 30% higher. Prior I was using the IMF which was pretty effective, however it at times does not stop the more sophisticated end of the SPAM based spectrum, therefore I was keen to see what the overall impact of installing the product at home on both my Exchange server and indeed my SPAM issues.

SPAMFIGHTER – Installation:

SpamFighter mercifully has a very straight forward installation in this section of the article I would like to take you through the installation process for SpamFighter.

You should note that if you have more than one Exchange server in your Organisation which hosts mailboxes a copy of SEM will need to be installed on each mailbox server – however if you operate a Gateway scenario (where you have an Exchange server which operates as a dedicated SMTP relay) then it can be installed there only.

Initially SEM can be downloaded from the following URL: http://www.spamfighter.com/SEM_Installing.asp – this will download the installer package to the Exchange server (SEM.exe).

Double clicking on the SEM.exe package will open the following Dialog box, from here I selected the language for the product (in my case English):

After clicking on the OK the following dialog is presented:

From on this screen I clicked “Next” which displayed the following:

This initialises a test to the licensing servers on the Internet (if the product has not been purchased and not installed it prior to the first installation you will get a 30 day license), clicking on the “Next” button which will open up the following dialog connectivity test dialog:

Providing that all is well with the connectivity the following dialog box will be presented:

Here is the standard licensing dialog box where the “I accept the agreement” Radio check box is usually the order of the day and then clicking on “Next” will open up the following dialog box:

Here the installer asks you if you would like to also install the Viral equivalent of SpamFighter – personally I just ensured that the “Do you wish…” was un-ticked and I clicked on the “Next” button:

Here clicking on the “Install” button will open the following progress dialog:

When the module installation process has finished the following dialog box will be presented:

Here clicking in the “Next” button (slightly oval shaped):

Here the installer needs to know if in order to gain access to the Internet the program needs to access a proxy server – SEM (SpamFighter Exchange) – SEM needs access to the Internet for program updates, SPAM definitions and licensing reasons – in my case I do need to go via a proxy therefore I left it at the default option and then clicked on the “Next” button which opened the following dialog box:

Here the installer needs to know what Windows account to run its Services under, I choose to create a domain account (called SpamFighter) prior to beginning the installation – therefore I choose to use the “Use existing service account”, however the installer can also be used to create the domain account. After confirming that the account meets the criteria that is listed in the details section of the window the “Next” button can be clicked on which opens the following dialog box:

As I had pre-created the account in AD this part of the installer requires that I provide the account information - when completed clicking on the “Next” button will open the following dialog:

Here the installer will complete the configuration of the service accounts and the remaining elements of the install – when completed the following dialog will be displayed:

On the dialog box the local domain and indeed any other domains that your Exchange server is Authorative for should be added to the white-listed domains list - when completed the “Next” button should be clicked on:

The Installation process creates a new group in Active Directory called “SpamFighter Administrator Group” members of which can fully administer the functions of the SpamFighter interface – you can also add in your custom groups at this stage, however I found that the default settings were sufficient for my own personal needs.

When clicking in the “Next” button the screen changed to the following:

Here you can configure the options which dictate when the software will update its definitions and check for program updates– you can also (optionally) specify an administration e-mail address where update notifications can be mailed to.

Clicking on “Next” change the screen to display the following:

Clicking in finish will save your settings and return you to the installation wizard (as per below).

 

Here just click on Finish.

Installation Summary:

Overall I found the installation of SEM very straight forward, and most importantly it did not have any noticeable effect on the performance of my Exchange server. During the installation process there was no interruption to mail transport nor store access, there was also no significant performance glitches highlighted by PERFMON (yep I ran PERFMON against the server during the installation just to see what would happen).

SpamFighter – Administration:

Like most products these days the administration console for SpamFighter is web based. During the Installation process a new site is created on your Exchange server within IIS which responds to requests on port 2404 (therefore the URL for the administration console would be http://:2404/) so that it does not interfere with your OWA web-site.

In order to access the site administration console you can open up Internet Explorer and use the above address – or – access it from [ Start -> Programs -> SpamFighter -> SpamFighter Administration ] – see below;

In clicking on the above entry (or by entering the URL manually) you will be presented with the SpamFighter Admin console which looks like the following:

This (unsurprisingly) is the main introductory screen which contains the usual stuff (license information, version info, bit of company blab) – this also doubles for the configuration area for components of the software when you choose a menu from the left hand side.

Generally speaking the interface layout is clean, clear – but unremarkable, however it does avoid the temptation to use Java (which in my opinion has no place on an Exchange server) or ActiveX controls.

Accessing and configuring the product is controlled from the menu bar which is located on the left hand side of the interface – the following is a clearer view of the bar:

The most relevant sections of the menu bar are as follows:

• Mailboxes
• Filters
• Statistics
• Administration

As these control the key aspects of the functionality of SpamFighter – here I would like to go through the features on the menus above:

Mailboxes Menu:

The mailboxes menu contains the following options;

• Mailboxes
• Search
• Advanced

The most relevant of these are the “Mailboxes” and “Advanced” options as these allow you to control the more granular aspects of how SpamFighter interacts with Users located on your Exchange server.

For example when you click on the “Mailboxes” entry of the “Mailboxes” menu (hope you are following this) the main window of SpamFighter will change to look like the following:

Here you will be presented with the list of the mailboxes that have been found within your Exchange organisation (you should note that the default amount of mailboxes to be displayed is 20 – this can be changed / sorted using the “Sort List” functions on the left).

You should notice that there are two tick boxes (one white and the other grayed out) the first option is to enabled SpamFighter for the particular user (the grayed out option is used when the Anti Viral product is installed).

I have to admit I like the feature of being able to enabled SPAM protection on a mailbox by mailbox basis (although within the program you can figure SpamFighter to be enabled for all mailboxes by default  – including new mailboxes). Another feature that I quite like is how you can select the primary protocol which the mailbox uses which presumably adjusts the type of Spam protection that is applied to that user.

This can be accomplished by clicking on the exclamation mark at the far right hand side of each users entry – see below;

Settings are saved (unsurprisingly)  by using the “Save Changes” button.

If you click on the “Advanced” entry of the “Mailboxes Menu” the main window of SpamFighter will change to look like the following:

The advanced options above allows you to configure how mailboxes should handled by SEM – for example the first option above allows you to specify whether SPAM protection will be applied to new of unknown types of user (the default is enabled which is potentially the safest setting).

Other aspects of the program that you can configure here are what type of MAPI recipients will be displayed on the “Mailboxes” page (for example Public Folders, System Mailboxes and Distribution Lists) which will allow you to enable and configure SPAM protection for them.

Filters Menu – Filter Settings:

The filters menu contains that options of the program which I would classify as the “business” end of the product. From the options that are contained within this area you control how SEM actually handles the SPAM that it detects.

Contained within this menu are the following options:

• Filter Settings
• User Settings
• Toolbar
• Advanced

[ Filter Settings ]:

When you click on the “Filter Settings” option the main screen will change to look like the following:

The relevant options that we should be interested in here are as follows:

• SpamFighter Sender Filter
• SpamFighter General Filter
• SpamFighter Community Filter
• SpamFighter Language Filter

Just as a side not that I am not covering the SpamFighter Anti Viral filter.

Selecting the “SpamFighter Sender Filter” will change the main window to look like the following:

The options on this screen allow you to configure “White-listed domains” (domains which are always permitted through the Spam filters) – you will notice that your own local domains have already been added on the right hand side of the screen (this happened during setup) – however you can add more as an when you wish.

On the flip side you can also configure “Black Listed domains” on this screen (domains which are not permitted to pass through the filters). You will see that on the left hand options column entitled “EMails” your local domains are present (which I thought was a little confusing) – however any form of filtering will only happen if they are moved over the the “Domain Column” – I could not really find a definition of the difference between “Emails” or “Domains” within the documentation – however it would seem that as long as your local domains remain in the EMAILS section of the blacklist then everything functions correctly.

Also on this options screen you have the option to ignore internal traffic (which is quite sensible) and a feature called “Enabled Lock Down” which essentially stops all traffic apart from messages and domains that you specify. This I think is a really nice feature as I have seen situations over the years where you have a server swamped with SPAM and in order to clean it out you need to take services offline – with this option you can maintain a modicum of service whilst you deal with the problems. I like to call it a controlled “Big Red Button”.

Selecting the “SpamFighter GENERAL Filter” will change the main window to look like the following:

The general filter settings screen allows you to control some of the miscellaneous settings of the SPAM filter.

The first option which is entitled “Filter State” has two settings “Enabled” and “Disabled” – by disabling the filter state will effectively stop SEM from monitoring the SMTP (or other protocol traffic) on your Exchange server.

The second option “Mail Size Setting” allows you to specify if you would like to scan all e-mails – OR – configure a customer size for scanning. This is useful in troubleshooting performance issues on your server.

Selecting the “SpamFighter COMMUNITY Filter” will change the main window to look like the following:

The community filter is pretty much the engine of SEM from my understanding – its definitions are built from common sources of SPAM and the classifications that users give to mail items during the use of the product worldwide.

On this screen you have the option of setting the SPAM sensitivity in the range from “Disabled” (or off) to “Very High” (exceptionally paranoid) – or you can provide a numerical range from 0 – 99.

During my testing of SEM I have found that when set to medium (which is the default) SPAM detection has been quite good (overall) however I would have liked to of seen more instruction on fine tuning.

For example on the Medium setting there was no “False Positives” however some spam made it through – but when I moved my setting to “High” the “False Positive” rating went to about 1.5%.

What I think would be good here is place numerical representations of the general settings (for examples Medium = 50, High = 70) beside the definition entries in the interface so that users of the product can make informed judgements on the value to place in the “Custom” settings option (so if you know that you get 0 false positives when using medium, but spam still gets in, you know that if you use a custom setting of 57 you might maintain the false positive rate and decrease the SPAM influtration).

Selecting the “SpamFighter Language Filter” will change the main window to look like the following:

This page activates what I think is quite a nice feature of SEM – essentially you block mails written in certain languages – not much more I can say here.

[ Filters Menu –> User Settings ]:

When you click on the “User Settings” option from the Filter Menu you will be presented with the following screen:

Now, again I think that this is a nice little feature. This setting allows for you to search through all mailboxes that are enabled under SEM and customise the SPAM settings (as per above) on a per mailbox basis.

[ Filters Menu – Toolbar ]:

When you click on the “Toolbar” option from the Filters

Another nice feature within SEM is the “Toolbar” option. Essentially this section of the product allows you to install an integrated Toolbar into either Outlook or Outlook Web Access. This allow each user to block or unblock spam under their own motivations. So for example rather than contacting IT about the occasional SPAM item that gets through – they can take their own action against it – pretty cool!.

You can customise the Toolbar to display you own personal logon and message text (including a URL that when click on the message text could take you to a customised “help” web page for example.

In the case OWA the tool bar is a fully automated installation – which is a real boon (however I found that you should advise users to press CTRL-F5 to make the bar appear when enabled (this forces a refresh of the OWA Frame set in the local IE cache).

[ Filters Menu – Advanced ]:

When you choose the Advanced setting from the “Filters” menu you will be presented with the following screen:

The advanced features screen allows you to configure what to do with mail that is classified as SPAM – on this screen you can choose between:

• Move the mail item which has been deemed be spam to a folder called “SpamFighter” in the users mailbox (the folder is created automatically) and mark it as read.
• Delete the message permanently
• Place all messages which are deemed as SPAM in a dedicated mailbox

Additionally you can choose what actions you wish to take based upon the protocol or message deliver method that is being used (for example if you are using POP3 as you reception method you get a additional option of prefixing the message with ** SPAM **)

Statistic Menu:

The statistics menu contains a number of options which allow you to review the various metrics of SPAM proliferation to your domain. Within the Statistic menu you have the following options:

• Today – SPAM Information for the current period
• Last week
• Last month
• Mailboxes – review SPAM on a per mailbox basis – nice feature
• Statistics e-mail – allows you to configure an address where the collated information should be sent periodically

Below is an example of the “Today” statistical reporting which SEM provides.

This, again I feel is another nice feature of SEM (especially for Managers and CEO’s), from the reports that are produced you can review the percentage of legitimate mail versus SPAM, how much this has perhaps saved you on a per user basis (this is configured elsewhere) and the usual “stopped” and “ignored” values.

What I feel would be an even greater facility here would be as follows:

• Custom time period reports
• Common SPAM messages
• Highest SPAM receivers
• Export Reports to common formats (such as Excel, PDF, Word etc)

SPAMFIGHTER – Other Settings not covered:

There are a number of other menus that I have not covered in any real depth in this article (Product Keys and Administration for example) however they are worthy of mention as they contain a number of cool features which are as follows:

• Administration:
  • Adjust the way in which SEM handles RESCAN of Mailboxes – basically allow SEM to rescan a mailbox – should it fail on the first pass – this is disabled by default for presumably performance reasons. Using this option will allow you to set rescan interval, rescan items that are unread and a number of other of options.
  • Adjust the settings that can help with performance issues – for example you can change the way in which a mail item is looked at (does the program look at headers for example), choose if items are cached or even clear the cache
• Data Storage:
  • You can change the way in which SEM records data in terms of your SPAM statistics – by default SEM uses SQL lite – however you can configure it to use a Microsoft SQL data provider (this could allow you to write you own reports – however I still believe that more should be available by default (see above)
• Statistics:
  • Here you can configure you own values as to how much money is saved per SPAM mail trapped – you can also configure the currency that you use.

SPAMFIGHTER – Cost:

SpamFighter like many products is licensed per user – therefore the more users that you have the cheaper it will be.

For example, if you have 10 mailboxes and you wish to purchase for a year this will cost you £12.75 per mailbox (totalling £127.50 based upon a 12% discount) – the product is sold in batches of 5.

If you have 20 mailboxes and you wish to purchase for a year you will pay £11.88 per mailbox (totalling £237.60 based upon a 18% discount).

SPAMFIGHTER – Overall:

SpamFighter is a very good product and gets positive ticks in the following boxes which I would imagine concern all Exchange Admins:

• Easy to install
• Low performance footprint on your Exchange servers
• Easy to manage – allows for remote management via a responsive web interface
• Has a pretty good SPAM detection rate
• Cartel based SPAM definitions (e.g. all users of the product contribute to what is classified as SPAM)
• Integrate with all Exchange Protocols (MAPI, IMAP, POP3, SMTP and Windows Mobile Devices)

However I need to look at it in the context of others solutions in the market – it’s a little on the expensive side.

From what I have seen – its market seems to be in the numbers of 10 – 300 users (Small to medium size enterprises) but at the lower end of the spectrum (even with the 2 or 3 year discount) it appears to be slightly more expensive than competitors such as GFI (which in the basic suite of products includes a viral solution – GFI essentials) with SEM the anti viral product is available at extra cost.

Above 300 users, companies are typically looking to other solutions such as e-mail Systems (yuck) or if you have user base in the range of 500 – 1000 perhaps Message Labs.

If you are looking for a product that solely does SPAM and you have between 10 and 300 users and have a separate Anti-Viral solution then I recommend that you give SEM a serious look (perhaps also look at the Anti Viral solution that they provide), however if you have above 400 – 700 users are you are looking to spend money on an all in one effort then perhaps you need to look elsewhere such as GFI or Network Associates (Group Shield for Example).

If you have 700 and above users you need to perhaps look at solutions provided by 3^rd parties like e-mail systems and Message Labs.

All in all I think that the following is a an appropriate rating for SpamFighter:

Already have an Anti-Virus solution – but need an effective Anti SPAM solution and you have between 10 – 300 users – SEM = 8.5/10 (eight and a half out of 10)

The above is purely my opinion of the product as I have seen it, I would even stretch as far to say if you have 10 – 450 users it is still worth a look – however one thing that I will state is that I recommend you download the evaluation copy and make up you own mind.

If I was the Exchange Admin of a smaller company SEM would be in the top two products to look at as a SPAM solution, however from my perspective I am not sure that it has a market in the higher ranges of users as players such as Message Labs have this pretty much wrapped up.

Well that concludes my review of Open Relay and SPAM for Exchange 2003 – and indeed my look at SPAMFighter, you have any comments about this or indeed any of my articles on this subject as always please feel free to contact me.