Karl.Dunn at vmic.com Karl.Dunn at vmic.com
Wed Aug 15 08:35:00 PDT 2001

Outgoing filtering does at least these beneficial things:

  Protects your outside recipients against bad stuff you send (and you
  will send some).  This helps preserve your business.

  Helps reduce liability for any damage you may cause outside.  This helps
  if you ever have to show that you made a "reasonable effort".

  Gives you an early warning of something bad happening inside.  This one
  is self justifying.

There are other benefits, of course, but the above are the main ones that
convinced us to do it.  We don't get many complaints about filtering in
either direction, even from the "suits".

Mail filtering does take some computing power:

Outgoing case:

We use a Sun Ultra 10 to do outgoing filtering.  It's not anywhere near
overloaded for our typical traffic, which averages about 3 outgoing
messages per minute during Central US TZ business hours, peaking at around
20. About one in four has attachments.  It looks as if the Ultra could
easily handle more than a hundred times more.

Incoming case:

We use two load-sharing Sun IPX boxes (these bench out about like a
486-33) to do incoming filtering, and they don't often get overloaded.
Our incoming traffic averages about 4 messages per minute 24 hours a day,
with about one in eight having attachments.  I can see one or the other of
them get busy for about 30 sec/megabyte or so when they scan a big
attachment.  We limit message size to 5MB.  If you believe in statistics,
you can see that this is about adequate for us, but that it can get
overloaded occasionally.

I think it would be fair to estimate what you would need by scaling our
compute power by your traffic versus ours.

BTW:  I'm still testing the generic outgoing filter setup I want to
publish.  Everybody please be patient (I'm a hardware designer first, and
a net person second).  I am also looking at doing filtering for both
directions on the same host (I think that's a pretty complicated sendmail
issue), in our own interest as well as everybody else's, but I'll show the
separate host case first.

On Tue, 14 Aug 2001, Lee Howard wrote:

> ....
> I can't think of an instance, however, where an outgoing mail filter would
> have helped us at all.  That's my point.

