Product: GFI MailEssentials 2015
Product Homepage: click here
Free Trial: click here
GFI’s MailEssentials product is well known to many Exchange administrators, especially those who have worked and continue to work with small to mid-size customers. MailEssentials provides anti-spam and malware scanning for your Exchange server and any other SMTP-based email system, as well as a range of other features including email headers, footers, disclaimers, a list server and POP3 downloader.
The 2015 version of the product takes aim at multi-server installations with new, simple to configure features to allow shared configuration, quarantine and centralised reporting and integrates well with current versions of Exchange.
Installation and Configuration
For our first MailEssentials server we've chosen to install the product on a multi-role Exchange 2013 server. The installation process for MailEssentials is straightforward and is performed in two steps. The initial installation performs the basic installation and configuration.
During the first part of the installation we need to select a few options to integrate with Active Directory and Exchange. Our first option is the User Mode selection. This allows us to define how MailEssentials will detect users. On an Exchange Server joined to the domain Active Directory makes most sense. However an Exchange Edge Server or IIS SMTP server in the perimeter network is more likely to use SMTP:
Next we need to install the web site that MailEssentials will install the control panel into. On an Exchange 2013 server we will have multiple web sites to select, as the Client Access and Mailbox roles are installed into different IIS Web Sites. We'll select the default web site:
Installation of MailEssentials then continues and various components are installed, such as the back-end database engine and any additional Windows Components.
After the core installation completes, MailEssentials will then offer the opportunity to perform the post-installation configuration. This stage of the installation is to integrate the installed MailEssentials software with the underlying Exchange platform.
To perform the integration a number of agents are installed. These plug into Exchange Server at the transport level and intercept messages in-flow. Essentially this means that MailEssentials will be able to scan messages between internal recipients, as well as messages entering and leaving the organization:
The final stage of post installation configuration is to create (or allow the software to create) an account that can access mailboxes. It needs to do this to allow the software to automatically move junk email to a sub-folder, if the organization would prefer this to using a separate user-facing quarantine:
After installation on the first server, MailEssentials can be accessed on the Exchange Server by navigating to http://servername/MailEssentials and then logging in using Active Directory credentials:
Access to MailEssentials via a web browser may be a new experience to long time devotees to the product but once logged in the layout and structure of MailEssentials should be familiar. The blue colouring of the web-based user interfaces looks good alongside an Exchange 2013 implementation and access via the web makes it easy for administrators to manage both Exchange and MailEssentials without needing additional tools installed on management workstations.
After login the administrator is presented with a dashboard, and an MMC-style tree menu. Each various feature is then contained within a respective sub-menu, including separate settings for anti-malware, anti-spam, content filtering, email management tools, quarantine, POP3 collection and general settings:
The biggest change in MailEssentials 2015 is the ability for organizations with multiple Exchange Servers to "cluster" the configuration of MailEssentials. The configuration for this is contained within the new Multi-Server section. This works on Master - Slave model where one server in the organization is configured as the master server, then subsequent servers can be added as slave servers:
After setup of the relationship across multiple servers within the organization, settings including the Global and Personal Block / White lists, automatic whitelist, attachment, keyword and content filtering rules and settings for the attachment decommission engine are replicated, along with the ability to select specific servers for quarantine and reporting.
For those new to MailEssentials, a good way to think of it is as a multi-function tool for your email server. It doesn't just add anti-spam and anti-malware but also adds a range of other useful features that are often provided by independent products.
Anti-Spam features are reasonably complete with most effective methods for fighting spam included in the product and very few omissions. The core functionality any anti-spam solution should have is included, such as the ability to use real-time block lists for IPs integration with sender policy framework, along with the typical Bayesian analysis. More advanced functionality includes SpamRazor, which uses the fingerprint of emails received to identify common spam and URI DNS block lists, which check URIs within emails against block lists to see if the URL link inside the message looks suspect.
One anti-spam feature that does come as a surprise to see is grey listing. This method is particularly effective against spammers because it relies on the spammer's email software not following the same rules a normal email server will. Grey list anti-spam engines work by telling a sending email server to try again later on the first attempt. On the second attempt the message will be accepted, and subsequent messages from the same sender will by-pass the grey listing engine. This has very little effect on email delivery times overall and can make a massive difference when attempting to prevent spam.
As may be expected, exclusions can be added where senders are getting blocked when they shouldn't be - something often hard to fix quickly with cloud providers.
To complement the anti-spam engine a content filtering engine is also included. This has the usual features, such as keyword filtering and the ability to restrict sending and receiving certain types of attachments - including the ability to extract and examine compressed files like ZIP files.
Moving on from core functionality MailEssentials still includes the extra features that are - as the name suggests - essential to many organizations. What's weird is that over the course of more than 15 years and the continued commercial success of MailEssentials is that Microsoft haven't implemented these features within Exchange.
POP2Exchange is the first feature many will know and perhaps isn't that useful in well-connected countries; however many countries still suffer from power outages or unreliable internet connections and have to rely on an ISP and POP3.
MailEssentials second major tool in the utility belt is a list server. To be honest, many organizations with this need for external recipients for newsletters and such will often use a third party tool - often to avoid the mail system risking being blacklisted or because they provide dedicated tracking and easy subscriptions. Exchange includes the ability for internal recipients to create, join and leave distribution groups. However there is still a niche that does use list servers, particularly within Education. These customers will often run software like MailMan and Majordomo. MailEssentais has an easier to use administrative interface plus the ability to interface with a SQL database.
The final two features really should be within Exchange itself and indeed, very basic functionality is included. Disclaimers can be created using Transport rules but is not easy to use nor flexible. The disclaimers functionality in MailEssentials includes a dedicated editor to create and manage multiple Disclaimers and the ability to manage on a domain or user basis. It easily surpasses the built-in functionality in Exchange Server 2013 and may be as good as similar dedicated products.
The last feature of note in our utility belt of features is the auto-reply feature. This feature is sometimes implemented by users via Outlook, such as by using the Out-of-Office (which isn't really meant for this use case) or by creating an Outlook rule. I've seen many mail loops created by users who do this in Outlook and then two organizations end up playing auto-reply ping-pong between each other, so an administrator controllled dedicated feature is quite useful. In addition to a normal reply it allows a customizable template, tracking number and an attachment to be added.
Reporting and quarantine features are included and similar to other products on the market, cloud-based or otherwise. The reporting, shown below is simple, clear and concise. The Mailnsights feature is an additional reporting feature shown within the Reporting section, but feels more like an advert for GFI MailArchiver. I'd personally feel more comfortable without seeing features I can't use.
Anti-spam and anti-malware solutions are everywhere you look; from small organizations to large there is a solution out there that could fit. Various on-premises and cloud providers offer similar products. Well known alternatives include Sophos, McAfee, Barracuda and IronPort.
Some of my favourite features, like Grey listing are not usually in commercial products for Windows - cloud based or otherwise. I've seen grey listing in open source and some Unix-based anti-spam products and seen first-hand how effective it can be.
The biggest new market for the multi-server capable new version of MailEssentials is for customers looking for a worthy alternative to Forefront Protection for Exchange. It's a good drop-in replacement and offers similar functionality and more.
As part of the review process GFI provided the opportunity to speak to support staff to understand the product a little better. The support received was more than adequate and as a consultant who has encountered MailEssentials many times in the past, it was still very valuable to use support to learn about best practices for deployment.
Previous versions of MailEssentials have enjoyed a good reputation including 4 VBSpam+ awards, however the product has always been aimed towards the smaller organisation. A typical deployment would include either a Windows Server running the SMTP service alongside MailEssentials, or the single Exchange server running MailEssentials on the box. In the latest version of MailEssentials, the product takes aim at the midsize and larger customers by allowing the software to be intelligently clustered, replicating configuration and centralising it’s reporting functionality.
These changes are great in a market that has become very cloud-focused and many of the products aimed at larger customers have moved to a cloud model. Recognising that many of their existing customers do now have multiple Exchange servers in a simple DAG and that there are many customers who do not want to utilise cloud-based anti-spam solutions, GFI have responded by improving the on-premises version of their product.
This will be reassuring for many customers who have no plans to move any services to the cloud yet for various reasons including control, compliance or concerns over ownership of data and it also means there is a space in the market waiting to be filled, especially after Microsoft discontinued Forefront Protection for Exchange in favour of recommending customers move to cloud services.
MSExchange.org Rating 5.0/5