Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » integrated mcafee v.s. hosted mcafee saas
  •  
mbox

Messages: 25
Karma: 1
Send a private message to this user
Kerio has integrated McAfee support, but McAfee also has a hosted mail filtering service (was MX Logic) that can be set up just by switching an MX record. What are the benefits/tradeoffs of each method? Are there any non-obvious differences?

McAfee Security-as-a-Service: http://www.mcafee.com/us/enterprise/products/hosted_security /index.html
  •  
kvp

Messages: 1
Karma: 0
Send a private message to this user
We just switched to McAfee SaaS from our inhouse spam/virus filters. We were using a CommuniGate Pro email server with 2 spam filters ( SpamCatcher & Pollustop ) and 1 server level virus filter ( McAfee ). The main advantage I see is the dramatic reduction in inbound internet bandwidth. About 80-90% of our inbound email was spam and that no longer consumes my inbound bandwidth and processor time on the email server.

They support both corporate level white/black lists as well as individual user white/black lists. They can authenticate user logins to their web page via our email server using IMAP or LDAP, so we don't even have to deal with yet another password for our users.

We coordinated the spam filter change with a migration from CommuniGate Pro to Kerio, so I didn't even purchase McAfee virus protection with the Kerio mail server, and I have the spam filter disabled.
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
MXLogic is good filtering, the really hard to get used to part is that they don't send you the obvious spam in your daily report. We use CanIT anti-spam for our hosted environment and it's good as well.

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
mbox

Messages: 25
Karma: 1
Send a private message to this user
kvp wrote on Thu, 18 March 2010 22:59
They can authenticate user logins to their web page via our email server using IMAP or LDAP, so we don't even have to deal with yet another password for our users.


That was one of my main concerns. Adding a hosted service in-front of Kerio, be it e-mail archiving or in-bound filtering, likely involves a new web-based interface that users will need to authenticate to. It is preferable if users could "somehow" authenticate using their Kerio credentials, especially if Kerio authentication is setup in a special way such as via integrated authentication or two-factor authentication.

I didn't see any information published on the IMAP/LDAP thing. Any elaboration on that would be appreciated.
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
mbox,

I used MXLogic a year or so ago and when you created your domain you set the authentication method, either local, ldap, or imap. Then you told it where the mail server was that you were using imap authentication for with a test account and it tried to login. Once it was successful then you could use imap authentication for the users in the domain when you added them.

Basically the user logs into mxlogic, mxlogic passes the credentials to the imap server to test them, if they work, then the user can log into mxlogic.

Most *good* spam filters use this sort of authentication. The CanIT system I don't even have to create users like you do in MXLogic, but the interface isn't as nice.

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
elias

Messages: 114
Karma: 0
Send a private message to this user
We've used a Barracuda Spam Firewall for the last 4 years and its been excellent. One of the nice things about the Barracuda is that while it can do LDAP authentication for users, it isn't necessary. By default, the Barracuda just sends out links with temporary tokens to users that they can use instead of a login when they need to interact with the box. And the only time that happens is when the Barracuda sends out its daily quarantine email to users if they have quarantined email they need to handle (it doesn't send an email to users whose quarantine is empty). The links in the email contain the temporary token to authenticate the user and take them right to their quarantine when they click on the link. These temporary tokens (and associated links) expire after a certain period of time.

In the extremely rare case that a user wants to log in on their own, all they do is go to the Barracuda login page and put in their email and the Barracuda will send them a link with the temporary token embedded that they can use.

The other major benefit of this is that we have a lot of aliases that exist in KMS that aren't real accounts. Those aliases (support@, info@, postmaster<_at_>, etc...) are used for our Customer Service software and because they're public, they get a lot of spam. The Barracuda treats these just like real accounts, so when it quarantines email for those aliases, it just sends each of those aliases the same daily quarantine email that real users get. All our CS reps have to do is click on the links in those emails to access and clear out the quarantine. They don't have to know a login for each one of them and I don't have to create accounts for them in Active Directory.

All of these tokenized links are passed in encrypted form and almost always remain behind our firewall, so I never bothered to try to integrate the Barracuda with Active Directory and its worked well for our users.

-Elias
Previous Topic: Warnings on Kerio Sync Connector for Mac
Next Topic: Roadsync V5
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 14:13:44 CET 2017

Total time taken to generate the page: 0.00890 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.