I just called Barracuda and spoke to an Engineer. The appliances
*do not* accept the whole message before tests are run
There's no proprietary stuff here, BC can't do anything special with SMTP.
The Barracuda runs postfix, probably modified, and can do envelope
checks on PTR/FROM/TO/HELO, but headers can't be checked until the
entire DATA command is complete.
With a content-scanner like BC, I suggest the best decision point is
after DATA, and then decide on all the info (more info = better
decision, in principle): envelope IP/HELO/FROM/TO + headers + msg
body + attachments.
With IMGate in front, IMGate does weighted rejecting of envelope
IP/HELO/FROM/TO. If the msg gets past the envelope policies, IMGate
will accept the DATA and then can apply policies to headers and
prohibited "executable" attachments, and do AV scanning.
IMGate passes the trickle of msgs remaining (probably only 5% of
what IMGate sees) to the BC box which is reduced to a content-scanner
for deep scanning of the body and attachments. You can turn off all
the postfix DNS and envelope checking in BC since all of that will
have been done by IMGate, lightening up the load on BC even more.
And of course, IMGate passes only legit recipient traffic to the BC,
having rejected all bad recips.
Len
