[unisog] FYI - problem with Barracuda blacklisting

Andrew Daviel advax at triumf.ca
Wed Oct 24 23:44:58 GMT 2007


Precis: Barracuda anti-spam blacklist blocks mail for 
2 days, with no explanation.

We don't have a Barracuda system, but some of our associates do
(SFU, Western Kentucky University, University of North Dakota, Saint 
Mary's University...). From what I see in the media, people seem to like 
them.

Recently, for apparently no reason, our main mailserver got on their 
blacklist and any of our users sending to a Barracuda filtered site
got a rejection message (better than just dropping mail, I admit).
The Barracuda systems were giving us a "554 Service unavailable"
response up front, before EHLO, before any chance to authenticate or send 
to a "spam-friend" (in sendmail parlance).

The rejection message points to a website allowing automated
delisting (good), but it may take "up to 2 business days", and unlike 
e.g. SpamCop, there is no indication of why a site is listed.

My IT colleagues and myself thought this unacceptable (possibly one could 
have an unexplained multi-day outage over a long weekend, and we run 
24x7).

During a slightly acrimonious conversation with Barracuda's blacklisting
support department, I was told that as we weren't a customer we weren't 
entitled to support, and that their blacklisting methodology was 
proprietary so they weren't going to tell me why we were on the list.

Seems like the Guantanamo Bay approach to customer relations - "your 
offence is a state secret, so we can't tell you what you did wrong, but 
we're holding you anyway".

We asked one partner to whitelist us, and the block is now gone. But who 
knows, it might come back again. We lost some 300 emails, some possibly 
time-critical announcements to established partners. IMO this kind of 
total block would be only justified if we'd sent tens of thousands of 
spams, and there's no evidence we can see - not one personal complaint to 
"abuse", no spamcop reports, no ballooned server logs.

   (we use blacklists ourselves, but if you get one of our rejection
   messages, you can immediately delist and/or whitelist yourself within
   seconds, depending on DNS cache)

-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
Network Security Manager


More information about the unisog mailing list