Thread Info
  • Locked Locked
  • Replies 12 replies
  • Subscribers 6 subscribers
  • Views 18042 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEA vs Puremessage: Feedback

lferrara

Hi All,

I am running SEA on a customer and to be honest I am not really happy about the SPAM catched from SEA. Before SEA, there was Pure Message and it blocked more SPAM and SUSPECT SPAM by adjusting the slider controls. This is something that is not achievable on SEA.

Also Sophos is selling multiple SPAM filters:

  • SEA
  • Pure Message
  • XG MTA
  • UTM9 MTA

I think that Sophos needs to understand that SPAM protection is very important and the only one (I think) that works as it should is Pure Message. Also on ideas.sophos.com there is not even an area on Pure Message/ SEA to open/vote feature requests.

I am looking forward to hearing from you guys on what experience you have and your feedback.

I am using Pure Message since 2008 and SEA since 2011.

Regards



This thread was automatically locked due to age.
Parents

  • We recently moved over to SEA from OnlyMyEmail (a web based tool which did a great job), but our users are getting too much spam as well. And when they report spam, they still keep getting it. Now, SPX is not even working correctly and is just cumbersome. Folks, I really want the SEA to be our solution but it might not be. 

    With all that said, is it possible to run both SEA and PureMessage? 

     

    Wanting to hangout at the beach watching the SEA but keep getting rolled by waves.

  • in reply to LRSpartan

    I use two spam filters in sequence successfully.   The first one does most of the filtering, but my UTM provides a second set of filtering using a different spam engine.

    In a relaying configuration, only the first device knows the IP address and host name of the sending system, so only the first device can filter based on source IP, host name, or SPF.

    UTM has a transparent SMTP option, which works around this problem.   UTM can enforce SPF, but it cannot block based on host name.   So one could configure UTM first in transparent mode with SPF enforcement, and a second device with Reverse DNS filtering.   Of course, the preferred option is to have one device that can do both.

    I don't know if either SEA or PureMessage offer a transparent mode, or whether they have gaps that would make transparent mode useful.   But you can definitely string SMTP gateways together with using as many layers as you desire.   You can also configure different paths for inbound and outbound traffic, if desired.

  • in reply to DouglasFoster

    In theory if you wanted to use all of these products together.. you could... but it's not recommended. If it's not done properly you may end up with more than one quarantine.. making a mess of everything. tbh if you want to improve your scanning .. your best to use xg/utm & puremenssage AV .. or sea and puremenssage AV.

     

    Anyways ... If I was going to do it... it would look something like this:

     

    XG/UTM

    forward facing XG/UTM:

    configure it via mx/a records so that mail is delivered to it.

    configure it in mta mode

    under the spam settings configure it to "tag subject and continue" or tag an xheader

    deliver to the sea

     

    SEA

    the sea should have the upstream utm/xg listed as a trusted relay

    configure spam rules to quarantine medium and high spam

    configure an additional policy to search the "Subject" for the the word [spam] (or what ever you configured upstream, quarantine it for the reason of spam

    filtering options: change it to "policy level blocking" and remove the check bod for the ip blocker (this makes the appliance accept all mail and look at the headers for blacklisted ips vs if if the blocker is enabled the connection would be dropped and no email accepted)

    option: you could configure the appliance to proxy mail out through the utm/xg or have it deliverer out its self.

     

    PUREMESSAGE

    install puremssage for exchange antivirus ONLY edition on your mail box servers and set up a scanning rotation. (the file name is something like puremessage4_3AV.exe

     

    this will allow you to use multiple av engines and av store scanning.

     

    CONS:

    delay queue on the email appliance will not work as you are not allowing the mta to connect.

    ip filtering (the blocker service) on the sea will not work

    complex routing

    possibility of increased spam

    possibility of email policy / dropped mail in 2 different locations

     

    PROS:

    after the fact AV scanning on the mailbox server

  • in reply to DouglasFoster

    Thanks for the info DF. We have Meraki as our UTM. I might see what it can do. I wish I could switch to Sophos for this but, I have another three years with Meraki and a very small budget.

  • in reply to Red_Warrior

    RW,

     

    In my case we have only the SEA active. I have not installed Pure Message. Should I only install Pure Message AV on my Exchange (2010) serve and let the SEA continue to be the primary scanner?

     

    Thanks!...again!

    John

  • in reply to LRSpartan

    Yup just run the av  version on your mailbox server.. pmex scans mail when users access the mail box so if you get a zero day virus and its unknown at the gateway, it may be identified after the fact when the mail box server is scanned.  As always a desktop client is always recomend for encrypted files

Reply
  • in reply to LRSpartan

    Yup just run the av  version on your mailbox server.. pmex scans mail when users access the mail box so if you get a zero day virus and its unknown at the gateway, it may be identified after the fact when the mail box server is scanned.  As always a desktop client is always recomend for encrypted files

Children
No Data
Unfiltered HTML