Barracuda spam appliance 2

[zacksack]

I have recently been given the task to administer our Barracuda since the guy who was running it left the company BUT I have no experience with this device so I was looking for some guidance.

Our Barracuda is doing a great job blocking 80% of the incoming emails.

Our CIO has concerns that the Barracuda can’t handle our traffic! We only receive 15,000 emails/day on avg. We're using a 400 series model which says can handle 5 million a day. Management thinks its dropping emails; employees have complained that they are not receiving emails.

Our network is set up like this;

Internet > SendMail > Barracuda > MS Exchange

Im wondering if our relay server isnt functioning properly and dropping messages.
Does it make sense to have this send mail relay server in front of the Cuda? Or can we use the Cuda as a mail relay?

There new idea is to remove the Barracuda (a device we paid $8000 for and its working) and install spamassassin on the relay server.

Thanks in advance for any advice

Zack

 

[slylos]

I think SpamAssassin is a great idea, I have had great experiences with it. However, why throw away $8000? The emails could be dropping at any point in that line, I believe the best configuration is

Internet > Barracuda > MS Exchange

One of their FAQ's says:

"What happens to quarantined email?
Quarantined email is sent to a mailbox specified by the administrator. With the exception of viruses, email messages are stored in their entirety, and can be retrieved should the need arise. Per user quarantined email, if available (model 300 and higher), is stored on the Barracuda Spam Firewall itself.

 

[thedaver]

If you could do, I would endorse putting a single-purpose gateway made from qmail with the "chkuser" patch between the internet and your 'cuda. It's sole purpose would be to filter by valid incoming email name. It would reject dictionary attacks that I find are so prevalent.

Assuming you discard all incoming mail not matched to a valid user at this gateway, then the 'cudas business is solely to deal with spam/virus filtering for known users.

Frankly, I think you need to bone up a bit on monitoring and reporting from the 'cuda to show stats to mgt on its effectiveness and outcomes of mail handling decisions.

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[zacksack]

I have the Quarantine function disabled.

SpamAssassin is good but Barracuda has 10 layers of defense and guess what one of them is? SpamAssassin If I remove Barracuda I will loose those 9 other layers of defense such as Virus protection yesterday alone it blocked 943 viruses.

Is there any logical reason to have that relay server in front of Barracuda? Security? anything?

Thanks for the reply

Zack

 

[thedaver]

I think you've failed to understand what qmail can do. When patched, qmail can block email on:

1) invalid recipient
2) virus detection
3) string detection
4) spam detection
5) learned spam criteria detection
6) RBL/DNSBL block lists
7) TMDA
8) banned senders by domain or email name

etc.

You have a sunk cost in Barracuda. If you're happy with it, keep it. If you don't understand it, move on.


D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[zacksack]

Sorry thedaver I was replying to the previous post. I didnt see your response until I posted my response to slylos post.

Thanks for everyones suggestions!

Zack

 

[slylos]

I wasn't saying you should do away with the 'cuda, I was saying you should *keep* it, and use it as your only email gateway. Or a better solution might be the one thedaver is suggesting - using qmail as the entry gateway to match incoming mail against user accounts.