I've had a fun afternoon playing around with Cloudmark Server Edition, an Exchange plugin that uses Cloudmark's collaborative filtering network to block spam. It has an excellent reputation for effectiveness, but so far I can't get past the unfortunate fact that it requires a service account that has permissions on all mailboxes that it's supposed to protect. This account must be a member of the Domain Admins and Enterprise Admins groups, and it must have Exchange Administrator rights on the entire Exchange organization. This represents a serious potential security exposure, because if that account is compromised it's game over.
Posted by Paul at June 19, 2006 03:55 PM