mailwatch, two MX servers
Stephen Swaney
steve.swaney at fsl.com
Tue Apr 18 02:09:46 IST 2006
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Dave
> Sent: Monday, April 17, 2006 3:21 PM
> To: mailscanner at lists.mailscanner.info
> Subject: mailwatch, two MX servers
>
> My current setup is Mailscanner on two MX servers, they forward to the
> main GW server behind the firewall. I considering installing
> SMGateway, but it looks like they are fully commercial and the only
> pricing I found was $900/yr. So anyhow, I'll just install mailwatch.
>
> If I install mailwatch would that mean I can't use two MX servers?
> Would users have to login into each MX server separately. We are
> migrating to AD in about 6 months, does mailwatch support LDap from
> AD?
> --
To setup an open source solution is not terribly difficult but will still
have some limitations that DefenderMX (we renamed SMGateway just after the
first release :) does not have. Let's take the open source solution first.
You can setup MailScanner and SpamAssassin on multiple gateways and
synchronize the configuration and text files required for the applications
by the applications using scripts, keychains and rsync. The Bayes database,
MailWatch MySQL database and MailWatch web servers can be on individual
servers which are separate from the gateways. We have one open source
MailScanner ISP site where all are separate with the Databases running on a
MySQL Cluster.
I believe there are some limitations to using MailWatch user or domain
administrator logins for viewing or releasing for quarantine. The principal
limitation is that the logins must be manually created in the MailWatch
database. There are no web or batch interfaces for administering domains,
MailScanner or related applications. The MailWatch user interface is the
only web enabled part of the setup (Steve Freegard can correct me if I'm
wrong :). Postfix or sendmail can be configured to verify the existence of
the users email accounts on the Exchange sever before accepting the email.
Milter-ahead (www.snertsoft.com) can be licensed and installed to verify
user accounts before accepting email for sendmail and all other types of
mail hubs. All updates are manual but updating MailScanner / SpamAssassin
and ClamAV are not too difficult thanks to Julian's Super Scripts.
There is a completely different architecture behind DefenderMX. A MySQL
database behind a web interface is used to store MailScanner and sendmail
configuration data and provide checkpoints to restore a previous
configuration if the configuration gets mangled. MailScanner and sendmail do
not use the MySQL database to read their configuration data. When changes
are made to the MySQL database, they are immediately pushed out to out to
the LDAP schema which is used by the individual scanning gateways. If the
MySQL database goes down, mail processing will continue because each gateway
uses a replica of the LDAP database. Web servers and Database servers can be
clustered if you're really paranoid, but it takes less than one hour to
install the OS, DefenderMX and restore the configuration so if you have a
cold spare, you can be up and running again pretty quickly.
No user state is kept on the gateways. Users and domain administrators can
log in via the web to set white / black lists and spam preferences using
their mail hub or Exchange email address and their normal password.
Dictionary attacks can be stopped at the gateway for any backend mail hubs
except Exchange 5.5 and 2000 (sorry these versions are just too totally
brain dead) since we license milter-ahead from Anthony Howe. The
milter-ahead license is included in the cost of DefenderMX.
There are separate web based interfaces for system administrators, domain
administrators and end users. Almost all MailScanner tasks; configuration,
editing report text files, configuring allowable attachments, administrative
tasks, configuration backups, starting / stopping MailScanner and even
tailing the maillog can all be performed using the DefenderMX interface.
Extensive help is provided on each configuration item or task and the entire
manual is available online from within the interface. MailWatch has been
tightly integrated into DefenderMX - which seems pretty reasonable since
Steve Freegard is our Director of development
All this sounds simple, easy to administer and pretty failure proof because
it is. This was not simple to create and is not easy to continually update
and improve. Over three years of work by our team went into developing this
product before we had the first sale. Depending on how you value your system
administrator's time, it can provide a very cost effective solution. The
price of a single CPU license is $1,390 in the US. This includes the first
year of support and updates. The second and future years support is $395 per
year for a single CPU license. Prices are slightly higher overseas. There is
no restriction on number of users or domains. The two CPU version is $2,490
and if you buy two DefenderMX licenses we will install and configure the
cluster version at no additional charge (this is a limited time offer). Here
in the States it doesn't take a lot of time to recoup these costs if you are
keeping you systems up to date - plus you get a lot more features.
We have not found any other commercial product that attempts to scan for
spam and virus that is less expensive or has the features that DefenderMX
provides. We have found a lot that cost a lot more, don't work as well,
don't have all the features and can't compare to a MailScanner based system.
We also provide commercial support and trouble shooting for open source
MailScanner and related applications. Many of our open source MailScanner
customers would not have considered using an open source application if very
timely support and / or maintenance contracts were not available.
I've been a MailScanner user and believer for almost five years now.
MailScanner is simply the best product available for running email gateways.
I founded Fort Systems Ltd. with Julian to make MailScanner an even more
popular product with a wider user base. Most of our DefenderMX customers are
not very Linux or open source literate. If DefenderMX didn't exist, they
would not be using MailScanner.
For the sites with some Linux expertise and the time to install, configure
and maintain MailScanner, open source is a very good option - still you
won't get all of the features, easy install and administrative web
interface. We simply hope to provide an alternative for the sites that want
a simpler solution, more features, simpler updates and can afford to pay a
reasonable fee. This helps us to maintain and improve MailScanner, MailWatch
and DefenderMX. Plus we're well underway on DefenderMX 2.0 - I can hardly
wait to share some of the new features with you.
Please email me off list if you have any questions regarding DefenderMX or
support and thanks for listening,
Steve
Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com
More information about the MailScanner
mailing list