A few days ago I managed to get my hands on my very own IronPort C10 (the older version of the current C100).
Setting it up was a cinch – most of the configuration was done automatically by running the “systemsetup” command which walks you through the most common configuration options in a simple question/response manner. Within about 20 minutes of first plugging it in I had all of my incoming mail going through it, and only about a minute later it had it’s first Spam hit – with a connection dropped due to a -10 reputation (which is pretty bad on a scale on -10 to +10!).
Mon May 7 17:11:08 2007 Info: New SMTP ICID 4 interface Data 1 (203.3.131.235) address 89.78.254.47 reverse dns host chello089078254047.chello.pl verified yes
Mon May 7 17:11:08 2007 Info: ICID 4 REJECT SG BLACKLIST match sbrs[-10.0:-3.0] SBRS -10.0
Having run it now for a little over a day I’m certainly impressed – even with the default spam settings which are generally regarded to be overly “safe”. Previously I had SpamAssassin running, and was getting around 150-250 messages/day being blocked by it, and a further 10-15 per day that were slipping through. In the last 24 hours the results from the IronPort are :
Stopped by Reputation Filtering (75.3% – 603 messages)
Stopped as Invalid Recipients (3.1% – 25 messages)
Spam Detected (13.4% – 107 messages)
The figures for Reputation Filtering are a little warped for my setup – it’s not actually blocking as many messages as it’s saying. The problem is that because reputation filtering kicks in before the SMTP session even starts there’s no way of knowing how many messages the spammer was intending to send us over that connection. On average it works out at about 3 messages per IP address, so that’s what the figures above are based on – and whilst that’s very realistic for a larger site (if anything it’s probably understated!), it’s most likely overstated for my small little single-user system.
The real test is of course false positives and negatives – ie, how much Spam made it to my mailbox, and how much non-Spam was incorrectly quarantined. The simple answer is “none“! Not a single spam in my inbox, and not a single non-spam in the quarantine. Of course, a day is hardly a good test, but compared to the 10-15 spam messages that SpamAssassin passed through each day it’s certainly a massive improvement!