The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Barracuda spam filter

Discussion in 'General Discussion' started by ialex03, May 11, 2005.

  1. ialex03

    ialex03 Well-Known Member

    Joined:
    May 15, 2003
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Hello.

    Does anybody use Barracuda spam filter with cpanel servers?

    Looks like the tech guys from Barracuda support don't know much about Exim mail server.
    We are having a problem with Barracuda/Exim cooperation and I need ask somebody a few questions.

    Thank you.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Never heard of it, but what sort of information are they in need of (which presumably they cannot glean from th exim site) and do you have any URL's on their site that point to the technical specifications they're having problems integrating?
     
  3. ialex03

    ialex03 Well-Known Member

    Joined:
    May 15, 2003
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Here is what their tech advised:

    He is right, that is how exim is configured on cpanel by default. It doesn't give immediate answers about non-valid email accounts.
    Do you know how to enable it?

    I was advised to add this into exim.conf.local:

    But it doesn't seem to be working.

    Thank you.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You don't need to add that.

    Exim on cPanel servers does indeed provide a RCPT failure automatically, however, you must make sure that the domains Default Address (catchall) is set to :fail: you must not use :blackhole: and you mustn't set the Default Address to anything other than fail otherwise you're indicating that all email addresses are valid.
     
  5. ialex03

    ialex03 Well-Known Member

    Joined:
    May 15, 2003
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Thank you.
    It worked just fine :)
     
  6. edesignway

    edesignway Well-Known Member

    Joined:
    Dec 4, 2001
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    If you have any other questions on Barracuda let me know. We are running four of their boxes.
     
  7. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
  8. taenkarth

    taenkarth Member

    Joined:
    Sep 5, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    I have mine set as stated above and I am still getting an obscene amount of user accounts created on my Barracuda SF 400. Is there something else I need to be setting?

     
  9. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    your not missing anything - cPanel is

    if cPanel supported LDAP this would be a mute issue.
    cPanel is missing LDAP

    so - a Cisco product that costs $$$
    the Barracuda product that $$$
    both have issues.

    What is happening is this.

    When an email comes into the system - either the Iron Port or the Barracuda - the systems send an envelope check to the cPanel mail system.

    if cPanel is busy - does not reply in time - then the spam filters collect the email as default.

    Why is this important ? - because if they just killed mail off then even legitimate mail would be discarded.

    Now - other control panels that support LDAP do not have this issue.

    We love cPanel - and we happen to think that cPanel is the best control panel in the industry.

    We are serious about combating spam for our clients -
    One Barracuda 600 costs $10K - now imagine having a cluster!

    There are other "open" alternatives - but honestly spamassassin just does not cut the mustard - nor does the other mailscanner alternative - Our clients do not complain about spam any longer - like they did when we had our server protected with those solutions

    I wonder - perhaps those of us who have purchased the barracuda units - should we get together and build a bounty to get open-ldap working and supported?

    I respect the position cPanel has - its not on their radar @ present...
    but $$$ talks sometimes.
     
  10. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    If indeed there is a problem with interaction between a Barracuda and a Cpanel server [and I'll figure it out myself by setting up an account on Cpanel that uses a Barracuda], then it's not a "Cpanel" issue. I can't see any reason why the current "other" method that the Barracuda will use to determine valid accounts (a check via SMTP) would not work. Exim might need massaged, but that's it. Remember, Cpanel is not Exim - Exim is just part of a working Cpanel solution. There are ways around everything with Exim, depending on what you want to accomplish.

    If it's a simple case with throttling taking place [that is in return causing a delay that the barracuda doesn't like], then turn off the throttling or configure Cpanel/Exim to not throttle connections from the Barracuda IPs.

    Sure it would be good [for Cpanel] if they figure out just what needs to be done and make it doable via a few checks/unchecks in the interface. But I'm quite positive that whatever you guys are experiencing as a problem with Barracuda<-->Cpanel can be easily enough overcome with a few changes in Exim.

    Mike

    PS: I can see why the Barracuda may have a requirement for the whole verification process to take place speedily - For each piece of incoming mail it has to have at least two TCP sessions open - one from the remote mail server to the Barracuda and one from the Barracuda to the Cpanel server - and the Barracuda has to maintain both sessions until it gets back a reponse from the Cpanel in order to determine what response to pass back to the remote mail server.

    PS #2: Too bad we aren't talking Sendmail instead of Exim - I have a few boxes running milter-ahead on Sendmail, which caches the responses so it doesn't have to contact the destination mailserver every time for verification.
     
    #10 mtindor, Sep 5, 2009
    Last edited: Sep 5, 2009
  11. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    thus the reason i liked

    thus the reason i linked this thread to the other ...
    and apologized for the cross posting.

    I described the issue there - and asked

    how can i massage exim ?
     
  12. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    If your case is a case where the Cpanel is not responding fast enough for the Barracuda server (and you know it's not a problem with availability of resources on the Cpanel machine), then your Cpanel may be ratelimiting your Barracuda boxes.

    Whitelist all of your Barracuda IPs

    In WHM / Exim Configuration Editor

    ** Whitelist: Backup Mail Hosts (bypass all SMTP ratelimits)
    - add your barracuda IPs here

    Start with that. See if this helps. You'll know if it's a ratelimiting issue if you look on the Cpanel server in /var/log/exim_mainlog.

    grep Ratelimit /var/log/exim_mainlog|grep 'xxx.xxx.xxx.xxx'
    - where xxx.xxx.xxx.xxx is the IP of one of your Barracudas

    If you're barracuda is being ratelimited you'll know it from that.

    Also, i"m not sure if the Barracuda sends a QUIT after a recipient check to the Cpanel server. If it doesn't, then your CPanel server will ratelimit the Barracuda if you have the following setting enabled:

    Ratelimit: incoming SMTP connections that do not send QUIT, have recently matched an RBL, or have attacked the server. [?]

    So again, in this case, whitelisting the IPs per my first recommendation should resolve that.

    Mike
     
    #12 mtindor, Sep 5, 2009
    Last edited: Sep 5, 2009
  13. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    been there

    yup - been there
    does not show rate limiting -

    my thought is just that exim is not responding fast enough

    thanks for your assistance btw
     
  14. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You're welcome, although my assistance isn't worth anything if it doesn't help you fix your problem :)

    If it were me, I would have access to a message that was held on the Barracuda [but should have been delivered to the Cpanel server] - I would then look at the date/timestamp of that message and the recipient address and I would then grep /var/log/exim_mainlog for that recipient address and the date as well - this would allow me to see what Exim had to say about the transaction. you may find some useful information there.

    For instance, if a message that came in to mike@mike.com was held on teh barracuda, I would go on the barracuda in the message log and I would look at that message - I would check the time it was sent to the barracuda - Let's assume it was sent at 10:45 AM 9-5-2009. I would then go onto the Cpanel server and would do something like this:

    grep mike@mike.com /var/log/exim_mainlog|grep '2009-09-05 10:45'

    and/or I would do:

    grep xxx.xxx.xxx.xxxx /var/log/exim_mainlog|grep '2009-09-05 10:45'
    - where xxx.xxx.xxx.xxx = IP of your barracuda

    The logs on the cpanel server may give an indication fo why Cpanel didn't accept it at that time.

    1. If your Cpanel is under heavy load, the fix is to do what you need to do so that your Cpanel is not under such a load and can handle routine SMTP (typically a simple SMTP greeting / mail from / rcpt to is overhead, even with a lot of them coming in).

    2. If your Cpanel server is not on the same network as the barracuda, latency across the internet may be causing problems if the Barracuda has to authenticate to a Cpanel server that is 100+ms away.

    Mike
     
  15. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Take a look at one of the messages on your Barracuda that you feel should have been delivered to the cpanel server but wasn't. What is the "ACTION" and "REASON" for it as listed in the Barracuda Message Log ?

    Mike
     
  16. dannydesiliva

    dannydesiliva Member

    Joined:
    Sep 5, 2009
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    OWA with Barracuda Spam filter

    Did you change your external DNS record (the one you use for OWA) to point to the Barracuda? It sounds likely that your OWA users are now pointing to the Barracuda device.

    If that's the case, how did you make the change? Did you give the public IP address formerly pointing to the Exchange server to the Barracuda appliance? I'm trying to work out the easiest solution to make everything work again.

    Are you using an SSL certificate for OWA attached to the name now pointing to Barracuda?

    _________________________________________________________________________________________________

    Danny..

    easy candy recipe | Polywood lawn furniture | drug test passing
     
    #16 dannydesiliva, Sep 12, 2009
    Last edited: Sep 14, 2009
  17. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Did somebody mention OWA or Exchange in this thread? If so, I diidn't see it :) I'd respond thinking that I may be able to help you, but it'd be off topic since you aren't talking about a Cpanel server.

    Mike
     
  18. taenkarth

    taenkarth Member

    Joined:
    Sep 5, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    I am unsure if this topic went another direction or if I just didn't read it right but here is what I have found on my end.

    If a Barracuda is attempting to send mail to a cPanel box I have had to do the following to make it recognize that there are invalid accounts correctly.

    Set the Barracuda to whitelist in cPanel exim config.
    Turn off Dictionary attack protection in cPanel config.

    Of course I only do this once a month for as long as it takes to resolve invalid accounts. Then I turn the dictionary protection back on and let them build up for another month.

    I assume that if you have a ton of mail that leaving it disabled would directly impact your Exim stability. So I just run it by hand once a month. Removed 6000+ accounts this month from Barracuda with this method.
     
Loading...

Share This Page