Re: Barracuda's Spam firewall
Hi Richard, Anyone care to comment on how successful/effective this particular product is? (http://www.barracudanetworks.com) There is something of a major dispute going regarding whether this represents better value for mney than other solutions (including our own, self built service) I've been using a Barracuda SPAM Firewall 200 for the last 14 months. I use it to protect several different servers on various networks. Despite having the Barracuda I still run MailScanner with Clam AV and SpamAssassin on all the servers that I protect with the Barracuda. I also operate some mailservers with just MailScanner and SpamAssassin for comparance. As for figures: Of the last 10 million emails that my Barracuda processed it rejected 8.8 millions at the MTA level, taking quite some load off the individual mailservers behind it. That's my main reason to use the Barracuda, as I can't reject on the MTA level on the individual mailservers due to architectural limitations (Sendmail w/o Milter support, which can't be upgraded as that would break third party stuff). In the time that I used the unit so far there have been numerous updates for it, which all could be installed through the GUI interface. Some contained feature updates, some may have contained security updates, some apparently modernized the underlying SpamAssassin and virus scanner engine. Virus definitions and SA-rules are updated automatically, while feature and security updates require user interaction and often a reboot. AFAIK the larger Barracuda's also come with a client program (for Windows only?) which allow the users (and not only the administrator of the Firewall) to configure some of that stuff. Not entirely sure on that, so I won't comment. My experience with it so far in terms of relieability: On the average day I still get about 30-40 SPAM emails (0.9% of my regular mailtraffic) to my personal inbox which the Barracuda didn't flag or reject, but which my SpamAssassin-3.0.2 on the actual mailserver detected successfully. Most of these are pretty high scoring SPAM's with scores between 7.7 and 35.0 (my threshold is 4.5). So I'd say an up to date and manually installed SpamAssassin might still get you a better all around protection. As for virii: There have been ocassions where my manually updated Clam AV caught virii which passed through the Barracuda for a couple of hours, until they updated their definitions as well (WTG, Clam AV!). So far the box never crashed or threw another technical fit that impaired email delivery, which I can't entirely say for my manually maintained MailScanner and SpamAssassin installs. ;o) For the less technically inclined the Barracuda might be a nearly perfect choice, because it requires little to no technical skill to set it up and to operate it. Where it really shines is the GUI interface which leaves little to be desired. The ability to teach Bayes through the GUI and a load of options which allow you to tweak SpamAssasin, the ability to hack in custom rules through the GUI, MTA related stuff like like enforcing RFC 821 compliance for inbound emails, SPF support, sender spoof protection, rate controls and therelike. All in all it's not a bad product and the price appears to be right for what it offers, provided you buy in the US. The local reseller in my country charges an arm and a leg for one (recommended US sales price times two plus VAT - or around that figure). But personally I wouldn't do away with my manually installed SpamAssasin, though as that still catches more SPAM. ;o) -- With best regards, Michael Stauber
[OT] Whats inside ? Was: Re: Barracuda's Spam firewall
On 2/28/2005 8:13 AM +0100, Michael Stauber wrote: Hi Richard, Anyone care to comment on how successful/effective this particular product is? (http://www.barracudanetworks.com) There is something of a major dispute going regarding whether this represents better value for mney than other solutions (including our own, self built service) I've been using a Barracuda SPAM Firewall 200 for the last 14 months. I use Sorry to get off-topic-ish here, But could you tell us what Barracuda uses for: - MTA - Anti spam software - Anti virus software Niek --
Re: [OT] Whats inside ? Was: Re: Barracuda's Spam firewall
Hi Niek, Sorry to get off-topic-ish here, But could you tell us what Barracuda uses for: - MTA - Anti spam software - Anti virus software Can't say for sure as it's a black box to which you don't get real shell access. The command line only grants access to a tool from which the most basic network settings can be changed. I always wanted to take the disk out to look under the hood, but never got around to it shrug. Anti-Spam appears to be a modified SpamAssassin (2.64), MTA is probably Exim (educated guess from it's behavior) ... Virus checker ... no idea. Sorry. -- With best regards, Michael Stauber
RE: [OT] Whats inside ? Was: Re: Barracuda's Spam firewall
Sorry to get off-topic-ish here, But could you tell us what Barracuda uses for: - MTA - Anti spam software - Anti virus software Can't say for sure as it's a black box to which you don't get real shell access. The command line only grants access to a tool from which the most basic network settings can be changed. I always wanted to take the disk out to look under the hood, but never got around to it shrug. Anti-Spam appears to be a modified SpamAssassin (2.64), MTA is probably Exim (educated guess from it's behavior) ... Virus checker ... no idea. Sorry. Received: from beast.smd.net (beast.smd.net [10.1.128.1]) by solarspeed.de (8.10.2-SOL3/8.10.2) with ESMTP id j1S9Gp514016 for users@spamassassin.apache.org; Mon, 28 Feb 2005 looking at the header the MTA doesn't look like Postfix. According to the 'Received: from' MTA version number this looks like a slightly modified sendmail. Could somebody please post a exim header for comparison? PHilipp
Re: Barracuda's Spam firewall
Gray, Richard wrote: Anyone care to comment on how successful/effective this particular product is? (http://www.barracudanetworks.com) There is something of a major dispute going regarding whether this represents better value for mney than other solutions (including our own, self built service) If any of you fine people has any experience with this (tested it, use it, know someone else who uses it) I'd really appreciate any feedback you could give me on its pros/cons. Thanks. Richard --- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact [EMAIL PROTECTED] Barracuda devices are a spammer's dream. They make it very easy to backscatter spam. They bounce EVERYTHING causing a ton of backscatter. They seem to accept all mail, process it then bounce it back to the sender which is usually fake. Here's one such log entry from one of my postfix servers... This is just one entry of over 10,000 in the last 6 hours alone (of course I removed the recipient address): Feb 28 06:52:23 inbound1 postfix/cleanup[24781]: 3065B31A769: reject: header Subject: **Message you sent blocked by our bulk email filter** from barracuda.stcc.cc.tx.us[67.67.36.7]; from= to=[EMAIL PROTECTED] proto=ESMTP helo=barracuda.stcc.cc.tx.us: 550 Uknown User
Re: Barracuda's Spam firewall
Hi Tim B, They bounce EVERYTHING causing a ton of backscatter. They seem to accept all mail, process it then bounce it back to the sender which is usually fake. Yeah, that's sad but true for the default configuration. Since long I set mine to Reject instead of bounce and completely forget to mention that in my above posting. -- With best regards, Michael Stauber
Re: Barracuda's Spam firewall
On Fri, 25 Feb 2005, Gray, Richard wrote: If any of you fine people has any experience with this (tested it, use it, know someone else who uses it) I'd really appreciate any feedback you could give me on its pros/cons. Thanks. Richard I checked into it several months ago. Seemed nifty, so I called the company to ask questions (this was before the big market push and you could actually get someone at the company - don't know if that is still the case). When I was told that I would not have access to the box at root level, that nixed it for me. After all, why pay for a box that you are not allowed to administer? That's just renting it. Several months later, a sales rep called and tried to sell me on it. I told him I wasn't interested in it as it stood, but might have some interest if they had an outbound scanner. The response was along the lines of not available at this time, and it would cost you tens of thousands of dollars to implement with existing hardware, etc. OK - so I found a Dell 1600SC, put FreeBSD, Postfix, and SpamAssassin on it, and forwarded all outbound SMTP traffic from our main MX to that box. Total cost - less than $2000. Total spam stopped since implementation - over 500,000 messages. Feeling of relief - priceless. All in all, I feel that it's best to have total control over your servers. YMMV Tom
Re: Barracuda's Spam firewall
On Mon, 28 Feb 2005 09:43:32 -0500 (EST), Tom Gwilt [EMAIL PROTECTED] wrote: The response was along the lines of not available at this time, and it would cost you tens of thousands of dollars to implement with existing hardware, etc. OK - so I found a Dell 1600SC, put FreeBSD, Postfix, and SpamAssassin on it, and forwarded all outbound SMTP traffic from our main MX to that box. Total cost - less than $2000. Total spam stopped since implementation - over 500,000 messages. Feeling of relief - priceless. I'm not defending Barracuda, but to be fair with your cost comparison, you need to say how much of your time you spent, including all the up-to-date security patches, etc. I think it makes a big difference, especially when you're talking about all three items (OS, Postfix, SpamAssassin). Also, does anyone know if Barracuda boxes update themselves with respect to OS security? The set it and forget it mentality is dangerous for any device. A lot of IIS web servers were set up using this thought process. The data sheet I found on their web site doesn't mention anything about software updates. Cris -- Help reduce spam by educating lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm
RE: Barracuda's Spam firewall
I've worked with a couple of Barracudas that worked very well, especially for people who are not technical. As far as updates, a Barracuda has three different update mechanisms. There are virus def and spam def updates which can be set to automatically update either hourly or daily, and then there are 'firmware' updates, which the barracuda will notify the admin of by email, as applying the update requires a reboot. Eric -Original Message- From: Cris Fuhrman [mailto:[EMAIL PROTECTED] Sent: Monday, February 28, 2005 10:08 AM To: users@spamassassin.apache.org Subject: Re: Barracuda's Spam firewall On Mon, 28 Feb 2005 09:43:32 -0500 (EST), Tom Gwilt [EMAIL PROTECTED] wrote: The response was along the lines of not available at this time, and it would cost you tens of thousands of dollars to implement with existing hardware, etc. OK - so I found a Dell 1600SC, put FreeBSD, Postfix, and SpamAssassin on it, and forwarded all outbound SMTP traffic from our main MX to that box. Total cost - less than $2000. Total spam stopped since implementation - over 500,000 messages. Feeling of relief - priceless. I'm not defending Barracuda, but to be fair with your cost comparison, you need to say how much of your time you spent, including all the up-to-date security patches, etc. I think it makes a big difference, especially when you're talking about all three items (OS, Postfix, SpamAssassin). Also, does anyone know if Barracuda boxes update themselves with respect to OS security? The set it and forget it mentality is dangerous for any device. A lot of IIS web servers were set up using this thought process. The data sheet I found on their web site doesn't mention anything about software updates. Cris -- Help reduce spam by educating lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm
Re: Barracuda's Spam firewall
On Mon, 2005-02-28 at 10:07, Cris Fuhrman wrote: On Mon, 28 Feb 2005 09:43:32 -0500 (EST), Tom Gwilt [EMAIL PROTECTED] wrote: The response was along the lines of not available at this time, and it would cost you tens of thousands of dollars to implement with existing hardware, etc. OK - so I found a Dell 1600SC, put FreeBSD, Postfix, and SpamAssassin on it, and forwarded all outbound SMTP traffic from our main MX to that box. Total cost - less than $2000. Total spam stopped since implementation - over 500,000 messages. Feeling of relief - priceless. I'm not defending Barracuda, but to be fair with your cost comparison, you need to say how much of your time you spent, including all the up-to-date security patches, etc. I think it makes a big difference, especially when you're talking about all three items (OS, Postfix, SpamAssassin). Also, does anyone know if Barracuda boxes update themselves with respect to OS security? The set it and forget it mentality is dangerous for any device. A lot of IIS web servers were set up using this thought process. We have been using one for about 6-8 months now. Yes it did relieve a good deal of pressure from out main e-mail servers... There are 3 things which get updated depending on what you have purchased. Spam definition updates... which seem to come out every 2-7 days depending on what is being seen... Second is the virus definition file... these two can be configured to update automatically or manually and check for updates, hourly or daily... The 3rd item is the firmware, these is where the OS security patches as OS changes take place... And yes we have as security updates... Firmware is not automatically updated, you are notified by the system that there is an update available and then you can go download it thru the web interface.. then reboot to implement... It also stores the previous version of all these files, so after one is installed and if there is a problem, you can revert back to the previous version which supposedly worked... We had several issues in order to get it to work within out environment and the barracuda folks have been very responsive to our requests See-ya Mitch The data sheet I found on their web site doesn't mention anything about software updates. Cris -- Help reduce spam by educating lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm -- // /# Mitchell Buzz Baker To Infinity And Beyond... #/ /# Sr. Systems/Security Admin Rose-Hulman Institute of Technology #/ /# [EMAIL PROTECTED]www.rose-hulman.edu #/ /#For PGP Public key, check out www.keyserver.net #/ //
Re: [OT] Whats inside ? Was: Re: Barracuda's Spam firewall
Philipp Snizek wrote: Sorry to get off-topic-ish here, But could you tell us what Barracuda uses for: - MTA - Anti spam software - Anti virus software Can't say for sure as it's a black box to which you don't get real shell access. The command line only grants access to a tool from which the most basic network settings can be changed. I always wanted to take the disk out to look under the hood, but never got around to it shrug. Anti-Spam appears to be a modified SpamAssassin (2.64), MTA is probably Exim (educated guess from it's behavior) ... Virus checker ... no idea. Sorry. Received: from beast.smd.net (beast.smd.net [10.1.128.1]) by solarspeed.de (8.10.2-SOL3/8.10.2) with ESMTP id j1S9Gp514016 for users@spamassassin.apache.org; Mon, 28 Feb 2005 looking at the header the MTA doesn't look like Postfix. According to the 'Received: from' MTA version number this looks like a slightly modified sendmail. Could somebody please post a exim header for comparison? Doesn't really look like Exim4: Received: from mail2.digicon.net ([208.144.7.80] helo=digicon.net) by redwood.thecommune.net with esmtp (Exim 4.34) id 1D5mIO-0002xg-Bx; Mon, 28 Feb 2005 08:54:55 -0600
RE: Barracuda's Spam firewall
Several months later, a sales rep called and tried to sell me on it. I told him I wasn't interested in it as it stood, but might have some interest if they had an outbound scanner. They have that capability now: http://www.barracudanetworks.com/products/key_features_ob.php
RE: [OT] Whats inside ? Was: Re: Barracuda's Spam firewall
Virus checker ... no idea. Sorry. I believe they use two Virus Scanners - One is ClamAV + Secondary ? MB
RE: [OT] Whats inside ? Was: Re: Barracuda's Spam firewall
Virus checker ... no idea. Sorry. I believe they use two Virus Scanners - One is ClamAV + Secondary ? Sorry for replying to my own post, but secondary is reported to be Sophos
Re: Barracuda's Spam firewall
Hello Richard, Friday, February 25, 2005, 7:58:54 AM, you wrote: GR Anyone care to comment on how successful/effective this GR particular product is? (http://www.barracudanetworks.com) I'm an end-user of an Exchange server based system that has a Barracuda front-end, and also the email admin of three domains where spam is managed by SpamAssassin with some custom rules. I receive more spam to my one Barracuda account than I do to dozens of equally public email addresses under SpamAssassin. I also have given up trying to get some specific non-spam emails through that the Barracuda system blocks, which get through SpamAssassin with no problem. Bob Menschel
RE: Barracuda's Spam firewall
Anyone care to comment on how successful/effective this particular product is? (http://www.barracudanetworks.com) A few months ago, I was chatting with an IT contractor guy in my city who had installed the barracuda firewall for many large clients, including a large hospital. I sent this guy a follow-up e-mail a few minutes later and... guess what... it returned to me with a message about it being blocked because of being spam. In all fairness, I was using my webmail interface at the time and this probably wouldn't have happened if I had been at my office using outlook... but still Also, isn't barracuda known for sending notification e-mails out to every spammer for every incoming spam? ...creating a nightmare by confirming addresses to spammers, adding unnecessary traffic, and twisting the knife in joe job victims. But, please correct me if I'm wrong on this. (For example, I don't think that my reply was from my own mail server reporting back on SMTP responses, but I could be mistaken). Rob McEwen
RE: Barracuda's Spam firewall
I've built an Anti-Spam and Anti-Virus appliance that I've recently put to market. If you have some suggestions on what makes an appliance really soar above the rest, I'd love you hear about it. Cheers, J. -Original Message- From: Rob McEwen [mailto:[EMAIL PROTECTED] Sent: Friday, February 25, 2005 8:36 PM To: users@spamassassin.apache.org Subject: RE: Barracuda's Spam firewall Anyone care to comment on how successful/effective this particular product is? (http://www.barracudanetworks.com) A few months ago, I was chatting with an IT contractor guy in my city who had installed the barracuda firewall for many large clients, including a large hospital. I sent this guy a follow-up e-mail a few minutes later and... guess what... it returned to me with a message about it being blocked because of being spam. In all fairness, I was using my webmail interface at the time and this probably wouldn't have happened if I had been at my office using outlook... but still Also, isn't barracuda known for sending notification e-mails out to every spammer for every incoming spam? ...creating a nightmare by confirming addresses to spammers, adding unnecessary traffic, and twisting the knife in joe job victims. But, please correct me if I'm wrong on this. (For example, I don't think that my reply was from my own mail server reporting back on SMTP responses, but I could be mistaken). Rob McEwen
Barracuda's Spam firewall
Anyone care to comment on how successful/effective this particular product is? (http://www.barracudanetworks.com) There is something of a major dispute going regarding whether this represents better value for mney than other solutions (including our own, self built service) If any of you fine people has any experience with this (tested it, use it, know someone else who uses it) I'd really appreciate any feedback you could give me on its pros/cons. Thanks. Richard --- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact [EMAIL PROTECTED]
Re: Barracuda's Spam firewall
On Friday 25 February 2005 07:58 am, Gray, Richard wrote: Anyone care to comment on how successful/effective this particular product is? (http://www.barracudanetworks.com) There is something of a major dispute going regarding whether this represents better value for mney than other solutions (including our own, self built service) If any of you fine people has any experience with this (tested it, use it, know someone else who uses it) I'd really appreciate any feedback you could give me on its pros/cons. Thanks. Richard wow if thats reasonably priced I'd hate to see what others are charging. All in all i would not say the low end price is so bad but really they are making a killing on the hardware depending on what they are using on the software side. If it's a bunch of oss stuff on the inside then their development costs are next to nothing and they in essence are charging allot for a rack mount low end server. I have never used this product but had heard it mentioned before. --- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact [EMAIL PROTECTED] -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Barracuda's Spam firewall
On Fri, Feb 25, 2005 at 09:20:13AM -0800, Brook Humphrey wrote: making a killing on the hardware depending on what they are using on the software side. If it's a bunch of oss stuff on the inside then their development costs are next to nothing and they in essence are charging allot for a rack mount low end server. They use SA under the hood, amoung other things I'm sure, but SA is involved. Michael pgpGZVB2wIRgn.pgp Description: PGP signature
Re: Barracuda's Spam firewall
Gray, Richard [EMAIL PROTECTED] wrote on 02/25/2005 09:58:54 AM: Anyone care to comment on how successful/effective this particular product is? (http://www.barracudanetworks.com) There is something of a major dispute going regarding whether this represents better value for mney than other solutions (including our own, self built service) If any of you fine people has any experience with this (tested it, use it, know someone else who uses it) I'd really appreciate any feedback you could give me on its pros/cons. Thanks. Richard I was thinking of testing it so I shot off a couple questions to them about a month ago. Greylisting Support? Not currently but I will forward this along to the developers as a feature request. This was a deal breaker for me. Greylisting stops 90% of our spam outright, so I feel it's a feature that I can't afford to lose. Pre-Greeting Delay ala SendMail? We do not have this feature at this time. I will pass this along to the developers as a feature request. Ability to add custom rules? Since the Barracuda is an appliance and should not require much management we do not allow customers to adjust the weights assigned to the spam defintions. SURBL Support? I deleted the E-Mail with the official response (Sorry), but it was something along the lines of: Not directly supported but we provide something very similar using our rule updates, features, etc. Andy
Re: Barracuda's Spam firewall
On Friday 25 February 2005 09:26 am, you wrote: On Fri, Feb 25, 2005 at 09:20:13AM -0800, Brook Humphrey wrote: making a killing on the hardware depending on what they are using on the software side. If it's a bunch of oss stuff on the inside then their development costs are next to nothing and they in essence are charging allot for a rack mount low end server. They use SA under the hood, amoung other things I'm sure, but SA is involved. I figured as much. Michael -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-