Educause Security Discussion mailing list archives
Re: Barracuda Spam Filter
From: Tony Harris <harrist () CCV VSC EDU>
Date: Wed, 27 Jul 2005 13:17:47 -0400
Can you point me at any info that documents the Barracuda as being a Linux and SpamAssassin box? There's nothing on their website that indicates that, unfortunately, and I'd like to see what they have to say about doing so. (Also, if that's the case, given that both are OpenSource, don't they have to acknowledge their use of them somewhere public? At least out of fairness? I know, silly me for expecting fairness to win in cases of corporate interest...) Tony Harris Assistant CTO Community College of Vermont harrist () ccv edu (802) 241-3535 Zhë dishthe shthál ñe lhôñ svóná záxá - The direct path is not always straight. ------------------------------------------- PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designated recipient only and may contain privileged, confidential, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of an email received in error is prohibited.
-----Original Message----- From: Matthew Keller [mailto:kellermg () POTSDAM EDU] Sent: Wednesday, July 27, 2005 8:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter On Tue, 2005-07-26 at 19:42 -0400, Dave Koontz wrote:Watching this thread, I have a couple questions about the'cuda' product.What exactly does this product do that the free SpamAssassin code doesn't?In other words, why should I pay someone $1000+ dollarsannually for whatappears to basically be free software bundled on a scaleddown server. I've been waiting for this question to be asked. Thank you. The answer is a resounding "Nothing". The 'cuda is SpamAssassin in a shiny frame, with a pretty sandbox web-interface so it's not so scary. The only question to ask is how much "not so scary" is worth to you. We built, in 2000 or 2001, a system dubbed "Bugz". It was planned to be a 2-phase appliance system: Phase 1 was scanning e-mail for known viruses and dropping them. Phase 2 was scanning and _TAGGING_ suspected SPAM e-mail messages. This tagging was two-part: Part 1 was a header modification that allowed individual clients to set their e-mail filters to do something (delete, move to a spam folder, whatever) to e-mail that _WE_ considered spam; Part 2 was a "rating system" that allowed individual clients to set their e-mail filters to do something (delete, move to a spam folder, whatever) to e-mail that reached or exceeded a certain "spam score". I, for example, may want to drop all mail with a score >= 6, but move into a quarantine box all mail rated 1-5. We do it this way because we strongly believe we should not be deleting ANYONE's e-mail (unless it contains things that may hurt college property (eg. malware)). Nor should we be delaying it to their inbox with a quarantine system. One could _trivially_ do this if they chose to. I'm not preaching campus culture :). We have had customers say "I don't want to ever see spam again". When asked "would you be willing to possibly lose legitimate e-mail?" the answer is a firm "no". Bugz is currently built w/ 100% open source software. Qmail is the MTA. Amavis and a cadre of helper tools to dissassemble e-mail messages, ClamAV to scan for viruses and other malware, SpamAssassin to do what it does OH SO WELL, GNU/Linux as the OS w/ Linux High-Availability tools to allow trivial clustering of as many of these as we need. We're moving towards utility clustering clustering, and this functionality will be rolled into the main cluster operations. This is a classic build vs. buy issue. There are shops out there who choose to buy, there are those who choose to build. I am __BLESSED__ with working in a team of ambitious, innovative, energetic, and challenging individuals who share my desire to build the best mouse trap, and save our precious budget dollars for the things we can't whip up with a little bit of elbow grease and brainpower. The 'cuda is perfectly wonderful product for those who don't have the privilege of a staff such as ours, or have money to throw at the problem. On Tue, 2005-07-26 at 19:42 -0400, Dave Koontz wrote:Watching this thread, I have a couple questions about the'cuda' product.What exactly does this product do that the free SpamAssassin code doesn't?In other words, why should I pay someone $1000+ dollarsannually for whatappears to basically be free software bundled on a scaleddown server.It looks like the 'cuda' device uses SA version 3.02, whichis two fullversions behind the SA code branch.... which may franklyaddress some issuesposted here. Initially, it would seem in the "device"world, I mightactually loose a lot of functionality and features that Ihave running thefull fledged product. So... 1) How easy is it to upgrade the device to the latest spamassassin version?2) Do users have their own baysian DB's and rules, or arethey globallymaintained? 3) How easy can users interact with or train the system? 4) Can you easily add your own SA rulesets? (Custom or SARES) 5) Can the device test & score SPF/DK/DKIM/RBL/SUBL/URIBL results? 6) Does the device support the Razor and/or DCC networks? 7) Does the device support the usage of Grey Listing Technology? Lastly... Is this product really just a way for a site to"easily" use SpamAssassin without having to invest any time or effort intolearning theprogram? If so, that's fine, but it may not be as fullfeatured as theproduct could be. If the product does all the above and more... I willimmediately ask for apurchase order to save me some precious time! :-) --- Dave Koontz Mary Baldwin College Staunton VA -----Original Message----- From: Justin Sipher [mailto:jsipher () SKIDMORE EDU] Sent: Tuesday, July 26, 2005 3:59 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter Add us to the list of schools who are very happy Barracuda users. However, I will share a recent story which dampers ourenthusiasm slightly.Our single unit (model 600) had a hardware failurerecently. It was in thisprocess that we learned that we had a new "single point offailure" in thee-mail system. One major problem at the point of thefailure is that allmail in the quarantine at the time of the failure was lost.Although mostwas SPAM, I do know that I had at least one valid e-mail init. It wasbetween when I received the e-mail quarantine summary andwhen I actuallywent to retrieve/delete the message when the failureoccurred. To preventthis in the future, we've bought a second one and will have the two clustered for redundancy. The second problem we had is that they **appear** to be a victim of their own success. At thepoint of the failurethey were out of stock for a replacement even though wewere at the upgraded"instant replacement" level. In our case it took threedays to get areplacement and then it was a 400 model to hold us overtill they could geta 600. Not ideal. I do think they have learned from this (and maybe other)incidents andknowing everything I know now, I'd still buy another one,so the up-side ispretty high to overcome those shortcomings. ...Justin _______________________________________________________ Justin Sipher Chief Technology Officer Skidmore College Saratoga Springs, NY jsipher () skidmore edu 518-580-5909 _______________________________________________________ On Jul 25, 2005, at 11:35 AM, Gibbs, Aaron M. wrote:I'm looking at the Barracuda Spam Filter and would liketo know ifanyone is currently using it. If so what your experienceshave been.Aaron M Gibbs Interim Vice President/CIO Center for Information Technology St. Augustine's College 919-516-4379 (Office) 919-516-4382 (Fax) amgibbs () st-aug edu www.st-aug.edu-- Matthew Keller Enterprise Systems Analyst Computing & Technology Services State University of New York @ Potsdam Potsdam, NY USA http://mattwork.potsdam.edu/
Current thread:
- Re: Barracuda Spam Filter, (continued)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Graham Toal (Jul 26)
- Re: Barracuda Spam Filter Justin Sipher (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Parker, Ron (Jul 26)
- Re: Barracuda Spam Filter Dave Koontz (Jul 26)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Michael_Maloney (Jul 27)
- Re: Barracuda Spam Filter Tony Harris (Jul 27)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Dave Koontz (Jul 27)
- Re: Barracuda Spam Filter Hall, Rand (Jul 27)
- Re: Barracuda Spam Filter Information Security (Jul 27)
- Re: Barracuda Spam Filter Parker, Ron (Jul 27)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 27)
- Re: Barracuda Spam Filter Matthew Keller (Jul 28)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 28)
(Thread continues...)