The MXtreme is a mail firewall that ships as an appliance. There are three units in the range: the 200 (mini 1U with a pair of 100Mbit/s network connections), the 400 (1U device with mirrored ATA disks and three Gigabit Ethernet ports) and the 800 (a 2U unit which has more RAID functionality, a fourth network port and redundant power supplies). Like BorderWare's firewall products, the software is based on a FreeBSD Unix-style kernel that's been fairly heavily modified over the years.

The unit operates as a "headless" server, though you need to connect a screen and keyboard for the one-off initial setup process. This is the usual sequence of allocating IP addresses and choosing installation options (we simply selected "auto configure" and let the device decide its own disk partitioning, though advanced users can customise the settings). Once the system is running, management is all done through a Web-based GUI, though if you leave a screen connected it does show you some useful real-time statistical and performance information.

The first time you connect to the GUI, you're asked to change the admin password and to enter the licence key. Once this is done, you're into the management screen itself, which is split into sections labelled Activity, Basic Config, Mail Delivery, User Mailboxes and Management.

The Activity screen gives a simple summary of what the unit is doing – queue sizes, in/out message counts and spam/rejection statistics. There are two buttons, one to start/stop the mail server and the other to nudge the queue into re-processing mail that has been held back for whatever reason (an unavailable remote server, for instance).

Trusted and untrusted
Basic Config is all about network and password settings. It's here that you define IP details for the three Ethernet ports, each of which can be labelled as "trusted" or "untrusted", and each of which can be told to accept or reject POP connections or Webmail sessions. You can also define static route information should you need to, along with information about any LDAP servers you wish to use for authenticating users, and there's also a section that lets you choose port numbers and security options for the admin Web server interface.

The meat of the device's functionality is in the Mail Delivery section, which has 14 separate sections. The functions include basic filtering based on source/destination machine name, To/From address rewriting, mapping of addresses between domains, attachment analysis (you can permit and deny incoming and outgoing attachments based on their filename extension), mail routing (useful if you have a sprawling enterprise with a number of autonomous mail servers), mailformed message analysis and TLS-based SMTP encryption. For spam protection you have two choices: the device has its own native anti-spam capabilities, including blacklists/whitelists and interfaces to RBL and DCC servers, but you also have the option to turn on Brightmail's commercial offering (which includes a client plug-in for Microsoft Outlook that provides client-side spam avoidance).

You can only have one or other of the anti-spam functions turned on – selecting Brightmail turns off the RBL/DDC features. Also in the Mail Delivery section is the option to turn on the Kaspersky anti-virus protection system (as with the Brightmail function, you're given a licence to read and agree to when you hit 'Enable'), along with the choice of how to behave when viruses are found (options range from "do nothing" to blowing the message away).

The User Mailboxes section is used if you want the MXtreme itself to act as a mail server instead of simply passing messages through to external devices. So you can point your POP/SMTP client at it, or your users can access it via a WebMail (browser-based) interface. Interestingly, the WebMail facility can work either with local mailboxes or with remote servers – so you can point it at remote IMAP or Outlook Web Access servers and allow your users to access their email from a single place. Users can, incidentally, authenticate using a local username/password database or via external authentication systems such as SecurID and RADIUS.

The final section to look at is the Management area, which deals with low-level stuff such as queue management, reporting, backup/restore (to disk, tape or FTP server), software updates and quarantine management (the AV and spam prevention tools can be told to quarantine suspect material, and so there's an interface that allows you to look at quarantined items and take whatever deliver/erase action you see fit). The system can be told to check for software updates on a user-defined schedule, and the administrator has control over when the patches are actually installed.

The MXtreme is a competent email server/firewall. The feature set is comprehensive, the user interface is reassuringly basic (but functional), and it makes all the right noises with regard to integration with directory services, authentication servers and external mail devices.


The MXtreme doesn't do much that you couldn't achieve using a bundle of free tools and a Linux machine. As everything's integrated for you, though, the MXtreme does save you a great deal of time and effort.