Take a look at adding some external RBL’s to augment Cuda’s. https://www.spamhaus.org/sbl/ and https://www.spamcop.net/fom-serve/cache/290.html
From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Jake Gardner Sent: Friday, December 18, 2015 10:54 AM To: 'ntsys...@lists.myitforum.com' Subject: RE: [NTSysADM] Barracuda Spam fw appliance I guess my question was if anyone else is seeing this type of increase. Is there a list of common regex’s that I could use? Thanks, Jake Gardner IT Administrator 267-352-2020 Ext. 246 www.ttcdas.com<http://www.ttcdas.com/> From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> [mailto:listsadmin@lists.myitforum.com] On Behalf Of Todd Lemmiksoo Sent: Friday, December 18, 2015 10:14 AM To: ntsys...@lists.myitforum.com<mailto:ntsys...@lists.myitforum.com> Subject: Re: [NTSysADM] Barracuda Spam fw appliance I have a physical 400 and a virtual 300 in a cluster config. I also block .ru, .cn, .cz Ask your questions. On Fri, Dec 18, 2015 at 9:08 AM, Sean Martin <seanmarti...@gmail.com<mailto:seanmarti...@gmail.com>> wrote: We have a couple of 800s, but they're second tier behind ProofPoint, so they don't see a lot of malicious traffic. What does slip through ProofPoint does appear to get caught by the Barracuda's in most cases. - Sean On Fri, Dec 18, 2015 at 5:37 AM, Jake Gardner <jgard...@ttcdas.com<mailto:jgard...@ttcdas.com>> wrote: Does anyone here use one? We have a model 300 and lately we are getting absolutely hammered with SPAM that the ‘cuda just won’t catch. I have opened a few tickets with them about the issue and all they say is that my firewall is blocking the ‘cuda from checking websites. I’ve checked my firewall and I don’t see any blocks and the ‘cuda is in a policy with no outbound restrictions. The only thing that seems to slow it down is rate control. I turned it down to 20/30mins. In the last 9 hours it controlled 3700 and only outright blocked 1450. We see about 17k messages a day on average. A couple months again we were averaging 12k. Thanks, Jake Gardner IT Administrator 267-352-2020 Ext. 246<tel:267-352-2020%20Ext.%20246> www.ttcdas.com<http://www.ttcdas.com/> ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020<tel:267-352-2020> and destroy this message and any copies. Thank you. ******************************************************************* -- T. Todd Lemmiksoo ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *******************************************************************