LJ Archive

BlueCat Networks' Meridius Mail Relay

Nathan Smith

Issue #107, March 2003

The Meridius Mail Relay is designed to relay mail in order to protect your internal mail server and filter out spam.

The Meridius Mail Relay is a rackmountable (1U) Linux-based mail appliance. It is designed to relay mail in order to protect your internal mail server and filter out spam. The Meridius is placed on the network between the Internet and your e-mail server in a DMZ on the Internet or behind the firewall.

Figure 1. The Java-Based Management Console

The hardware specifications are likely to change with fluctuations in pricing and availability, but the published specification is an Intel Pentium III running at 800MHz, with a 20GB hard drive and 256MB of RAM with two network ports. The Meridius is based on several software packages, including Zmailer, SpamAssassin, Apache and Tomcat. It is managed by a custom Java-based management console.

Network configuration, including the IP address, netmask and gateway, is done with small buttons and an LCD panel on the front of the unit. The Meridius is then accessed using a browser, where a web page offers three options: open the management console, install Java Web Start or read the system documentation (a PDF file).

The first-time configuration of mail policies is performed using a wizard-like tool. The wizard was enough to get a small organization like mine up and running. The console is used for advanced configuration, such as routing mail within an organization or within an ISP. Policies also can be configured to refuse mail based on IP address, domain or e-mail address. E-mail aliases for individual users also can be created and maintained in the console. All of these settings, familiar to a mail administrator as part of the configuration files, are easily set and modified in the Meridius console.

I placed the demonstration unit behind a firewall running NAT, which caused a few problems that were not immediately apparent. When I had trouble getting the antispam features to work, BlueCat's able technical support helped me analyze the logs. There we determined that all inbound e-mail was coming from the same address—the address of our firewall. The Meridius was relaying mail for our domain properly before we uncovered this problem, but the antispam features did not work. After we enabled reverse-NAT on the firewall, the Meridius could see the true IP addresses and domains of the inbound mail, and the antispam features began to work.

We use Microsoft Exchange 5.5 as our e-mail system, so we set the Exchange server to route all mail to the Meridius and set the Meridius to route all inbound mail to Exchange. I tested the Meridius in my organization for over a month in a production environment. There were no noticeable changes in the speed of our internet e-mail after the Meridius was added. We receive around 800 messages a day, and the Meridius had no trouble keeping pace.

In my early experimentation with the Meridius, I somehow managed to download the 1.2 system update before I should have, which caused the Meridius to stop working correctly. The mistake required me to restore the Meridius from disk, and the system restore process was straightforward and relatively simple. A monitor and a keyboard are connected to the Meridius, which is then powered on with a boot disk in the drive, automatically restoring the system. It was easy to re-install the settings I had previously configured, as they are saved from the Java console to a location the administrator chooses. An update has not been issued since 1.2, the first update, but I am told updates should go much more smoothly in the future.

I had questions about the functions of the device several times, and the people at BlueCat Networks were always responsive and helpful. From e-mailing and talking to them, I got the feeling that they are a small company that cares about releasing quality products.

Spamazon.com?

I was most excited about getting the power of SpamAssassin with Meridius, without going through the learning curve of installing and configuring. The users, however, were not entirely delighted when messages with a subject starting with “** SPAM ” began arriving in their inboxes, with blocks of technospeak at the top and no human-readable HTML messages. BlueCat Networks was in the process of releasing a fix (1.2) to restore HTML e-mail. User acceptance of Meridius' antispam component was probably the hardest part of installing the appliance. Some users were offended that advertisements they got from Amazon.com were labeled as spam. I wrote up some instructions on how to create a folder for spam and pass anything with the “X-Spam-Flag: yes” setting into it. I was happy with the anti-spam performance in my own mailbox. After the Meridius installation, the signal-to-noise ratio in my inbox improved significantly. I now have an average of 45 messages dropping nightly into the folder I created for spam. Meridius made going through morning messages a breeze.

I am pleased how simple the Meridius is to administer. When a user forwards me a message with an address or domain they want placed on the whitelist, I simply copy the original sender's e-mail address and paste either the address or the domain into the console. After running the update process, the new changes take immediate effect.

BlueCat Networks is hinting at a lot of improvements and more functionality to come in new versions of the software, which can be downloaded. I would like to see context-sensitive help in the administration console and user-submitted whitelists.

Does the functionality and usability of the system offset its $7,000 US price tag? If Meridius is used only for relaying messages, I think the answer may be no for many organizations. A lot of administrators could put similar functionality together for less money. With the Meridius you are paying for good hardware, support and the administration tool assembled and tested as a polished product. I believe an organization like ours (about 50 users) is probably on the small end of company sizes that would make such an investment. Used correctly, over the life of the device, the anti-spam feature could easily save our professionals $7,000 US in billing hours. For perspective customers, BlueCat Networks offers a web demonstration and an evaluation unit of the Meridius.

My experience with the Meridius has been a pleasant one. If you would rather spend your time doing interesting things instead of sorting through spam messages, worrying about open relays and administering electronic mail systems, you may find the Meridius is a good fit for you too.

Product Information

email: smith@ipmvs.com

Nathan Smith (nathan.smith@rockinghamridge.com) is a systems administrator for an intellectual property law firm. A Windows user but a Linux and *BSD aficionado, he is always looking for ways to move toward a more open computing environment.

LJ Archive