Clearswift MIMEsweeper SMTP Appliance EN10

IT Pro Verdict

A quality message security appliance that combines a wealth of features, detailed reporting, a solid hardware package and one of the best management interfaces on the market.

Clearswift made the move from security software to appliance based solutions only a year or so ago but the end result is a product family that delivers an excellent range of features. It built these products from the ground up as rather than use its existing MIMEsweeper software, the appliances all run a heavily customised Linux kernel.

Along with standard SPI firewalling they provide a solid serving of message security with web content filtering, anti-spam and anti-virus measures on the menu. The kernel has recently been updated with v2.4 delivering plenty of new and improved features.

The appliance family now consists of five products with the EN10 on review targeting enterprises scaling over 1,000 mailboxes. Some vendors think they can get away with nondescript boxes cobbled together from obsolete components but Clearswift gets a pat on the back for its choice of hardware platform. It has opted for good quality Dell rack servers across the board with the EN10 using a PowerEdge 1850 1U chassis as its foundation. The hardware specification isn't to be sniffed at either as the price includes a pair of 73GB Ultra320 SCSI hard disks in a mirrored array.

From experience we can say that Clearswift's appliance is a lot easier to install than its Windows MIMEsweeper software. Point a web browser at its default IP address, follow the wizard based setup routine and you're up and running in a few minutes.

We had no problems on our test network as we provided the appliance with the IP address of our internal mail system and modified our clients to use it as an SMTP server. High availability is an important new feature although Clearswift has implemented a far simpler system than alternatives that use mirrored appliances and heartbeats. You can place multiple appliances on the same network and merely create a new DNS MX record for each one. Each has a different priority so if the primary appliance fails then the secondary one comes into play. Peer grouping is also new and groups appliances together using their IP addresses. This allows security policies to be replicated across all appliances simultaneously so they remain synchronised.

Clearswift's web browser interface sets it apart from the masses as it is extremely well designed and very easy to use. Each function has been separated into different Centres and the home page opens with easy access to each one and a quick status summary of the appliance. Clicking below the graph takes you straight to the System Centre and a detailed health readout on the appliance itself plus all message related activity. Policies define how the appliance behaves and it can start filtering straight away as a predefined active policy is created during the quick start process.

Clearswift's filtering policies employ a combination of content rules and routes which tell the system what to look for, how a suspect messages should be handled and who should be notified. Usefully, the appliance comes ready with a pile of preconfigured rules allowing new policies to be swiftly created.

Routes can be anything from an individual user to all outbound or inbound messages and things are made even easier by the inclusion of pre-defined references for use in rules. The latter could be a message annotation such as a company disclaimer, a list of filenames to be detected or multiple quarantine areas defined for different routes and rules. It's also worth noting that unlike many other messaging security products Clearswift can scan inside message attachments such as PDFs and Office documents.

Anti-spam measures are enhanced in this version as Clearswift's SpamLogic service has been augmented with the Mail-Filters solution. Spam gets an even tougher time as this dynamic duo uses a barrage of tests including textual analysis, auto-white listing, Bayesian analysis with auto-learning, Clearswift's own spam signature list, RBLs and the usual reverse DNS lookups. It all sounds complex but the spam filters can be configured in seconds with a new slider bar with determines how aggressive the checks should be. You can flag a message if one engine thinks it's spam or only block it if all the engines agree on its spam qualities.

Virus scanning comes courtesy of Kaspersky which needs no introduction and the engine also protects against spyware and phishing. All suspect messages and attachments are placed in quarantine areas which can be accessed directly from the Message Center. Further improvements have been made to rules for managing spam and infected messages as these can include a secondary action. It is now possible, for example, to block delivery of a suspect message but have a copy sent to the administrator. Message archiving is now a requirement rather than a luxury so all normal messages could be delivered but a copy sent to an archive server as well.

It's essential that a message security system provides good reporting and the EN10 doesn't disappoint as the Report Center offers a heap of predefined reports which can be scheduled to run at regular intervals and the output emailed to selected users. From the Message Center you can keep track off messages, browse the holding pens and view individual messages that have been held back by the appliance. These can then be released to the recipient, deleted or forwarded elsewhere. The PMM (Personal Message Management) feature allows your users to view their own inbound and outbound messages that have been held by the appliance and decide whether to release or delete them. A message digest is also sent to them at regular intervals advising of any messages that have been blocked.

The MIMEsweeper SMTP appliance family are standard setters for messaging security and the EN10 comes in a solid hardware package. It delivers a wealth of features that integrate well together and presents them in a smart web management interface that is extremely well designed and easy to use.

Verdict

A quality message security appliance that combines a wealth of features, detailed reporting, a solid hardware package and one of the best management interfaces on the market.

Dell PowerEdge 1850 rack server

2 x 3GHz Xeon

1GB 400MHz DDR2 SDRAM

LSI Logic Ultra320 SCSI

Dell PERC 4e/Si RAID with 256MB cache memory and battery backup

2 x 73.4GB Seagate Cheetah 10K Ultra320 hard disks

2 x Intel Gigabit Ethernet

2 x 550W hot-plug power supplies

Linux kernel

SPI firewall

Clearswift MIMEsweeper content filtering and SpamLogic, Mail-Filters anti-spam service

Kaspersky anti-virus engine

Web browser management

Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.