Price: $14,000, including Mailstream Manager; antivirus and antispam are each $2.45 per user for 1,000 users
|Sendmail's Sentrion GP|
With antispam, AV and a granular, Web-based policy interface, the Sentrion GP appliance builds on the venerable open-source Sendmail software to produce an enterprise-caliber e-mail security product.
The open-source Sendmail Mail Transfer Agent (MTA), more than 25 years old, has long been known as perhaps the most arcane and difficult-to-configure application in all of IT. Now, with its Sentrion GP appliance and Mailstream Manager policy management tool, Sendmail (the company) has tamed MTA into a serviceable security and policy control product for any enterprise e-mail backbone.
We focused on the security features of the appliance to see if it could meet enterprise requirements for antispam, antivirus and policy control. While there are still some rough edges, Sentrion has the capabilities most needed for e-mail security. Our Sentrion included fully integrated software for Cloudmark antispam and McAfee antivirus; Frisk Software's F-Prot AV is also offered. All are licensed separately.
Sentrion GP packages the venerable Sendmail MTA (a base-Linux operating system), some server hardware, and sufficient Web-based configuration and management tools to keep you from ever looking at the "sendmail" configuration file again. If you have multiple Sentrion appliances, Sendmail also offers Mailstream Manager, a stand-alone Web-based tool that centralizes a subset of policy management and monitoring features.
Sentrion's management system is an odd mix of Sendmail-specific terminology and architecture combined with some new and elegant graphical tools for defining policy. If you're a Sendmail user, you'll be comfortable within its parameters; but, if your background is Microsoft Exchange or Notes, you might find some of the terminology and concepts arcane and confusing. Although the Sentrion appliance tries to hide Sendmail MTA under the hood, a bit of training on the open-source app would go a long way.
The most important part of Sentrion from a security perspective is its Web-based policy management tool. The tool is nearly identical whether you are configuring a single device or using Mailstream Manager's centralized management. The interface is elegantly complete, bringing the capabilities on par with other high-end, policy-based mail management systems.
The number of policy options is staggering--simply listing them takes almost 40 pages in the documentation. We dived in with a 10-point security policy, including searching for strings in messages (such as zipped Microsoft Office documents), handling spam at the SMTP stage (something most mail security appliances can't do), blocking viruses, adding footers and archiving mail. Catching spam at the SMTP stage is a particularly important feature for regulatory requirements since you don't have to archive mail that you've never accepted, and for reducing false positives--any false positives will be signaled back to the sender, making detection simpler. We used our Sun LDAP directory to identify users and set policy based on their LDAP attributes.
Sentrion met our policy in all areas except one: There is no user quarantine for spam or viruses. This means that building a full antispam/AV solution would require a mail server for quarantined spam and viruses--the alternative is simply throwing spam away and putting up with the inevitable false positives.
Sendmail's Sentrion GP is joining a crowded category of e-mail security appliances. It's a competitive offering and brings Sendmail on par with established players in the e-mail security appliance market.
Dig Deeper on Email Security Guidelines, Encryption and Appliances