So with thanks to TurnkeyInternet for my hosting servers, and SecureSoft for helping me get the SpamTitan license, I was able to spin up a SpamTitan anti-spam virtual appliance. The SpamTitan server now sits in front of my main web server and protect both incoming and outgoing email. I can happily report that this year, the server and virtual appliance have both been rock solid, with the SpamTitan appliance currently having an uptime of 187 days. The only reason it isn’t longer is because I needed to reboot the physical host for software updates and, therefore, had to take the appliance offline.
Since the appliance was brought online on 19th January 2014, there have now been 263585 emails (up from 131889 emails as at 3/02/15) that have passed through, and these have been broken up into the following:
RBL Rejections – 53.9% (up from 53.5%)
Clean messages – 25.3% (up from 25.1%)
Other Frontline Rejections – 16.7% (up from 16.4%)
Denied Relays – 1.9% (down from 3.3%)
Spam Messages – 1.7% (previously not high enough for a stat)
Invalid Recipients, Banned Attachments and Virus Messages making up the remaining 0.5% (down from 1.7%)
(see image below for further details).
More about SpamTitan:
The SpamTitan appliance comes inbuilt with both the ClamAV and Kaspersky antivirus scanners that together provides a robust and reliable antivirus platform. More viruses have been hitting the server in the last 12 months, however not one has made it through the two front-line scanners.
I have found the appliance to be hugely configurable, both system-wide as well as down to the domain level. SpamTitan provides the ability to configure different outbound disclaimers, daily report settings, spam thresholds and so on all on a per domain basis (and much more).
As mentioned above, the stability and reliability of such an appliance is crucial. While clustered services are available, I have not the resources, or need to have such a feature available, and therefore, the stability of the virtual appliance has been paramount to its success. It has also been a blessing to have the SpamTitan server in front of my main email server on the odd occasion it has required maintenance so that mail is still received and queued for later delivery.
This year has seen some continued minor tweaking of the bayesian filter settings, with some very helpful and handy advice from the SpamTitan support team as well, who were able to provide some recommended settings and configurations for my particular circumstances.
The 2015 test – privacy breach on a hosted email address:
Unfortunately, 2015 saw one of my personal email addresses posted on a companies’ Twitter account for six minutes. The account in question had well over 90,000 followers, and unfortunately, it appears a few of those were bots as there has been a noticeable increase in spam on the email address in question since that occurrence.
All the intricate details of this aside, the SpamTitan appliance has kept up to the task and blocked almost all of this spam. In the month following the breach the spam messages hitting the appliance were at a new level of sophistication. Therefore, it took the bayesian filter a few weeks to re-learn and adapt to the style. Since then it has dropped back to the normal levels where I very rarely (if ever) get a spam message that makes it through all the checks.
Who is it for:
The self-hosted appliance (or the SpamTitan hosted offering) is of great use for anywhere from small businesses (SMBs) with 10-50 users too much larger, even enterprise organisations. At this time, the smallest license you can get is 50 users, so there are no single user options at this time, being a power user I can justify the overhead, but I would love to see an end user offering available in the future.
What I would like to see:
While the whole experience has continued to be overwhelmingly positive, there are certainly some things I would like to see enhanced in the coming year:
- (Review 2014) – I would like to see improved is the way a user can mark a false negative (i.e. spam that slipped through the cracks and was flagged as clean). At the moment, a user has to log into the web interface, find the email (that can sometimes be difficult without the Quarantine ID), and then mark it as spam. I would love to see a simple “forward to a particular email address” that the SpamTitan server would then check periodically to re-classify those emails as spam.
- (Review 2014) – It would be great for an administrator to have the ability to review the quarantine and utilise integration with the SpamCop service which would enable the bulk submission of spam (via email) to the service to help report those that have slipped through the cracks.
- Mobile interface – the lack of a mobile optimised interface is starting to become problematic. As I find myself checking email on the run more and more often, it would be outstanding to have a mobile optimised web interface for end users to manage spam that has hit their accounts. At the moment the interface does work, but as the interface is not mobile optimised, things look rather small.
- Option to enable quarantining (rather than blocking) of SPF failures or certain HELO failures. This year I have seen many failures as a result of broken SPF records and unresolvable domains where the actual mail itself was valid. While it would present additional load on the system, I would prefer to have these quarantined rather than completely blocked so that legitimate email could be recovered. At the moment if (for example) an SPF record is broken (as the sender has not updated it for any reason) the email is blocked, and you are unable to get it back unless it is re-sent. Unfortunately, some people aren’t diligent in updating their SPF records.
- Spam reports that can be configured to send more than once daily – currently spam reports can only be scheduled once per day. I would ideally like to see the ability to schedule once every 8 or 12 hours as an additional option (nice to have).
- Web services enhancements – Getting the quarantine ID of an email that has made it through the cracks is very simple. It would be outstanding if an email’s classification could be changed via a web services call. This would allow more automations and third party integrations (think Alfred App for OSx users) to assist in re-classifying spam rather than relying on the web interface.
Where can you get it?
If you are in Australia, you can speak to the team at SecureSoft who are the local distributors, they are a great bunch of people and have great and helpful sales and support staff. Otherwise, outside of Australia, you can check out SpamTitan to check out who your local reseller is.