Open Source or lower-cost alternatives to Barracuda Spam Filter [closed]

I'm aware of SpamAssassin-based solutions, but I'm looking for a free or low(er) cost spam filtering solution that's similar in functionality to the Barracuda Spam Filter. The Barracuda works well, but the hardware is questionable in the low-to-midrange units and the costs have been creeping up. I'm seeking something I can recommend to clients that's easier for end users to administer than a raw SpamAssassin installation.

Any recommendations?


I've gotta agree with John Gardeniers here. Mailcleaner is by far the best opensource spam filtering solution I've found, and I've tested pretty much any that I've been able to locate (mostly those integrated into other firewall-type-linux-distributions).

I've used Mailcleaner for several years now to protect my domain (stormnine.net), while using Barracuda M600s at work (dfa.arkansas.gov). While the Barracudas at my work see a lot more traffic overall, the percentage-rates-by-volume are nearly identical to what I experience with Mailcleaner. I also like the fact that Mailcleaner supports tagging as well as quarantine. Personally, I don't use quarantining on stormnine.net because it's much less long-term maintenance to simply use tagging within MailCleaner and then let my Exchange server process tagged emails into the user's Junk Email folder, which has a 30 day expiry. This ensures that my Mailcleaner anti-spam appliance never uses much disc-space, and ensures that my Exchange MessageStore doesn't outgrow the disc space allotted to it's virtual-machine-container. I have both Mailcleaner & Exchange running from within VMWare ESXi virtual servers, on the same host even, and I don't see any remarkable performance hit to the host or the VMs from doing so.

I've also used Mailcleaner on Physical hardware, and it worked great there too, but in the long run I've found that it's much better to virtualize Mailcleaner, shutdown the Mailcleaner VM and replicate it to a virtual appliance after you've configured Mailcleaner for your domain and authentication system(s), then bring Mailcleaner back online. This ensures that if you should decide to get under the hood and do any experimentation or development on Mailcleaner, that you'll still have a fully working copy, ready to deploy at any time, that will only take about 10 to 20 minutes to return to service after a catastrophic failure of the VM due to altering. Mailcleaner can be very ticky under the hood... this is due to the custom structure that the developer(s) use, which doesn't correspond to Debian defaults (though Mailcleaner, itself, is based on Debian-Sarge). Still, some modifications can be done... just be sure you know what you're doing when you get in there, if you do any mods. Otherwise, be sure to keep a spare copy of the VM ready to deploy just in case it goes belly-up.

Now, all of that said, Mailcleaner is very dependable, if installed according to the instructions. On it's own, with no modifications, it fully supports LDAP, SMTP, or local-authentication. Personally, I use Active Directory (LDAP) auth, which is easy to setup if you're fluent with LDAP query structure, or at least have setup a Barracuda to talk to AD/LDAP, since it's basically the same sort of syntax. With the model I use, with Mailcleaner & Exchange virtualized and a spare Mailcleaner virtual-appliance image backed-up, I have very, very little maintenance or interaction with either system, except when I add a new user, and even then all I have to do is add the user to AD, normally, because Mailcleaner is using AD on the back-end to validate all email addresses & users. Since I use tagging instead of quarantining, my users don't even know it's there until they actually look into the headers of emails that are in their Junk Email folder. And me... I haven't had a complaint on that domain regarding spam in nearly 8 years. :)


I'm using Mailcleaner for the company spam filtering. The community edition is free, although you do need to put some effort into training the system. Once the initial training databases have been created they can be copied from machine to machine.

Documentation is sparse but there is a forum where you can get more information. It should be noted though that many questions posted on the forum go unanswered. There appears to be a clicky core group of forum users and the rest tend to get ignored a bit. Nevertheless, most issues have already been discussed and/or solved, so there should be little need to post new requests for help.


There are VM applicances built for this very purpose. I haven't really used any, as my current customers don't require easy administration (probably because Barracuda is way out of their reach), but here's one: SpamVigilante (docs):

Of course it's based on SpamAssasin, but it also includes Apache and a web administration console apparently written from scratch ("Spam Viewer").