Educause Security Discussion mailing list archives
Re: Barracuda Spam Filter
From: "Parker, Ron" <Ron.Parker () BRAZOSPORT EDU>
Date: Tue, 26 Jul 2005 17:37:22 -0500
We use an outsourced provider so we are somewhat like your situation. I leave my own e-mail server MX records in our DNS as a failover. If something happens to our provider or we decide to discontinue them at some point, my other MX records are already circulating through the DNS system. This makes it easier for mail to continue to flow. The firewall blocks access to those internal mail servers but that is a two minute job to change in the event of a problem. You definitely want them blocked at the firewall. The firewall logs show they would get hammered by spammers as soon as they were unblocked. Our internal e-mail server protection mechanisms are no longer up to the task of fighting off spammers in today's conditions. That's why we use the outsourced service. -- Ron Parker, Director of Information Technology, Brazosport College
-----Original Message----- From: Charlie Prothero [mailto:Charlie.Prothero () KEYSTONE EDU] Sent: Tuesday, July 26, 2005 5:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter Hmm. This morning, I thought I had a good handle on this. Now, I'm not so sure... Our MX records look like this: IN MX 1 ms4.tcnoc.com. IN MX 10 ms5.tcnoc.com. IN MX 20 mercury.keystone.edu. Mercury is our mail server (MS Exchange), and the first two are Tangent's spam filtering machines. My understanding had been that once we were up and running on the Tangent service, we were supposed to remove our mail server's MX record, leaving Tangent as the only route to our domain for incoming mail. Outgoing mail continues to be sent from Mercury, which has an A-record in our DNS. Are there problems with this arrangement? - Charlie. -----Original Message----- From: Graham Toal [mailto:gtoal () UTPA EDU] Sent: Tuesday, July 26, 2005 2:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter Jamie A. Stapleton wrote:6. Knowledge. These people don't appear to know what theyare doing.They left mercury.keystone.edu (with IP address65.209.95.165) as an MXrecord. Any spammer can find this and attack it withouteffort. (Seebelow.) 220 mercury.keystone.edu Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Tue, 26 Jul 2005 09:24:36 -0400there's actually an understandable reason for that. Many mail systems by default will only accept (deliver) mail for which they are the lowest-valued MX, so by leaving the final destination mailer listed (with the lowest value, which I hope this was), they don't impose a competancy requirement on the clients to reconfigure their mailer to be the delivery mailer for a domain which does not MX to them. However it equally does impose a competancy requirement that they either configure their mailer to accept mail from *only* the higher-valued MX hosts, *or* get their networking people to block them at the firewall. Either of those is entirely reasonable (we block at the firewall ourselves), but the downside is that the lowest-valued MX never responds and senders always have a delay while backing off to the next lowest value. This may not be quite as bad as it sounds though, because a significant number of spammers will back off at that point and you'll never see their spam, much like an accidentally implemented grey-listing :-) G
Current thread:
- Re: Barracuda Spam Filter, (continued)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Stephen W. Bradley (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Graham Toal (Jul 26)
- Re: Barracuda Spam Filter Justin Sipher (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Parker, Ron (Jul 26)
- Re: Barracuda Spam Filter Dave Koontz (Jul 26)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Michael_Maloney (Jul 27)
- Re: Barracuda Spam Filter Tony Harris (Jul 27)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Dave Koontz (Jul 27)
- Re: Barracuda Spam Filter Hall, Rand (Jul 27)
- Re: Barracuda Spam Filter Information Security (Jul 27)
- Re: Barracuda Spam Filter Parker, Ron (Jul 27)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
(Thread continues...)