Barracuda Spam Firewall Review
Barracuda Spam Firewall is an excellent appliance which
takes open source apps like spamassasin and clamav and builds an extremely
easy to manage web GUI. Barracuda maintains their own
virus definitions. The barracuda appliance is for corporate use and I'd
say you need to be running your own email server with at least 100 or
more users to make it cost-effective. The 300 spam firewall model has
per-user quarantine which allows each individual user
to classify messages in their quarantine as SPAM or NOT
SPAM thus training the bayesian filter. 400 model adds RAID.
One downside the barracuda scans only incoming messages
for viruses. However, I was told as of Feb 2005 basically you just buy
another barracuda appliance and upon setting it up you can choose incoming
or outgoing mode.
Daily Mail Statiscs looks basically the same as hourly.
Gives a good general overview to monitor if too many are being tagged
Had to cut off screenshot...for message also gives Reason, Score,
Source IP and has Preferences button.
Non sosphisticated users have trouble setting up their own client based
rules/filters so I didn't use Subject Tag. Quarantine
score obviously you start out high and once you start training
the Bayesian database then you can lower it to say 3.5.
As long as your users don't complain more than say 2% of legitimate emails
end up in their quarantine. Users also have the ability to whitelist
email addresses so they'll get through if for whatever reason
they keep ending up in their quarantine.
Virus checking initially had trouble with certain archive attachments
but now it's really excellent.
You could do global quarantine and then it'd be up to
a single email administrator to classify which messages are spam and not
spam. Highly recommend to enable per-user quarantine and it's up to them
to reduce amount of spam ended up in their INBOXes.
To setup you just change your MX (mail transfer) record
in your Domain record to point to the barracuda's IP and in the Destination
Mail Server just put you IP of your existing email server.
Message Log Privacy is extremely helpful (doesn't show
entire message but just enough) for the email administrator to go through
and get a detailed view of which messages are getting quarantine, blocked,
tag or allowed through.
Barracuda Bayesian Learning is probably the most important
tool to combat spam. Spammer techniques will always change and evolve
so having the ability to classify messages as spam you enable the barracuda
to properly filter and reduce new spam that has made it past existing
spam databases. Don't forget it's just as important to classify messages
as Not Spam.
Blacklists cut down on a huge amount of spam and are
a big part of the overall equation of discarding unwanted spam emails.
Don't get too carried away as they are quite a bit of other blacklists
but the default ones do a pretty decent job.
IP Block/Accept, Sender Domain Block/Accept, Email Sender Block/Accept,
Email Recipient Block/Accept all pretty much have the same configuration
allowing you to Block, Quarantine, or Tag if they meet
the criteria you set.
Attachment Filtering assists in keeping out many known
destructive email attachments.
Subject Filtering, Body Filtering, and Header Filtering
all have the same configuration setup.
Account Overview I didn't show (due to privacy issues)
but basically it lists all users and you can view their quarantined messages
if they need assistance, etc. A user isn't added unless they've had at
least one message quarantined. Users section is pretty
Highly recommend to Email New User(s) so they know they
have messages waiting in their quarantine inbox.
Do before a firmware update.
Domains just add them and the IP of the mail server.
LDAP in my experience doesn't work well on non MS Exchange Mail Servers.
All it's doing is if the email address is bogus saves it from the mail
server from processing it.
SPF by popular demand. Incoming SMTP Timeout
forces the sending relay mail server to wait 30 seconds before sending.
Many spam relays who send out millions a day don't want to wait around.
Rate Control helps elminate or substantially reduce your
email server from mail bombing.
Highly recommended before doing a firmware update.
Automatic hourly updates for both Spam Definitions
and Virus Definitions....nice.
Download new firmware and wait a minute or so and it'll reboot and you'll
be ready to go. Simple as that.
Many wish to archive permenant logs may do so with syslog.
SSL you can have your remote users, login securely to
manage their quarantine inbox. Save some cash and generate a Private
China...hmmm..reminds me of the movie with Richard Gere called Red Corner.
Easily customize your own Banned File messages
Common network troubleshooting utilities in a nice web-gui.
Reports show a nice graphical overview of the barracuda
statistical spam filtering, viruses, etc.
Report Type: Top Spam Senders, Top Spam Senders, Top Spam Recipients,
Top Email Recipients, Top Viruses, Top Rate Controlled
Chart Type: Pie, Vertical Bars or Horizontal Bars
Updated Jun 25, 2005