(NOTE: Starting with the end of 2016, Xeams is not free any more. See notes below.)

 

Scenario

You use e.g. Exchange Server 2010 or 2013, maybe using the integrated anti-spam features or a server addon like Kaspersky for Exchange, or Avast for Exchange.

These products are not cheap and it is not always reproducible why mails are declared as spam (or not), also most products are not configurable in detail, e.g. what facts affect the spam score.

At least with current spam attacks which distribute ransomware like Locky etc., it has become even more important to prevent uninformed users from those mails.

Problems and Requirements

I tested free open source appliances like ScrolloutF1, MailCleaner, ASSP, OpenAS, but they are either not really free, or not up to date, or not ready for production environments, or too complex for this case. IMHO, an anti-spam gateway should contain

  • an easy to manage, modern (web) interface
  • a good overview about what is happening
  • statistics
  • detailed but humane and reproducible filter settings (how and why is a certain score generated)
  • automatic updates

You do not want to invest much time in such a system, it should just work.

Cloud systems like SpamTitan etc. also work quite well, but can also be expensive and you have to absolutely trust the cloud server, as you have to redirect your mails to it.

Solution

So the last appliance I tested was Xeams, and this seems be be the best solution I can recommend at the moment.

  • It is open source and free (paid support is available if needed)
  • You can download it as a ready-to-run virtual machine in OVA format with Ubuntu server LTS (also works in MS Hyper-V if needed, if you convert the disk to VHD)
  • You can configure almost everything via a modern web interface
  • For every incoming e-mail, you can see the spam score and how it is calculated
  • You can correct the system’s score calculation easily and manually mark mails as good or junk
  • The system can be updated via common Ubuntu update / ugprade commands (apt-get), and it auto-updates the Xeams application itself.

Basically, if you only want to check incoming e-mails, you only have to configure it as “spam firewall”, specify the original mail server settings and redirect your firewall’s incoming TCP port 25 to Xeams IP instead of your Exchange’s IP. Via Live Monitor, you can see what’s happening. Best practice might be to add a new firewall rule with a higher priority, so if you disable it due to any problem, Exchange again accepts mails directly.

Be careful with Exchange mail receiver connectors: From Exchange’s perspective, mails are coming now from an internal IP, so you might have to correct e.g. the HELO text or add a special connector. The HELO signature can also be set (overwritten) in Xeams.

Also be careful when upgrading the Ubuntu appliance via apt-get upgrade: Everything works but the suggested Kernel does not (at least at the moment). You can install it, but switch back to the older kernel until this is fixed.

Update 2016-05: Default kernel seems to work now. You can e.g. try (snapshot before!):

Update 2016-10: Xeams has changed their licensing policy. At the moment I cannot recommend this product any more. It was free for years, suddenly you should pay hundreds of dollars, so you do not know what might happen next.

Share This:

  [email protected]