5

We have a Domino mail server protected by Iron Port (v7.1.5 I think). Iron Port reports an average 96%-97% of emails are stopped by reputation filtering, and around 3% of emails are clean messages.

Is this level of spam going to impact on our bandwidth?

Are there other measures to prevent spam hitting Iron Port in the first place? Thanks.

Update1: we receive 28,000 emails a day. 27,000 of these are stopped by content filtering. 900 are clean emails.

Update2: The link speed is 1mbit, with 80gb bandwidth quota.

Update3: The sysadmin says IronPort stops the email being delivered by checking the sender. I guess this means only the header is received, which might be 1K at most, which means 27MB of rejected headers per day, which is 810MB per month, which is 1% of our quota. I think this is tolerable.

Thanks all for your help.

Steve
  • 415
  • 2
  • 6
  • 18
  • 3
    how many emails do you get per day? how fat is your link? – Silverfire Aug 31 '11 at 03:40
  • 1
    Well clearly getting these emails is going to use more of your internet link capacity than not getting them. Whether or not it has a discernible impact on people using the link is a bit more difficult to determine. Are people complaining about the speed of your internet connection? Like Mark, we solved this by outsourcing our mail filtering to an off-site provider (mimecast in our case). – Rob Moir Aug 31 '11 at 07:39
  • The Ironport will most likely be rejecting based on reputation of the sender's IP address (see senderbase.org) - so no headers are received before rejecting the connection. Your 1Kb/rejected connection estimate is probably very high :) – rossnz Sep 11 '11 at 21:55

3 Answers3

5

As silverfire indicates, it depends on two things:

  • How many emails are we talking in terms of numbers (10,000 or 100 a day?)
  • How much bandwidth you have connected to your mail server

The only thing you can do to reduce your bandwidth is to use an external spam filter, such as Postini (which is a Google service, who we have had success with for some of our high-volume spam domains). The question is really is it worthwhile, and if you have a successful anti-spam solution now, then it all depends on the answers to those two questions above.

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
3

Also consider you can host SMTP servers in one or more datacentres then relay back to your servers in house. As per Mark's answer, Postini would be more cost effective form of this arrangement.

Steve-o
  • 829
  • 6
  • 12
0

IronPort's IP reputation blocks at connection time, before receiving any message data (headers, body, attachments), so it doesn't actually cost much bandwidth, just the connection and the fraction of a second it remains open.

If you want to reduce your bandwidth, you can consider a more aggressive SBRS threshold on your IronPort ESA. This may result in some missed mail, but IronPort is pretty conservative about that, so a little extra aggression in SBRS is still likely safer than much of the rest of the industry (e.g. blocking based on Spamhaus Zen).

There is also a hosted option with Cisco Ironport if you like the solution but no longer want to run it yourself.

Adam Katz
  • 869
  • 8
  • 16