I probably don't have the email volume that you receive, but I haven't seen that much additional spam. I do have the configuration tightly locked down, more so than you may be able to since we are not an international organization. I use with great success, bl.spamcop.net and zen.spamhaus.org as external RBLs with a block action.
I also filter quite a few attachments and block anything I can't scan. I have a couple of content filters I created to help catch stuff that was missed. I do block *.br, *.cn, *ru but what really helped was blocking some of the new TLDs that have been released. *.pl *.zw *.lk *.mobi *.tw *.bg *.lt *.link *.asia *.top *.click *.in *.pw *.af *.ao *.ax *.az *.fr *.rocks *.ua *.ve *.xxx *.xyz *.sucks *.porn *.science *.guru *.ninja *.construction *.info *.work *.space *.ee *.be *.club *.webcam *.party *.wang *.win *.biz *.date *.faith *.website *.site *.uno *.review *.racing *.cricket *.help *.download *.bar *.bid *.careers *.email *.bn *.rs *.th *.blue *.black *.juegos *.photography *.solar *.zm This is a pretty cool website which details stats for the new TLDs. https://ntldstats.com/fraud -----Original Message----- From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Jake Gardner Sent: Friday, December 18, 2015 7:18 AM To: 'ntsys...@lists.myitforum.com' <ntsys...@lists.myitforum.com> Subject: RE: [NTSysADM] Barracuda Spam fw appliance Thanks guys. I used to use them years ago and removed them for some reason. I don't remember the reason so I'll add them back. Thanks, Jake Gardner IT Administrator 267-352-2020 Ext. 246 www.ttcdas.com -----Original Message----- From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Friday, December 18, 2015 11:07 AM To: ntsysadm Subject: Re: [NTSysADM] Barracuda Spam fw appliance +10 - rbls help massively. Kurt On Fri, Dec 18, 2015 at 7:55 AM, Kennedy, Jim <kennedy...@elyriaschools.org> wrote: > Take a look at adding some external RBL’s to augment Cuda’s. > > > > https://www.spamhaus.org/sbl/ and > https://www.spamcop.net/fom-serve/cache/290.html > > > > > > > > From: listsadmin@lists.myitforum.com > [mailto:listsadmin@lists.myitforum.com] > On Behalf Of Jake Gardner > Sent: Friday, December 18, 2015 10:54 AM > To: 'ntsys...@lists.myitforum.com' > Subject: RE: [NTSysADM] Barracuda Spam fw appliance > > > > I guess my question was if anyone else is seeing this type of increase. > > > > Is there a list of common regex’s that I could use? > > > > Thanks, > > > > Jake Gardner > > IT Administrator > > 267-352-2020 Ext. 246 > > www.ttcdas.com > > > > From: listsadmin@lists.myitforum.com > [mailto:listsadmin@lists.myitforum.com] > On Behalf Of Todd Lemmiksoo > Sent: Friday, December 18, 2015 10:14 AM > To: ntsys...@lists.myitforum.com > Subject: Re: [NTSysADM] Barracuda Spam fw appliance > > > > I have a physical 400 and a virtual 300 in a cluster config. I also > block .ru, .cn, .cz > > Ask your questions. > > > > On Fri, Dec 18, 2015 at 9:08 AM, Sean Martin <seanmarti...@gmail.com> wrote: > > We have a couple of 800s, but they're second tier behind ProofPoint, > so they don't see a lot of malicious traffic. What does slip through > ProofPoint does appear to get caught by the Barracuda's in most cases. > > > > - Sean > > > > On Fri, Dec 18, 2015 at 5:37 AM, Jake Gardner <jgard...@ttcdas.com> wrote: > > Does anyone here use one? We have a model 300 and lately we are > getting absolutely hammered with SPAM that the ‘cuda just won’t catch. > > > > I have opened a few tickets with them about the issue and all they say > is that my firewall is blocking the ‘cuda from checking websites. > I’ve checked my firewall and I don’t see any blocks and the ‘cuda is > in a policy with no outbound restrictions. > > > > The only thing that seems to slow it down is rate control. I turned it down > to 20/30mins. In the last 9 hours it controlled 3700 and only outright > blocked 1450. We see about 17k messages a day on average. A couple > months again we were averaging 12k. > > > > > > Thanks, > > > > Jake Gardner > > IT Administrator > > 267-352-2020 Ext. 246 > > www.ttcdas.com > > > > > > ***Teletronics Technology Corporation*** This e-mail is confidential > and may also be privileged. If you are not the addressee or authorized > by the addressee to receive this e-mail, you may not disclose, copy, > distribute, or use this e-mail. If you have received this e-mail in > error, please notify the sender immediately by reply e-mail or by > telephone at 267-352-2020 and destroy this message and any copies. > > Thank you. > > ******************************************************************* > > > > > > > > > > -- > > T. Todd Lemmiksoo > > > > ***Teletronics Technology Corporation*** This e-mail is confidential > and may also be privileged. If you are not the addressee or authorized > by the addressee to receive this e-mail, you may not disclose, copy, > distribute, or use this e-mail. If you have received this e-mail in > error, please notify the sender immediately by reply e-mail or by > telephone at 267-352-2020 and destroy this message and any copies. > > Thank you. > > ******************************************************************* > > Teletronics Technology Corporation This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you.
