Red Hat, Zarafa and Mailspect Work Together Seamlessly For German Medical Laboratory

The medical supply center “Medizinisches Versorgungszentrum Dr. Eberhard & Partner, Dortmund” (“MVZ Dortmund”) serves the health care network near the city of Dortmund in Germany and employs 300 professionals. The laboratory tests medical samples forwarded by doctors, hospitals, clinics and companies.

Problem Definition

Previously, MVZ Dortmund had 170 end-users of its email system.  The system used Postfix as a Mail Transport Agent at the network level and emails were stored as .pst files on the desktop computers using Outlook.  Spam filtering, email archiving (although it is required by German law) and groupware features like shared calendars did not exist.

This old system had a lot of disadvantages.  End–users could only access their emails at their desks.  Inboxes were not protected from spam, causing the users to waste time manually cleaning their inboxes.  Central administration was impossible vastly increasing the workload of the IT Department.

Solution

To improve the situation, MVZ Dortmund decided to modernize their email system.  The implementation of a groupware system was needed to give end-users more control over their emails and calendars as well as automatically filter the email stream for spam and viruses.  The regulatory requirement to archive emails needed to be met as well as centralized user administration in order to significantly reduce the amount of support.

To undertake this complex migration, MVZ Dortmund recognized that they needed the support of a system integrator with special competencies in email and Open Source software, in light of the company’s decision to implement a heterogeneous IT infrastructure.  Already in 2006, Thomas Kroeger, Administrator at MVZ Dortmund, met representatives of bitbone AG at a trade show. bitbone specializes in Open Source systems and groupware in particular.  The first joint project involved implementing a fax server using bitkit|FAX, an integration tool developed by bitbone.

In 2009, bitbone started working on a concept for the implementation of the new email solution.  “The new email system needed to be stable.  The administrative workload and the system’s cost needed to be contained.  Furthermore, we didn’t want to give up Outlook and we needed a bridge to mobile devices.  And we wanted to keep our Postfix MTA,” said Thomas Kroeger.

The solution is a combination of the Zarafa groupware server with the email security and archiving modules from Mailspect and Postfix as the MTA.  “Going for Zarafa were its comprehensive feature set and its small hardware footprint, integration with Outlook and affordable license fees.  The fact that Postfix is undled with Red Hat Enterprise Linux was a key selection criterion in addition to Red Hat’s reputation for reliability.  The Mailspect modules convinced us with their incredible value proposal,”  comments Thomas Kroeger regarding his reasons for accepting the proposed solution.

Project Implementation

After bitbone forwarded the Red Hat license key, Mr. Kroeger installed the operating system himself.  “ We are familiar with Linux and we already had the a box with the Intel Xeon processor in-house. The implementation went quickly and was quite simple.  The rest of the installation was done by Mr. Rueb from bitbone.”  Within one work day, Zarafa, the two Mailspect modules for defense and archive as well as Postfix were up, configured and running.  An additional work day was needed for quality assurance and documentation.

Conclusion

MVZ Dortmund has been won over by the performance of the new email system.  “The system is flexible, stable and integrated well into the existing IT frastructure,” states Thomas Kroeger.  The individual solution components also got high marks:  “With Zarafa, especially the web access is impressive and gives end-users the ability to work from their desktop or any networked device with a browser.  It offers full synchronization with mobile devices, particularly with the iPhone.  We discovered that we have new capabilities to receive faxes on mobile devices using bitkit|FAX as well as send PDFs from the mail server.  Users can read the faxes on their mobile phones.  In terms of administration, our workload has dropped significantly due to the excellent Outlook connectors
provided by Zarafa.”

“Red Hat is also stable and meets our expectations perfectly.  Inbound and outgoing emails are archived by Mailspect Archive and Mailspect Defense is eliably filtering around 15,000 emails per day and blocking 13,500 spams from our inboxes and putting them in quarantine,” explains Thomas Kroeger.

 The good working relationship with bitbone is also worth mentioning.  “In bitbone we found a competent partner who is there when we need them.  Their professionals work hard at solving a problem if it should arise and don’t stop until it is solved. We are convinced that we have found the right system integrator.”

A German municipal utility, which was already using Mailspect Basic for email defense, added complex email routing to its solution for no additional license fee. The email routing extension was implemented in less than one week by a team consisting of the client’s local systems integrator and Mailspect Professional Services.

The email routing specification involves looking at a subset of the domain’s email recipients for incoming emails with attached invoices. Messages with invoices are segregated and then passed through a content filter to find key descriptors in the message body. Based on a descriptor match or not, emails are then routed to the right recipient.

The workflow will greatly improve the municipal utility’s processing of incoming invoices and has a payback of less than one month, based on labor savings. Plus the accuracy and speed of invoice processing increased.

The solution was made possible by Mailspect’s proprietary Email Stream Management integration technology. ESM uses a number of fixed and flexible processing engines to filter email and attachments for content and then forward the matched email to a designated recipient email address or relational database such as MySQL. Email Stream Management is the technology underlying Match My Email, a cloud service that automatically sorts and syncs email into the right Salesforce.com record(s).

For more information on Email Stream Management which is built into Mailspect Basic and Standard, visit Mailspect’s wiki at:  http://esm.mailspect.com/index.php/Main_Page . Email Stream Management can also be used to implement outbound Data Loss Protection projects.

Yellow Cube of Budapest, Hungary offers email filtering services to customers with between 1-25 seats who don’t have their own mail server.  According to Akos Bodis, the President of Yellow Cube,  “Our customers want a ‘set and forget’ mail filter.  We set them up online and they don’t have to deal with spam or viruses again.  Initially, we thought that they would log into Mailspect’s excellent quarantine solution, but the systems works so well our customers seem to forget that it is there.”    With this fully automatic approach, Yellow Cube’s email filtering service has been growing at 100% per year with 0% downtime since 2007.

According to Mr. Bodis, “Mailspect Defense is ideal for small Internet Service Providers who want to provide value-added services to their customers.  Mailpect enables Yellow Cube to offer world class antivirus and antispam protection based on a powerful combination of Mailspect’s email firewall, Cloudmark, Clamd, SURBL, and other Real-Time Black Lists.  Using Mailspect’s flexible policy engine, the filtering service is tailored to each client’s individual requirements.  Thanks to Mailspect’s flexibility in integrating with different databases and back-end systems, almost everything is automated now and setting up a new client requires just a few clicks.  By hosting the virtual Mailspect filtering appliance in a rented cluster, we never face unexpected costs or downtime, and the whole system can scale up to thousands of accounts without any modification.”

“Mailspect offers special pricing to ISP’s and web site hosting providers who sell email services.  Our pricing is designed to ensure that small Internet Service Providers can effectively compete against the industry giants with local support and a fully customizable experience.”, said Paul Sterne, President of RAE Internet Inc. (dba Mailspect and Match My Email).

“ We are able to localize the web interface and create custom, per-user rules and filters that really work in the marketplace.  It is a really great ‘set and forget’ solution.  Plus we can rely on Mailspect’s real-time support to help us get the most out of the platform.  They treat us like we are their most important partner.”

Bruce Bodger is responsible for email security and data loss protection at DemVal Inc., a defense engineering and environmental compliance consulting firm in Oklahoma.  Bruce was charged with selecting an email defense system that would centralize email security so that DemVal could comply with Department of Defense regulations such as ‘International Traffic in Arms Regulations’ or ITAR.  In addition, DemVal must assure its clients that their intellectual property is secure and protected.  As a 100% Apple shop, Bruce had to find a world class email defense solution in a market niche that is underserved by the mass market vendors who focus on Windows.

Bruce selected Mailspect Defense because its Apple OS version consolidates the management of anti-virus and anti-spam engines in one convenient control panel.   In addition, real-time black lists, user-generated white and black lists, spam quarantine policies, inbound and outbound content filters, email disclaimers, NDR spammer and backscatter settings are controlled from the same console.   For a security administrator, Mailspect Defense offers the advantage of automatic updating of all dynamic elements of the infrastructure – real-time black lists, virus signatures, and spam fingerprints.  Mailspect’s robust reporting and logging tools enabled DemVal to address customer requirements regarding email tracking and data loss protection.

Bruce’s Mailspect Defense solution for Apple OS X has been running for 7 years.  He selected two Open Source packages as his server-side / network email infrastructure:  Postfix as the Mail Transfer Agent and Dovecot as the secured IMAP and POP3 mail server.  Mailspect is particularly well-architected to manage Postfix implementations and integrates seamlessly with Postfix policy groups; this is particularly important for data loss protection.  At the email client level, DemVal’s employees use both Thunderbird and Apple Mail.  Bruce selected a multi-layer anti-virus and spam configuration.  He uses Open Source Clamd for virus protection and both Open Source Spamassassin and commercial Mailshell for spam.

“Mailspect delivers a centralized email security solution that manages both Open Source and commercial components through one convenient control panel.  It allows us to save money by using Open Source wherever possible, and provides us the flexibility to implement a commercial solution for spam because some Open Source spam detection software lacks important functionality.  Mailspect’s email tracking,  logging, and archiving tools have helped us win contracts because we can prove that email communications, as well as other user accessible functions, are secure and confidential information is only being accessed by authorized personnel.  We have worked closely with Mailspect support and development over the years.  They are real experts in email security and are always open to delivering new features so that our business remains competitive with evolving data security regulations.” said Bruce Bodger, President.

KJ Flewelling was looking for an email archive solution for five schools in the Great Salt Bay School District on the central coast of Maine.  He had already decided to use Google Apps Email, which is a dedicated, hosted version of Gmail, for the 3,200 email users in the five schools where he is the Tech Coordinator.  He chose Google Apps because it is affordable, well protected from viruses and most spam and feature rich.  But Google Archive at $25 per user per year didn’t fit into the School District’s budget.  

KJ turned to Mailspect Archive as the solution.  First, with Mailspect Archive he could minimize cost, while getting the functionality he needed to comply with Maine’s email retention laws.  Second, the Superintendent of the Great Salt Bay School District wanted the email archive stored and controlled locally, right inside the District’s data room.  

KJ’s Mailspect Archive solution has been running now for 18 months and he can report that it has worked flawlessly.  The District has Mailspect Archive running as a virtual server under VMware on a Dell server with 2GHZ duo core processors and 4GB of RAM with Windows 2008 32-bit server as the core operating system.  The Dell server includes four internal hard drives, each with 500 GB’s of storage utilizing RAID 5 for data redundancy.  To date, the Great Salt Bay email archive has only used 28 GB of storage, saving 625,000 emails for students, teachers, staff and administrators.  This translates into 45KB per email which is actually below the 75 KB average size of an email as reported by various industry experts.  In reality, Great Salt Bay’s emails are probably no smaller than the average.  What the statistics are showing is that Mailspect Archive is highly efficient and can reduce the size of a mailstore by up to 80% through the de-duplication of emails and attachments.  De-duplication means the Mailspect Archive only stores one copy of each email and its attachment regardless of the number of recipients.   At the suggestion of Mailspect support, KJ recently added an inexpensive Iomega Network Attached Storage device for extra protection and redundant back-up.   

Email archive or retention rules in the State of Maine are governed by Maine State Archives Rules for Disposition of Local Government Records (5 MRSA § 91 et seq ).  In summary, email must be archived according to the same rules as paper correspondence.  Each local entity such as a school district may determine its retention policy and submit it to the State Archivist and the Archive Advisory Board for approval.  In the case of the Great Salt Schools, the Superintendent chose a seven years retention period.  Mailspect Archive includes a retention policy setting that automatically purges old emails from the system once the retention period is over.  

The Great Salt Bay School District uses the Mailspect Archive solution for more than just regulatory records compliance.

 ●      Cyber-Bullying – Incidents of cyber-bullying have been quickly researched and resolved using full-text search feature of Mailspect Archive.  Based on the Sphinx index engine, the system admin can use a graphical interface to query the email repository by sender, recipient and/or content and creates reports for administrators and assistant principals to review.

●      Legal Discovery – The system has been proven to be highly beneficial in keeping the district under accordance of state retention laws and as a means to provide legal evidence, saving the District legal fees because discovery is fast and efficient.

●      Offensive Word Queries and Reports – With the help of Mailspect support, KJ implemented a weekly automated offensive words query and report.  Each Friday, the past week’s inbound and outbound email is scanned for bad language and swear words based on a list of compiled offensive words.  KJ gets an email report of any ‘hits’ in his Inbox immediately after the archive query is completed.   The offensive words query has been effective in protecting students and teachers against inappropriate and abusive emails.

“Key to the success of the Mailspect Archive has been the support that I have received from Mailspect.  They have been there every step of the way and worked diligently to get the system to meet our cost and performance expectations.  I feel that I have a trusted partner in Mailspect.  The system works completely as it should; invisibly and without constant administrative manual oversight.  The automation that this system affords is key in saving me hours of work every week.” said KJ Fewelling, Tech Coordinator, Great Salt Bay School District. 

 “Mailspect also gave the schools a very substantial discount from list price so that our educational institutions could afford a world-class archive solution.”

Recently Asked Question:  Can Mailspect stop NDR spammers? 

The antispam business is a constantly evolving game of cat and mouse.  No one can afford to under-estimate the creativity of the criminal mind.  Spammers are constantly developing new techniques to evade and fool spam filters and engines.  Recently, they have developed a clever way of circumventing spam filters called NDR. 

 The technique exploits so-called NDR emails which stands for Non-Delivery Reports.  This is a standard for the SMTP protocol.  Most of us call these emails “bounce back” notices.  NDR emails  are normally triggered by the user entering an incorrect email address that the email server cannot deliver.   They have also been called Non-Delivery Receipt, a (failed) Delivery Status Notification (DSN) message, and a Non-Delivery Notification (NDN).  The spammers send emails masquerading as NDRs and because they look legitimate they slip through the real-time black lists and spam engines such as Spamassassin, Cloudmark and Mailshell.

Mailspect has developed robust techniques based on content filtering and rate limiting to combat and stop NDRs.  We think that it is the best NDR spam defense on the market.  The actual techniques involved are viewed as trade secrets.  They are disclosed to customers and well-known participants in the Open Source community to avoid the techniques being analyzed and perhaps circumvented by professional spammers.

 If you would like to understand Mailspect’s NDR defense techniques in the context of a 30-day trial of Mailspect Defense, please contact support@mailspect.com

A prospective ISP customer asked us today about the effectiveness of Mailspect Defense at the pre-span, scan and post-scan layers.  They asked what proportion of the email stream is ‘real or white emails’ versus ‘spam or black emails’ versus ’gray or quarantine emails’.  We were surprised that the ISP didn’t know this data because Mailspect comes with a built-in reporting tool that tracks the number and composition of the email stream by hour and shows it to the system admin in a nice clean graphic.

These are data from the Mailspect internal email server that we shared with the ISP.  Looking at the pie chart, we pointed out that the key to antispam and antivirus efficiency is to remove as much spam in the pre-scan layer as possible.  The blue section labeled RBL [real-time black lists] shows that Mailspect Defense removed 67% of the email stream as spam in the pre-scan (or pre-queue for the technically precise) layer.  If you want to know which real-time blacklists we used to achieve such a high score, please contact support@mailspect.com. 

We did this analysis to help the ISP estimate the number of emails that would end up in quarantine (gray emails) so they could size the servers and storage needed for their implementation.  We estimated that 8% of the email stream will end up as gray email in the quarantine after being scanned by Cloudmark or Mailshell.  We provided them with a Quarantine Sizing Calculator to help them estimate the size of the quarantine digest store based on the number of emails per user per day, black and white email detection levels, and the number of days of quarantine retention.

We also demonstrated how to email the quarantine digest to each user everyday or use an RSS feed for the tech savy.

Mailspect Defense is an amazing product as proved by our near 100% renewal rate.

Recently Asked Question:  How much spam gets removed at the pre-scan or SMTP gateway layer using Real-Time Black Lists or RBL, also know as Blackholes ?

Subsequently, the ISP looked into its data and determined that it could remove 87% of spam at the pre-scan / pre-queue  /  at the SMTP gateway layer using well-configured real-time black lists or RBL.    It shows that ‘consumer’ email streams are dirtier than buisness email streams like Mailspect’s.

Mailspect development team tested the upgrade Match My Email with the four leading browser. They tested on the reprocessing and matching of 16 emails with Salesforce.com. Here are the results through an embedded web tab in Salesforce.com:

Chrome 20 seconds
Safari 25 seconds
Firefox 26 seconds
Internet Explorer 30 seconds

In a native mode the hosted service that matches emails to Salesforce.com file types like Leads, Contacts, Account and Opportunties, the response time improvement about 3 – 5 seconds on each browser.

Based on customer and partner requests, Mailspect has updated Defense to better integrate with Communigate Pro and Postfix. These updates will save customers’ money because they will support single box implements without sacrificing speed or throughput. Specifically, Mailspect Defense nows takes advantage of new native CGate Pro features related to the handling of email spam such as CGP reject and defer actions, CGP custom rejection templates and client host IP address extraction from the CGP envelope. The upgrade also includes Postfix improvements, namely Whitelisting of TLS/SASL autenthicated users.

Mailspect has a long history of supporting Communigate Pro implementations at enterprises and ISP’s or internet service providers. Mailspect Defense is considered the best Postfix antispam and antivirus platform integration on the market and it continues to improve.

Mailspect Connect has been renamed Match My Email in anticipation of its certification on the Salesforce.com AppExchange. Current customers and trial users will still be able to log-on with https://connect.mailspect.com, but future users will be migrated to www.matchmyemail.com. Match My Email is a hosted service that resides in the Amazon Web Services cloud. It matches emails to files in Saleforce.com. It can be used in two modes: Automatic and Hands-On. Most users prefer the Automatic mode that does the matching in the background and does not require any action on their part. Automatic mode is estimated to save the average user $938 per year. Hands-on mode is generally used by supervisors who want to dig into the email stream and have a convenient view of all the email traffic in theif sales group.

Mailspect expects to make monthly updates to the Match My Email. This update was driven by a customer request to accommodate a Contacts Only workflow. It also includes performance enhancements related to the partitioning the system for speed.