Choosing a New Spam Filter

Last month our spam filtering service was due for renewal so I was tasked with choosing a new spam filter.

Our previous service we used was SpamTitan made by TitanHQ. This was an excellent service and we had relatively few issues in the 4+ years we ran it. In order to find another solution we had to run through what we needed.

Our requirements at the time were to provide an external spam filtering service that would filter all mail prior to being sent to their exchange servers.

The requirements were as follows:

  • Have either an option to host as a VM or have a third party host the service entirely.
  • Support 1k+ domains relaying to ~200 exchange servers with about 5k recipients monthly.
  • Provide decent levels of spam filtering using standard RBL checks, Navie Bayes and Virus Scanning.
  • Allow for easy addition of multiple domains with different endpoint delivery options.
  • Options to be used an outbound relay authorised by public IP with rate limiting.
  • Allow for end users to check and release emails.
  • Be able to quickly and easily search for blocked emails and check delivery status.

SpamTitan did all these and more. We went with having them host two geographically separate solutions in a clustered mode. We decided to deploy this as two MX records, one for each filter with the same priority, effectively spreading the load equally between both filters.

In hindsight we really should have done this completely differently as not only did it mess with SpamTitan licenses (licensed per email accepted mail by the destination server) but also meant that MX failover didn’t quite work as intended.

Anyway, during the time of running this we slowly phased nearly all clients over to 365 Exchange which has a relatively decent spam filtering service anyway and those that required additional filtering use ATP.

We were left with 20 domains, 8 servers and about 150 recipients. The renewal price was too high, so we needed to find a cheap or free solution as a stopgap before finally migrating the remaining ones to 365.

Running through different solutions out there, most of them seemed to use some form of Postfix, MailScanner and ClamAV solution.

After looking through the different open source products out there we settled on the eFa Project – https://efa-project.org/. Out of all of them this seemed to have the most features and a relatively open/responsive community.

We currenly run a very small v3 appliance that a colleague had set up a long time ago but it’s only used as an outbound relay and not for any proper filtering. It also didn’t have some of the features required and we weren’t that impressed with the filtering options.

However, the recently eFa4 version seemed to provide all the features we needed alongside a simple install script and plenty of customisation options.

It was dead simple to deploy, however took quite a while to tweak it to get it how we want/similar to SpamTitan. There’s still a few oddities but for a free solution it’s absolutely perfect.

I’ll write up a post in the next few weeks or so detailing the deployment and tweaks made in the event anyone finds it useful.

*Edit* Post about it now up – https://www.robachicken.co.uk/deploying-the-efa-spam-filter/