Barracuda mock up: Difference between revisions

Overview

The Barracuda Spam Firewall is a service that filters and blocks spam. This solution is for customers that constantly have spam issues (primarily incoming spam). If cPanel spam filtering is not doing the job then this is the next step.

By default the Barracuda Spam Firewall will only Tag spam messages, however it is rather painless to create a new folder called "spam" and have webmail / email client send all tagged spam to that folder. If the customer is happy with the results and wants to Quarantine or Block spam you can modify the default behavior by logging into the UI and modifying settings as needed.

At this time the UI will not be customer-facing; if the customer needs something changed they will need to contact us to make the changes. This may change over time, but initially we want to manage this for the customer instead of giving them access.

Packages and Quotas

Price TBD

This section is not final, once we launch this service the specs here will be accurate, for now this is a placeholder.

Basic Tab

Basic: Dashboard

File:Barracuda spam filter signin step 3 Dashboard main.png

As you can see the dashboard above is much more informative and useful than the default login page. This dashboard displays various email statistics such as:

Total, Daily, and Hourly Incoming / Outgoing:

Blocked, Blocked Virus, Blocked Policy, Blocked Spam Quarantined Allowed, Tagged Encrypted Redirected Sent

Basic: Message Log

The next tab over consists of the Message Log which displays all the email that has gone through the filter. I haven’t changed my MX records yet so the message log is blank. Not much to cover here, if you want to check message logs for whatever reason, this is where you do it.

Basic: Spam Checking

Next up is the Spam Checking tab. This tab has a few settings which control how spam is scored and filtered. The settings below are the default settings. All Spam gets tagged initially, by default nothing is blocked or quarantined. These settings should be fine initially. Once the customer is satisfied / convinced that the filter is working correctly we can modify the filter to be more aggressive or less aggressive.

File:Barracuda spam filter signin step 5 spam checking.png

After changes are made here you can visit the main dashboard tab to the left to see how many emails get blocked or quarantined and adjust settings as needed. You can always view and restore Quarantined emails if there are false positives.

Basic: Virus Checking

The next tab over contains the Virus Checking option. This page has one setting which can be yes or no. Pretty simple stuff. By default virus checking is enabled.

File:Barracuda spam filter signin step 5 virus checking.png

Basic: Quarantine

Moving on down the line we find the Quarantine tab which has a few settings that control how the quarantine operates. The default setting Per-User enables users to have their own accounts with the option to store and manage their (inbound) quarantined email on the Barracuda Spam Firewall.

File:Barracuda spam filter signin step 6 quarantine.png

Alternatively, if the customer does not want per user quarantine they can enter in a Global Quarantine address accepts quarantined emails from all users under the domain. You can also enable or disable user features, if you disable this then individual users will not see a “preferences” tab. This provides resellers with some flexibility on a per user basis.

Basic: IP Configuration

Next up is the IP Configuration tab which can be used to change the:

• Destination Server IP / Domain and Port
• Test Email Address
• Whether or not to use MX records

File:Barracuda spam filter signin step 7 IP configuration.png

Customer Sign-up Process and Configuration

• Step 1) Customer requests the service via Sales or Support

• Step 2) Sales or Support creates a ticket and gathers some information from the customer, mainly the domain(s) that they want to filter.

• Step 3) Ticket is handed off to a member of our Escalations Team or if the customer is Enterprise the ticket will go to our Enterprise Team.

• Step 4) Escalations / Enterprise will perform the following:

• If DNS is hosted with LiquidWeb or on the customer's server, add the Barracuda MX records and remove the original 'domain.com' MX record. The Barracuda servers are clustered, eliminating single point of failure.

0 bmx01.sourcedns.com
0 bmx02.sourcedns.com

If you run dig on a domain that is setup correctly you should see something like this:

dig mx domain.com

;; QUESTION SECTION:
;domain.com.			IN	MX

;; ANSWER SECTION:
domain.com.		900	IN	MX	0 bmx01.sourcedns.com.
domain.com.		900	IN	MX	0 bmx02.sourcedns.com.

Once the new MX records are in place we need to login to the Barracuda Dashboard with the customer username and password, then navigate to "IP Configuration" which is located under the "Basic" tab.

File:Screenshot-209 59 185 62 2015-07-08 17-14-26.png

• Destination Server: Can be mail.$domain.com, which worked for me. You may be able to put in an IP here or just enter $domain.com, but mail.domain.com worked for me.

• Valid Test Email Address: This section shouldn't be needed, but if you have to validate the email address to work for some reason you may want to create a test email address for that domain on the customer's server to make sure Barracuda can send emails to the destination server.

• Use MX Records: Set this to NO.

Logging into Barracuda Spam Firewall

For us: Access the Sourcedns Barracuda Spam Filter UI via https://bmx01.sourcedns.com/cgi-mod/index.cgi

For the customer: Access the customer facing Barracuda Spam Filter UI via https://209.59.185.62/

After you login you will come to the Domain Manager page.

File:Barracuda spam filter signin step 2 domain manager.png

Click on “Manage Domain” under Actions to go to the main dashboard for the domain.

Cpanel configuration

Enable Spambox

Tweak Settings >> Enable Apache SpamAssassin™ Spam Box delivery for messages marked as spam (user configurable)

Unfortunately each account will need the spambox enabled individually for now. Will probably be able to bulk update all accounts eventually.

Add bmx01 and bmx02 IPs to Sender verification bypass list

Exim basic >> Sender verification bypass IP addresses

• bmx01.sourcedns.com 209.59.185.61
• bmx02.sourcedns.com 67.227.128.115

Backup Exim Configuration File

Exim Configuration Manager >> Backup >> Save On Server

Fix barracuda smtp test

Reduce smtp_banner to a single line.

Exim Advanced editor >> smtp_banner.

Example only

"${primary_hostname} ESMTP Exim ${version_number}  \#${compile_number} ${tod_full} - We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail."

Send Barracuda marked messages to spambox

Add to section:

Exim Advanced editor >> PRELOCALUSER

localuser_barracudaspam:
driver = accept
headers_remove="x-spam-exim"
domains = ! +user_domains
require_files = "+$home/.spamassassinboxenable"
condition = ${if match{$h_X-Barracuda-Spam-Status:}{\N^Yes\N}{true}{false}}
check_local_user
transport = local_delivery_spam

Add to Section:

Exim Advanced editor >> PREVIRTUALUSER.

virtual_user_barracudaspam:
driver = accept
domains = +user_domains
require_files = "+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/.spamassassinboxenable:+${extract{5}{::}{${lookup passwd{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd"
condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{}{false}{${if match{$h_X-Barracuda-Spam-Status:}{\N^Yes\N}{true}{false}}}}
headers_remove="x-spam-exim"
transport = virtual_userdelivery_spam

Don't forward emails marked as spam by barracuda

Add to Section:

 Exim Advanced editor >> POSTMAILCOUNT

reject_forwarded_mail_marked_as_barracudaspam:
  driver = redirect
  domains = ! +local_domains
  condition = ${if match{$h_X-Barracuda-Spam-Status:}{^Yes}{true}{false}}
  allow_fail
  data = :fail: This mail cannot be forwarded because it was detected as spam, barracuda.

Disable SA SPF checks

\ls /home/*/.spamassassin/user_prefs | while read i ; do sed '/SPF_SOFTFAIL/d' -i $i ; echo "score SPF_SOFTFAIL 0.0" >> $i ; sed '/SPF_FAIL/d' -i $i ; echo "score SPF_FAIL 0.0" >> $i; done

If customer has a set list of domains, this will work if they are all in `/home` . It needs adjusting for multiple home dirs.

• Create list of domains being added to Baraccuda Firewall

mkdir -p /home/lwtemp
vim /home/lwtemp/domain-list.txt

• Create list of users from list from previously generated domain-list.txt

for DOMAIN in `cat /home/lwtemp/domain-list.txt`; do egrep -i "^$DOMAIN" /etc/userdomains | awk '{print $2}' >> /home/lwtemp/user-list-temp.txt; done

• Remove system user and duplicate users

cat /home/lwtemp/user-list-temp.txt | grep -iv system | sort | uniq >> /home/lwtemp/user-list.txt

for USER in `cat /home/lwtemp/user-list.txt`;do USERHOME=$(eval echo "~$USER") && CONF=$(echo $USERHOME/.spamassassin/user_prefs); sed -i '/SPF_SOFTFAIL/d' $CONF; echo "score SPF_SOFTFAIL 0.0" >> $CONF ; done

• Clean up temp files after verifying work

 rm /home/lwtemp/user-list.txt /home/lwtemp/user-list-temp.txt /home/lwtemp/domain-list.txt