Re: Barracuda Spam Filter

[Dave Koontz <dkoontz () MBC EDU>]

It was actually pretty easy to spot what it was via a sample message headers
someone posted here.  Oddly enough, while flipping through the 'Network
Computing' magazine I received today (July 21st issue) Page WC 6 says...

"Barracuda Networks keeps costs low by using off-the-shelf hardware and open
source applications on a hardened Linux kernel. "

You may be able to get the full article on their website, though I didn't
see the center Well Connected Articles there:
http://www.networkcomputing.com/current_issue.jhtml#sneaks

There is also at least a cursory mention on the Barracuda site:
http://www.barracudanetworks.com/ns/news_and_events/index.php?nid=43

Do a Google Search for Barracuda and Spam Assassin and I think you will find
plenty of others.



-----Original Message-----
From: Tony Harris [mailto:harrist () CCV VSC EDU] 
Sent: Wednesday, July 27, 2005 1:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Barracuda Spam Filter

Can you point me at any info that documents the Barracuda as being a Linux
and SpamAssassin box?  There's nothing on their website that indicates that,
unfortunately, and I'd like to see what they have to say about doing so.

(Also, if that's the case, given that both are OpenSource, don't they have
to acknowledge their use of them somewhere public?  At least out of
fairness?  I know, silly me for expecting fairness to win in cases of
corporate interest...)

Tony Harris
Assistant CTO
Community College of Vermont
harrist () ccv edu
(802) 241-3535

Zhë dishthe shthál ñe lhôñ svóná záxá - The direct path is not always
straight.
-------------------------------------------
PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designated
recipient only and may contain privileged, confidential, or otherwise
private information. If you have received it in error, please notify the
sender immediately and delete the original. Any other use of an email
received in error is prohibited.

 

> -----Original Message-----
> From: Matthew Keller [mailto:kellermg () POTSDAM EDU]
> Sent: Wednesday, July 27, 2005 8:55 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Barracuda Spam Filter
>
> On Tue, 2005-07-26 at 19:42 -0400, Dave Koontz wrote:
> > Watching this thread, I have a couple questions about the
> 'cuda' product.
> > What exactly does this product do that the free Spam
> Assassin code doesn't?
> > In other words, why should I pay someone $1000+ dollars
> annually for what
> > appears to basically be free software bundled on a scaled
> down server.
>
> I've been waiting for this question to be asked. Thank you.
>
> The answer is a resounding "Nothing". The 'cuda is SpamAssassin in a 
> shiny frame, with a pretty sandbox web-interface so it's not so scary.
> The only question to ask is how much "not so scary" is worth to you.
>
> We built, in 2000 or 2001, a system dubbed "Bugz". It was planned to 
> be a 2-phase appliance system: Phase 1 was scanning e-mail for known 
> viruses and dropping them. Phase 2 was scanning and _TAGGING_ 
> suspected SPAM e-mail messages. This tagging was two-part: Part 1 was 
> a header modification that allowed individual clients to set their 
> e-mail filters to do something (delete, move to a spam folder, 
> whatever) to e-mail that _WE_ considered spam; Part 2 was a "rating 
> system" that allowed individual clients to set their e-mail filters to 
> do something (delete, move to a spam folder, whatever) to e-mail that 
> reached or exceeded a certain "spam score". I, for example, may want 
> to drop all mail with a score >= 6, but move into a quarantine box all 
> mail rated 1-5.
>
> We do it this way because we strongly believe we should not be 
> deleting ANYONE's e-mail (unless it contains things that may hurt 
> college property (eg. malware)). Nor should we be delaying it to their 
> inbox with a quarantine system. One could _trivially_ do this if they 
> chose to. I'm not preaching campus culture :). We have had customers 
> say "I don't want to ever see spam again". When asked "would you be 
> willing to possibly lose legitimate e-mail?" the answer is a firm 
> "no".
>
> Bugz is currently built w/ 100% open source software. Qmail is the 
> MTA.
> Amavis and a cadre of helper tools to dissassemble e-mail messages, 
> ClamAV to scan for viruses and other malware, SpamAssassin to do what 
> it does OH SO WELL, GNU/Linux as the OS w/ Linux High-Availability 
> tools to allow trivial clustering of as many of these as we need. 
> We're moving towards utility clustering clustering, and this 
> functionality will be rolled into the main cluster operations.
>
> This is a classic build vs. buy issue. There are shops out there who 
> choose to buy, there are those who choose to build. I am __BLESSED__ 
> with working in a team of ambitious, innovative, energetic, and 
> challenging individuals who share my desire to build the best mouse 
> trap, and save our precious budget dollars for the things we can't 
> whip up with a little bit of elbow grease and brainpower.
>
> The 'cuda is perfectly wonderful product for those who don't have the 
> privilege of a staff such as ours, or have money to throw at the 
> problem.
>
> On Tue, 2005-07-26 at 19:42 -0400, Dave Koontz wrote:
> > Watching this thread, I have a couple questions about the
> 'cuda' product.
> > What exactly does this product do that the free Spam
> Assassin code doesn't?
> > In other words, why should I pay someone $1000+ dollars
> annually for what
> > appears to basically be free software bundled on a scaled
> down server.
> > It looks like the 'cuda' device uses SA version 3.02, which
> is two full
> > versions behind the SA code branch.... which may frankly
> address some issues
> > posted here.  Initially, it would seem in the "device" 
> world, I might
> > actually loose a lot of functionality and features that I
> have running the
> > full fledged product.
> >
> > So... 
> >
> > 1) How easy is it to upgrade the device to the latest spam
> assassin version?
> > 2) Do users have their own baysian DB's and rules, or are
> they globally
> > maintained?
> > 3) How easy can users interact with or train the system?
> > 4) Can you easily add your own SA rulesets?  (Custom or SARES)
> > 5) Can the device test & score SPF/DK/DKIM/RBL/SUBL/URIBL results?
> > 6) Does the device support the Razor and/or DCC networks?
> > 7) Does the device support the usage of Grey Listing Technology?
> >
> > Lastly... Is this product really just a way for a site to
> "easily" use Spam
> > Assassin without having to invest any time or effort into
> learning the
> > program?  If so, that's fine, but it may not be as full
> featured as the
> > product could be.  
> >
> > If the product does all the above and more... I will
> immediately ask for a
> > purchase order to save me some precious time!  :-)
> >
> > ---
> > Dave Koontz
> > Mary Baldwin College
> > Staunton VA
> >
> >
> > -----Original Message-----
> > From: Justin Sipher [mailto:jsipher () SKIDMORE EDU]
> > Sent: Tuesday, July 26, 2005 3:59 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Barracuda Spam Filter
> >
> > Add us to the list of schools who are very happy Barracuda users.   
> > However, I will share a recent story which dampers our
> enthusiasm slightly.
> > Our single unit (model 600) had a hardware failure
> recently.  It was in this
> > process that we learned that we had a new "single point of
> failure" in the
> > e-mail system.  One major problem at the point of the
> failure is that all
> > mail in the quarantine at the time of the failure was lost. 
>  Although most
> > was SPAM, I do know that I had at least one valid e-mail in
> it.  It was
> > between when I received the e-mail quarantine summary and
> when I actually
> > went to retrieve/delete the message when the failure
> occurred.  To prevent
> > this in the future, we've bought a second one and will have the two 
> > clustered for redundancy.  The second problem we had is that they
> > **appear** to be a victim of their own success.  At the
> point of the failure
> > they were out of stock for a replacement even though we
> were at the upgraded
> > "instant replacement" level.  In our case it took three
> days to get a
> > replacement and then it was a 400 model to hold us over
> till they could get
> > a 600.  Not ideal.
> >
> > I do think they have learned from this (and maybe other)
> incidents and
> > knowing everything I know now, I'd still buy another one,
> so the up-side is
> > pretty high to overcome those shortcomings.
> >
> > ...Justin
> > _______________________________________________________
> >    Justin Sipher
> >    Chief Technology Officer
> >    Skidmore College
> >    Saratoga Springs, NY
> >    jsipher () skidmore edu
> >    518-580-5909
> > _______________________________________________________
> >
> > On Jul 25, 2005, at 11:35 AM, Gibbs, Aaron M. wrote:
> >
> > > I'm looking at the Barracuda Spam Filter and would like
> to know if
> > > anyone is currently using it. If so what your experiences
> have been.
> > > Aaron M Gibbs
> > > Interim Vice President/CIO
> > > Center for Information Technology
> > > St. Augustine's College
> > > 919-516-4379 (Office)
> > > 919-516-4382 (Fax)
> > > amgibbs () st-aug edu
> > > www.st-aug.edu
> --
>
> Matthew Keller
> Enterprise Systems Analyst
> Computing & Technology Services
> State University of New York @ Potsdam Potsdam, NY USA 
> http://mattwork.potsdam.edu/