----- Original Message -----
From: "Daniel Bentley" <[EMAIL PROTECTED]>
We're currently dealing with one of these at my work, a Barracuda 300 box.
I'll have to say, it seems to be doing an okay filtering job for spam it
receives.
-However-, I'm not sure how other boxes do things, but there's a flaw in
how this one's applied. Namely, you give the box an IP, and change the MX
record for your domain/s to point to the spam box. That's all fine and
dandy, -IF- the sending servers are honoring and sending according to that
MX record in DNS. If they're sending to an FQDN or straight IP, it'll go
straight to the email server anyways. So it's not exactly a complete
solution, so long as your email server still has an IP and a connection to
the 'net... We can play the IP and DNS shuffle, but so long as we have
records in DNS for SPF identification, the spammers will be able to find
out what machines in our domain are e-mail servers and we'll be right at
Step 1 again, with mail circumventing the Barracuda box completely.
YMMV (Your Model May Vary) of course, just some hands-on I've gotten with
one of these Barracuda boxes so far... I still think a more optimal setup
would be one that's trully 'in-line' for the mail server, comparable to a
traditional firewall. When looking at getting this box, my manager kept
reassuring me that it was in-line. Riiiiight... At least it -does- help
lighten the load on the mail server.
Seems like an easy enough solution, don't make the IP address of you
internal mail server accessible from the Internet, only allow SMTP
connections from your Barracuda IP address. If you have external users and
customers sending mail via the internal mail server, have them use the
"submission" port (port 587) and require SMTP Authentication.
It might take a bit of work to get this setup, but it would prevent any
inbound e-mail from bypassing your Barracuda machine.
Bill
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
