[Mimedefang] MIMEDefang versus CanIt-Pro versus Barracudas?

[WBrown at e1b.org]

James Ralston <qralston+ml.mimedefang at andrew.cmu.edu> wrote on 11/29/2007 
06:32:13 PM:

> Is anyone currently using CanIt-Pro or CanIt-Domain-Pro?  Do those
> products offer the same flexibility as MIMEDefang in terms of being
> able to hook into sendmail via milter?  How well do the per-recipient
> Bayesian filters, whitelists, et. al. work?

I'm a very content CanIt Pro user.  CanIt takes MIMEDefang, adds 
streaming, a web interface for all management features.  On the Baracudas, 
can you log in to the appliance and actually see the mail logs?  Even on 
the CanIt appliance, you get the root password.  Other appliances we have 
used in our organization did not proved access to the system logs, so 
troubleshooting problems is a nightmare, involving vendor tech support.

One of the other features that may help sell CanIt to management is that 
you have support available from Roaring Penguin.  The crew there is very 
responsive, even to queries posted to the CanIt mailing list.  One 
objection I keep hearing about open source programs is "what if we need 
support."  When they are talking about M$ Office, I ask if they have ever 
called M$ for Office support...  So far the unanimous response has been 
"No, but...."  But I digress.

Baracuda must be behind the times on Bayes research if they insist that 
every user have their own Bayes Data.  Roaring Penguin has implemented 
their Roaring Penguin Training Network.  While it is true that different 
environments (medical, legal, education, etc) have their specialized 
terms, they form a small minority of the words used in email and lave 
little impact on analysis.  the RPTN lets CanIt users upload the manually 
voted data from their filters to RP, which agregates it and then makes it 
available for download.  I think it has made a huge difference in the 
accuracy of our filters.

> I'm being pushed by management to abandon our sendmail+MIMEDefang
> system in favor of Barracuda appliances.  But because Barracudas don't
> intercept during the SMTP dialog (which is the only safe place to
> reject in terms of not generating backscatter), going with Barracudas
> would mean that no sender would ever receive a DSN from us for any
> reason, because we'd have to configure all downstream mail servers to
> silently discard messages that couldn't be delivered (rather than risk
> generating backscatter).

If I remember correctly most other filters, including Baracuda, hold the 
message on their appliance.  The user has to log in to the system and 
check their own accoount to see what has been held for them to see if 
there were any false positives.  I like using the anology of the black 
waste tank on my RV.  It's full of sh*t, and I'd hate to have to dig 
through it if something valuable accidentaly fell into it.  Wanna place 
bets on how many users would review their holding queue on Baracuda?  What 
is the impact of themm missing mail that was tagged as a FP?  If there is 
a cost (lost sale, etc) to that impact, stress that.

By default, I read somewhere, Baracuda does generate backscatter.  It can 
be turned off, bout out of the box, it's evil.
 
> I'm loathe to completely break such a fundamental aspect of mail
> delivery, so I'm wondering if CanIt-Pro would give us some of the
> "bullet points" of Barracudas but still retain the deep milter
> integration goodness...

Hope my ramblings help, if you need any more info feel free to contact me 
off list.