IronPort is now Cisco!

Effective today (well, last night) IronPort is now officially a part of Cisco.

For the most part it’s business as usual. The IronPort name will stay, with the official title now being “IronPort Systems, a Cisco business unit”.

So after slightly less than 2 months working for a small company (around 500 staff) I’m back to working for a large company (around 47,000 staff according to the Cisco website), but as we’ll be our own business unit it’s still going to have that small company smell!

There’s also been some local press coverage in the past few days of a few happy IronPort customers, including Slingshot (CallPlus) in New Zealand and RACQ in Queensland.

24 hours and no Spam

A few days ago I managed to get my hands on my very own IronPort C10 (the older version of the current C100).

Setting it up was a cinch – most of the configuration was done automatically by running the “systemsetup” command which walks you through the most common configuration options in a simple question/response manner. Within about 20 minutes of first plugging it in I had all of my incoming mail going through it, and only about a minute later it had it’s first Spam hit – with a connection dropped due to a -10 reputation (which is pretty bad on a scale on -10 to +10!).

Mon May 7 17:11:08 2007 Info: New SMTP ICID 4 interface Data 1 (203.3.131.235) address 89.78.254.47 reverse dns host chello089078254047.chello.pl verified yes
Mon May 7 17:11:08 2007 Info: ICID 4 REJECT SG BLACKLIST match sbrs[-10.0:-3.0] SBRS -10.0

Having run it now for a little over a day I’m certainly impressed – even with the default spam settings which are generally regarded to be overly “safe”. Previously I had SpamAssassin running, and was getting around 150-250 messages/day being blocked by it, and a further 10-15 per day that were slipping through. In the last 24 hours the results from the IronPort are :

Stopped by Reputation Filtering (75.3% – 603 messages)

Stopped as Invalid Recipients (3.1% – 25 messages)

Spam Detected (13.4% – 107 messages)

The figures for Reputation Filtering are a little warped for my setup – it’s not actually blocking as many messages as it’s saying. The problem is that because reputation filtering kicks in before the SMTP session even starts there’s no way of knowing how many messages the spammer was intending to send us over that connection. On average it works out at about 3 messages per IP address, so that’s what the figures above are based on – and whilst that’s very realistic for a larger site (if anything it’s probably understated!), it’s most likely overstated for my small little single-user system.

The real test is of course false positives and negatives – ie, how much Spam made it to my mailbox, and how much non-Spam was incorrectly quarantined. The simple answer is “none“! Not a single spam in my inbox, and not a single non-spam in the quarantine. Of course, a day is hardly a good test, but compared to the 10-15 spam messages that SpamAssassin passed through each day it’s certainly a massive improvement!

Goodbye Sun. Hello IronPort!

As of 2 weeks ago I’ve got a new job – as a System Engineer for IronPort.

After 5 years at Sun it was simply time for a change, and the position at IronPort seems a good fit for what I was after – a combination of Security, Internet, as well as being customer facing. My research of IronPort before accepting the position also showed something I don’t think I’ve ever seen for any other company before – despite significant searching on the Internet I wasn’t able to find a single person saying bad things about either the company or the products.

Even so, the decision to move wasn’t an easy one, but 2 weeks in I do believe it was a good decision. Now that I’ve gained some knowledge on the products it’s clear that they are as good as their reputation, and I’m really looking forward to working with them.