First thoughts on the IronPort C100

So we got our IronPort C100 today. Setup was a breeze. We did the minimal skeleton config wizard thing with Jason from XSM (VAR) on the CLI and then stepped through pretty much every setting available in the web GUI to see what was there, fiddling as we went. The web interface is functional, intuitive, and dare I day it, pretty.

I spent about 30 minutes sending various types of test messages to it to confirm it was working as expected. No surprises. So I was feeling a little wild and reckless and swung all of our inbound email over to it. Weee!

The good news is that after spending an hour sifting through the logs for every single message it routed, there was only one “problem” which was resolved by placing a domain that doesn’t have a subdomain listed in their external DNS in the “Exceptions List”.

What was shocking about the first hour on the C100? Two things. First, this:

IronPort 1st hours stats

Yip. 99.94% of the email we received in the last hour was spam. Wow. Spam is officially out-of-freakin-control.

The second shocking thing is how bloody good the thing is. I’ve always said that if you need to RTFM, the product is broken. On the IronPort, I went from zero knowledge on the product to a complete, functioning setup including funky LDAP user checks and routing, tweaking rules, testing, and a production roleout in about 3 hours, and I never had to check the documentation. Not once. Things just made sense.

Changes you make are queued up and have to be committed, where it gives you the chance to add a comment. I just used all the commit comments to form an internal roleout doc, got it to email me the complete config which I attached to the roleout doc, and bickety-bam the whole setup is even documented.

I expect over the next few weeks I might have to do a little tweaking, but I suspect I won’t need to do much. So, based on tonight’s experience, and assuming I don’t wake up tomorrow morning to an email disaster in full swing, I give the IronPort two thumbs up!

Update: The one hour stats snapshot above was heavily scewed because the mail server was being DHA’ed (Directory Harvesting Attack). I’ll probably have to gather stats for 48 hours or more before I’ll have a “real” number, but so far this morning we’re averaging about 90% spam.

About this entry

You’re currently reading “First thoughts on the IronPort C100,” an entry on VMUNIX Blues

Published:: 05.25.06 / 12am

Category:: ironport, sysadmin

About

VMUNIX Blues is written by me, Mark Mayo, in Vancouver, BC. I like unix, coding, and the web, and naturally most articles I write here have something to do with what I like. If commenting on an article isn’t your style, you can always email me — mark (at) vmunix.com.