Re: Barracuda Spam Filter

["Parker, Ron" <Ron.Parker () BRAZOSPORT EDU>]

We use an outsourced provider so we are somewhat like your situation. I
leave my own e-mail server MX records in our DNS as a failover. If
something happens to our provider or we decide to discontinue them at
some point, my other MX records are already circulating through the DNS
system. This makes it easier for mail to continue to flow. The firewall
blocks access to those internal mail servers but that is a two minute
job to change in the event of a problem. You definitely want them
blocked at the firewall. The firewall logs show they would get hammered
by spammers as soon as they were unblocked. Our internal e-mail server
protection mechanisms are no longer up to the task of fighting off
spammers in today's conditions. That's why we use the outsourced
service. 

--
Ron Parker, Director of Information Technology, Brazosport College
 

> -----Original Message-----
> From: Charlie Prothero [mailto:Charlie.Prothero () KEYSTONE EDU] 
> Sent: Tuesday, July 26, 2005 5:02 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Barracuda Spam Filter
>
> Hmm.  This morning, I thought I had a good handle on this.  
> Now, I'm not so sure...
>
> Our MX records look like this:
>
>                 IN      MX      1 ms4.tcnoc.com.
>                 IN      MX      10 ms5.tcnoc.com.
>                 IN      MX      20 mercury.keystone.edu.
>
> Mercury is our mail server (MS Exchange), and the first two 
> are Tangent's spam filtering machines.  My understanding had 
> been that once we were up and running on the Tangent service, 
> we were supposed to remove our mail server's MX record, 
> leaving Tangent as the only route to our domain for incoming 
> mail.  Outgoing mail continues to be sent from Mercury, which 
> has an A-record in our DNS.  Are there problems with this arrangement?
>
> - Charlie.
>
> -----Original Message-----
> From: Graham Toal [mailto:gtoal () UTPA EDU]
> Sent: Tuesday, July 26, 2005 2:22 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Barracuda Spam Filter
>
> Jamie A. Stapleton wrote:
>
> > 6.  Knowledge.  These people don't appear to know what they 
> are doing.
> > They left mercury.keystone.edu (with IP address 
> 65.209.95.165) as an MX 
> > record.  Any spammer can find this and attack it without 
> effort.  (See
> > below.)
> >
> > 220 mercury.keystone.edu Microsoft ESMTP MAIL Service, Version:
> > 5.0.2195.6713 ready at  Tue, 26 Jul 2005 09:24:36 -0400
> >
> >  
> there's actually an understandable reason for that.  Many 
> mail systems by default will only accept (deliver) mail for 
> which they are the lowest-valued MX,
>
> so by
> leaving the final destination mailer listed (with the lowest 
> value, which I hope this was), they don't impose a competancy 
> requirement on the clients to reconfigure their mailer to be 
> the delivery mailer for a domain which does not MX to
>
> them.
>
> However it equally does impose a competancy requirement that 
> they either configure their mailer to accept mail from *only* 
> the higher-valued MX hosts,
> *or* get their networking people to block them at the 
> firewall.  Either of those is entirely reasonable (we block 
> at the firewall ourselves), but the downside is that the 
> lowest-valued MX never responds and senders always have a 
> delay while backing off to the next lowest value.
>
> This may not be quite as bad as it sounds though, because a 
> significant number of spammers will back off at that point 
> and you'll never see their spam, much like an accidentally 
> implemented grey-listing :-)
>
> G