Educause Security Discussion mailing list archives

Re: anti-spam software

From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Tue, 29 Jul 2008 15:32:24 -0500

Paul Russell wrote:

On 7/28/2008 4:20 PM, Bob Bayn wrote:


In defense of the Barracuda folks, I will say that their tech
support were very responsive and helpful with our occasional
earlier problems, many of which were the result of our novice
level of understanding how to manage them.  We were quite satisfied
until the thrashing started.  I don't know what was
the cause of our problem or how it might have been possible to
resolve it without switching to a different system.


Unless Barracuda has made radical changes in the underlying architecture
of their product, it appears to me that clustered Barracuda Spam Firewall
(BSF) servers are doomed to thrash.  As the number of servers and/or the
number of messages being quarantined increases, the thrashing is likely to
become worse.  We encountered similar performance problems with a clustered
pair of BSF model 600 servers.  At the time (~3 years ago), we were told
that every message in quarantine must be replicated to every server in the
cluster, so that a user will be able to access all his/her messages,
regardless of which server accepted the user's login.  Barracuda could
have avoided this problem by creating a single copy of each user's mailbox,
and routing  inbound messages and user logins to the server where the
user's mailbox resides.  That is the approach used by vendors of some
other anti-spam products.


We just avoid the whole "quarantine at the gateway" paradigm entirely.
 To me, it just seems like an unnecessary duplication of your mail
environment.  You already have SMTP servers, so use them.  You already
have mail stores, so use them.

We stuck with the simple solution of tagging the spam in the headers
(using PureMessage directly integrated with our SJSMS MTA servers,) then
we use server-side mail filters to move the spam into an IMAP folder.
User support is simple since the users don't need to go to a separate
server to find their spam messages.

We also use a hybrid blacklisting/greylisting application
(http://code.google.com/p/gross/) that reduces email volumes by about
85%.  We used to average close to 10 million messages per day, but now
we're typically processing under 1 million.

Jesse Thompson
UW Madison


Barracuda attempted to address our performance problems by swapping the
pair of 600's for a single 800, which was supposed to have built-in
redundancy and more capacity than a pair of 600's.  We continued to
experience a variety of problems with the Barracuda product.  Some
problems were fixed and never re-appeared; some problems were fixed
but re-appeared later; some problems were never fixed.  We stuck with
Barracuda for two years, then replaced the BSF 800 with a pair of
Sentrion MG "appliances" from Sendmail, Inc.


--
  Jesse Thompson
  Email/IM: jesse.thompson () doit wisc edu

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Re: anti-spam software, (continued)
- Re: anti-spam software Basgen, Brian (Jul 28)
- Re: anti-spam software David Kovarik (Jul 28)
- Re: anti-spam software Bob Bayn (Jul 28)
- Re: anti-spam software David Lundy (Jul 28)
- Re: anti-spam software Paul Russell (Jul 28)
- Re: anti-spam software Jeffrey Ramsay (Jul 28)
- Re: anti-spam software Cody, James (Jul 29)
- Re: anti-spam software Jason C. Belford (Jul 29)
- Re: anti-spam software Ken Connelly (Jul 29)
- Re: anti-spam software Michael Young (Jul 29)
- Re: anti-spam software Jesse Thompson (Jul 29)
- Re: anti-spam software David Boyer (Jul 29)
- Re: anti-spam software Maria Iano (Jul 29)