Educause Security Discussion mailing list archives
Re: anti-spam software
From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Tue, 29 Jul 2008 15:32:24 -0500
Paul Russell wrote:
On 7/28/2008 4:20 PM, Bob Bayn wrote:In defense of the Barracuda folks, I will say that their tech support were very responsive and helpful with our occasional earlier problems, many of which were the result of our novice level of understanding how to manage them. We were quite satisfied until the thrashing started. I don't know what was the cause of our problem or how it might have been possible to resolve it without switching to a different system.Unless Barracuda has made radical changes in the underlying architecture of their product, it appears to me that clustered Barracuda Spam Firewall (BSF) servers are doomed to thrash. As the number of servers and/or the number of messages being quarantined increases, the thrashing is likely to become worse. We encountered similar performance problems with a clustered pair of BSF model 600 servers. At the time (~3 years ago), we were told that every message in quarantine must be replicated to every server in the cluster, so that a user will be able to access all his/her messages, regardless of which server accepted the user's login. Barracuda could have avoided this problem by creating a single copy of each user's mailbox, and routing inbound messages and user logins to the server where the user's mailbox resides. That is the approach used by vendors of some other anti-spam products.
We just avoid the whole "quarantine at the gateway" paradigm entirely. To me, it just seems like an unnecessary duplication of your mail environment. You already have SMTP servers, so use them. You already have mail stores, so use them. We stuck with the simple solution of tagging the spam in the headers (using PureMessage directly integrated with our SJSMS MTA servers,) then we use server-side mail filters to move the spam into an IMAP folder. User support is simple since the users don't need to go to a separate server to find their spam messages. We also use a hybrid blacklisting/greylisting application (http://code.google.com/p/gross/) that reduces email volumes by about 85%. We used to average close to 10 million messages per day, but now we're typically processing under 1 million. Jesse Thompson UW Madison
Barracuda attempted to address our performance problems by swapping the pair of 600's for a single 800, which was supposed to have built-in redundancy and more capacity than a pair of 600's. We continued to experience a variety of problems with the Barracuda product. Some problems were fixed and never re-appeared; some problems were fixed but re-appeared later; some problems were never fixed. We stuck with Barracuda for two years, then replaced the BSF 800 with a pair of Sentrion MG "appliances" from Sendmail, Inc.
-- Jesse Thompson Email/IM: jesse.thompson () doit wisc edu
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: anti-spam software, (continued)
- Re: anti-spam software Basgen, Brian (Jul 28)
- Re: anti-spam software David Kovarik (Jul 28)
- Re: anti-spam software Bob Bayn (Jul 28)
- Re: anti-spam software David Lundy (Jul 28)
- Re: anti-spam software Paul Russell (Jul 28)
- Re: anti-spam software Jeffrey Ramsay (Jul 28)
- Re: anti-spam software Cody, James (Jul 29)
- Re: anti-spam software Jason C. Belford (Jul 29)
- Re: anti-spam software Ken Connelly (Jul 29)
- Re: anti-spam software Michael Young (Jul 29)
- Re: anti-spam software Jesse Thompson (Jul 29)
- Re: anti-spam software David Boyer (Jul 29)
- Re: anti-spam software Maria Iano (Jul 29)