Barracuda vs Surgemail

 

----- Original Message -----

I really need a frontend due to the volume of crap that is being attempted here. Then you have it's virus & spam engines along with Barracuda's intent database(a database of 'bad' urls to block).

In addition you can create your own RBLs and then add them to the Surgemail list of RBLs.

Everything I have read is that the barracuda's spam filtering is based on SpamAssassin, but our primary mail server(not Surge yet) running the latest and greatest SA catches a bit more spam after the the barracuda scans it.  The same with using ClamAV on the mail server, now you have a second layer of scanning with a different scan engine.  One content scanning engine and one AV engine is just not enough any more, IMHO. ;
If your Spam scanner & A-V scanner is 100%, then you wouldn't need a backup - which doubles your system load.

I still see ClamAV catching a few virus/trojans early in the cycle of a new bad one, like in October.  Because the Barracuda is first, I cann't say for sure if it catches some things earlier than ClamAV or not. 

I have previously forwarded zipped viruses to the NetWin contact to fwd to Avast.  1USA has since installed NOD32 scanner in the command line scanner line in addition to the built-in Avast.  NOD32 is different than any other AV utility in that it loads the file into memory, executes & sees what it does. ; It frequently catches new strains.  Consequently, it also chews up cycles and on a system getting a boatload of emails. Under these circumstances it is possible to setup multiple Surgemail computers in a Cluster, but I doubt if you'll need to go that far.

I did have the chance to compare McAfee against ClamAV.  ClamAV was doing as well and sometimes better than McAfee at getting updates out, but that was when McAfee was in the process of outsourcing their ftp services. But all in all, it appeared that having multiple AV engines was a good thing.

Back in May 1998 when the Melissa virus came out, we installed Trend Micro's ServerProtect on the same day.  Other ISPs like Verizon didn't block viruses for 2 years.  Now we're losing lots of customers over to $17.99 DSL and it gets my goat.

It's not unusual to see over 60,000 attempts in 24 hours (and climbing) right now with less than 10% (on weekdays, worse on weekends) being passed on to the mail servers.  I just feel a front end is needed here to let the mail server handle what it should, legit email and end user traffic, plus the extra layer of scanning with different engines.

That will stop the brain-dead machines from hammering away... but you can't do this if it's behind the Barracuda box otherwise it will end up blocking the Barracuda's IP.

As we move towards Surgemail for our primary email server, I expect that I will leverage it's spam filtering to cut out more crap. ; Things are progressing and I expect to start migrating domains in a month or two to our Surge setup(running a mirrored pair behind a NAT doing port forwarding) and by then we will have had our Barracuda for a year already.
Too slow. You need to get the Surgemail machine in line as soon as practical. Start with a small domain (fewer users) and later do the larger domains.  You should NOT put Surgemail behind the Barracuda box... it won't be able to do its job.