Re: [WISPA] Barracuda = Source of SPAM?
On Wed, 21 May 2008, Kurt Fankhauser wrote: If i deny SMTP to all but the barracudas IP then won't people not be able to send email ? Without knowing what gear you use or the network topology, this is not an easy answer, but the English version of the firewall would be something like this: 1. Allow Destination TCP/25 going to my customer's mail server if the source IP is my Barracuda. 2. Don't allow any other destination TCP/25 to my customer's mail server. This just fixes that one customer. If you want a more detailed answer, or perhaps a better handle on SMTP traffic in and out of your network, post some detail about what gear you are using and a bit of information about your network. -- *Butch Evans*Professional Network Consultation * *Network Engineering*MikroTik RouterOS * *573-276-2879 *ImageStream * *http://www.butchevans.com/ *StarOS and MORE * *Mikrotik Certified Consultant *Wired or Wireless Networks* WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda = Source of SPAM?
A little more information might be in order... Did this domain exist before?Did it lapse and then get re-registered? I had this happen to me, a client wanted a domain, which I obtained for him, and set up his email addresses, which were instantly spammed. And, spammed by a huge array of spammers, PLUS some mail that appeared to be from businesses that legitemately send email to customers. He had gotten a domain which had just expired, and since his domain included his first name, email to his first name was already waiting to go. Did you have an MX record for the domain before you pointed it at the Barracuda? Frankly, someone out there IS searching for newly registered domains, and is passing those on to the spammers, but I have my doubts that it's Barracuda Networks. If it is, there's a big lawsuit waiting to happen. This idea could be tested... Anyone interested in seeing if this is just coincidence? insert witty tagline here - Original Message - From: Kurt Fankhauser [EMAIL PROTECTED] To: 'WISPA General List' wireless@wispa.org Sent: Wednesday, May 21, 2008 1:08 PM Subject: [WISPA] Barracuda = Source of SPAM? I currently host email for a few domains as well as my own. I use a Barracuda SPAM firewall for my own domain but not the others. Anyways I pointed an MX record for one of the domains to the Barracuda Spam Firewall. That domain was not getting any spam whatsoever because it was a newly registered domain but I wanted it to be READY just in case. Anyways as soon as I did that the company that uses the domain's email started screaming bloody murder because they said they were getting TONS of spam all the sudden. Turns out I added the MX record for the Barracuda as a LOWER priority and so it was not getting to filter every email that was coming in. So I started to wonder why the spam was even coming in at all when it HADN'T been before I added the domain to this Barracuda box. Does anyone else here besides me feel that Barracuda is intentionally causing spam to be sent out to its customers domains in order for the customers to see it in the message logs as more amounts of blocked spam that it was before the box was added Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda = Source of SPAM?
Domain was 2 years old, never lapsed. Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 22, 2008 1:38 PM To: WISPA General List Subject: Re: [WISPA] Barracuda = Source of SPAM? A little more information might be in order... Did this domain exist before?Did it lapse and then get re-registered? I had this happen to me, a client wanted a domain, which I obtained for him, and set up his email addresses, which were instantly spammed. And, spammed by a huge array of spammers, PLUS some mail that appeared to be from businesses that legitemately send email to customers. He had gotten a domain which had just expired, and since his domain included his first name, email to his first name was already waiting to go. Did you have an MX record for the domain before you pointed it at the Barracuda? Frankly, someone out there IS searching for newly registered domains, and is passing those on to the spammers, but I have my doubts that it's Barracuda Networks. If it is, there's a big lawsuit waiting to happen. This idea could be tested... Anyone interested in seeing if this is just coincidence? insert witty tagline here - Original Message - From: Kurt Fankhauser [EMAIL PROTECTED] To: 'WISPA General List' wireless@wispa.org Sent: Wednesday, May 21, 2008 1:08 PM Subject: [WISPA] Barracuda = Source of SPAM? I currently host email for a few domains as well as my own. I use a Barracuda SPAM firewall for my own domain but not the others. Anyways I pointed an MX record for one of the domains to the Barracuda Spam Firewall. That domain was not getting any spam whatsoever because it was a newly registered domain but I wanted it to be READY just in case. Anyways as soon as I did that the company that uses the domain's email started screaming bloody murder because they said they were getting TONS of spam all the sudden. Turns out I added the MX record for the Barracuda as a LOWER priority and so it was not getting to filter every email that was coming in. So I started to wonder why the spam was even coming in at all when it HADN'T been before I added the domain to this Barracuda box. Does anyone else here besides me feel that Barracuda is intentionally causing spam to be sent out to its customers domains in order for the customers to see it in the message logs as more amounts of blocked spam that it was before the box was added Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda = Source of SPAM?
No that is not the case, properly configured Barracuda's work fine. Although I prefer the MailFoundry devices to Barracuda's at this time. Regards Michael Baird I currently host email for a few domains as well as my own. I use a Barracuda SPAM firewall for my own domain but not the others. Anyways I pointed an MX record for one of the domains to the Barracuda Spam Firewall. That domain was not getting any spam whatsoever because it was a newly registered domain but I wanted it to be READY just in case. Anyways as soon as I did that the company that uses the domain's email started screaming bloody murder because they said they were getting TONS of spam all the sudden. Turns out I added the MX record for the Barracuda as a LOWER priority and so it was not getting to filter every email that was coming in. So I started to wonder why the spam was even coming in at all when it HADN'T been before I added the domain to this Barracuda box. Does anyone else here besides me feel that Barracuda is intentionally causing spam to be sent out to its customers domains in order for the customers to see it in the message logs as more amounts of blocked spam that it was before the box was added Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda = Source of SPAM?
Kurt Fankhauser wrote: I currently host email for a few domains as well as my own. I use a Barracuda SPAM firewall for my own domain but not the others. Anyways I pointed an MX record for one of the domains to the Barracuda Spam Firewall. That domain was not getting any spam whatsoever because it was a newly registered domain but I wanted it to be READY just in case. Anyways as soon as I did that the company that uses the domain's email started screaming bloody murder because they said they were getting TONS of spam all the sudden. Turns out I added the MX record for the Barracuda as a LOWER priority and so it was not getting to filter every email that was coming in. When my office installed its first Barracuda (this was over four years ago), I kept fairly careful counts of the raw number of emails that came in, before and after, and didn't see any discrepancies. If it was a newly-registered domain, it may simply have taken the spammers a few days to learn about it. (Yes, some spammers have turned to things like scraping WHOIS records to learn about new names.) Also, apropos of nothing, if your network topology permits, be sure to firewall off the destination server's port 25, so that it will only accept email from the Barracuda itself (or from properly-authenticated users). Took me a while to realize that some spammers didn't even bother with MX lookups and would just try SMTP connections to random IPs and hope they'd get lucky, then fire off a dictionary attack. David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda = Source of SPAM?
If i deny SMTP to all but the barracudas IP then won't people not be able to send email ? -- Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com - Original Message From: WISPA General List wireless@wispa.org To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] Barracuda = Source of SPAM? Date: 05/21/08 16:21 Kurt Fankhauser wrote: gt; I currently host email for a few domains as well as my own. I use a gt; Barracuda SPAM firewall for my own domain but not the others. Anyways I gt; pointed an MX record for one of the domains to the Barracuda Spam Firewall. gt; That domain was not getting any spam whatsoever because it was a newly gt; registered domain but I wanted it to be READY just in case. Anyways as soon gt; as I did that the company that uses the domain's email started screaming gt; bloody murder because they said they were getting TONS of spam all the gt; sudden. Turns out I added the MX record for the Barracuda as a LOWER gt; priority and so it was not getting to filter every email that was coming in. When my office installed its first Barracuda (this was over four years ago), I kept fairly careful counts of the quot;rawquot; number of emails that came in, before and after, and didn't see any discrepancies. If it was a newly-registered domain, it may simply have taken the spammers a few days to learn about it. (Yes, some spammers have turned to things like scraping WHOIS records to learn about new names.) Also, apropos of nothing, if your network topology permits, be sure to firewall off the quot;destinationquot; server's port 25, so that it will only accept email from the Barracuda itself (or from properly-authenticated users). Took me a while to realize that some spammers didn't even bother with MX lookups and would just try SMTP connections to random IPs and hope they'd get lucky, then fire off a dictionary attack. David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda = Source of SPAM?
If i deny SMTP to all but the barracudas IP then won't people not be able to send email ? Obviously you'll have to adjust your firewall rules a little bit, to match your network. :) I've got two separate sets of firewall rules - one that protects my mail server from the outside world, and another that protects the outside world from my customers. Essentially, I force the rest of the Internet to send mail in through the Barracuda (so it can be filtered properly), and I force my customers to use our mail server (so it can be logged properly). There are a few exceptions on both sides of this, of course. Don't just do anything someone on the Internet tells you without carefully considering the ramifications. KNOW YOUR NETWORK. :) David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda = Source of SPAM?
David E. Smith wrote: If i deny SMTP to all but the barracudas IP then won't people not be able to send email ? Obviously you'll have to adjust your firewall rules a little bit, to match your network. :) All of my MX records point to machines running the same set of spam filtering rules. Those boxes are my home-built equivalent to a Barracuda. The real mail server sits safely behind them and doesn't receive anything on port 25. Customers send to port 587 and are required to authenticate. Keeps that box nice and clean. I have watched all three filter boxes and see spammers try them in sequence of high to low priority, low to high, and sometimes hit all three at the exact same time. There is no point of even advertising the unprotected mail server's IP address to the world unless/until your Barracuda goes down. People can withstand a short delay in outside email far more than a sudden flood of spam, and that could theoretically clobber the box and cause more problems, depending on how it's built. -- Bryan WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
