Transcription
Barracuda Spam FirewallUser’s Guide 1
CopyrightCopyright 2004, Barracuda Networkswww.barracudanetworks.comAll rights reserved. Use of this product and this manual is subject to license. Information in this document is subjectto change without notice.TrademarksBarracuda Spam Firewall is a trademark of Barracuda Networks. All other brand and product names mentioned inthis document are registered trademarks or trademarks of their respective holders.2 Barracuda Spam Firewall User’s Guide
ContentsChapter 1Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Energize Updates Minimize Administration and Maximize Protection . . . . . 8Understanding Spam Scoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Barracuda Spam Firewall Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Warranty Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Locating Information in this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Chapter 2Setting Up the Barracuda Spam Firewall . . . . . . . . . . . 13Installing the Barracuda Spam Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Setting the System IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Configuring the Barracuda Spam Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Configuring your Corporate Firewall and Updating Firmware . . . . . . . . . . . . . 16Routing your Incoming Email by Modifying MX Records . . . . . . . . . . . . . . . . 17Post-Installation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Installation Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Barracuda Spam Firewall Behind Corporate Firewall . . . . . . . . . . . . . . . . . 18Barracuda Spam Firewall in Front of Corporate Firewall . . . . . . . . . . . . . . . 19Chapter 3Managing the Barracuda Spam Firewall . . . . . . . . . . . . 21Viewing System Status and Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Understanding the Indicator Lights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Viewing System Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Monitoring and Classifying Incoming Messages . . . . . . . . . . . . . . . . . . . . . . . . 24Classifying Messages from the Administration Interface . . . . . . . . . . . . . . . 25Classifying Messages From Mail Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Understanding the Message Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Viewing Message Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Configuring the Spam Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Configuring the Global Spam Scoring Limits. . . . . . . . . . . . . . . . . . . . . . . . 28Specifying the Subject Text and Priority for Tagged Messages . . . . . . . . . . 28Enabling and Disabling Virus Checking and Notification . . . . . . . . . . . . . . . . . 29Setting Up Quarantine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Specifying the Quarantine Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Specifying the Global Quarantine Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 30Specifying the Per-User Quarantine Settings . . . . . . . . . . . . . . . . . . . . . . . . 31Overriding the Per-User Quarantine Account Settings . . . . . . . . . . . . . . . . . 32Contents 3
Configuring System IP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Controlling Access to the Administration Interface . . . . . . . . . . . . . . . . . . . . . . 33Changing the Password of the Administration Account . . . . . . . . . . . . . . . . 33Limiting Access to the Administration Interface. . . . . . . . . . . . . . . . . . . . . . 33Changing the Web Interface Port and Session Expiration Length. . . . . . . . . 34Resetting and Shutting Down the System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Shutting Down the System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Resetting the System Using the Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . 35Resetting the Bayes Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Automating the Delivery of System Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Subscribing to Blacklist Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36About the Blacklist Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Using the Block/Accept Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Filtering by IP Address/Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Filtering by Sender Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Filtering by Sender Email Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Filtering by Recipient Email Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Filtering by Attachment Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Filtering by Subject Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Filtering by Body Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Filtering by Header Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Backing Up and Restoring System Configuration . . . . . . . . . . . . . . . . . . . . . . . 42Backing Up System Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Restoring System Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Updating Spam and Virus Definitions Using Energize Updates . . . . . . . . . . . . 44Customizing the Appearance of the Administration Interface . . . . . . . . . . . . . . 45Configuring Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Changing the Fingerprinting Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Setting Email Protocol Checking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Configuring Message Rate Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Activating Individual Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Updating the System Firmware Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Using a Syslog Server to Centrally Manage System Logs . . . . . . . . . . . . . . 50Setting Up Clustered Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Implementing Single Sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Localizing the Spam Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Managing and Configuring Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Adding New Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Editing Domain Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Preventing Dictionary Attacks Using Barracuda MS Exchange Accelerator. . . 55Replacing a Failed System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Viewing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574 Barracuda Spam Firewall User’s Guide
Assigning Features to User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Creating New User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Backing Up and Restoring User Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Enabling SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Customizing Non-Delivery Reports (NDRs) . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Chapter 4 Using the Barracuda Spam Firewall to Filter Your Emails65Receiving Messages from the Barracuda Spam Firewall. . . . . . . . . . . . . . . . . . 65Greeting Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Quarantine Summary Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Using the Quarantine Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Logging into the Quarantine Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Managing your Quarantine Inbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Changing your User Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Changing your Account Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Changing Your Quarantine Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Enabling and Disabling Spam Scanning of your Email . . . . . . . . . . . . . . . . 69Adding Email Addresses and Domains to Your Whitelist and Blacklist . . . 69Appendix AAbout Regular Expressions . . . . . . . . . . . . . . . . . . . . 71Using Special Characters in Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Contents 5
6 Barracuda Spam Firewall User’s Guide
Chapter 1IntroductionThis chapter provides an overview of the Barracuda Spam Firewall and includes the following topics: Overview (on this page). Barracuda Spam Firewall Models (page 10). Technical Support (page 10). Warranty Policy (page 10). Locating Information in this Document (page 11).OverviewThe Barracuda Spam Firewall is an integrated hardware and software solution that provides powerfuland scalable spam and virus-blocking capabilities that do not bog down your email servers. The systemhas no per-user license fee and can scale to support tens of thousands of active email users.Using the web-based administration interface, you can configure up to ten defense layers that protectyour users from spam and viruses. The ten defense layers are: Denial of service and security protection IP block list Rate control Virus check with archive decompression Proprietary virus check User-specified rules Spam fingerprint check Intention analysis Bayesian analysis Rule-based spam scoringChapter 1 Introduction 7
OverviewThe following figure shows each of these defense layers in action.Energize Updates Minimize Administration and Maximize ProtectionTo provide you with maximum protection against the latest types of spam and virus attacks, BarracudaNetworks maintains a powerful operations center called Barracuda Central. From this center, engineersmonitor the Internet for trends in spam and virus attacks and post updated definitions to BarracudaCentral. These updates are then automatically retrieved by your Barracuda Spam Firewall using theEnergize Update feature.By spotting spam trends early on, the team at Barracuda Central can quickly develop new and improvedblocking techniques and virus definitions that are quickly made available to your Barracuda SpamFirewall.Energize Updates provide your Barracuda Spam Firewall with the following benefits: Access to known offending IP addresses Known spam messages instantly blocked Known spam content blocked Virus definitions constantly updated8 Barracuda Spam Firewall User’s Guide
OverviewThe following figure shows how Barracuda Central provides the latest spam and virus definitionsthrough the Energize Update feature.Understanding Spam ScoringThe Barracuda Spam Firewall examines all the characteristics of a message and uses a complex systemof scores to determine whether a message is spam. When an email reaches the spam scoring filter, theBarracuda Spam Firewall assigns scores to all the properties of the message.For example, the Barracuda Spam Firewall examines: A message’s header and subject line for offending characters or words The percentage of HTML in the message Whether a message contains an 'unsubscribe' linkThese properties (along with many others) help the Barracuda Spam Firewall determine a message’sspam score, which is displayed on the Message Log page of the administration interface.The Energize Update feature keeps the spam rules and scores up-to-date so the Barracuda SpamFirewall can quickly counteract the latest techniques used by spammers.Chapter 1Introduction 9
Barracuda Spam Firewall ModelsBarracuda Spam Firewall ModelsThe Barracuda Spam Firewall comes in four models. Refer to the following table for the capacity andfeatures available on each.FeatureModel200Model300Model400Model600Email capacity per day1 million4 million10 million25 millionActive email patible with all email servers9999Hardened and secure OS9999Spam blocking9999Virus scanning9999Web-based administration interface9999Per-user settings and quarantine999MS Exchange/LDAP Accelerator999Syslog support999Clustering99Redundant Disk Array (RAID)99SNMP Support99Per-user score settings9Customizeable Branding9Technical SupportTo contact Barracuda technical support: By phone, call (408) 342-5400, (888) Anti-Spam, or (888) 268-4772 By email, use support@barracudanetworks.com User forum: http://forum.barracudanetworks.comWarranty PolicyThe Barracuda Spam Firewall has a 90 day warranty against manufacturing defects.10 Barracuda Spam Firewall User’s Guide
Locating Information in this DocumentLocating Information in this DocumentRefer to the following table to locate information for a specific page in the administration interface.Admin Interface PageRefer to.BASIC TabStatusViewing System Status and Statistics on page 22Message LogMonitoring and Classifying Incoming Messages on page 24Spam ScoringConfiguring the Spam Settings on page 28Virus CheckingEnabling and Disabling Virus Checking and Notification on page 29QuarantineSetting Up Quarantine on page 29IP ConfigurationConfiguring System IP Information on page 32AdministrationControlling Access to the Administration Interface on page 33Resetting and Shutting Down the System on page 34Automating the Delivery of System Reports on page 35Viewing Message Details on page 27Bayesian/FingerprintingChanging the Fingerprinting Behavior on page 46Classifying Messages From Mail Clients on page 26 (not supportedin model 200)Resetting the Bayes Database on page 35BLOCK/ACCEPT TabExternal BlacklistsSubscribing to Blacklist Services on page 36IP Block/AcceptFiltering by IP Address/Network on page 37Sender Domain Block/AcceptFiltering by Sender Domain on page 38Email Sender Block/AcceptFiltering by Sender Email Address on page 38Email Recipient Block/AcceptFiltering by Recipient Email Address on page 39Attachment FilteringFiltering by Attachment Type on page 39Subject FilteringFiltering by Subject Line on page 40Body FilteringFiltering by Body Contents on page 41Header FilteringFiltering by Header Contents on page 41USERS TabAccount ViewViewing User Accounts on page 57User FeaturesAssigning Features to User Accounts on page 59User Add/UpdateCreating New User Accounts on page 60User Backup/RestoreBacking Up and Restoring User Settings on page 60DOMAINS TabDomain ManagerManaging and Configuring Domains on page 54Editing Domain Settings on page 54 (not supported in models 200/300)Preventing Dictionary Attacks Using Barracuda MS ExchangeAccelerator on page 55 (not supported in model 200)Chapter 1 Introduction 11
Locating Information in this DocumentAdmin Interface PageRefer to.ADVANCED TabEmail Protocol CheckingSetting Email Protocol Checking on page 47Rate ControlsConfiguring Message Rate Control on page 49Explicit UsersActivating Individual Accounts on page 49.Configuration Backup/RestoreBacking Up and Restoring System Configuration on page 42Energize UpdatesUpdating Spam and Virus Definitions Using Energize Updates onpage 44Firmware UpdateUpdating the System Firmware Version on page 49AppearanceCustomizing the Appearance of the Administration Interface onpage 45 (not supported in models 200/300/400)SyslogUsing a Syslog Server to Centrally Manage System Logs onpage 50 (not supported in model 200)ClusteringSetting Up Clustered Environments on page 51 (not supported inmodel 200/300)Single Sign-onImplementing Single Sign-on on page 52 (not supported in model200/300)SSLEnabling SSL on page 60Spam Rule ManagementLocalizing the Spam Settings on page 53Bounce/NDR MessagesCustomizing Non-Delivery Reports (NDRs) on page 62TroubleshootingTroubleshooting on page 6312 Barracuda Spam Firewall User’s Guide
Chapter 2Setting Up the Barracuda Spam FirewallTo set up your Barracuda Spam Firewall, follow the process below:1. Install the Barracuda Spam Firewall (in the next section).2. Set the System IP Address (page 14).3. Configure the Barracuda Spam Firewall (page 14).4. Configure your Corporate Firewall and Update the Firmware (page 16).5. Route Incoming Email by Modifying MX Records (page 17).6. Post-Installation Steps (page 17).The end of this chapter also provides example installation scenarios you can use as a reference to helpintegrate the Barracuda Spam Firewall into your network environment.Installing the Barracuda Spam FirewallTo physically install the Barracuda Spam Firewall:1. Install the Barracuda Spam Firewall in a standard 19-inch rack or other stable location.Warning: Do not block the cooling vents located on the front and rear of the unit.2. Connect a CAT5 Ethernet cable to the back of the Barracuda Spam Firewall.The Barracuda Spam Firewall supports both 10BaseT and 100BaseT Ethernet. We recommend a100BaseT connection for best performance.Note: The Barracuda Spam Firewall 600 supports Gigabit Ethernet and has two usable LAN ports.On the 600 model, plug the Ethernet cable into the LAN 2 port.Do not connect any other cables to the other connectors on the unit. These connectors are fordiagnostic purposes.3. Connect a power cord to the unit.4. Press the Power button located on the front of the unitThe power light on the front of the system turns on. For a description of each indicator light, refer toUnderstanding the Indicator Lights on page 22.Chapter 2Setting Up the Barracuda Spam Firewall 13
Setting the System IP AddressSetting the System IP AddressThe Barracuda Spam Firewall is given a default IP address of 192.168.200.200. You can change thisaddress by doing either of the following: Connecting directly to the Barracuda Spam Firewall and specifying a new IP address through theconsole interface, or Pushing and holding the RESET button on the front panel. Holding the RESET button for 8 secondschanges the default IP address to 192.168.1.200. Holding the button for 12 seconds changes the IPaddress to 10.1.
The Barracuda Spam Firewall examines all the characteristics of a message and uses a complex system of scores to determine whether a message is spam. When an email reaches the spam scoring filter, the Barracuda Spam Firewall assigns scores to all the properties of the message. For exampl
