Ugh!!’s Greymatter Honeypot

Distracting the Mind with Information Overload

Playing with GFI Max Mail Protection

A couple of week ago, I signed up to give GFI Max Mail Protection a spin. It’s a hosted email security solution that sits between your mail server and the rest of the Internet, providing you with an extra layer of protection to stop spam, malware and other nasties you can find in your email.

So, you may ask, why did you actually try this out? Well, I have various products providing me with spam filtering and anti-virus and anti-spyware, but they’re always a pain to keep updated, especially the anti-spam which is hosted on my mail server. Here was an opportunity to let someone else take the pain away, to let a security vendor actually do that they do best, cleaning up my email stream from all the things I wasn’t interested in.

Setting up GFI Max Mail Protection was pretty easy though you do need a certain amount of tech-savvy to understand what you’re doing. The hosted solution actually sits in front of your mail server and you need to change your DNS record to direct your incoming mail to GFI’s servers. Your email stream is then cleaned and email then delivered to your normal mail servers for you to pick up. GFI Max Mail Protection has a whole range of different features that can accommodate infrastructures much more complex than mine, in fact, I only scratched the surface as far as features and functionality are concerned.

The spam handling functionality is pretty comprehensive, giving you the option, giving you options to drop, quarantine of deliver spam messages. White-list, black-list and even grey-listing functionality is fully supported and you even have full control of what happens to email to unknown email addresses. It even gives you the option to filter outgoing email in case your systems are compromised or your internal protection inadequate. That last one is a great option that can help mitigate against potentially embarrassing failures in your systems.

GFI Max Mail Protection is a great option for SMEs (Small and Medium Sized Enterprises) who may not have the right level of staffing to manage dedicated solutions; but it also scales to accommodate larger organisations. If you’re looking for ways to protect your systems and users from threats that have the potential to damage your business, check out GFI Max Mail Protection.

3 Responses to “Playing with GFI Max Mail Protection”

  1. Dylan Smith says:

    I’ve not found antispam a problem to update, but I use SpamAssassin. A daily cronjob just runs sa-update and that’s it. Same goes for clamav. Roughly 0 minutes a month spent on keeping SA and clamav up to date. SA is enormously effective, my personal mailbox alone last month was receiving up to 2000 spam emails a day (I’ve had the address for an awful long time), but very, very few of them actually make it to my IMAP client. Curiously, the day after the “Norton AV cockup” the amount of spam fell from nearly 2000 messages a day to around 150. I’ve only seen that happen when I’ve heard of major botnets being taken down, so I’m thinking perhaps these machines that were killed off may have actually been infected.

    The problem with someone else filtering your mail is what if you have organizations who want to use TLS in enforcing mode – it breaks the end-to-end encryption because now (necessarily) you have a man-in-the-middle receiving email on your behalf. You can prise my MX out of my cold, dead hands :-)

  2. Eric Schwab says:

    There are many good anti-spam solutions on the market these days, including open source products like SpamAssassin. That said, a good commercial solution will generally have better accuracy, a more robust feature set, greater scalability, and a source for technical support — along with the value of outsourcing for those customers that do not want the responsibility of setting up or maintaining their own solution.

    To the point regarding TLS, the GFI MAX MailProtection service can offer TLS. This means that the SMTP conversation between the GFI MAX MailProtection service and the sending server, and the SMTP conversation between the GFI MAX MailProtection service and the receiving server, can be encrypted.

  3. Dylan Smith says:

    I’ll agree 100% that a commercial solution will have a source for technical support and a 3rd party hosted solution allows you to not care too much about the administration of the server, but it’s certainly not a given that a commercial solution will be generally more accurate nor more robust nor more scalable. SpamAssassin, for example, is used by some of the world’s biggest ISPs – it scales well, and from what I’ve seen and comparing notes with friends, a correctly set up SA installation will generally beat the competition, especially with regards to avoiding false positives. (Many commercial solutions are in fact SpamAssassin plus support and/or administration).

    While the GFI MAX offers TLS, that’s not really the point that I was talking of – now you have an intentional man-in-the-middle, GFI MAX. The mail must hit their servers, be decrypted (it has to be scanned), re-encrypted and forwarded on to you. At some point the mail will be in clear text within GFI MAX’s service. The whole point of TLS for me is that there cannot be a man-in-the-middle, so putting an intentional one in (however trustworthy they may seem) sort of defeats the point of having it in the first place. It may not matter for personal email, especially if you find GFI MAX’s service trustworthy, but may be an issue for those who want to ensure that their mail really is encrypted end to end with no third parties seeing the content in plain text somewhere in between.