Version Barracuda Spam Firewall Administrator’s Guide Barracuda Networks Inc. 385 Ravendale Drive Mountain View, CA 94043 http://www.barracudanetworks.
Copyright Notice Copyright 2005, Barracuda Networks www.barracudanetworks.com v3.2.22 All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice. Trademarks Barracuda Spam Firewall is a trademark of Barracuda Networks. All other brand and product names mentioned in this document are registered trademarks or trademarks of their respective holders.
Contents Chapter 1 – Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 9 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Energize Updates Minimize Administration and Maximize Protection Understanding Spam Scoring . . . . . . . . . . . . . . . . . . Inbound and Outbound Modes . . . . . . . . . . . . . . . . . . . . Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . Warranty Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . .
C h a p t e r 4 – B a s i c Ta b . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Monitoring System Status . . . . . . . . . . . . . . . . . . . . . Using the Status page . . . . . . . . . . . . . . . . . . . . . . . Email Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . Performance Statistics . . . . . . . . . . . . . . . . . . . . . . Subscription Status . . . . . . . . . . . . . . . . . . . . . . . . Hourly and Daily Mail Statistics . . . . . . . . . . . . . . . . . .
Subject Line Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Body Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Header Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 C h a p t e r 6 – M a n a g i n g A c c o u n ts a n d D o m a i n s . . . . . . . . 69 How the Barracuda Spam Firewall Creates New Accounts . . . Viewing User Accounts . . . . . . . . . . . . . . . . . . . . . Using Filters to Locate Accounts . . . .
Generating System Reports . . . . . . . . . . . . . . . Displaying and Emailing Reports . . . . . . . . . . . . Automating the Delivery of Daily System Reports . . . Specifying Report Properties . . . . . . . . . . . . . . Example Report . . . . . . . . . . . . . . . . . . . . . Enabling SMTP over TLS/SSL . . . . . . . . . . . . . Using the Task Manager to Monitor System Tasks . . . Replacing a Failed System . . . . . . . . . . . . . . . Rebooting the System in Recovery Mode. . . . . . . .
Appendix 2 – Limited Warranty and Licensing 133 Exclusive Remedy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Exclusions and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Open Source Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Appendix 3 – C o m p l i a n c e . . . . . . . . . . . . . . . . . . . . 137 Notice for the USA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Notice for Canada . . . . . . . . . . . . . . . . .
viii Barracuda Spam Firewall Administrator’s Guide
Chapter 1 Introduction This chapter provides an overview of the Barracuda Spam Firewall and includes the following topics: Overview ............................................................................................ 10 Barracuda Spam Firewall Models ..................................................... 13 Energize Updates Minimize Administration and Maximize Protection10 Inbound and Outbound Modes .......................................................... 12 Technical Support ......................
Overview The Barracuda Spam Firewall is an integrated hardware and software solution that provides powerful and scalable spam and virus-blocking capabilities that do not impede the performance of your e-mail servers. The system has no per-user license fee and can be scaled to support tens of thousands of active e-mail users. Using the Web-based administration interface, you can configure up to ten defense layers that protect your users from spam and viruses.
Energize Updates provide your Barracuda Spam Firewall with the following benefits: • • • • Access to known offending IP addresses Known spam messages instantly blocked Known spam content blocked Virus definitions constantly updated The following figure shows how Barracuda Central provides the latest spam and virus definitions through Energize. Figure 1.
Inbound and Outbound Modes The Barracuda Spam Firewall can be configured in one of the following two modes: • • Inbound Mode (default) scans all incoming messages for viruses and spam probability. This mode ensures all e-mail delivered to your users is virus-free and legitimate. Outbound Mode scans all outgoing messages (from your users) for viruses and spam probability. This mode ensures all e-mail leaving your network is virus-free and legitimate.
Barracuda Spam Firewall Models The Barracuda Spam Firewall comes in a variety of models. Refer to the following table for the capacity and features available on each model: Table 1.
Table 1.1: Model 800 Model 900 Hot Swap Redundant Disk Array (RAID) 9 9 Hot Swap Redundant Power Supply 9 9 Feature Model 200 Model 300 Model 400 Model 600 9 Network Storage Locating Information in this Document • This section lists the topics associated with each page in the administration interface. Basic Tab The following table lists the topics associated with each page on the Basic tab. Table 1.2: Admin Interface Page Refer to...
Block/Accept Tab The following table lists the topics associated with each page on the Block/Accept tab. Table 1.3: Admin Interface Page Refer to...
Table 1.5: Admin Interface Page Refer to... Domain Manager Adding New Domains on page 75 Editing Domain Settings on page 76 Using LDAP to Authenticate Message Recipients on page 77 Advanced Tab The following table lists the topics associated with each page on the Advanced tab. Table 1.6: 16 Admin Interface Page Refer to...
Table 1.6: Admin Interface Page Refer to...
Barracuda Spam Firewall Administrator’s Guide
Chapter 2 Pre-installation This chapter provides an overview of the Barracuda Spam Firewall deployment issues that you must consider before you install the Barracuda Spam Firewall on your network.
Deployment Types When deciding how best to deploy your Barracuda IM Firewall, consider both the capabilities of the Barracuda IM Firewall and the components in your network. You can deploy the appliance in a variety of deployment types depending on your needs. The Barracuda IM Firewall provides the flexibility to meet the needs of complex enterprise networks.
Standard Network Configuration Deployment Standard Network Configuration requires all Internet requests to pass through the Barracuda Spam Firewall. The Barracuda Spam Firewall is installed directly to the Internet firewall/router. With the Barracuda Spam Firewall connected to your core Internet network components, it is able to filter and scan all Internet traffic requests. It performs content filtering and scans downloads for spam and viruses.
ISP Installation Deployment This deployment type is typically used by Internet Service Providers. The Barracuda Spam Firewall is configured to interact with these providers. In this deployment, the Barracuda Spam Firewall detects all network traffic. The proxy server connects directly to the Barracuda Spam Firewall LAN port. The Barracuda Spam Firewall scans for all inbound and outbound HTTP traffic from the proxy server. All outbound traffic on other ports are scanned for normal spam communication.
High Availability Deployment The High Availability deployment is configured in two separate networks and these networks are then clustered to interact with one another. You can combine the Barracuda Spam Firewall appliance with other nodes and appliances into a cluster. One node within the cluster functions as the master node, and the others act as slaves. You can access and configure all nodes in the cluster from the same Web GUI.
Barracuda Spam Firewall Installation Guide
Chapter 3 Setup This chapter covers: Installation Examples ........................................................................ 32 Barracuda Spam Firewall Behind Corporate Firewall ..................... 32 Barracuda Spam Firewall in the DMZ .............................................. 33 Configuring your System for Outbound Mode................................... 33 Outbound Mode Configuration Process ............................................ 34 Changing to Outbound Mode ...........................
• • • • Ethernet cables Mounting rails (models 600, 800, and 900 only) VGA monitor (recommended) PS2 keyboard (recommended) Step 2. Choose a Setup Type Choose the Standard Network Configuration, the ISP Installation, or the High Availability Configuration Deployment.. Step 3. Install the Barracuda Spam Firewall To physically install the Barracuda Spam Firewall: 1. Fasten the Barracuda Spam Firewall to a standard 19-inch rack or other stable location.
Step 3. Configure the System IP Address and Network Settings The Barracuda Spam Firewall is given a default IP address of 192.168.200.200. You can change this address by doing either of the following: • • Connecting directly to the Barracuda Spam Firewall and specifying a new IP address through the console interface, or Pushing and holding the Reset button on the front panel. Holding the Reset button for 8 seconds changes the default IP address to 192.168.1.200.
Step 5. Configure the Barracuda Spam Firewall After specifying the IP address of the system and opening the necessary ports on your firewall, you need to configure the Barracuda Spam Firewall from the administration interface. Make sure the computer from which you configure the Barracuda Spam Firewall is connected to the same network and the appropriate routing is in place to allow connection to the Barracuda Spam Firewall’s IP address via a Web browser. To configure the Barracuda Spam Firewall: 1.
Table 3.2: Fields Description Allowed Email Recipients Domain(s) The domains managed by the Barracuda Spam Firewall. Make sure this list is complete. The Barracuda Spam Firewall rejects all incoming messages addresses to domains not in this list. To allow messages for all domains that match your mail server, put an asterisk (*) in this field. Note: One Barracuda Spam Firewall can support multiple domains and mail servers.
Spam Firewall receives the latest virus and spam updates from Barracuda Central. The Energize Update service is responsible for downloading these virus and spam definitions to your system. To check your subscription status: 1. Select Basic > Status. 2. In the Subscription Status section, verify the word current appears next to Energize Updates and Replacement Service (if purchased). The following graphic shows the location of the Subscription Status section. Verify your subscriptions are current 3.
Step 8. Route Incoming Email to the Barracuda Spam Firewall The next step in setting up your Barracuda Spam Firewall is to route incoming e-mail to the system so it can scan incoming messages for spam and viruses.
The following table describes the most common tasks you should perform when first tuning your system. Table 3.
• • Forward (port redirection) incoming SMTP traffic on port 25 to the Barracuda Spam Firewall at 10.10.10.3. Configure the Barracuda Spam Firewall to forward filtered messages to the destination mail server at 10.10.10.2. There is no need to modify any MX records for this type of setup. Barracuda Spam Firewall in the DMZ The figure below shows the Barracuda Spam Firewall in front of your corporate firewall in the DMZ. In this example, the Mail Server has an IP address of 10.10.10.
Outbound Mode Configuration Process Your Barracuda Spam Firewall can only operate in one of these two modes. By default, all Barracuda Spam Firewalls are configured for inbound mode when shipped. Follow this general process to set up your Barracuda Spam Firewall for outbound mode: 1. Complete steps 1-7 described earlier in this chapter. 2. Change the mode of your Barracuda Spam Firewall from inbound to outbound (described on page 34). 3. Set up your e-mail server as a smart/relay host.
Table 3.4: Email Server Refer to... Lotus Domino Server http://www12.lotus.com/ldd/doc/domino_notes/Rnext/help6_admin.
Barracuda Spam Firewall Administrator’s Guide
Chapter 4 Basic Tab This chapter covers basic administration tasks, most of which can be performed from the BASIC tab. Monitoring System Status .................................................................. 37 Using the Status page ........................................................................ 37 Email Statistics .................................................................................. 37 Performance Statistics .......................................................................
Table 4.1: Statistic Description Blocked: Virus Number of virus messages blocked by the system. Quarantined Number of messages quarantined by the system. This includes messages sent to the global quarantine address and the number of messages quarantined by users. By default, the system does not quarantine messages. To turn on the quarantine feature, refer to Setting Up Quarantine Policies on page 46. Allowed: Tagged Number of messages tagged by the system.
Table 4.2: Statistic Description System Load Estimate of the CPU and disk load on the system. 100% system load is not unusual, especially when the incoming queue is large. However, 100% load for long periods of time could indicate an internal system issue, especially if the incoming queue continues to grow. Redundancy Status of the RAID system. Note: The redundancy statistics do not appear for the 200 and 300 models. Firmware Storage Amount of disk storage used for various system components.
The following figure displays the location of each of the lights. Figure 4.1: The following table describes each indicator light. Table 4.3: Light Color Description Block Email Red Blinks when e-mail is blocked from either spam or virus detection. Warn Email Yellow Blinks for each e-mail that is either tagged as spam or quarantined. Email Green Blinks when the unit receives e-mail. Disk Green Blinks during disk activity.
Figure 4.2: 1 2 3 4 Legend 1. Slider bar lets you select the time frame of the message log. 2. Preferences button lets you customize the message log display. 3. Classification buttons let you mark messages as spam and not spam and add senders to the global whitelist. 4. List of all messages for the specified time frame. Click an entry to view the message details.
Table 4.4: Button Description Spam Classifies the message as spam in the Bayesian database. The Bayesian database becomes active once 200 spam messages and 200 not spam messages have been classified. At that time, the Barracuda Spam Firewall begins scanning messages to determine how closely they match the messages identified as spam. This comparison determines a message’s spam score.
Overview of the Message Log The following table describes each column displayed in the message log table. Table 4.5: Column Description Admin Spam Classification Identifies when a message has been classified as Spam or Not Spam. When you mark a message as Spam or Not Spam using the buttons at the top of the Message Log, that classification is shown in this column. Sender Whitelisted Identifies if the sender is included in the global whitelist.
• Show messages from the local Barracuda Spam Firewall only (clustered environments). The default behavior is for the message log to display messages from all the Barracuda Spam Firewalls in your clustered environment. If Only view local messages is set to Yes, then the message log will not show messages received by other Barracuda Spam Firewalls in the cluster.
Note On the Barracuda Spam Firewall 400 or above you can set the spam scoring values on a perdomain basis from the DOMAINS tab. For more information, refer to Editing Domain Settings on page 76. Table 4.6: Setting Description Tag score Messages with a score above this threshold, but below the quarantine threshold, are delivered to the sender with the word [BULK] added to the subject line.
Note You can create rules in many mail clients to place tagged messages in a separate mail folder. For example, when your users receive spam messages with a subject tag of [BULK], you can configure their mail clients to deliver these messages to a folder called Possible Spam. Enabling and Disabling Virus Checking and Notification Virus scanning is automatically enabled on the Barracuda Spam Firewall, and the system checks for definition updates on a regular basis (hourly by default).
Note To enable quarantine on an outbound mode system, refer to Chapter 8 Outbound. 1. Enable quarantine using the Spam Scoring Limits on the BASIC-->Spam Scoring page. For more information, refer to Configuring the Global Spam Scoring Limits on page 44. 2. Select Basic > Quarantine. 3. Select the quarantine type, as described on page 47. 4. Do one of the following: For global quarantine type, enter the global quarantine delivery address, as described on page 48.
Specifying the Global Quarantine Settings The following table describes the global quarantine configuration fields on the BASIC-->Quarantine page. Table 4.9: Field Description Quarantine Delivery Address The mailbox to which all quarantined messages should be delivered. This mailbox can either be on the mail server that the Barracuda Spam Firewall protects (i.e. yourname@yourdomain.com) or a remote mail server.
Table 4.10: Setting Description Quarantine Default The default state that quarantine accounts are created with. If set to Enabled, all new accounts will have per-user quarantine functionality. If set to Disabled, users do not receive messages in their quarantine inbox. Instead, messages are delivered to that user’s general inbox tagged with the Quarantine Subject Text in the subject line.
Table 4.11: TCP/IP Configuration The IP address, subnet mask, and default gateway of the Barracuda Spam Firewall. TCP port is the port on which the Barracuda Spam Firewall receives inbound e-mail. This is usually port 25. Note: If your Barracuda Spam Firewall is running firmware version 3.1.x or earlier and is part of a clustered environment, then changing the IP address of the system removes it from the cluster. You will need to add the system back into the cluster after you change the IP address.
Table 4.11: Allowed Email Recipients Domain(s) (inbound mode only) Lists the domains managed by the Barracuda Spam Firewall. Make sure this list is complete. The Barracuda Spam Firewall rejects messages for domains that are not listed here. To allow messages for all domains that match your mail server, put an asterisk (*) in this field. Note: One Barracuda Spam Firewall can support multiple domains and mail servers.
• • To add an individual IP address (instead of an entire network), use a netmask of 255.255.255.255. If you do not specify any IP addresses or networks, all systems are granted access. Changing the Web Interface Port and Session Expiration Length The following table describes the settings in the Web Interface HTTP Port section on the Basic > Administration page. Table 4.
Table 4.14: Button Description Restart Reboots the system. Reload Re-applies the system configuration should the recent changes not take effect. Resetting the System Using the Front Panel Pressing the Reset button located on the front panel of the Barracuda Spam Firewall does the following: • • Reboots the system Resets the firmware version to the factory setting Do not push and hold the RESET button for longer than a few seconds as this changes the IP address of the system.
To change the mode of your Barracuda Spam Firewall: 1. Go to the BASIC-->Administration page. 2. In the Operation Mode section, click Convert. 3. Click OK to confirm you want to change the mode of your Barracuda Spam Firewall. A status bar displays the progress of switching your Barracuda Spam Firewall to outbound mode. Once the switchover completes, your Barracuda Spam Firewall automatically reboots.
Figure 4.3: Using the Microsoft Outlook and Lotus Notes Plug-in After downloading and installing the plug-in, users can begin classifying messages using these buttons in their Microsoft Outlook or Lotus Notes client: . The first (green) button marks messages as not spam and the second (red) button marks messages as spam.
Sending Spam Messages to Barracuda Networks • • When you classify messages as spam in the Message Log the Barracuda Spam Firewall sends a copy of the spam message to Barracuda Networks for further analysis. This allows Barracuda Networks to improve the spam definitions and intent analysis provided in the Energize Updates. To configure the system to not send spam messages to Barracuda Networks, go to the Basic > Bayesian/Intent page and set the Submit Email to Barracuda Networks field to No.
Reducing Backscatter By default, your Barracuda Spam Firewall is configured to send a bounce notification (also known as a non-delivery report) to a sender when the Barracuda Spam Firewall blocks their e-mail.This is done to alert legitimate senders that their message has not been delivered to the recipient. However, if the e-mail came from an illegitimate source like a spammer then sending a bounce notification is not necessary. Sending bounce messages to illegitimate senders is known as backscatter.
Barracuda Spam Firewall Administrator’s Guide
Chapter 5 Using the Block and Accept Filters The Block/Accept tab provides a wide range of filters that enhance the default spam and virus detection capabilities of the Barracuda Spam Firewall. These filters support the use of regular expressions. For more information on using regular expressions, refer to Appendix 1 Regular Expressions. This chapter covers the following filters you can apply from the Block/Accept tab: Subscribing to Blacklist Services.......................................................
The following table describes each of the blacklist settings on the Block/Accept > External Blacklist page. Table 5.1: Blacklist Setting Description Barracuda Blacklist Whether the blacklist maintained by Barracuda Networks is enabled. The Barracuda blacklist contains servers that are manually verified for sending large amounts of spam.
Table 5.2: Blacklist Service Description relays.ordb.org ORDB.org is the Open Relay Database. ORDB.org is a non-profit organization that stores IP-addresses of verified open SMTP relays. These relays are likely to be used as conduits for sending unsolicited bulk e-mail. By accessing this list, system administrators are allowed to choose to accept or deny e-mail exchange with servers at these addresses. bl.spamcop.
Table 5.3: Filter Description Blocked IP Range Add any IP addresses or networks to your blacklist. To add an individual IP address, use a netmask of 255.255.255.255. To help you calculate the correct subnet mask for a range of addresses, use a subnet mask calculator. Blacklisted IP addresses/networks bypass all whitelists with the exception of IP address/network-based whitelists. You can specify whether the IP/Range should be blocked, quarantined or tagged.
Note If more than one person manages your Barracuda Spam Firewall, you may want to add an explanation in the Comment field that describes why the specified domains are whitelisted or blocked. Sender Email Address Filter Email Sender Block/Accept allows you to filter messages based on the sender’s e-mail address. The following table describes the filters on this page. Table 5.5: Filter Description Allowed Email Addresses Add the e-mail address of each sender to include in the global whitelist.
The following table describes the filters on this page. Table 5.6: Filter Description Allowed Email Addresses Add the e-mail address for each recipient you want to include in the whitelist. Recipients added to this list will never have their incoming messages scored for spam, but these messages still go through virus scanning and attachment filters. Whitelisted recipients can have their incoming messages blocked if the sender’s IP address, domain, or e-mail address is blacklisted.
Table 5.7: Filter Description Attachment Blocking Blocked Attachment File Extensions Add the file extensions (without the preceeding dot “.”) to block. The Barracuda Spam Firewall blocks the entire message if it contains an attachment with one of these extensions. Block Extensions in Archives Select Yes to scan the contents of archive files (such as zip files) for the extensions you want to block.
Table 5.8: Subject Quarantine Enter the words, regular expressions, or characters that will cause a message to be quarantined if they appear in the subject line. Subject Tagging (inbound mode only) Enter the words, regular expressions, or characters that will cause a message to be tagged if they appear in the subject line. Subject Whitelisting Enter the words, regular expressions, or characters that will cause a message to be whitelisted if they appear in the subject line.
The following table describes the parameters on this page. Click Save Changes after making any changes. Table 5.10: Header Blocking Enter the words, regular expressions, or characters that will cause a message to be blocked if they appear in the e-mail header. Header Quarantine Enter the words, regular expressions, or characters that will cause a message to be quarantined if they appear in the e-mail header.
Barracuda Spam Firewall Administrator’s Guide
Chapter 6 Managing Accounts and Domains This chapter covers the following tasks that you can perform from the Users and Domains tabs (inbound mode only): How the Barracuda Spam Firewall Creates New Accounts .............. 69 Viewing User Accounts ...................................................................... 69 Using Filters to Locate Accounts ...................................................... 70 Editing User Accounts .......................................................................
• • • Edit a user’s account settings by logging in to their quarantine interface Delete user accounts Change the password of specific accounts. The following table describes each column on this page. Table 6.1: Column Description Account Address The e-mail address of the account. Notify Interval How often the system sends the quarantine summary message to the user. Quarantine Whether the user has their quarantine account enabled.
Table 6.2: Filter Description “Account” (pattern*) Displays only the accounts that match the full or partial usernames entered in the Pattern textbox. The matches apply across all domains on the Barracuda Spam Firewall. Note: The wildcard is applied to the right of the pattern. This means if you search for 'bob' then bob@domain.com and bobby@domain.com will match, but not billybob@domain.com.
Removing Invalid User Accounts From the Users > Accounts View page you can remove existing user accounts on your Barracuda Spam Firewall that your mail server or LDAP server (if enabled) consider to be invalid. To begin removing invalid accounts, click Remove All Invalid Accounts. A status page then appears with an overview of the accounts that are being removed. Before removing invalid accounts, note the following: • • • • It can take many hours to remove all invalid accounts.
Table 6.3: User Feature Description Spam Scan Enable/Disable Ability Determines whether your users can enable/disable spam scanning of their incoming messages. If you set this value to No, all users’ messages are scanned for spam based on: • The settings configured on the BASIC-->Spam Scoring page, or • The per-domain settings configured on the DOMAINS tab by clicking Edit Domain. For more information, refer to Editing Domain Settings on page 76.
Example One of the most common scenarios for overriding quarantine settings is when you want to provide a few users with a quarantine inbox on the Barracuda Spam Firewall, and have the rest of your users receive quarantine messages in their standard e-mail inbox. Providing a user with a quarantine inbox gives them greater control over how their messages are quarantined, but also requires them to manage their quarantine queue.
• Download Backup File to save the last backup file to a specified location. • Create Backup File Now to create a new backup file instead of saving the backup file that already exists. 2. Save the user setting backup file (pu_config.tgz) to your local system. To restore user settings: 1. From the Users > User Backup/Restore page, click Browse. 2. Locate the user settings backup file (pu_config.tgz) and click Upload Now.
4. Configure the domain settings, as described in Editing Domain Settings on page 76. Editing Domain Settings To edit the settings for a specific domain: 1. Select Domains > Domain Manager, click Edit Domain next to the domain to edit. The Domain Edit page opens. 2. Specify the per-domain settings described in the following table. These settings are only available on the Barracuda Spam Firewall 400 and above.
Table 6.4: Global Quarantine Email Address Specifies the address for the global quarantine e-mail address for the domain. For more information, refer to Specifying the Global Quarantine Settings on page 48. Spam Scan Enabled, Virus Scan Enabled Lets you enable or disable spam and virus checking for the domain. Spoof Protection Whether the Barracuda Spam Firewall prevents outside individuals from sending mail using your domains as the “from” address.
Table 6.5: LDAP Server The name of your LDAP server to use for authenticating message recipients. To specify two LDAP servers for failover purposes, enter the IP address of each LDAP server separated by a space. The username, password, filers, search base, and port need to be the same for both LDAP servers. Exchange Acclerator Enabled Controls whether LDAP lookups are performed for recipient verification. If set to Yes, the LDAP settings will be used.
Table 6.5: SMTP over TLS/SSL settings If SMTP over TLS/SSL is enabled then passwords will not be sent in clear text if both sending and receiving systems support TLS/SSL. If one system does not support TLS/SSL, then traffic between the systems will not be secured/encrypted. If you enable this option and an LDAP connection cannot be made or the StartTLS LDAP command is not supported or disallowed, then the LDAP connection fails. LDAP Port The LDAP port used to communicate with the Exchange server.
Table 6.5: Valid Email (for testing) 4. This e-mail address is used in conjunction with the "Test LDAP" button to determine whether the LDAP settings can locate the provided address, and whether the proper attributes for LDAP UID and LDAP Primary Email Alias have been provided. Click Save Changes.
Table 6.6: Mail Server LDAP Setting Lotus Domino receiving messages for two domains If your Lotus Domino server receives messages for two domains, but the Name and Address book is only configured with a single Internet address for each user, use the following filter so LDAP can authenticate both domains: (|(mail=${recipient_email})(cn=${recipient_email})(uid=${recipient_email })) Example: UserName@abc.com can receive mail addressed to UserName@abc.com OR UserName@xyz.
Barracuda Spam Firewall Administrator’s Guide
Chapter 7 Advanced Administration This chapter covers the following tasks that you can perform from the ADVANCED tab: Modifying the Email Protocol Settings .............................................. 83 Configuring Message Rate Control ................................................... 85 Activating Individual Accounts .......................................................... 86 Backing Up and Restoring System Configuration ............................. 86 Performing Desktop Backups ...................
Table 7.1: Enforce RFC 821 Compliance Whether the Barracuda Spam Firewall requires that the SMTP "MAIL FROM" and "RCPT TO" commands contain addresses that are enclosed by ‘<‘ and ‘>’. It also requires that the SMTP "MAIL FROM" and "RCPT TO" commands do not contain RFC 822 style phrases or comments. Setting this option to Yes stops messages sent from spam senders but also from some Windows mail programs (such as Microsoft Outlook) that do not adhere to the RFC 821 standard.
Table 7.1: Incoming SMTP Timeout Sets a limit on the time spent on an incoming SMTP transaction. The default is 30 seconds. Setting a time limit on SMTP transactions prevents spammers from maintaining open connections to the Barracuda Spam Firewall that can impact system resources. Messages in SMTP transactions that go over this threshold show up on the Message Log page as being blocked with a reason of timeout.
Table 7.2: Setting Description Rate Control Specifies the maximum number of connections allowed from the same IP address in a half-hour timeframe. This setting is only taken into consideration when over five unique IP addresses are connected to the Barracuda Spam Firewall. When the number goes over the Rate Control threshold, the Barracuda Spam Firewall blocks further connections/messages.
Note Do not edit the backup files. Any configuration changes you want to make need to be done through the administration interface. The configuration backup file (barrcuda.conf) contains a checksum that prevents the file from being uploaded to the system if any changes are made. The following information is not included in the desktop or automated backup: • • • System password System IP information DNS information Performing Desktop Backups To perform a desktop backup: 1.
Table 7.4: Field Description Server Name/IP The IP address or fully qualified domain name of the backup server. Port (optional) The port to use for the FTP or SMB server. Username The username that the Barracuda Spam Firewall should use to log into the backup server. Password The password that the Barracuda Spam Firewall should use to log into the backup server. Folder/Path The folder, path, or share name to store the backup files on the backup server.
Table 7.5: To restore from... Then... A desktop backup file 1. Click Browse next to the Restore Backup File. 2. Locate the configuration backup file (barracuda.conf) and click Restore. An automated backup file 1. Click Browse near the Restore Auto Backup field. 2. Locate the auto backup file you want to restore based on the timestamp, and click Restore. 3.
Table 7.6: Field Description Automatically Update Determines the frequency at which the Barracuda Spam Firewall checks for updates. To disable automatic updates, select Off. Hourly updates occur at the beginning of each hour. Daily updates occur at 12:20am (twenty after midnight) based on the system time zone. The recommended setting is Hourly. Energize Updates Informs you if your Energize Updates are current and when your subscription expires.
The only time you should revert back to an old firmware version is if you recently downloaded a new version that is causing unexpected problems. In this case, call Barracuda Networks technical support before reverting back to a previous firmware version. To manually load the latest firmware version: Note Applying a new firmware version results in a temporary loss of service. For this reason, you should apply new firmware versions during non-business hours. 1.
Table 7.8: Field Description Upload New Image To use a custom image on the administration interface, click Browse, specify the image you want to use, and click Upload Now. The uploaded image appears in the upper left corner of the administration interface. The recommended image size is 159x64 pixels and must be a jpg, gif, or png file under 50k. Image URL The URL the user goes to when clicking on the custom image. Reset Reverts back to the default image and URL that came with the system.
Table 7.9: Syslog Field Description Mail Syslog Configuration The IP address of the syslog server you want to receive data related to e-mail flow. This is the same data used to build the message log. Information such as the connecting IP, from address, to address, and the spam score for the messages are all included. This syslog data appears on the e-mail facility at the debug priority level on the specified syslog server. Click Monitor Mail Syslog to view the mail syslog output in a new window.
Table 7.10: Field Description Senders with Relay Permission Enter the e-mail address or domain name of those users that are permitted to send messages to any e-mail address on the Internet. Outbound/Relay Select Yes to only allow outbound messages to be sent from the users specified above. All other outbound messages regardless of the recipient address will not be delivered. The default and recommended setting for this field is No.
Table 7.11: Field Description Text Footer The footer text attached to text/ASCII-based messages. HTML Footer The footer text attached to HTML-based messages. Footer Exemptions List of sending e-mail addresses that will not have a footer attached. Enter one e-mail address per line.
4. From the Advanced > Clustering page on the Barracuda2 system, do the following: 4a. Enter the same shared secret password, and click Save Changes. 4b. In the Clustered Systems section, enter the IP address of the Barracuda1 system and click Join Cluster. 4c. Click Save Changes. 5.
Table 7.12: Propagated Data Data Not Propagated Per-user quarantine settings configured through a user’s quarantine interface SSL settings covered in Enabling SSL on page 100. Message logs Bayesian databases Quarantine inboxes User accounts Note A new system propagates its Bayesian database only once when it first joins the cluster. The clustered systems do not synchronize their Bayesian databases with each other.
Table 7.13: Field Description Clustered Systems Cluster Field Enter the IP address or host name of one of the Barracuda Spam Firewalls in the cluster to join, and click Join Cluster. Once this system joins the cluster, the following happens: • Configuration settings are pulled from the cluster and some of these settings override the settings on this system. • User lists on this system are synced with the cluster so no user accounts are lost.
Implementing Single Sign-on Advanced > Single Sign-On allows you to configure the Barracuda Spam Firewall to authorize user accounts using an LDAP or Active Directory server. This feature is available in the Barracuda Spam Firewall 400 and above. With single sign-on, users can automatically log into their quarantine interface or the administration interface using their domain passwords instead of a password managed separately by the Barracuda Spam Firewall.
Table 7.14: Field Description Username Template If using LOCAL authentication, this field is ignored. If using LDAP authentication, this field contains the template for the username the Barracuda Spam Firewall attempts to bind with (for example: cn=__USERNAME__,dc=mydomain,dc=com). The __USERNAME__ is replaced with both the full e-mail address and the username portion. If using RADIUS authentication, this field should contain the RADIUS shared secret. Auth.
Table 7.15: SSL Certificate Configuration Certificate Type Select one of the following certificates for SSL: • Default (Barracuda Networks) certificates are free but generate browser alerts. The default certificate is signed by Barracuda Networks and provided free as the default type of certificate. • Private (self-signed) certificates provide strong encryption without the cost of purchasing a certificate from a trusted certificate authority (CA).
Table 7.15: Trusted Certificate Upload Signed Certificate After purchasing the certificate using the CSR, browse to the location of the certificate and click Upload. Once you upload the certificate, your Barracuda Spam Firewall automatically begins using it. Once you have uploaded your signed certificate, make sure Trusted is selected for the Certificate Type (described above). Upload Private key After downloading the private key, browse to the location of the key and click Upload.
Note The Barracuda Spam Firewall only sends out Non-Delivery Reports if notifications have been enabled on the BASIC-->Spam Scoring and BASIC-->Virus Checking pages. The following table describes the settings on the Advanced > Bounce/NDR Messages page. Table 7.17: Field Description Select NDR Language Default Language Select the language to use for the default non-delivery reports. The Barracuda Spam Firewall automatically translates the default NDR messages to the language you specify.
Table 7.18: Macro Description %f The Barracuda Spam Firewall administrator's e-mail address (typically used in 'From:' header of NDRs). %C The list of recipients to be used in the Copy To (Cc:) header of the NDR. %d RFC 2822 date-time (current time). %m The ‘Message-ID’ header field body. %j The Subject header field body. %s The original envelope sender, rfc2821-quoted and enclosed in angle brackets. %S The address that receives sender notification.
Table 7.19: Troubleshooting Tool Description Telnet Device Attempts to establish a telnet session from your Barracuda Spam Firewall to the specified system. This session is noninteractive. Use this test to verify connectivity and initial response from a remote server. Enter the IP address or hostname you wish to telnet to (as well as any options you wish to provide), and click Begin Telnet to start the test. Dig/NS-lookup Device Performs a Dig command on your Barracuda Spam Firewall.
Table 7.20: To.. Then... Email the report Enter the e-mail address for each recipient in the field provided and click Email Report. Separate each address by a comma. Emailed reports will be added to a queue shown in the Pending Reports section. Only one report can be created at a time to prevent overloading the Barracuda Spam Firewall. If a report takes a long time to generate you can cancel the report to free up system resources. Display the report in a separate window Click Show Report.
Example Report The following example shows a Top Spam Senders report in a vertical bars format. Figure 7.2: Enabling SMTP over TLS/SSL Advanced > SMTP/TLS allows you to enable SMTP over TLS/SSL, which lets you encrypt mail over the Internet when both the sender and recipient are using a Barracuda Spam Firewall or other STARTTLS-capable mail server. The new SMTP command known as STARTTLS advertises and negotiates an encrypted channel with the peer for this SMTP connection.
Using the Task Manager to Monitor System Tasks Advanced > Task Manager provides a list of tasks that are in the process of being performed, and also displays any errors encountered when performing these tasks.
Tasks to Perform Before Rebooting in Recovery Mode Before you use the diagnostic and recovery tools, perform the following tasks: • Use the built-in troubleshooting tools to help diagnose the problem. For more information, see Troubleshooting on page 104. Perform a system restore from the last known good backup file. Contact Barracuda Networks Technical Support for additional troubleshooting tips.
Table 7.22: Reboot Option Description Barracuda Starts the Barracuda Spam Firewall in the normal (default) mode. This option is automatically selected if no other option is specified within the first three seconds of the splash screen appearing. Recovery Displays the Recovery Console where you can select the following options: • Perform Filesystem Repair—Repairs the file system on XFS-based Barracuda Spam Firewalls.
Chapter 8 Outbound This chapter describes the additional features that are provided when your Barracuda Spam Firewall is configured for outbound mode. For information on configuring your system for outbound mode, refer to Configuring your System for Outbound Mode on page 33. Most of the inbound mode features documented in the other chapters are also supported when your system is in outbound mode.
Table 8.1: ADVANCED-->Email Protocol The Email Protocol page provides a few features unique to outbound mode. For more information, refer to Additional Email Protocol Settings for Outbound Mode on page 115. ADVANCED-->Rate Control The Rate Control page contains slightly different settings in outbound mode. For more information, refer to Configuring Message Rate Control on page 118. ADVANCED-->Relays The Relay page is unique to outbound mode.
Figure 8.1: Viewing Outbound Messages in the Message Log If your Barracuda Spam Firewall is configured for outbound mode, the Basic > Message log page displays slightly different information about the outgoing messages. For example, some common values for the Action column include: • • • Sent—Occurs when the outgoing message is successfully sent to the intended recipient. Aborted—Occurs when the receiving e-mail server is down, the recipient e-mail address is incorrect or no longer valid.
Table 8.2: Field Description Attach Footer Determines whether a footer is attached to outgoing messages. Text Footer The footer text attached to text/ASCII-based messages. HTML Footer The footer text attached to HTML-based messages. Footer Exemptions List of sending e-mail addresses that will not have a footer attached. Enter one e-mail address per line.
Specifying Allowed Senders Using SMTP Authentication Instead of specifying the IP addresses or domains that can send messages through your Barracuda Spam Firewall, you can enable SMTP authentication to authenticate users before their messages are allowed through the system. To enable SMTP authentication to control allowed senders, fill in the following fields on the Basic > Allowed Senders page. Table 8.
Table 8.5: Field Description Messages per SMTP Session Sets a limit on the number of messages allowed in one SMTP session. If the number of messages in one session exceeds this threshold the rest of the messages are temporarily blocked and show up in the message log as being Deferred with a reason of Per-Connection Message Limit Exceeded. The sender is required to make a new connection to continue sending messages, which may ultimately trigger a Rate Control block.
Table 8.6: Realtime Intent Analysis When this option is set to Yes, your Barracuda Spam Firewall tries to match the URLs contained in outgoing messages against the live Barracuda Central database that contains the latest list of URLs known for sending spam. The Barracuda Central database can be slightly more up-to-date than the local database used when Intent Analysis is turned on. However, using real-time intent analysis can increase the time it takes to scan messages.
After viewing the messages in the quarantine inbox you may decide to remove the message from the inbox or deliver the message to the intended recipient. The following table describes the actions you can take after selecting a message: Table 8.7: Button Action Deliver Sends the message to the intended recipient. Note that if a virus has been detected in the message that you decide to deliver, the virus is not removed. Whitelist Adds the sending e-mail address to the whitelist and delivers the message.
Table 8.8: Setting Description Rate Control Specifies the rate threshold for the following: • Maximum number of connections allowed from the same IP address in a half-hour timeframe. This setting takes affect when over 5 unique IP addresses are connected to the Barracuda Spam Firewall. • Maximum SMTP sessions allowed from the same e-mail address. This setting takes affect after 5 unique e-mail addresses have been sent through the system.
Setting Up Subject and Body Filtering You can use compliance buttons to filter information containing credit card, information, privacy, or HIPAA information that are confidential or sensitive material for outbound mail. These buttons contain pre-set patterns. When selected, they are inserted as keyword listings that have precoded patterns that contain regular expressions. Outbound e-mails that contain these patterns are blocked.
Chapter 9 Managing Your Quarantine Inbox This chapter describes how you can check your quarantined messages, classify messages as spam and not spam, and modify your user preferences using the Barracuda Spam Firewall interface. This chapter is intended for the end user and contains the following topics: • • • Receiving Messages from the Barracuda Spam Firewall in the next section. Using the Quarantine Interface on page 122. Changing your User Preferences on page 124.
Quarantine Summary Report The Barracuda Spam Firewall sends you a daily quarantine summary report so you can view the quarantined messages you did not receive. From the quarantine summary report you can also add messages to your whitelist, delete messages, and have messages delivered to your inbox. The following figure shows an example of a quarantine summary report. Figure 9.
2. Enter your username and password, and click Login. Your login information resides in the greeting message sent to you from the Barracuda Spam Firewall. Managing your Quarantine Inbox After logging into the quarantine interface, select the QUARANTINE INBOX tab to view a list of your quarantined messages. When you first start using the quarantine interface, you should view this list on a daily basis and classify as many messages as you can.
Changing your User Preferences After logging into your quarantine interface, you can use the Preferences tab to change your account password, modify your quarantine and spam settings, and manage your whitelist and blacklist. Changing your Account Password To change your account password, do one of the following: • • On the quarantine interface login page, click Create New Password, or After logging into your quarantine interface, go to Preferences > Password.
Table 9.2: Quarantine Setting Description Notification Address The e-mail address the Barracuda Spam Firewall should use to deliver your quarantine summary report. Default Language The language in which you want to receive your quarantine notifications. This setting also sets the default encoding for handling unknown character sets during filtering. All e-mail notifications from the Barracuda Spam Firewall are in UTF8 encoding.
Setting Description Reset Bayesian Database Click Reset to remove your Bayesian rules learned by the Barracuda Spam Firewall from the point of installation. Bayesian Database Backup Backup Bayesian Database Click Backup to download a copy of your Bayesian database to your local system. This backup copy can then be uploaded to any Barracuda Spam Firewall, including this one, in the case of a corrupt Bayesian installation.
Changing the Language of the Quarantine Interface You can change the language of your quarantine interface by selecting a language from the dropdown menu in the upper right corner of the Quarantine Inbox and Preferences tabs. Supported languages include Chinese, Japanese, Spanish, French, and others. The language you select is only applied to your individual quarantine interface. No other user’s interface is affected.
Barracuda Spam Firewall Administrator’s Guide
Appendix 1 Regular Expressions The Barracuda Spam Firewall allows you to use regular expressions in many of its features. Regular Expressions allow you to flexibly describe text so that a wide range of possibilities can be matched. When using regular expressions: • • Be careful when using special characters such as |, *, '.' in your text. For more information, refer to Using Special Characters in Expressions on page 130. All matches are not case sensitive. Table 1.
Table 1.1: Common Regular Expressions Expression Matches... \s Space character: shortcut for [ \n\r\t] \S Non-space character: shortcut for [^\s] Miscellaneous ^ Beginning of line $ End of line \b Word boundary \t Tab character Using Special Characters in Expressions The following characters have a special meaning in regular expressions and should be prepended by a backward slash ( \ ) when you want them interpreted literally: Table 1.2: Special Characters .
Table 1.3: Regular Expressions Example Matches... \*FREE\* *FREE* \*FREE\* V.
Barracuda Spam Firewall Administrator’s Guide
Appendix 2 Limited Warranty and Licensing Barracuda Networks, Inc., or the Barracuda Networks, Inc. subsidiary or authorized Distributor selling the Barracuda Networks product, if sale is not directly by Barracuda Networks, Inc., ("Barracuda Networks") warrants that commencing from the date of delivery to Customer (but in case of resale by a Barracuda Networks reseller, commencing not more than sixty (60) days after original shipment by Barracuda Networks, Inc.
Exclusions and Restrictions This limited warranty does not apply to Barracuda Networks products that are or have been (a) marked or identified as "sample" or "beta," (b) loaned or provided to you at no cost, (c) sold "as is," (d) repaired, altered or modified except by Barracuda Networks, (e) not installed, operated or maintained in accordance with instructions supplied by Barracuda Networks, or (f) subjected to abnormal physical or electrical stress, misuse, negligence or to an accident.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.
Appendix 3 Compliance Notice for the USA Compliance Information Statement (Declaration of Conformity Procedure) DoC FCC Part 15: This device complies with part 15 of the FCC Rules. Operation is subject to the following conditions: 1. This device may not cause harmful interference, and 2. This device must accept any interference received including interference that may cause undesired operation.
Barracuda Spam Firewall Administrator’s Guide
Index A Account View page 69 accounts activating for individuals 86 creating 69 deleting 69 editing 71 overriding settings 73 activating individual accounts 86 adding domains 75 administration interface branding 91 logging in 28 Administration page 51 Advanced Domain Setup page 75 Advanced IP Configuration page 95 aliases, unifying 78 allow email recipient domains 51 allowed email recipient domains 29 allowed IP range 51 Allowed Senders page (outbound mode) 113 allowed SNMP range 51 Appearance page 91 blo
E editing accounts 71 domains 76 email routing 31 servers 75 statistics 37 email aliases, unifying 78 Email Protocol page 83 email protocol settings (outbound mode) 115 Email Recipient Block/Accept page 63 enabling spam scoring 125 virus checking 46 virus notification 46 Energize Updates 10 equipment, required 25 Exchange Accelerator feature 78 F failed system, replacing 108 file attachments quarantining 65 file extensions qaurantining 65 firewall, configuring 27 firmware updating 29 Footers page (outbound
outbound mode 12 about 112 configuring 33 features 111 Outbound Relay page 93 Outlook plug-in 54 overriding account settings 73 quarantining settings 73 resetting Bayesian database 55 restoring Bayesian database 88 system configuration 88 system data 86 user settings 88 retention policies, setting 75 RFC 821 compliance 83 routing incoming email 31 P S password (user), changing 124 password, changing 51 per-domain settings 76 performance statistics 38 per-user quarantine settings 48 per-user quarantine t
U UDP ports 27 unifying email aliases 78 un-whitelist 42 updating firmware 29 Use MX Records field 76 user preferences, changing 124 user settings restoring 88 V viewing message details 44 Virus Checking page 46 virus checking, enabling and disabling 46 virus notification, enabling and disabling 46 W warranty policy 12 Web GUI syslog 92 Web interface port, configuring 52 whitelist, adding messages to 42 142 -
