Syed Jahanzaib Personal Blog to Share Knowledge !

February 14, 2019

Barracuda Email Security Gateway – Short Notes

Filed under: Emails - Antispam — Tags: , — Syed Jahanzaib / Pinochio~:) @ 12:58 PM

barracuda.jpg

We are running our own email server hosted locally using IBM Lotus Domino Server. Last year we acquired Barracuda Email Security Gateway hardware device (BSFI300a) to filter spam/junk emails. It came along with 1 Year Total Protection Plus & 1 Year IR (instant replacement). Hardware quality is enterprise grade & we haven’t encountered any failure so far.

 

Barracuda usage in our organization ~

For some reasons, we are using this device to filter incoming emails only. Outgoing emails are delivered to recipient/destination email server directly from our Domino server via main gateway router (bypassing barracuda for outgoing emails). This was done for better tracking of outgoing/sent emails as domino provides more detailed log as compared to barracuda. But IMO its better to use antispam device/app as centralized gateway to filter/control both incoming/outgoing email transactions.

 

Barracuda effectiveness in filtering Spam ~

If we talk in percentage basis, it is blocking spam upto 96-97 % effectively. We regularly review its message logs and report uncatched spam to Barracuda central spam & we never receive such email from that host further, so there monitoring team is reviewing the submission actively I suppose. The biggest advantage is that it have variety of filtering options, we enabled Reverse DNS entry check up / SPF and few other rules, and our biggest headache of SPOOFED emails got solved.

 

Past experience with Symantec SMSDOM ~

Before this we were using Symantec Mail security for domino base application  for about 10 years but it got discontinued & declared EOL. SMSDOM filtering was not much effective & was a constant headache for us. on an average it was blocking just an average of 80%. spoofed emails was the biggest issue, and then it was not able to scan files inside archive, plus the famous issue of PDF archive.

Barracuda Hardware Specs for 300 Model

barracuda 300 user support

barracuda 300 user other specst


Some Snapshots …

barracuda 300 - dashboard part 1

barracuda 300 - dashboard part 2

 

barracuda 300 - dashboard part 3.PNG

 


Tip’s & Common Usage

Following are few short notes for reference purposes. First Login to Barracuda with admin account,

Device Web Management Port

  • 8000

View email messages LOG

Goto Basic > Message Log

SMTP Banner / Attachment Size Limit / SPF,Helo, Ehlo settings

Goto  ADVANCED > Email Protocol

TIP: Enabling SPF really helps ! but make sure you have proper SPF record on your domain dns server

spf.PNG

Ping/Dig/Telnet Test / View LIVE Mail process Log

Goto  ADVANCED > Troubleshooting

Firmware Update

Goto ADVANCED > Firmware Update

IP + DNS configuration / Destination Mail Server / Barracuda Hostname Page

Goto Basic > IP Configuration

Password Change / Log Management / System Management like reset logs,restart,shutdown

Goto Basic > IP Configuration > Administration

Allow/Block Domain

Goto Basic > BASIC > BLOCK/ACCEPT > Sender Filters

Blocking Marketing & Tagged emails

block mkt emails

 

Block specific extensions

Goto BASIC > BLOCK/ACCEPT > Attachment Filters

attach.PNG

Blocking particular emails using Content filter,

example If want to block emails if it have particular word in subject,header,body

content filter

Check Queued emails

Goto Advanced > Queue Management

Device Backup/Restore/Scheduled

Goto Advanced > Backups

NTP configuration

Goto Advanced >Advanced Networking

* Block SPOOFED messages *

Goto `DOMAINS` > `DOMAIN MANAGER`

under `Current Domain Count` , click on `MANAGE Domain`

then goto `ADVANCED` > `Email Protocols`

& select `YES` under `Reject messages from my domain`

spoofed block.PNG

Also read this regarding SPOOFED bypass check.


Will keep adding more information as explored or requested.


General Tips for better email acceptance at remote email servers on internet

Following are general tips every email administrator must follow to avoid there email rejection at different internet hosts.

  • Make sure your ISP have IP PTR record against your email server name, example if you have acquire public IP from the ISP, ask them to create reverse DNS / PTR record for this IP against your MAIL Server public ip
    Example IP 1.2.3.4 should resolve to > mail.xyz.com
  • Setup an A record in web site DNS for the Server Name to resolve to the IP
  • example mail.xyz.com  should resolve ip to > 1.2.3.4
  • Add your SPF record with the correct details (Add all SMTP relays in it if you are using SMTP relay of your ISP)
  • SMTP welcome banner should be your email server FQDN
  • Make sure you have valid SPF record to avoid spoofing your domain name bys pammers, Gmail highly recommend it as well.
  • Adding DKIM/DMARC against your domain name is a good addition.
  • Try using your ISP SMTP as relay as first line,

Some online tools to check for email server


The most effective way to check your domain and email server health is to visit following URL

https://mxtoolbox.com/domain

A good looking record should be something like this

Domain name MX Record Test

mxtools ms record test.PNG

EMAIL Server TEST

mxtools emails test record test.PNG

Domain Name SPF Record Test

mxtools spf record test.PNG

 


PROBLEMS & Their workarounds/solutions !

This happened second time that barracuda SMTP Transaction response were getting very slow, & inbound emails were arriving very slowly with 3-5 minutes of delay. example if we test it from outside, (mxtools)

“SMTP Transaction Time 18.341 seconds – Not good! on Transaction Time”

It starts to work fine after a reboot & the smtp transaction times drops to 2-3 seconds only. also if we bypass barracuda (routing rules) it works fine.

Other Details: our Internet connectivity: very good
Firmware Latest : v8.1.0.003 [as of march 2019]
Performance Statistics
HelpIn/Out Queue Size: 0/0
Average Latency: 88 seconds 
Last Message: 1 minute ago 
Unique Recipients: 276 
System Load: 2% 
CPU 1 Fan Speed: 4143 RPM 
System Fan 1 Speed: 8333 RPM 
CPU 1 Temperature: 28.0°C 
System Temperature 2: 23.0°C
Temperature 1: 27.8°C 
Temperature 2: 29.8°C 
Firmware Storage: 62% 
Mail/Log Storage: 18%

Yesterday we contacted barracuda support, and they did some tuneup late night via tunnel support & replied “they have allocated more resources to the appliance to give it more to work with, which will help the device process emails

and from this morning we are seeing normal response in smtp transaction time. we will keep monitoring & update.

March 2019 Updates: It seems that tuning done by barracuda support team have solved the issue. there is no more extra delays in INBOUND smtp transaction.


Configuring ATP , Advanced Threat protection along with CPL [cloud protection layer]

WE acquired the barracuda device along with Total Protection Plus that included ATP also. initially we thought that ATP is built in feature in this device that is enabled by the Total threat protection bundle package , but after 10 months of usage, it came to our knowledge that you need to enable ATP viac configuring CPL option in the device , for this you need account and device registration at

https://login.barracudanetworks.com/account

in Barracuda ESG ,

  • Goto Advance
  • Cloud Control
  • & select YES for Connect to Barracuda Cloud Control

Enter account details and press SAVE, and shortly it will connect with the barracuda Cloud.

You can then see your appliance “https://bcc.barracudanetworks.com/cgi-mod/index.cgi”

barracuda cloud control cp;.PNG

Some points to be noted.

  • In your website domain panel, make sure you modify MX entries, so that all inbound emails should first arrive on barracuda data center (depends on what region data center you selected) , then in CPL , DOMAINS, add your domain and email server there,

we selected US Region when setting up CPL online, and used following in our web site domain dns MX records.

  • Primary: d180739a.ess.barracudanetworks.com
  • Backup: d180739b.ess.barracudanetworks.com

this way all inbound will arrive on barracuda , filter/scan and it will forward them to your mail server IP, where barracuda must be in front which will then forward it to your local server.

barracuda domain setting.PNG

  • Under your Barracuda ESG device, make sure to exempt traffic coming from barracuda cloud ip range list,  under rate control .

IP range can be found here.

https://campus.barracuda.com/product/emailsecuritygateway/doc/78807368/cloud-protection-layer-ip-ranges

Now we have enabled the barracuda cloud control and in our web site public dns, we have changed MX record from 1.2.3.4 to use barracuda cloud x.x.x.x, so all of our inbound emails are now first arriving on barracuda cloud which then filter and send it to our 1.2.3.4 which filter and forward it to ESG (via our firewall router)

  • To enhance more security on smtp port on firewall router, we have no altered the smtp forward rule and accept smtp traffic only from barracuda cloud ip ranges, this way we have got rid od many authentication / hacking / knocking request on SMTP port

🙂


Regard’s
Syed Jahanzaib

 

%d bloggers like this: