Anti-spam: IronPort C360

Prehistory
In August 2009, I had a task: to modernize the spam filtering system. Due to the fact that the current configuration could not cope with the huge flow of e-mail, which is about 12,000,000 messages per day.
Without hesitation for a long time, I immediately climbed onto the ironport.com site, the benefit of good reviews was enough for information. There I saw a banner: “We will give IronPort to potest anyone for 30 days” and immediately contacted the supplier, after 3 days I came to the Cisco IronPort C650 for a test, but it’s not about him ... I was delighted with the testing, after which I purchased younger brother C360. And that's about it, I'll tell you.


Overview
IronPorts are a botnet, so to speak. And as it turned out, the piece of hardware itself is worth nothing, the value for Cisco is represented by subscriptions to services and features. In my case, an annual subscription to IronPort Anti-Spam and Sophos Anti-Virus was purchased (McAfee is an alternative). I also tried to sell the “virus protection proactive system” of Virus Outbreak, in which I doubted a bit and decided to save the company money.
')
Iron
So, what is the iron part of the IronPort C360:

• Strongly smelly Dell server (and as it turned out, this is Dell :), 2U in size
• 2 x Hot-swap SAS HDD 300GB each, in RAID1
• 1 x Hot-plug power supply 750 watt
• 3 network interfaces, 2 for data transmission (Gigabit) and one for management (10/100) + Serial RS-232
• The processor could not be identified (I did not climb inside), but as it is written in the description, it costs "One Intel Multi-Core Processor"

It is also worth noting a beautiful, but useless cap on the face :)
Closed:

Open:


Having skewed the interfaces, in my case these are 2 gigabit ports, one looks out, the other in, we move on to the software part.

Soft
This piece of iron is being managed with AsyncOS. Which naturally you need to customize :)
The manual offers 2 ways of configuration: web-interface, or telnet \ ssh. From my own experience, I can say that it is faster and more convenient to initially configure it via the web interface. It does not matter which of the options you choose by inserting the cable into the managment-interface, and entering the default login / password immediately starts the convenient wizard, which will offer to configure the main important parameters. Unfortunately, I can’t lay out wizarda screenshots, because as he proposes to do a “reset configuration”, but I’ll show you a web-interface overview page:



Features and services
As I said above, AsyncOS uses a set of features and services. I will not go into much detail, I will describe the main ones:

• IronPort Anti-Spam - directly, what filters and quarantine :) messages.
• Reputation-filter, which cuts ~ 99% of messages at the connection stage, which greatly unloads the channel and the piece of iron itself.
• Anti-Virus - the choice is not great, either Sophos or McAfee.
• Virus Outbreak - as I wrote above, a dubious function, for me it remained a mystery
• Reporting - everything is limited by your imagination, there are a lot of reports, everything is beautiful, the management will like it :)
• Quarantine - here I think everything is clear, there is also the ability to connect external quarantine.

All services are updated automatically. Intervals, servers, you can specify manually:


AsyncOS itself is updated manually and only from under the built-in admin account.

Summary
Almost half a year has passed since its introduction, and during this time I just forgot the expression “problems with mail”. Convenient interface, rich reports, good performance, the only negative is of course the price, but as they say free cheese ...