Barracuda spam filter
Hello.
Does anybody use Barracuda spam filter with cpanel servers?
Looks like the tech guys from Barracuda support don't know much about Exim mail server.
We are having a problem with Barracuda/Exim cooperation and I need ask somebody a few questions.
Thank you.
Best regards,
Alexander
Never heard of it, but what sort of information are they in need of (which presumably they cannot glean from th exim site) and do you have any URL's on their site that point to the technical specifications they're having problems integrating?
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Here is what their tech advised:
He is right, that is how exim is configured on cpanel by default. It doesn't give immediate answers about non-valid email accounts.The Barracuda attempts to query your downstream mailserver to determine
if a recipient is valid. For this to work your mailserver must
immediately give an invalid recipient error in the smtp stream upon
receipt of an invalid RCPT TO: statement. Some mailservers have a
"feature" supposedly to protect against dictionary attacks in which the
mailserver does not send the invalid recipient error right away, but
rather accepts mail for any address then sends a separate bounce message
back later for invalids. This is not in compliance with RFC-821/-2821
and breaks the recipient verification used by the Barracuda.
Do you know how to enable it?
I was advised to add this into exim.conf.local:
But it doesn't seem to be working.deny message = unknown user
!verify = recipient/callout=20s,defer_ok
Thank you.
Best regards,
Alexander
You don't need to add that.
Exim on cPanel servers does indeed provide a RCPT failure automatically, however, you must make sure that the domains Default Address (catchall) is set to :fail: you must not use :blackhole: and you mustn't set the Default Address to anything other than fail otherwise you're indicating that all email addresses are valid.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Thank you.
It worked just fine
Best regards,
Alexander
If you have any other questions on Barracuda let me know. We are running four of their boxes.
barracuda user verification into cpanel
I am having this same issue.
http://forums.cpanel.net/f43/barracu...ts-129853.html
hate cross-posting search did not yield much for me right away - thus the reason I am now searching any threads to figure it out... just found this one
I have mine set as stated above and I am still getting an obscene amount of user accounts created on my Barracuda SF 400. Is there something else I need to be setting?domains Default Address (catchall) is set to :fail:
Default Address Maintenance
Send all unrouted e-mail for:
domain.com Current Setting: ":fail: No such person at this address"
Discard with error to sender (at SMTP time)
your not missing anything - cPanel is
if cPanel supported LDAP this would be a mute issue.
cPanel is missing LDAP
so - a Cisco product that costs $$$
the Barracuda product that $$$
both have issues.
What is happening is this.
When an email comes into the system - either the Iron Port or the Barracuda - the systems send an envelope check to the cPanel mail system.
if cPanel is busy - does not reply in time - then the spam filters collect the email as default.
Why is this important ? - because if they just killed mail off then even legitimate mail would be discarded.
Now - other control panels that support LDAP do not have this issue.
We love cPanel - and we happen to think that cPanel is the best control panel in the industry.
We are serious about combating spam for our clients -
One Barracuda 600 costs $10K - now imagine having a cluster!
There are other "open" alternatives - but honestly spamassassin just does not cut the mustard - nor does the other mailscanner alternative - Our clients do not complain about spam any longer - like they did when we had our server protected with those solutions
I wonder - perhaps those of us who have purchased the barracuda units - should we get together and build a bounty to get open-ldap working and supported?
I respect the position cPanel has - its not on their radar @ present...
but $$$ talks sometimes.
If indeed there is a problem with interaction between a Barracuda and a Cpanel server [and I'll figure it out myself by setting up an account on Cpanel that uses a Barracuda], then it's not a "Cpanel" issue. I can't see any reason why the current "other" method that the Barracuda will use to determine valid accounts (a check via SMTP) would not work. Exim might need massaged, but that's it. Remember, Cpanel is not Exim - Exim is just part of a working Cpanel solution. There are ways around everything with Exim, depending on what you want to accomplish.
If it's a simple case with throttling taking place [that is in return causing a delay that the barracuda doesn't like], then turn off the throttling or configure Cpanel/Exim to not throttle connections from the Barracuda IPs.
Sure it would be good [for Cpanel] if they figure out just what needs to be done and make it doable via a few checks/unchecks in the interface. But I'm quite positive that whatever you guys are experiencing as a problem with Barracuda<-->Cpanel can be easily enough overcome with a few changes in Exim.
Mike
PS: I can see why the Barracuda may have a requirement for the whole verification process to take place speedily - For each piece of incoming mail it has to have at least two TCP sessions open - one from the remote mail server to the Barracuda and one from the Barracuda to the Cpanel server - and the Barracuda has to maintain both sessions until it gets back a reponse from the Cpanel in order to determine what response to pass back to the remote mail server.
PS #2: Too bad we aren't talking Sendmail instead of Exim - I have a few boxes running milter-ahead on Sendmail, which caches the responses so it doesn't have to contact the destination mailserver every time for verification.
Last edited by mtindor; 09-05-2009 at 09:39 PM.
thus the reason i liked
thus the reason i linked this thread to the other ...
and apologized for the cross posting.
I described the issue there - and asked
how can i massage exim ?
If your case is a case where the Cpanel is not responding fast enough for the Barracuda server (and you know it's not a problem with availability of resources on the Cpanel machine), then your Cpanel may be ratelimiting your Barracuda boxes.Originally Posted by hostmedic
Whitelist all of your Barracuda IPs
In WHM / Exim Configuration Editor
** Whitelist: Backup Mail Hosts (bypass all SMTP ratelimits)
- add your barracuda IPs here
Start with that. See if this helps. You'll know if it's a ratelimiting issue if you look on the Cpanel server in /var/log/exim_mainlog.
grep Ratelimit /var/log/exim_mainlog|grep 'xxx.xxx.xxx.xxx'
- where xxx.xxx.xxx.xxx is the IP of one of your Barracudas
If you're barracuda is being ratelimited you'll know it from that.
Also, i"m not sure if the Barracuda sends a QUIT after a recipient check to the Cpanel server. If it doesn't, then your CPanel server will ratelimit the Barracuda if you have the following setting enabled:
Ratelimit: incoming SMTP connections that do not send QUIT, have recently matched an RBL, or have attacked the server. [?]
So again, in this case, whitelisting the IPs per my first recommendation should resolve that.
Mike
Last edited by mtindor; 09-05-2009 at 10:46 PM.
been there
yup - been there
does not show rate limiting -
my thought is just that exim is not responding fast enough
thanks for your assistance btw
You're welcome, although my assistance isn't worth anything if it doesn't help you fix your problem
If it were me, I would have access to a message that was held on the Barracuda [but should have been delivered to the Cpanel server] - I would then look at the date/timestamp of that message and the recipient address and I would then grep /var/log/exim_mainlog for that recipient address and the date as well - this would allow me to see what Exim had to say about the transaction. you may find some useful information there.
For instance, if a message that came in to mike@mike.com was held on teh barracuda, I would go on the barracuda in the message log and I would look at that message - I would check the time it was sent to the barracuda - Let's assume it was sent at 10:45 AM 9-5-2009. I would then go onto the Cpanel server and would do something like this:
grep mike@mike.com /var/log/exim_mainlog|grep '2009-09-05 10:45'
and/or I would do:
grep xxx.xxx.xxx.xxxx /var/log/exim_mainlog|grep '2009-09-05 10:45'
- where xxx.xxx.xxx.xxx = IP of your barracuda
The logs on the cpanel server may give an indication fo why Cpanel didn't accept it at that time.
1. If your Cpanel is under heavy load, the fix is to do what you need to do so that your Cpanel is not under such a load and can handle routine SMTP (typically a simple SMTP greeting / mail from / rcpt to is overhead, even with a lot of them coming in).
2. If your Cpanel server is not on the same network as the barracuda, latency across the internet may be causing problems if the Barracuda has to authenticate to a Cpanel server that is 100+ms away.
Mike
Take a look at one of the messages on your Barracuda that you feel should have been delivered to the cpanel server but wasn't. What is the "ACTION" and "REASON" for it as listed in the Barracuda Message Log ?
Mike
LinkBack URL
About LinkBacks
Reply With Quote