Some gateway vendors tell me it is better to stop spam before it gets to the server?
In more complex environments, defense at the perimeter makes a whole lot of sense. Ninja works great in sites where the Exchange server sits right after the gateway. In that scenario there is not a lot of bandwidth loss, and the benefits of running it ON server are significant. We investigated implementing messaging security on the Gateway (or for instance a Barracuda box), but this cuts down your functionality significantly compared to directly integrating with Exchange. Gateway products filtering spam are limited to IN-OUT, but cannot look at internal email. That severely hobbles smart attachment filtering, content filtering/auditing for inappropriate internal email, and a lot more. An excellent example of the benefit of running this “on-server” is the smart attachment filtering we built into Ninja. It allows you to rule with an iron fist regarding who can send and receive exe’s both incoming/outgoing and internal/external, and support regular expressions. This is very powerful stuff
