Here's what I got today from Barracuda. I'll let you know if it did
indeed fix my problems.
Hi Joe,
Your latency problem should be resolved.
===
On July 27th a new stream of spam was introduced into the wild. This
spam contained certain for
It only seems to be a problem when I hit above about 16k messages an
hour. I do wish they had better numerical historical logging. Maybe
in V3.0.
On Tue, 27 Jul 2004 20:03:08 -0400, Matthew Crocker <[EMAIL PROTECTED]> wrote:
>
> My Series 400 seems to be doing fine today. Average queue laten
My Series 400 seems to be doing fine today. Average queue latency 4
seconds which is about normal.
Do you have any special config settings?
-Matt
On Jul 27, 2004, at 7:21 PM, Joe Hamelin wrote:
I just talked to Heather (sales) at Barracuda and was told that there
would be a FIRMWARE release in
I just talked to Heather (sales) at Barracuda and was told that there
would be a FIRMWARE release in the morning to fix a problem with virus
detection.
It seems that the support ppl can't really do anything right now and
their phone system is melting. The word is to hold tight for a fix.
--
Jo
Is anyone else on NANOG having problems with Barracuda today? I'm
getting massive latency (3000+ seconds) and it seems as if their tech
support has gone into meltdown. While on hold I was even connected to
another customer with the same problem.
--
Joe Hamelin
Edmonds, WA, US
> > Different people get different spam, from different sources. ...
>
> This is very true. We're four people in the same company, and
> there is the odd overlapping spam, but generally not at all;
> not even over several days. There must be some undiscovered
> science in there.
according to
On May 20, 3:30pm, Rik van Riel <[EMAIL PROTECTED]> wrote:
> Different people get different spam, from different sources.
>
> For years I was under the impression that spammers must be
> blasting everybody, so everybody would get similar spam.
>
> I was surprised to find out that this isn't the
On 5/20/2004 2:30 PM, Rik van Riel wrote:
> Different people get different spam, from different sources.
Yah, I've been advocating the use of a CIDR match-list from the beginning
for this and other reasons. Actually what you'd want is per-entry
weighting, so for me and my mailbox:
CIDR 221.2
On Wed, 19 May 2004, Eric A. Hall wrote:
> my last 10 survivors are at http://www.ehsco.com/misc/last-10-spams.eml
> the relevant data for them in order of occurrance is below.
>
> eight are CN, one is KR, one is Geocities, and one is dead
Different people get different spam, from different sour
On Wed, 19 May 2004 22:54:55 EDT, joe <[EMAIL PROTECTED]> said:
> either
> 1: SMTP/ESMTP is fixed so that spoofing cannot occur
> or
> 2: Another method/protocol of email/messaging is adopted
3: We change the economics of spamming in some other fashion. I've been
advocating taking up a collecti
On 5/20/2004 8:25 AM, Randy Bush wrote:
>>>What's most interesting about the half-dozen accusations of xenophobia
>>>I've received (off-list and on) is that they've almost all come from
>>>foreigners. I promise not to read anything into that. Really.
>>
>>Could it be perhaps because us foreigne
>> What's most interesting about the half-dozen accusations of xenophobia
>> I've received (off-list and on) is that they've almost all come from
>> foreigners. I promise not to read anything into that. Really.
> Could it be perhaps because us foreigners are conditioned by repeated
> exposure to
Folks, let's stop this thread. We're getting into 'spam is really bad'
comments, which aren't particularly enlightening to the list.
On Thu, 20 May 2004 00:38:50 +0100 (BST)
"Stephen J. Wilcox" <[EMAIL PROTECTED]> wrote:
| Altho this is probably not true if you're one of the billion or
| so people who live in or around China or are of Chinese origin..
Which is exactly why I've just been on a visit to Beijing and Xi'an.
The d
Eric A. Hall wrote:
What's most interesting about the half-dozen accusations of xenophobia
I've received (off-list and on) is that they've almost all come from
foreigners. I promise not to read anything into that. Really.
Could it be perhaps because us foreigners are conditioned by repeated
exposu
nt: Wednesday, May 19, 2004 8:59 PM
Subject: Re: Barracuda Networks Spam Firewall
On Wed, 2004-05-19 at 17:47, Randy Bush wrote:
> gosh! maybe someone should set up a mailing list to discuss
> spam, anti-spam, ...?
>
> you mean they have? well, then maybe a bunch of us network
> operators (as opposed to spam weenies) should go over there
> and talk about sdh, router configs
gosh! maybe someone should set up a mailing list to discuss
spam, anti-spam, ...?
you mean they have? well, then maybe a bunch of us network
operators (as opposed to spam weenies) should go over there
and talk about sdh, router configs, circuit provisioning,
etc.
get a clue, spam weenies!
On 5/19/2004 7:06 PM, James Couzens wrote:
> I just did this on 5 spam in my mail box, I got:
[domains ommitted--tripped my filters]
my last 10 survivors are at http://www.ehsco.com/misc/last-10-spams.eml
the relevant data for them in order of occurrance is below.
eight are CN, one is KR, one
Title: RE: Barracuda Networks Spam Firewall
Eric,
> There's one rule that will wipe out ~90% of spam, but nobody seems to have
> written it yet.
>
> if URL IP addr is in China then score=100
>
> support for a generic lookup list of cidr blocks would get ano
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
James Couzens wrote:
| On Wed, 2004-05-19 at 16:24, Eric A. Hall wrote:
|
|>extract hostname from url, dig on hostname, whois on addr, and nine times
|>out of ten the host is in a CN netblock. that's from the spam that gets
|>into my mailbox.
|
|
| Yes
On 5/19/2004 6:38 PM, Stephen J. Wilcox wrote:
> Altho this is probably not true if you're one of the billion or so
> people who live in or around China or are of Chinese origin..
just check for charset=US-ASCII first. come to think of it, ASCII would
probably give half the necessary weight alo
On Wed, 2004-05-19 at 16:24, Eric A. Hall wrote:
> extract hostname from url, dig on hostname, whois on addr, and nine times
> out of ten the host is in a CN netblock. that's from the spam that gets
> into my mailbox.
Yes I understand that is what you meant. I just did this on 5 spam in
my mail b
perhaps this all belongs on alt.jingo.weenies? can we focus on
network operations not network exclusionism? this is worse than
spam.
On Thu, 20 May 2004, Stephen J. Wilcox wrote:
> On Wed, 19 May 2004, Richard Cox wrote:
> > While this is verging off our remit here, I would clarify the point
> > originally made, which is that if a URL - that is, a URL cited in the
> > body of a message - points to an IP physically located in Ch
On Wed, 19 May 2004, Richard Cox wrote:
> While this is verging off our remit here, I would clarify the point
> originally made, which is that if a URL - that is, a URL cited in the
> body of a message - points to an IP physically located in China, then
> that signals a high probability of the me
On 5/19/2004 6:19 PM, James Couzens wrote:
> On Wed, 2004-05-19 at 15:28, Eric A. Hall wrote:
> Going through the spam that I've got access to (and it is a substantial
> amount allbeit not in the millions of spam per day) I can't seem to
> associate the spam with chinese urls, and certainly not
On Wed, 2004-05-19 at 15:28, Eric A. Hall wrote:
> not connection address, not domain 'owner', but URL->Hostname->IP_ADDR
>
> What's most interesting about the half-dozen accusations of xenophobia
> I've received (off-list and on) is that they've almost all come from
> foreigners. I promise not t
On 19 May 2004 15:12:29 -0700 James Couzens <[EMAIL PROTECTED]> wrote:
|> if URL IP addr is in China then score=100
| I beg to differ Eric A. Hall.
...
|
| So contrary to what you said, perhaps I should just Null Route all
| email originating from the USA? ;)
While this is verging off our remi
On 5/19/2004 5:12 PM, James Couzens ([EMAIL PROTECTED]) wrote:
> On Tue, 2004-05-18 at 21:49, Eric A. Hall wrote:
>
>> There's one rule that will wipe out ~90% of spam, but nobody seems to
>> have written it yet.
>>
>> if URL IP addr is in China then score=100
^^^
not connection address
On Wed, 19 May 2004, James Couzens wrote:
> On Tue, 2004-05-18 at 21:49, Eric A. Hall wrote:
> > There's one rule that will wipe out ~90% of spam, but nobody seems to have
> > written it yet.
> > if URL IP addr is in China then score=100
> I beg to differ Eric A. Hall.
No Eric is quite correc
on Wed, May 19, 2004 at 03:12:29PM -0700, James Couzens wrote:
> On Tue, 2004-05-18 at 21:49, Eric A. Hall wrote:
>
> > There's one rule that will wipe out ~90% of spam, but nobody seems to have
> > written it yet.
> >
> > if URL IP addr is in China then score=100
On Tue, 2004-05-18 at 21:49, Eric A. Hall wrote:
> There's one rule that will wipe out ~90% of spam, but nobody seems to have
> written it yet.
>
> if URL IP addr is in China then score=100
I beg to differ Eric A. Hall.
According to statistics gathered by the Spamhaus Project
(http://www.sp
Eric A. Hall wrote:
There's one rule that will wipe out ~90% of spam, but nobody seems to have
written it yet.
if URL IP addr is in China then score=100
Where does this leave the 70% which would only match the rule;
if URL IP addr is in FL,USA then score=42
?
Pete
support for a generic lookup l
On 5/17/2004 4:00 PM, Joe Boyce wrote:
> I Googled around and found a bunch of rulesets that once installed,
> started tagging those hard to get messages.
>
> http://www.rulesemporium.com/ is a good place to start if anybody else
> is running Spam Assassin straight out of the box.
There's one
On May 18, 7:03pm, "Eric A. Hall" <[EMAIL PROTECTED]> wrote:
> > For a long time since then, backup MXs have been seen as a kind of
> > value-added courtesy service; they serve no really useful purpose
>
> well, they're handy for centralizing filters against multiple domains, if
> you're willin
On 5/18/2004 6:44 PM, Per Gregers Bilse wrote:
> For a long time since then, backup MXs have been seen as a kind of
> value-added courtesy service; they serve no really useful purpose
well, they're handy for centralizing filters against multiple domains, if
you're willing to put your various p
On May 18, 5:22pm, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > Once AOL starts doing it -- you can bet they will be one of the ones
> > blocking on it.
>
> That's going to pretty much torpedo the concept of secondary MX's.
Not to suddenly burst back, but ...
Second/terti/etc-ary MXers re
On 5/18/2004 4:22 PM, [EMAIL PROTECTED] wrote:
> That's going to pretty much torpedo the concept of secondary MX's.
Folks still run those? No really, most people I know terminated their
off-site secondaries a couple of years ago at least.
The only secondary you can reasonably use these days ha
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
: > Don't know about hotmail, but AOL is working on this. You might want to
: > check out that SPAM-L list, if this is something you are interested in.
:
: Other than knowing that it's a good idea
s/a good idea/an emerging requirement/
(and for one d
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
: > Blocking outbound mail from such entities is a pretty good way to get
: > buy-in. (Yes, there's a DNSBL in work to enumerate such systems.)
:
: When it gets built, will it list AOL.COM for not rejecting at the original
: RCPT TO?
AOL happens to b
on Tue, May 18, 2004 at 04:01:40PM -0400, Todd Vierling wrote:
>
> On Mon, 17 May 2004, Jared B. Reimer wrote:
>
> : >We had this problem when our inbound-smtp server ( the server the
> : >barracuda is dumping mail to) was accepting all RCPT TOs
>
> : This is a pretty serious flaw IMHO, if it i
On Tue, 18 May 2004 17:11:54 EDT, "Christopher X. Candreva" <[EMAIL PROTECTED]> said:
> Don't know about hotmail, but AOL is working on this. You might want to
> check out that SPAM-L list, if this is something you are interested in.
Other than knowing that it's a good idea if you can do it, b
On Tue, 18 May 2004 16:56:30 EDT, "Christopher X. Candreva" <[EMAIL PROTECTED]> said:
> But if you really need a reason to convince someone who won't get their head
> out of their . . . the sand -- You can probably cut in half the number of
> viruses you have to scan if you reject invalid addre
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
When it gets built, will it list AOL.COM for not rejecting at the original
RCPT TO? Or Hotmail.com? (Consider the following 2 pieces of mail - mail
Don't know about hotmail, but AOL is working on this. You might want to
check out that SPAM-L list, if
On Tue, 18 May 2004 16:13:20 EDT, Todd Vierling said:
> On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
>
> : Yes, it *would* be nice if everybody in the world was able to DTRT on
> : their outward-facing gateway and send back an immediate 550 on a RCPT TO:
> : in order to stop stuff right up front.
You're missing the main point - that sometimes things are done in ways
that are sub-optimal or even pessimal from the technical standpoint,
because some other consideration interferes. Yes, it *would* be nice if
everybody in the world
But if you really need a reason to convince someone who won
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
You're missing the main point - that sometimes things are done in ways
that are sub-optimal or even pessimal from the technical standpoint,
because some other consideration interferes. Yes, it *would* be nice if
everybody in the world
Oh, I know that
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
: Yes, it *would* be nice if everybody in the world was able to DTRT on
: their outward-facing gateway and send back an immediate 550 on a RCPT TO:
: in order to stop stuff right up front. However, this implies getting
: buy-in and resources of all th
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
: > Quite frankly, I'm at a loss as to why anyone would wish to accept
: > and queue mail that they cannot deliver.
: Well.. you're somewhat right - *IF* the mail gateway is able to make the
: determination quickly and definitively,
That "if" is
On Tue, 18 May 2004 15:48:28 EDT, "Christopher X. Candreva" <[EMAIL PROTECTED]> said:
> What would your auditor think about your secondary MX being used as a DOS
> amplifier because it sends out thousands of bogus bounces to forged
> addresses ?
You're missing the main point - that sometimes
On Mon, 17 May 2004, Jared B. Reimer wrote:
: >We had this problem when our inbound-smtp server ( the server the
: >barracuda is dumping mail to) was accepting all RCPT TOs
: This is a pretty serious flaw IMHO, if it is (in fact) true. qmail isn't
: the only mailer that behaves this way.
And,
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
So your auditor wouldn't mind if you kept an unencrypted list of credit card
numbers on a DMZ box, because if somebody hacks the box they can gather those
over time? :)
This is hardly the same thing. E-mail addresses are public, credit card
numbers are
On Tue, 18 May 2004 14:31:21 CDT, Steve Drees said:
> if I 0wn your mail gateway I can generate a list of valid accounts over
> time. On a busy host over a short period of time.
So your auditor wouldn't mind if you kept an unencrypted list of credit card
numbers on a DMZ box, because if somebody
On Tue, 18 May 2004 14:52:54 EDT, "Christopher X. Candreva" <[EMAIL PROTECTED]> said:
> Or push a list of valid addresses to the secondaries that they keep locally
> and use, update as needed. You don't need to 'authenticate' -- just know
> what is/isn't valid.
Remember to ask the auditors wh
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
and then forward it to an internal machine that actually knew what mailboxes
were valid addresses. If you don't do that, then you have to make your
authentication system visible to machines on your DMZ, which has it's
own touchy implications
Or push
On Tue, 18 May 2004 10:11:20 PDT, "Majdi S. Abbas" said:
> Quite frankly, I'm at a loss as to why anyone would wish to accept
> and queue mail that they cannot deliver. Queuing everything just allocates
> disk unnecessarily and results in a lot of delayed bounce backscatter,
> almost always
On Mon, May 17, 2004 at 02:26:37PM -0700, Jared B. Reimer wrote:
> This is a pretty serious flaw IMHO, if it is (in fact) true. qmail isn't
> the only mailer that behaves this way. It looks like they may have tried
> to kludge their way around this with LDAP in the case of MS Exchange, which
Matt
I agree that everything the Barracuda does can be done by hand. I had a
choice of either spending $4k for a 'set it and forget it' type spam
solution or continue to spend days per month of my time tweaking my old
setup. I chose to go with the commercial route which will easily save
me $
On May 18, 2004, at 4:13 AM, Martin Hepworth wrote:
Matthew
Spamassassin needs quite a bit of tweaking above the out of the box
setup. I run about 7000 messages a day here, 70% spam, .5% virus
(clamav and Sophos), very very rarely a FP. I get bove 99% hit rate
after adding in bayes, serveral ad
All
Sorry that should should be http://www.rulesemporium.com/
also worthwhile adding in the surbl.org plugin for SA, which adds alot
less CPU time than the bigvil etc rules.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Martin Hepworth wrote:
Matthew
Spama
Matthew
Spamassassin needs quite a bit of tweaking above the out of the box
setup. I run about 7000 messages a day here, 70% spam, .5% virus (clamav
and Sophos), very very rarely a FP. I get bove 99% hit rate after adding
in bayes, serveral additional rules from www.rulesemporium.org and the
UR
On Mon, 17 May 2004, Jared B. Reimer wrote:
> >We had this problem when our inbound-smtp server ( the server the
> >barracuda is dumping mail to) was accepting all RCPT TOs: As a result
> >dictionary attacks were getting through and creating 'unique recipients'
> >on the Barracuda. As soon as
Did you not receive some basic support from them during your
evaluation? A perceived 90% drop in performance is pretty significant
and I'd imagine that they'd be interested in helping to determine the
cause.
Sadly, they have not responded to my email on the topic, sent four days ago.
However, some
Hi!
> Not to thread jack or anything, but when I first moved our cluster to
> Spam Assassin, I was disappointed at the amount of messages that would
> get past Spam Assassin at even a low threshold of 2.
>
> I Googled around and found a bunch of rulesets that once installed,
> started tagging th
At 05:00 PM 17/05/2004, Joe Boyce wrote:
Not to thread jack or anything, but when I first moved our cluster to
Spam Assassin, I was disappointed at the amount of messages that would
get past Spam Assassin at even a low threshold of 2.
I Googled around and found a bunch of rulesets that once install
>>> "Jared B. Reimer" <[EMAIL PROTECTED]> 5/17/04 2:48:16 PM >>>
>We have done an eval of this same product (model 400). It is very
cool in
>virtually every regard except one: performance. We were facing 1+
hour
>mail delays (!) through the device when pumping less than 1,000,000
>messages pe
ent: Monday, May 17, 2004 3:48 PM
To: Claydon, Tom
Cc: [EMAIL PROTECTED]
Subject: Re: Barracuda Networks Spam Firewall
We have done an eval of this same product (model 400). It is very cool
in
virtually every regard except one: performance. We were facing 1+ hour
mail delays (!) through the
Monday, May 17, 2004, 12:32:29 PM, you wrote:
MC> My old setup was 4 dual-PIII 550Mhz, 1 GIg RAM running
MC> Qmail/Qmail-ldap/spamassasin/F-Secure AV. My inbox would get 300+
MC> spams/day, many of them not tagged at all
MC> This setup would melt on a regular basis when spam floods would come
We have done an eval of this same product (model 400). It is very cool in
virtually every regard except one: performance. We were facing 1+ hour
mail delays (!) through the device when pumping less than 1,000,000
messages per day through it. Given that they claim it can handle ten
times tha
On May 17, 2004, at 2:35 PM, Claydon, Tom wrote:
Doing evaluations on anti-spam, anti-virus solutions, and ran across
this:
http://www.barracudanetworks.com/
Looks like a good box -- even won an Editor's Choice award from Network
Computing recently.
Does anyone on list have any experience with the
71 matches
Mail list logo