Educause Security Discussion mailing list archives
Re: Barracuda Spam Filter
From: Matthew Keller <kellermg () POTSDAM EDU>
Date: Wed, 27 Jul 2005 08:55:11 -0400
On Tue, 2005-07-26 at 19:42 -0400, Dave Koontz wrote:
Watching this thread, I have a couple questions about the 'cuda' product. What exactly does this product do that the free Spam Assassin code doesn't? In other words, why should I pay someone $1000+ dollars annually for what appears to basically be free software bundled on a scaled down server.
I've been waiting for this question to be asked. Thank you. The answer is a resounding "Nothing". The 'cuda is SpamAssassin in a shiny frame, with a pretty sandbox web-interface so it's not so scary. The only question to ask is how much "not so scary" is worth to you. We built, in 2000 or 2001, a system dubbed "Bugz". It was planned to be a 2-phase appliance system: Phase 1 was scanning e-mail for known viruses and dropping them. Phase 2 was scanning and _TAGGING_ suspected SPAM e-mail messages. This tagging was two-part: Part 1 was a header modification that allowed individual clients to set their e-mail filters to do something (delete, move to a spam folder, whatever) to e-mail that _WE_ considered spam; Part 2 was a "rating system" that allowed individual clients to set their e-mail filters to do something (delete, move to a spam folder, whatever) to e-mail that reached or exceeded a certain "spam score". I, for example, may want to drop all mail with a score >= 6, but move into a quarantine box all mail rated 1-5. We do it this way because we strongly believe we should not be deleting ANYONE's e-mail (unless it contains things that may hurt college property (eg. malware)). Nor should we be delaying it to their inbox with a quarantine system. One could _trivially_ do this if they chose to. I'm not preaching campus culture :). We have had customers say "I don't want to ever see spam again". When asked "would you be willing to possibly lose legitimate e-mail?" the answer is a firm "no". Bugz is currently built w/ 100% open source software. Qmail is the MTA. Amavis and a cadre of helper tools to dissassemble e-mail messages, ClamAV to scan for viruses and other malware, SpamAssassin to do what it does OH SO WELL, GNU/Linux as the OS w/ Linux High-Availability tools to allow trivial clustering of as many of these as we need. We're moving towards utility clustering clustering, and this functionality will be rolled into the main cluster operations. This is a classic build vs. buy issue. There are shops out there who choose to buy, there are those who choose to build. I am __BLESSED__ with working in a team of ambitious, innovative, energetic, and challenging individuals who share my desire to build the best mouse trap, and save our precious budget dollars for the things we can't whip up with a little bit of elbow grease and brainpower. The 'cuda is perfectly wonderful product for those who don't have the privilege of a staff such as ours, or have money to throw at the problem. On Tue, 2005-07-26 at 19:42 -0400, Dave Koontz wrote:
Watching this thread, I have a couple questions about the 'cuda' product. What exactly does this product do that the free Spam Assassin code doesn't? In other words, why should I pay someone $1000+ dollars annually for what appears to basically be free software bundled on a scaled down server. It looks like the 'cuda' device uses SA version 3.02, which is two full versions behind the SA code branch.... which may frankly address some issues posted here. Initially, it would seem in the "device" world, I might actually loose a lot of functionality and features that I have running the full fledged product. So... 1) How easy is it to upgrade the device to the latest spam assassin version? 2) Do users have their own baysian DB's and rules, or are they globally maintained? 3) How easy can users interact with or train the system? 4) Can you easily add your own SA rulesets? (Custom or SARES) 5) Can the device test & score SPF/DK/DKIM/RBL/SUBL/URIBL results? 6) Does the device support the Razor and/or DCC networks? 7) Does the device support the usage of Grey Listing Technology? Lastly... Is this product really just a way for a site to "easily" use Spam Assassin without having to invest any time or effort into learning the program? If so, that's fine, but it may not be as full featured as the product could be. If the product does all the above and more... I will immediately ask for a purchase order to save me some precious time! :-) --- Dave Koontz Mary Baldwin College Staunton VA -----Original Message----- From: Justin Sipher [mailto:jsipher () SKIDMORE EDU] Sent: Tuesday, July 26, 2005 3:59 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter Add us to the list of schools who are very happy Barracuda users. However, I will share a recent story which dampers our enthusiasm slightly. Our single unit (model 600) had a hardware failure recently. It was in this process that we learned that we had a new "single point of failure" in the e-mail system. One major problem at the point of the failure is that all mail in the quarantine at the time of the failure was lost. Although most was SPAM, I do know that I had at least one valid e-mail in it. It was between when I received the e-mail quarantine summary and when I actually went to retrieve/delete the message when the failure occurred. To prevent this in the future, we've bought a second one and will have the two clustered for redundancy. The second problem we had is that they **appear** to be a victim of their own success. At the point of the failure they were out of stock for a replacement even though we were at the upgraded "instant replacement" level. In our case it took three days to get a replacement and then it was a 400 model to hold us over till they could get a 600. Not ideal. I do think they have learned from this (and maybe other) incidents and knowing everything I know now, I'd still buy another one, so the up-side is pretty high to overcome those shortcomings. ...Justin _______________________________________________________ Justin Sipher Chief Technology Officer Skidmore College Saratoga Springs, NY jsipher () skidmore edu 518-580-5909 _______________________________________________________ On Jul 25, 2005, at 11:35 AM, Gibbs, Aaron M. wrote:I'm looking at the Barracuda Spam Filter and would like to know if anyone is currently using it. If so what your experiences have been. Aaron M Gibbs Interim Vice President/CIO Center for Information Technology St. Augustine's College 919-516-4379 (Office) 919-516-4382 (Fax) amgibbs () st-aug edu www.st-aug.edu
-- Matthew Keller Enterprise Systems Analyst Computing & Technology Services State University of New York @ Potsdam Potsdam, NY USA http://mattwork.potsdam.edu/
Current thread:
- Re: Barracuda Spam Filter, (continued)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Stephen W. Bradley (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Graham Toal (Jul 26)
- Re: Barracuda Spam Filter Justin Sipher (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Parker, Ron (Jul 26)
- Re: Barracuda Spam Filter Dave Koontz (Jul 26)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Michael_Maloney (Jul 27)
- Re: Barracuda Spam Filter Tony Harris (Jul 27)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Dave Koontz (Jul 27)
- Re: Barracuda Spam Filter Hall, Rand (Jul 27)
- Re: Barracuda Spam Filter Information Security (Jul 27)
- Re: Barracuda Spam Filter Parker, Ron (Jul 27)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 27)
(Thread continues...)