Barracuda vs Surgemail

Thread: Barracuda vs Surgemail

Search this list only Search all lists
Barracuda vs Surgemail
	2006-12-28 00:44:59

1usa.com">webmaster1usa.com wrote: BARRYZ" type="cite"> comments inserted.  It is not my intent to pick a fight, only to show the capabilities of Surgemail. ----- Original Message ----- From: lcrcomputer.info" href="mailto:lylelcrcomputer.info">Lyle Giese To: netwinsite.com" href="mailto:surgemail-listnetwinsite.com">surgemail-listnetwinsite.com Sent: Tuesday, December 26, 2006 8:37 PM Subject: Re: [SurgeMail List] Barracuda vs Surgemail I really need a frontend due to the volume of crap that is being attempted here. Then you have it's virus & spam engines along with Barracuda's intent database(a database of 'bad' urls to block). Surgemail has these things AND the ability to limit # of ports per connecting IP. In addition to the built-in mfilter.rul page, you can also write scripts directly in mfilter.rul and friends.rul In addition you can create your own RBLs and then add them to the Surgemail list of RBLs. I don't think per connecting ip appears to be any sort of issue.  It's the number of connections<period>. I don't think corporates will tolerate Friends well(as that is what my customer base is). I already have my own custom rbl. You can add as many rbl's as you want in the Barracuda. And those outside rbl's that we use, I serve them up locally by rsyncing the data and feeding it to rbldnsd(along with our custom rbl). Instead of the email server dealing with 60,000+ connects, it's then dealing with just 6,000 incoming emails and user traffic and outbound email. BARRYZ" type="cite"> Everything I have read is that the barracuda's spam filtering is based on SpamAssassin, but our primary mail server(not Surge yet) running the latest and greatest SA catches a bit more spam after the the barracuda scans it. The same with using ClamAV on the mail server, now you have a second layer of scanning with a different scan engine.  One content scanning engine and one AV engine is just not enough any more, IMHO. ; If your Spam scanner & A-V scanner is 100%, then you wouldn't need a backup - which doubles your system load. SpamAssassin is used by some Surgemail admins here on this list, but 1USA.Com hasn't needed to go that direction. We find that Aspam does a great job here. We have a couple of customers that are magnets for spam due to the nature of their business, commodity brokers for instance and one company whose company name is close to that of a large bank in the US. BARRYZ" type="cite"> I still see ClamAV catching a few virus/trojans early in the cycle of a new bad one, like in October.  Because the Barracuda is first, I cann't say for sure if it catches some things earlier than ClamAV or not. I have previously forwarded zipped viruses to the NetWin contact to fwd to Avast.  1USA has since installed NOD32 scanner in the command line scanner line in addition to the built-in Avast.  NOD32 is different than any other AV utility in that it loads the file into memory, executes & sees what it does. ; It frequently catches new strains.  Consequently, it also chews up cycles and on a system getting a boatload of emails. Under these circumstances it is possible to setup multiple Surgemail computers in a Cluster, but I doubt if you'll need to go that far. I did have the chance to compare McAfee against ClamAV.  ClamAV was doing as well and sometimes better than McAfee at getting updates out, but that was when McAfee was in the process of outsourcing their ftp services. But all in all, it appeared that having multiple AV engines was a good thing. Yes. I agree.  That's why we don't use Norton or McAfee here. Back in May 1998 when the Melissa virus came out, we installed Trend Micro's ServerProtect on the same day. Other ISPs like Verizon didn't block viruses for 2 years.  Now we're losing lots of customers over to $17.99 DSL and it gets my goat. It's not unusual to see over 60,000 attempts in 24 hours (and climbing) right now with less than 10% (on weekdays, worse on weekends) being passed on to the mail servers.  I just feel a front end is needed here to let the mail server handle what it should, legit email and end user traffic, plus the extra layer of scanning with different engines. BARRYZ" type="cite"> Set g_con_perip to 5 Set g_max_bad_to to 4 That will stop the brain-dead machines from hammering away... but you can't do this if it's behind the Barracuda box otherwise it will end up blocking the Barracuda's IP. From the logs, it's not per ip attempts, the bot nets are large and the bot masters have learned to send fewer per machine in order to fly under the radar of the bot's ISP. One of the management reports in the Barracuda is the rate limit report and most days, it doesn't even have 10 ip's in the list to report on. And the European ISP's are very poor at screening outbound email.  If I block wannadoo/orange, there are a couple of our corporate customers that have clients & partners using that ISP in Europe, for instance. Another is Italy's main ISP which offers free email accounts and puts out a bunch of 419 spam. ; Cann't just outright block them either. BARRYZ" type="cite"> As we move towards Surgemail for our primary email server, I expect that I will leverage it's spam filtering to cut out more crap. ; Things are progressing and I expect to start migrating domains in a month or two to our Surge setup(running a mirrored pair behind a NAT doing port forwarding) and by then we will have had our Barracuda for a year already. BARRYZ" type="cite"> Too slow. You need to get the Surgemail machine in line as soon as practical. Start with a small domain (fewer users) and later do the larger domains.  You should NOT put Surgemail behind the Barracuda box... it won't be able to do its job. Put your surgemail machine out on the front line and let it take the beating like it's designed to do. Use the recommended Migration Mode as shown on the Migration web page. ; It's that &**#^ easy. So spend the bucks and get your Surgemail registration numbers.  You'll never look back. ; That's what we did. There are many other Admins here on this list who will heartily agree. No, I am putting a mirrored pair behind a NAT for failover. If you configure things right, you can put Surge behind a Barracuda. You put your rbl's on the Barracuda and you don't do rbl blocking on Surge and you make sure Surge knows it's behind a filter(there is a setting in Surge for that).  I want the mail server to be fast for dealing with customer traffic as it will be dealing with large mailboxes, it doesn't need to be screwing around with the bogus traffic up front, let the Barracuda be the front line and handle the incoming port 25 crap. (already got the base license and the mirror license<;GRIN>) But because of customer rules on the old server, it will just take a bit longer to move things.  Migration mode won't migrate rules and groups and forwarders or lists. My lack of speed ; in migrating is really finding time to make sure all is configured correctly and create the failover methods, service checks and scripts to make it run smoothly without flipping back & forth. BARRYZ" type="cite"> Easy on the EggNog. Why? ; I ain't driving this weekend<;GRIN>! Have a good Holiday this weekend! Lyle
Barracuda vs SurgeMail
	2006-12-28 15:32:18

Happy New Year all! I too am running a Barracuda with a mirrored pair of SM’s behind it. I have the Barracuda on its own DMZ port on my SonicWall firewall and the Surges behind a NAT’d port. ; I have found that I can filter a huge amount of traffic at my SonicWall firewall before it even gets into the Barracuda. It has the capability of disallowing traffic (a reduction by at least half) via RBLs so that my Barracuda doesn̵7;t have to deal with it. I let the Barracuda do RBL filtering too because I like the RBL customizing I can do. If someone claims to not get mail I can turn off the filtering at the firewall, let the traffic pound the Barracuda and check the logs later. I like the ‘cuda’s log features and I can retrieve a blocked message for up to three months. My question has to do with Lyle’;s comment “If you configure things right, you can put Surge behind a Barracuda” and “Surge knows it's behind a filter(there is a setting in Surge for that)”.  What setting are you talking about? I didn’;t make any changes to my Surge setup.  Did I miss something? Dave

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )