The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A plug for Barracuda's RBL

Discussion in 'E-mail Discussions' started by shacker23, May 4, 2013.

  1. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    16
    For years I've used the full arsenal of spam control tools built into or configurable in cPanel - spamassassin, Razor, DCC, and the spamhaus and spamcop RBLs. And I've written scripts to let desktop users train their personal server-side Bayes databases from the client end. But powers users (including myself) just kept seeing spam getting through at very high levels. So frustrating.

    It's always kind of surprised me that cPanel didn't tackle this problem more aggressively, but recently I discovered that Barracuda Networks offers access to their RBL for free. I layered it in with spamcop and spamhaus, deleted the Bayes dbs for some heavily affected users, and was blown away - Barracuda is the best RBL I've ever used. It's a shame cPanel can't ship with Barracuda enabled by default - it's that good.

    I've written up some notes here:

    - Links Removed -
     
    #1 shacker23, May 4, 2013
    Last edited by a moderator: May 4, 2013
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello, this sort of thing needs to be posted to the cPanel Application Catalog:
    cPanel App Catalog
     
  3. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    16
    Thanks, I'll do that. But out of curiosity, why was the link to my blog removed? I wrote it just for the cPanel community. Are we no longer allowed to post useful links in these forums? That would seem to erase a huge portion of the forums' value.

    (And no, my post was in way shape or form sponsored by anyone - I'm just an impressed user).
     
  4. PenguinInternet

    PenguinInternet Well-Known Member
    PartnerNOC

    Joined:
    Jun 20, 2007
    Messages:
    149
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cardiff, UK
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    I agree, Barracuda is a very effective measure, however you cannot enable this as default as without your DNS resolvers being registered with them, the lookups will fail.
     
  5. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    16
    Yes, you do need to register your IP with Barracuda before using the BL. The whole process takes two minutes.

    ./s
     
  6. quanin

    quanin Well-Known Member

    Joined:
    Aug 18, 2011
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I started using this recently as well, for similar reasons, and so far I do have to agree. Barracuda is absolutely worthwhile, registration notwithstanding.

    I'm curious though if you wouldn't mind sending me info on how to get Razor/DCC to play nice. I played with them briefly a while ago, but could never get them to cooperate with SpamAssassin. So as not to hijack the thread, you can PM or email me.
     
  7. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    16
    Sorry, it's been a couple of years since I last compiled/installed them, and didn't save notes about the process at the time. I remember having to do some Googling, but not that it was particularly hard.
     
  8. Mango45

    Mango45 Active Member

    Joined:
    Apr 21, 2009
    Messages:
    40
    Likes Received:
    1
    Trophy Points:
    6
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    OP, if it's not too much trouble, could you send me a PM with the links that were removed? My experience is the exact same as yours and I would be delighted to read your notes.

    I've also been using URIBL with good success.
     
  9. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    16
    Done. Can you say more about URIBL?
     
  10. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Shacker-

    Would also be interested to see the removed links.

    Thanks
     
  11. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    16
    Still no idea why the forums admin would remove the link, but here's the full text of the original blog post from birdhouse.org:

    ================

    I’ve run a small web and mail hosting business on the side for around a decade. The hosting platform I use (cPanel) comes with spamassassin and support for a couple of real-time blacklists (zen.spamhaus.org and bl.spamcop.net) built in. On top of that, I’ve compiled in Razor, DCC, and ClamAV.

    But with spam control settings set to their highest levels, I’ve struggled over the years to keep fall-through spam from reaching the mailboxes of my power users – the spammers just move too fast, are too crafty. Spams that look the same from day to day actually have quite different signatures, and manage to evade my arsenal of tools. It’s been incredibly frustrating.

    A few months ago, I came up with a set of techniques to let desktop mail clients train the server-side Bayes database about what’s spam and what’s ham. That worked well for a couple of months, but eventually the Bayes dbs became polluted with false hits (probably a result of users incorrectly marking / not marking messages). Is it even possible to operate as an organization smaller than Google and still guarantee low spam levels for users?

    Real-time blacklists (RBLs) tap the hive mind – the collective judgement of thousands of human users spread around the world, marking ham and spam every minute of every day. When all of those judgements are collected into a single, continuously evolving database that any host can tap into, it should be possible to create an almost perfect blockade. We know that Akismet has made their RBL work amazingly for weblog comment spam (as I write this, Akismet claims to have blocked 54 million comment spam today alone).

    RBLs always seemed like the smartest way to go, but spamhaus and spamcop sure weren’t getting the job done. Doing research in the cPanel forums a few days ago, I discovered that Barracuda Networks, who make a series of firewall appliances for enterprises, maintain their own RBL and provide free access to it for organizations like mine.

    Decided to give it a whirl and was blown away. Within 24 hours, the amount of un-tagged spam getting through to my users had dropped to a trickle. I haven’t found an anti-spam tool this effective since… ever. It took almost no effort to set up, and will require almost no effort to maintain in the future. Super stoked.

    To the great engineers at Barracuda: The internet thanks you.

    - - - Updated - - -

    Infopro - I just went to submit this to the catalog, but it looks like it's meant for application owners wanting to submit material, whereas I'm just a fan of a particular RBL. Does it make sense for me to go ahead and submit it there?
     
    C4talyst likes this.
  12. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Thank you Scot.

    Remember now when I see the birdhouse.org link that you provided a script some years back called checkmailquota that has been invaluable to us.

    Didn't see it currently on the site and wonder if it has been updated or you have other scripts that you would be willing to share?

    Ed
     
  13. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Yes. Please feel free to add your link to the AppCat, that's whats its for. It's better to keep things organized in the AppCat than in the various threads on these forums. Others looking for this sort of thing can search and find it there.

    Thanks!
     
  14. Mango45

    Mango45 Active Member

    Joined:
    Apr 21, 2009
    Messages:
    40
    Likes Received:
    1
    Trophy Points:
    6
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Infopro,

    He would only be wasting his time if he submitted this to the Application Catalog. They'll reject any submission that doesn't integrate with the cPanel GUI.

    I realize it's not my decision to make, but my preference would be to allow posts like this in the forums. I realize you may not find it useful if you're already intimately familiar with the technology, but at the very least sawbuck and I have learned something. Like shacker23, I've been struggling with spam problems for quite some time. Respectfully, it seems a little counter-productive to have a forum with posts like "Here's a great way of controlling spam [link removed]".

    shacker23 - all I can say about URIBL at the moment is that due to misconfigured DNS settings, URIBL stopped working for a long time, and it was obvious. The URIBL Black list has a goal of zero false positives, and that has been my experience. Now that I figured out how to make it work properly, I assign it a score of 10 points (my SpamAssassin threshold is 5).

    My rules that currently have a score of 10 are URIBL_BLACK (URIBL), URIBL_DBL_SPAM RCVD_IN_SBL RCVD_IN_XBL RCVD_IN_XBL (Spamhaus), and RCVD_IN_BRBL_LASTEXT (Barracuda). In the past week I've had only one false negative and zero false positives. I plan to collect samples for the next month, analyze them, and possibly tweak settings then. Like you, I find the results very encouraging.

    Still trying to figure out why my DNS settings were misconfigured, causing some lists (such as URIBL) not to work. Once I solve that I'll post it in case anyone else has the problem.

    m.
     
    #14 Mango45, May 12, 2013
    Last edited: May 12, 2013
    C4talyst likes this.
  15. Mango45

    Mango45 Active Member

    Joined:
    Apr 21, 2009
    Messages:
    40
    Likes Received:
    1
    Trophy Points:
    6
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Statistics from my personal email address for June:

    324 legitimate mail
    1478 spam mail
    3 false negatives
    0 false positives

    Barracuda was at least partly responsible for 61% of the correctly-tagged spam mail. The other RBLs I used are from Spamhaus and URIBL.com.
     
  16. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Do you think a new area /category for this sort of thing might be useful? I'd be interested in your feedback on this.

    Something like this should be posted on their site, and supported on their site (whomever they are). If it's to be shared with the cPanel Community, it is to be done via the AppCat.

    It's not my decision to make either. I am to enforce it though.

    We're about to have some discussions about the AppCat and some coming changes there. This is why I'd like to hear your feedback on the topic, if you please.

    Thanks. :)
     
  17. Mango45

    Mango45 Active Member

    Joined:
    Apr 21, 2009
    Messages:
    40
    Likes Received:
    1
    Trophy Points:
    6
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Are you thinking something like a section for "Links to User-Written Tutorials" perhaps organized by category? I would certainly be delighted to post there, and also read what others have written. :)
     
  18. oSM

    oSM Well-Known Member

    Joined:
    Aug 18, 2001
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Another vote for this. Perhaps cpanel could have a little chat with Barracuda about this. Would solve so many spam issues we get due to incoming/outgoing spam.
     
Loading...

Share This Page