[unisog] Barracuda effectiveness (vs Puremessage)
shawnl at up.net
shawnl at up.net
Mon Jul 16 19:47:33 GMT 2007
I'm an ISP lurker (used to be edu) and just had to respond to this....
We've had several barracuda devices in front of a high-volume mail
server for about the past 2 years (~60 to 100k messages/hour). I can
tell you how we've tuned our setup. The barracuda is by no means
perfect, we've toasted 5 boxes so far, and have had several brain-dead
box issues (box forgets about all of it's users and configs and has to
be re-setup), but once tuned it does a fair job. The barracuda SE's
seem to be ok, but it really depends on who you get. We've had
numerous people contradict each other and several cases of the SE
deciding to do X on the box without realizing the volume of mail it was
processing (and killing it).
+ make it your MX. Putting a box in front of it acting as an MX negates
a lot of the built-in filters.
+ lower all settings. Our default level is 2/4/7 (tag/quar/block) and for
some we lower that quite a bit.
+ Don't try to do use ldap for user verification. Really slowed things down
and killed our ldap servers.
+ erase "fake" accounts weekly (since we're not doing ldap verification)
+ setup our own black list. This was the biggest single thing we did to improve
the amount of spam being caught and box performance. Unfortunately there's a
time commitment there to keep the list updated.
Things that don't seem to work...
+ marking things as spam or not spam. Too many users, too much mail.
Several thousand entries in the Bayesian database with no real
Also remember that Barracuda Networks bases their spam figures on 99% of the
incoming spam being caught at the black-list level _before_ it's scanned
in any way. If you're not getting a 99% catch rate, the estimates of how
many messages/hour the box can scan need to be adjusted.
For comparison here's our stats so far today
Allowed: Tagged 4,822
Total Received 919,636
(on a side note, we're looking at moving to a cluster of boxes running
If you want more info, feel free to contact me offline
Network Operations Staff
Baraga Telephone / up.net
On Mon, Jul 16, 2007 at 11:25:41AM -0700, Kim Cary wrote:
> Hi all,
> We've been doing some tests and are quite disappointed with the
> Barracuda's spam catch effectiveness. We find that at the recommended
> settings about 20% of the things that would be caught by Puremessage
> as spam, get missed by Barracuda.
> We have the Barracuda set to do the things their SE recommends. And
> now they are recommending manual tuning involving keyword lists,
> extra blacklists (beyond their own and xbl/sbl from spamhaus), bayes,
> We don't have 'tuning' with Puremessage. We have postgres
> maintenance :-( but not tuning.
> Anyone have recommendations for a high-catch/no-tuning setup for
> their Barracuda, before we re-crate these appliances for return?
> Dr. Kim Cary, CISSP
> Information Security Officer
> M-F 7-4 ~
> unisog mailing list
> unisog at lists.dshield.org
More information about the unisog