Mirapoints MD300 Repels Spam, Nabs E-Mail Viruses

As Congress struggles to pass legislation restricting unsolicited e-mail and while security-oriented liability lawsuits loom, network administrators and service providers are left to battle spam and Trojan virus scourges at home

As Congress struggles to pass legislation restricting unsolicited e-mail and while security-oriented liability lawsuits loom, network administrators and service providers are left to battle spam and Trojan virus scourges at home.

Mirapoint Inc. has leapt into the protection racket with the MD300, the first product in its Message Director line. The MD300 is a powerful, reliable gateway appliance that combines spam filtering with e-mail content and anti-virus filtering.

Despite a swollen price tag and a few flaws, the MD300 provides much-needed security for e-mail systems in eWeek Labs tests. It even promises to offload processor-intensive services from the e-mail servers themselves, allowing greater user density per server. Large enterprise environments and small Internet service providers alike will find this product a solid answer to their messaging security problems.

However, because the MD300 is limited to mail-related network ports, it provides only gateway security for e-mail. Given the ubiquity of Visual Basic-based viruses, this product addresses the primary virus transport method, but companies looking to provide gateway virus protection for other services, such as Web or FTP servers, might be better off using software gateway solutions from Symantec Corp. or Trend Micro Inc. or examining anti-virus plug-ins for firewalls.

The MD300 includes a 1GHz Pentium III processor, 768MB of RAM, three 10/100 M-bps Ethernet network interfaces, three redundant fans and two power supplies. The unit also includes three hot-swappable hard drives—two are RAID 1-mirrored, and one is a hot spare.

Priced at $26,000, the MD300 was introduced in April. Software Version 2.8.2, which includes Trend Micros Anti-Spam engine, was released June 11. eWeek Labs examined what Mirapoint officials called near-gold code, now available at the companys Web site.

A yearly support contract including software upgrades, Web site access and 9-to-5 support can be purchased for 12 percent of the overall licensing cost; 24-by-7 support costs 16 percent of the total.

Despite the MD300s protective prowess, its pricey. For example, heres what would cover 100 users: a similarly configured Dell Computer Corp. server runs $8,385; Trend Micros $2,400 InterScan; and the companys eManager anti-spam plug-in is $600 more. That comes to just over $11,000, a price that includes anti-virus protection for SMTP, FTP and Web services, in addition to the spam and content filters—a far cry from the MD300s list price.

Route and relay

Cost notwithstanding, the MD300 provides SMTP-based routing and relaying for mail servers via LDAP (Lightweight Directory Access Protocol) integration, or it can provide proxy services for Post Office Protocol 3 and Internet Messaging Access Protocol clients (we didnt test this configuration). Organizations without an LDAP directory can integrate the MD300 via an LDIF (LDAP DIF) flat file, although this is increasingly difficult to manage in complex environments.

The MD300 is complex to administer because it has three management consoles. The Web console provides access to e-mail and virus filter policies (see screen), as well as mail account control and detailed log files. The Java console has some redundant capabilities and includes system health and performance monitors.

The CLI (command-line interface) is the most powerful yet complex console, enabling fine control over the units network, LDAP and other configuration parameters. Mirapoint plans to consolidate the Java and Web console functions in a future release, leaving only the Web and CLI consoles.

We installed the MD300 on a Microsoft Corp. Exchange 2000 system, where all incoming and outgoing mail was filtered through the MD300. Initially, we used an LDIF file to route incoming mail to an Exchange server on a domainwide basis. We later configured LDAP to access Active Directory, but this step was complex. The Mirapoint Web site contains several useful documents that can help with this translation.

Software Version 2.8.2 includes the eManager anti-spam engine, which uses a downloadable list of spam sources and keywords that can be updated over the Web. Mirapoint does not provide much information about this service, so it is unclear how effective it can be without e-mailing someone each time a filter is encountered.

E-mail filtering is adequate, although limited in complexity, providing filters based on source, destination and keywords at domain and user levels. Unlike Elron Software Inc.s IM Message Inspector, the MD300 does not provide filters based on attachment file extensions or size, nor does it allow time-of-day exceptions.

The Trend Micro InterScan Virus Wall engine did its job efficiently. After upgrading the virus definitions, the MD300 identified the W32/Hybris. [email protected] and Homepage viruses that we attached to incoming and outgoing messages. Per our instructions, it notified the sender, receiver and administrator of the virus, discarded the message, and sent a copy to a quarantined e-mail account.

Administrators should be careful of instituting a great many automatic notifications because a virus outbreak could flood the e-mail infrastructure with warnings, in addition to the virus itself.