V e r s i o n 3 . 3 Barracuda Spam Firewall Administrator’s Guide Barracuda Networks Inc. 385 Ravendale Drive Mountain View, CA 94043 http://www.barracudanetworks.com Copyright Notice Copyright 2004-2006, Barracuda Networks www.barracudanetworks.com v3.3-060504-03-617 All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice. Trademarks Barracuda Spam Firewall is a trademark of Barracuda Networks. All other brand and product names mentioned in this document are registered trademarks or trademarks of their respective holders. 2 Spam Firewall Administrator’s Guide Contents Chapter 1 - Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 9 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Energize Updates Minimize Administration and Maximize Protection . . . . . 10 Understanding Spam Scoring. . . . . . . . . . . . . . . . . . . . . . . . 11 Inbound and Outbound Modes . . . . . . . . . . . . . . . . . . . . . . . . . 12 Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Warranty Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Barracuda Spam Firewall Models. . . . . . . . . . . . . . . . . . . . . . . . . . 13 Locating Information in this Document . . . . . . . . . . . . . . . . . . . . . . . 15 Basic Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Block/Accept Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Users Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Domains Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Advanced Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Chapter 2 - Getting Started . . . . . . . . . . . . . . . . . . . . . . 19 Initial Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Checklist for Unpacking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Required Equipment for Installation. . . . . . . . . . . . . . . . . . . . . . . 20 Install the Barracuda Spam Firewall. . . . . . . . . . . . . . . . . . . . . . . 20 Configure the System IP Address and Network Settings . . . . . . . . . . . . 21 Configure your Corporate Firewall . . . . . . . . . . . . . . . . . . . . . . . 21 Configure the Barracuda Spam Firewall . . . . . . . . . . . . . . . . . . . . 22 Set the Administrative Options . . . . . . . . . . . . . . . . . . . . . . . . . 23 Update the System Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Verify your Subscription Status . . . . . . . . . . . . . . . . . . . . . . . . . 24 Route Incoming Email to the Barracuda Spam Firewall. . . . . . . . . . . . . 25 Port Forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 MX Records. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Tune the Default Spam Settings. . . . . . . . . . . . . . . . . . . . . . . . . 26 Installation Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Barracuda Spam Firewall Behind Corporate Firewall. . . . . . . . . . . . . . 28 Barracuda Spam Firewall in the DMZ. . . . . . . . . . . . . . . . . . . . . . 29 Changing the Operating Mode to Outbound . . . . . . . . . . . . . . . . . . 30 Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Setting up your Email Server as a Smart/Relay Host. . . . . . . . . . . . 31 Enable Smart Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Disable Smart Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Changing Outbound to Inbound Mode . . . . . . . . . . . . . . . . . . . . . 32 Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Review the Administrative Options . . . . . . . . . . . . . . . . . . . . . 33 Route Incoming and Outgoing Email to the Barracuda Spam Firewall . . . 33 iii Chapter 3 - Basic Tab . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Monitoring System Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Using the Status page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Email Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Performance Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Subscription Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Hourly and Daily Mail Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 38 Understanding the Indicator Lights . . . . . . . . . . . . . . . . . . . . . . . 38 Message Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Monitoring the Message Log . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Legend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Classifying Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Overview of the Message Log. . . . . . . . . . . . . . . . . . . . . . . . . . 41 Changing the Viewing Preferences of the Message Log . . . . . . . . . . . . 42 Viewing Message Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Clearing the Message Log . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Spam Scoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Configuring the Global Spam Scoring Limits . . . . . . . . . . . . . . . . . . 44 Specifying the Subject Text and Priority of Tagged Messages . . . . . . . . . 45 Changing Notifications to Senders . . . . . . . . . . . . . . . . . . . . . . . 45 Spam Bounce (NDR) Configuration. . . . . . . . . . . . . . . . . . . . . 45 Virus Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Enabling and Disabling Virus Checking and Notification . . . . . . . . . . . . 46 Quarantine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Setting Up Quarantine Policies . . . . . . . . . . . . . . . . . . . . . . . . . 47 Specifying the Quarantine Type. . . . . . . . . . . . . . . . . . . . . . . . . 47 Specifying the Global Quarantine Settings . . . . . . . . . . . . . . . . . . . 48 Specifying the Per-User Quarantine Settings . . . . . . . . . . . . . . . . . . 49 IP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Configuring System IP Information . . . . . . . . . . . . . . . . . . . . . . . 50 Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Controlling Access to the Administration Interface . . . . . . . . . . . . . . . 52 Changing the Password of the Administration Account. . . . . . . . . . . . . 52 Limiting Access to the Administration Interface and API . . . . . . . . . . . . 52 Allowing the Message Body in the Message Log . . . . . . . . . . . . . . . . 53 Changing the Web Interface Port and Session Expiration Length . . . . . . . 53 Shutting Down the System . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Resetting the System Using the Front Panel . . . . . . . . . . . . . . . . . . 54 Automating the Delivery of System Alerts and Notifications . . . . . . . . . . 54 Changing the Operation Mode of the System. . . . . . . . . . . . . . . . . . 54 Bayesian / Intent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Enabling Users to Classify Messages from a Mail Client . . . . . . . . . . . . 56 Using the Microsoft Outlook and Lotus Notes Plug-in. . . . . . . . . . . . . . 57 Managing the Bayesian Database . . . . . . . . . . . . . . . . . . . . . . . 57 Resetting the Bayesian Database. . . . . . . . . . . . . . . . . . . . . . . . 57 Sending Spam Messages to Barracuda Networks . . . . . . . . . . . . . . . 58 Enabling Intent Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Reducing Backscatter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Additional Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 iv Barracuda Spam Firewall Administrator’s Guide Chapter 4 - Using the Block and Accept Filters . . . . . . . 61 Subscribing to Blacklist Services . . . . . . . . . . . . . . . . . . . . . . . . 61 Blacklist Services Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . 62 What Happens if your Domain or IP Address is on a Blacklist . . . . . . . . . 63 IP Address Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Sender Domain Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Sender Email Address Filters . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Recipient Email Address Filters. . . . . . . . . . . . . . . . . . . . . . . . . 65 Attachment Type Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Subject Line Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Body Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Header Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Chapter 5 - Managing Accounts and Domains . . . . . . . . 71 How the Barracuda Spam Firewall Creates New Accounts. . . . . . . . . . . 71 Viewing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Using Filters to Locate Accounts . . . . . . . . . . . . . . . . . . . . . . . . 73 Editing User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Removing Invalid User Accounts . . . . . . . . . . . . . . . . . . . . . . . . 74 Assigning Features to User Accounts. . . . . . . . . . . . . . . . . . . . . . 74 Overriding the Quarantine Settings for Specific User Accounts. . . . . . . . . 75 Setting Retention Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Adding New Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Editing Domain Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Chapter 6 - Managing Your Quarantine Inbox . . . . . . . . . 79 Receiving Messages from the Barracuda Spam Firewall . . . . . . . . . . . . 79 Greeting Message. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Quarantine Summary Report . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Using the Quarantine Interface . . . . . . . . . . . . . . . . . . . . . . . . . 80 Logging into the Quarantine Interface. . . . . . . . . . . . . . . . . . . . . . 81 Managing your Quarantine Inbox . . . . . . . . . . . . . . . . . . . . . . . . 81 Changing your User Preferences . . . . . . . . . . . . . . . . . . . . . . . . 82 Changing your Account Password . . . . . . . . . . . . . . . . . . . . . . . 82 Changing Your Quarantine Settings. . . . . . . . . . . . . . . . . . . . . . . 82 Enabling and Disabling Spam Scanning of your Email . . . . . . . . . . . . . 83 Adding Mail Addresses and Domains to Your Whitelist and Blacklist . . . 84 Changing the Language of the Quarantine Interface . . . . . . . . . . . . 85 Chapter 7 - Configuring A Domain . . . . . . . . . . . . . . . . . 87 Domain Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Chapter 8 - Setting Up LDAP . . . . . . . . . . . . . . . . . . . . . 89 Using LDAP to Authenticate Message Recipients . . . . . . . . . . . . . . . 89 Using LDAP for User Authentication . . . . . . . . . . . . . . . . . . . . . . 89 v Impact of a Down LDAP Server. . . . . . . . . . . . . . . . . . . . . . . . . 92 Common LDAP Settings for Standard Mail Servers. . . . . . . . . . . . . . . 92 Chapter 9 - Advanced Administration . . . . . . . . . . . . . . 93 Email Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Modifying the Email Protocol Settings. . . . . . . . . . . . . . . . . . . . . . 94 Rate Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Configuring Message Rate Control . . . . . . . . . . . . . . . . . . . . . . . 96 Explicit Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Activating Individual Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . 97 Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Backing Up and Restoring System Configuration. . . . . . . . . . . . . . . . 98 Performing Desktop Backups . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Automating Backups (inbound mode only) . . . . . . . . . . . . . . . . . . . 99 Restoring from a Backup File . . . . . . . . . . . . . . . . . . . . . . . . . 100 Energize Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Updating Spam and Virus Definitions Using Energize Updates. . . . . . . . 101 Spam Definition Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Virus Definition Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Firmware Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Updating the System Firmware Version. . . . . . . . . . . . . . . . . . . . 103 Appearance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Customizing the Appearance of the Administration Interface. . . . . . . . . 104 Syslog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Using a Syslog Server to Centrally Manage System Logs . . . . . . . . . . 105 Outbound / Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Setting up Trusted Relays and SASL/SMTP Authentication . . . . . . . . . 106 Outbound Footer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Customizing the Outbound Footer . . . . . . . . . . . . . . . . . . . . . . 108 Advanced IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Configuring the Network Interfaces on Models 600 and Above. . . . . . . . 109 Configuring Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Clustering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110 Setting Up Clustered and Standby Systems . . . . . . . . . . . . . . . . . .110 Cluster Set up Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110 Data Propagated to the Clustered Systems. . . . . . . . . . . . . . . . . . .111 Field Descriptions for the Clustering Page . . . . . . . . . . . . . . . . . . .112 Impact of Changing the IP Address of a Clustered System. . . . . . . . . . .113 Single Sign-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114 Implementing Single Sign-On. . . . . . . . . . . . . . . . . . . . . . . . . .114 SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 Enabling SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 Regional Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119 Detecting Spam in Chinese and Japanese Messages . . . . . . . . . . . . .119 Bounce / NDR Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Customizing Non-Delivery Reports (NDRs). . . . . . . . . . . . . . . . . . 120 Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Generating System Reports. . . . . . . . . . . . . . . . . . . . . . . . . . 123 Displaying and Emailing Reports . . . . . . . . . . . . . . . . . . . . . . . 123 vi Barracuda Spam Firewall Administrator’s Guide Automating the Delivery of Daily System Reports . . . . . . . . . . . . . . 123 Specifying Report Properties . . . . . . . . . . . . . . . . . . . . . . . . . 124 Example Report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 SMTP / TLS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Enabling SMTP over TLS/SSL . . . . . . . . . . . . . . . . . . . . . . . . 126 Task Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Using the Task Manager to Monitor System Tasks . . . . . . . . . . . . . . 127 Recovery Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Replacing a Failed System . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Rebooting the System in Recovery Mode. . . . . . . . . . . . . . . . . . . 128 Tasks to Perform Before Rebooting in Recovery Mode. . . . . . . . . . . . 128 Performing a System Recovery or Hardware Test . . . . . . . . . . . . . . 129 Reboot Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Chapter 10 - Outbound . . . . . . . . . . . . . . . . . . . . . . . . 131 Tabs and Pages Supporting Outbound Mode. . . . . . . . . . . . . . . . . 131 About Outbound Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Viewing Outbound Messages in the Message Log . . . . . . . . . . . . . . 133 Changing the Footers on Outbound Messages. . . . . . . . . . . . . . . . 133 Specifying Allowed Senders. . . . . . . . . . . . . . . . . . . . . . . . . . 134 Specifying Allowed Senders by Domain and IP Address . . . . . . . . . . . 134 Specifying Allowed Senders Using SMTP Authentication. . . . . . . . . . . 135 Additional Email Protocol Settings for Outbound Mode. . . . . . . . . . . . 135 Enabling Intent Analysis and Spam Scoring . . . . . . . . . . . . . . . . . 136 Managing the Quarantine Box . . . . . . . . . . . . . . . . . . . . . . . . 137 Sending NDRs for Quarantined Messages . . . . . . . . . . . . . . . . . . 137 Viewing and Classifying Quarantined Messages . . . . . . . . . . . . . . . 137 Using Filters to Locate Specific Messages . . . . . . . . . . . . . . . . . . 138 Configuring Message Rate Control . . . . . . . . . . . . . . . . . . . . . . 138 Adding a Relay Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Setting Up Subject and Body Filtering . . . . . . . . . . . . . . . . . . . . 140 Appendix 1 - Regular Expressions . . . . . . . . . . . . . . . . 141 Using Special Characters in Expressions. . . . . . . . . . . . . . . . . . . 142 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Appendix 2 - Limited Warranty and Licensing . . . . . . . 145 Exclusive Remedy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Exclusions and Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . 146 Open Source Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Appendix 3 - Compliance . . . . . . . . . . . . . . . . . . . . . . 149 Notice for the USA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Notice for Canada. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Notice for Europe (CE Mark) . . . . . . . . . . . . . . . . . . . . . . . . . 149 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 vii viii Barracuda Spam Firewall Administrator’s Guide Chapter 1 Introduction This chapter provides an overview of the Barracuda Spam Firewall and includes the following topics: Overview............................................................................................10 Barracuda Spam Firewall Models.....................................................13 Locating Information in this Document.............................................15 Introduction 9 Overview The Barracuda Spam Firewall is an integrated hardware and software solution that provides powerful and scalable spam and virus-blocking capabilities that do not impede the performance of your email servers. The system has no per-user license fee and can be scaled to support tens of thousands of active email users. Using the Web-based administration interface, you can configure up to ten defense layers that protect your users from spam and viruses. The ten defense layers are: • Denial of service and security protection • IP block list • Rate control • Virus check with archive decompression • Proprietary virus check • User-specified rules • Spam fingerprint check • Intention analysis • Bayesian analysis • Rule-based spam scoring The following figure shows each of these defense layers in action: Figure 1.1: Energize Updates Minimize Administration and Maximize Protection To provide you with maximum protection against the latest types of spam and virus attacks, Barracuda Networks maintains a powerful operations center called Barracuda Central. From this center, engineers monitor the Internet for trends in spam and virus attacks and post updated definitions to Barracuda Central. These updates are then automatically retrieved by your Barracuda Spam Firewall using the Energize Update feature. By identifying spam trends at an early stage, the team at Barracuda Central can quickly develop new and improved blocking techniques and virus definitions that are quickly made available to your Barracuda Spam Firewall. 10 Barracuda Spam Firewall Administrator’s Guide
Description: