IronMail Setup
Setting up the appliance is straightforward; one power cord and a network connection are all you need. Although the unit has VGA output and USB and PS/2 ports, you typically configure the IronMail through its Web-based interface. (A command-line interface, intended primarily for maintenance tasks, is also available.) By default, the appliance uses a fixed IP address of 192.168.0.254 and requires an SSL connection on port 10443. I used the default administrator password and the Web interface (which requires Microsoft Internet Explorer—IE—5.0 or later) to create an administrative account.
The IronMail setup wizard helps you configure the SMTP settings for your network. IronMail uses a queuing system that lets you specify which operations you want to use on your messages and the order in which you want the appliance to apply them. I activated all the available queues and changed my firewall's settings to point to the IronMail's IP address. After sending a few test messages, I opened IronMail's Dashboard, which Figure 1 shows, to make sure the queues were working properly. I used the Anti-Spam tab to turn on the maximum level of spam blocking, then went about my ordinary mail routine.
Initially, I had trouble making my firewall correctly route inbound SMTP connections to the IronMail appliance. The fix involved changing the IronMail's LAN IP address; doing so required a reboot, but the appliance was back up and in service after about 2 minutes. Inbound mail then flowed as usual, and the Dashboard soon reflected that the appliance was scanning inbound and outbound messages for viruses and had intercepted some spam.
The Dashboard didn't show the number of messages processed since the last time the device was rebooted. I expected to see a summary of how many messages the IronMail inspected, how many it classified as spam, how many contained viruses, and so forth. This quirk made the Dashboard more of a curiosity than a serious monitoring tool. The logs, however, accurately reflected message flow.
Spam and Virus Blocking
I get from 10 to 30 spam messages per day, so I was eager to test the IronMail's antispam features. For spam detection, the IronMail supports Vipul's Razor distributed spam reporting network (aka SpamNet) as well as the Mail Abuse Prevention System's (MAPS's) Realtime Blackhole List (RBL), header analysis, Rhyolite Software's Distributed Checksum Clearinghouse (DCC) service, reverse DNS lookups, and user spam reporting.
The RBL is a list of IP addresses that belong to known or suspected spammers. By using the IP address of an inbound connection to query the RBL, the IronMail software can determine whether the message is coming from an RBL-listed host. My tests didn't reveal any RBL-tagged spam, probably because my ISP uses the RBL to filter inbound SMTP traffic.
A proprietary set of header-analysis tools looks for bogus information in the message headers—a common sign of spam. The IronMail's header analyzer looks for forged dates, sender addresses, domains, or message IDs and for missing To, From, or Subject headers. Each missing or forged item adds a user-defined number of points to the message's score. When a message's score exceeds your threshold, IronMail tags the message as spam. The default settings tagged an unacceptable volume of legitimate mail as spam, so I turned off this filter after a few days.
The DCC service lets individual users or servers report spam messages to a central DCC server. When the number of reports for a particular message exceeds a threshold you set, the central server tags the message as spam. DCC clients such as the IronMail can query the DCC server to determine whether it has identified a specific message as spam. The default DCC score settings flagged many of my legitimate messages as spam, but I was able to fine-tune the settings to reduce the number of false positives. CipherTrust is investigating ways to improve the DCC process to eliminate false positives altogether.
Reverse DNS lookups let the IronMail tag as suspicious any incoming connection whose IP address can't be resolved. When I enabled this option, I found that a surprising amount of mail traffic, mostly from mailing lists, was flagged as spam. I had to turn off this check.
Prev. page
1
[2]
3
4
next page 
