[unisog] Barracuda effectiveness (vs Puremessage)

Frank Bulk frnkblk at iname.com
Tue Jul 17 16:35:26 GMT 2007


najbl.org is not a very well-respected RBL (just look at the de-listing
policy!), I would recommend that you re-evaluate using it.  We've had
nothing but trouble with that RBL.

Regards,

Frank  

-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of mcclenbw at oneonta.edu
Sent: Tuesday, July 17, 2007 8:30 AM
To: unisog at lists.dshield.org
Subject: Re: [unisog] Barracuda effectiveness (vs Puremessage)

We were actually disappointed with PureMessage performance and bought a
Barracuda 400 to place in front of PureMessage (originally to test, but
since we still have a contract with Sophos, we've left PureMessage for
an added layer).  Before having the Barracuda, PureMessage couldn't
handle the DNSBL checks quick enough that our queues would back up, and
require manual intervention to clear.

The Barracuda does have the DNSBL issue, and we are currently using 5
lists:

zen.spamhaus.org
cbl.abuseat.org
dnsbl.njabl.org
list.dsbl.org
dnsbl.ahbl.org


I would also recommend using "Intent Analysis" on the Barracuda.  Yes,
we had false positives.  In about a year of using it, I've had to create
16 exceptions, but comparing that to senders addresses whitelisted in
PM, it's definitely on par.  One thing that shocked me about PM, which
was hard to see until we got the Barracuda, was the number of false
positives with PM, while at the same time, obvious false negatives were
getting through.

I have created what I consider conservative regular expressions (never a
false positive seen or reported) used for header, subject, and body
filtering.  Some I created, and some I've picked up from the Barracuda
forum.  I guess it's individual preference whether you want/like this
ability.  I prefer it over just sending examples of the latest spam
campaign to Sophos and hoping they do something about it soon.  In most
case I saw they didn't.


Brady McClenon
Administrative Computer Services
State University College at Oneonta
Oneonta, NY  13820



> -----Original Message-----
> From: unisog-bounces at lists.dshield.org [mailto:unisog-
> bounces at lists.dshield.org] On Behalf Of Kim Cary
> Sent: Monday, July 16, 2007 2:26 PM
> To: unisog at lists.dshield.org
> Subject: [unisog] Barracuda effectiveness (vs Puremessage)
>
> Hi all,
>
> We've been doing some tests and are quite disappointed with the
> Barracuda's spam catch effectiveness. We find that at the recommended
> settings about 20% of the things that would be caught by Puremessage
> as spam, get missed by Barracuda.
>
> We have the Barracuda set to do the things their SE recommends. And
> now they are recommending manual tuning involving keyword lists,
> extra blacklists (beyond their own and xbl/sbl from spamhaus), bayes,
> etc.
>
> We don't have 'tuning' with Puremessage. We have postgres
> maintenance :-( but not tuning.
>
> Anyone have recommendations for a high-catch/no-tuning setup for
> their Barracuda, before we re-crate these appliances for return?
>
> Dr. Kim Cary, CISSP
> Information Security Officer
> M-F 7-4 ~
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

_______________________________________________
unisog mailing list
unisog at lists.dshield.org
https://lists.sans.org/mailman/listinfo/unisog



More information about the unisog mailing list