We are running our own email server hosted locally using IBM Lotus Domino Server. Last year we acquired Barracuda Email Security Gateway hardware device (BSFI300a) to filter spam/junk emails. It came along with 1 Year Total Protection Plus & 1 Year IR (instant replacement). Hardware quality is enterprise grade & we haven’t encountered any failure so far.
Barracuda usage in our organization ~
For some reasons, we are using this device to filter incoming emails only. Outgoing emails are delivered to recipient/destination email server directly from our Domino server via main gateway router (bypassing barracuda for outgoing emails). This was done for better tracking of outgoing/sent emails as domino provides more detailed log as compared to barracuda. But IMO its better to use antispam device/app as centralized gateway to filter/control both incoming/outgoing email transactions.
Barracuda effectiveness in filtering Spam ~
If we talk in percentage basis, it is blocking spam upto 96-97 % effectively. We regularly review its message logs and report uncatched spam to Barracuda central spam & we never receive such email from that host further, so there monitoring team is reviewing the submission actively I suppose. The biggest advantage is that it have variety of filtering options, we enabled Reverse DNS entry check up / SPF and few other rules, and our biggest headache of SPOOFED emails got solved.
Past experience with Symantec SMSDOM ~
Before this we were using Symantec Mail security for domino base application for about 10 years but it got discontinued & declared EOL. SMSDOM filtering was not much effective & was a constant headache for us. on an average it was blocking just an average of 80%. spoofed emails was the biggest issue, and then it was not able to scan files inside archive, plus the famous issue of PDF archive.
Barracuda Hardware Specs for 300 Model
Some Snapshots …
Tip’s & Common Usage
Following are few short notes for reference purposes. First Login to Barracuda with admin account,
Device Web Management Port
- 8000
View email messages LOG
Goto Basic > Message Log
Whitelist Users (bypass from filtering)
- on Admin Panel goto
- Block/Accept
- Sender Filters
Here you can add Allowed / Blocked email + Domains to add them in allow/block list
SMTP Banner / Attachment Size Limit / SPF,Helo, Ehlo settings
Goto ADVANCED > Email Protocol
TIP: Enabling SPF really helps ! but make sure you have proper SPF record on your domain dns server
Ping/Dig/Telnet Test / View LIVE Mail process Log
Goto ADVANCED > Troubleshooting
Firmware Update
Goto ADVANCED > Firmware Update
IP + DNS configuration / Destination Mail Server / Barracuda Hostname Page
Goto Basic > IP Configuration
Password Change / Log Management / System Management like reset logs,restart,shutdown
Goto Basic > IP Configuration > Administration
Allow/Block Domain
Goto Basic > BASIC > BLOCK/ACCEPT > Sender Filters
Blocking Marketing & Tagged emails
Block specific extensions
Goto BASIC > BLOCK/ACCEPT > Attachment Filters
Block MS OFFICE macros
Goto
- Block/Accept
- Attachment Filters
Blocking particular emails using Content filter,
example If want to block emails if it have particular word in subject,header,body
Check Queued emails
Goto Advanced > Queue Management
Device Backup/Restore/Scheduled
Goto Advanced > Backups
NTP configuration
Goto Advanced >Advanced Networking
* Block SPOOFED messages *
Goto `DOMAINS` > `DOMAIN MANAGER`
under `Current Domain Count` , click on `MANAGE Domain`
then goto `ADVANCED` > `Email Protocols`
& select `YES` under `Reject messages from my domain`
Also read this regarding SPOOFED bypass check.
Will keep adding more information as explored or requested.
General Tips for better email acceptance at remote email servers on internet
Following are general tips every email administrator must follow to avoid there email rejection at different internet hosts.
- Make sure your ISP have IP PTR record against your email server name, example if you have acquire public IP from the ISP, ask them to create reverse DNS / PTR record for this IP against your MAIL Server public ip
Example IP 1.2.3.4 should resolve to > mail.xyz.com - Setup an A record in web site DNS for the Server Name to resolve to the IP
- example mail.xyz.com should resolve ip to > 1.2.3.4
- Add your SPF record with the correct details (Add all SMTP relays in it if you are using SMTP relay of your ISP)
- SMTP welcome banner should be your email server FQDN
- Make sure you have valid SPF record to avoid spoofing your domain name bys pammers, Gmail highly recommend it as well.
- Adding DKIM/DMARC against your domain name is a good addition.
- Try using your ISP SMTP as relay as first line,
Some online tools to check for email server
The most effective way to check your domain and email server health is to visit following URL
A good looking record should be something like this
Domain name MX Record Test
EMAIL Server TEST
Domain Name SPF Record Test
PROBLEMS & Their workarounds/solutions !
This happened second time that barracuda SMTP Transaction response were getting very slow, & inbound emails were arriving very slowly with 3-5 minutes of delay. example if we test it from outside, (mxtools)
“SMTP Transaction Time 18.341 seconds – Not good! on Transaction Time”
It starts to work fine after a reboot & the smtp transaction times drops to 2-3 seconds only. also if we bypass barracuda (routing rules) it works fine.
Performance Statistics HelpIn/Out Queue Size: 0/0 Average Latency: 88 seconds Last Message: 1 minute ago Unique Recipients: 276 System Load: 2% CPU 1 Fan Speed: 4143 RPM System Fan 1 Speed: 8333 RPM CPU 1 Temperature: 28.0°C System Temperature 2: 23.0°C Temperature 1: 27.8°C Temperature 2: 29.8°C Firmware Storage: 62% Mail/Log Storage: 18%
Yesterday we contacted barracuda support, and they did some tuneup late night via tunnel support & replied “they have allocated more resources to the appliance to give it more to work with, which will help the device process emails”
and from this morning we are seeing normal response in smtp transaction time. we will keep monitoring & update.
March 2019 Updates: It seems that tuning done by barracuda support team have solved the issue. there is no more extra delays in INBOUND smtp transaction.
Configuring ATP , Advanced Threat protection along with CPL [cloud protection layer]
WE acquired the barracuda device along with Total Protection Plus that included ATP also. initially we thought that ATP is built in feature in this device that is enabled by the Total threat protection bundle package , but after 10 months of usage, it came to our knowledge that you need to enable ATP viac configuring CPL option in the device , for this you need account and device registration at
https://login.barracudanetworks.com/account
in Barracuda ESG ,
- Goto Advance
- Cloud Control
- & select YES for Connect to Barracuda Cloud Control
Enter account details and press SAVE, and shortly it will connect with the barracuda Cloud.
You can then see your appliance “https://bcc.barracudanetworks.com/cgi-mod/index.cgi”
Some points to be noted.
- In your website domain panel, make sure you modify MX entries, so that all inbound emails should first arrive on barracuda data center (depends on what region data center you selected) , then in CPL , DOMAINS, add your domain and email server there,
we selected US Region when setting up CPL online, and used following in our web site domain dns MX records.
- Primary: d180739a.ess.barracudanetworks.com
- Backup: d180739b.ess.barracudanetworks.com
this way all inbound will arrive on barracuda , filter/scan and it will forward them to your mail server IP, where barracuda must be in front which will then forward it to your local server.
- Under your Barracuda ESG device, make sure to exempt traffic coming from barracuda cloud ip range list, under rate control .
IP range can be found here.
Now we have enabled the barracuda cloud control and in our web site public dns, we have changed MX record from 1.2.3.4 to use barracuda cloud x.x.x.x, so all of our inbound emails are now first arriving on barracuda cloud which then filter and send it to our 1.2.3.4 which filter and forward it to ESG (via our firewall router)
- To enhance more security on smtp port on firewall router, we have no altered the smtp forward rule and accept smtp traffic only from barracuda cloud ip ranges, this way we have got rid od many authentication / hacking / knocking request on SMTP port
🙂
Regard’s
Syed Jahanzaib
Syed Jahanzaib - Personal Blog to Share Knowledge ! 