-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Best practices for mail servers
- Thread starter LuckyTaxi
- Start date
Fardringle
Diamond Member
Does the Barracuda do real DMZ (system is completely isolated from the rest of the network), or SOHO-type DMZ (system is completely open to the outside world and to the local network)? If it's a real DMZ, then putting the mail server there is fine. If not, just forward the necessary ports to the mail server and keep the server patched to help keep the network secure from outside attacks.
netsysadmin
Senior member
The Barracuda Spam Firewall is simply a spam filter, not a router or firewall.
John
netsysadmin
Senior member
It would really help if you gave a little description on what you have currently systems wise and what you are rolling out. It it an Exchange 2007 box with the Barracuda?
John
John
Fardringle
Diamond Member
OK, change the question to "Does the firewall/router do real DMZ..."? 😉
child of wonder
Diamond Member
Personally, I'd take a spare server, load it with CentOS, Debian, or your favorite Linux distro, get Postfix going with RFC checks, greylisting, and blacklisting going. It will eliminate 75-90% of the spam right there with less than .1% false positives. Then the Postfix box forwards the email to the Barracuda for more detailed filtering. Then the Barracuda passes the mail to your mail server.
We set this up when I was a Sys Admin for an ISP. We were filtering out 98-99% of all spam. Best of all, the Linux gateway servers were cheap and took a huge load off the Barracudas which saved a lot of money.
We set this up when I was a Sys Admin for an ISP. We were filtering out 98-99% of all spam. Best of all, the Linux gateway servers were cheap and took a huge load off the Barracudas which saved a lot of money.
Crusty
Lifer
I use Debian with Postfix + clamav + amavis-av + spamassassin and use Dovecot for my MUA and it works great. It's power hungry if you get a lot of traffic, but I can attest to it's spam fighting capabilities. I'm sure the next step up for us is a dedicated spam/virus appliance but we don't do nearly enough volume to make that cost effective yet.
How much mail do you generate/receive a day? We're a small company so we might do 100 emails a day to our clients which isn't a lot by any means.
How much mail do you generate/receive a day? We're a small company so we might do 100 emails a day to our clients which isn't a lot by any means.
The Barracuda's spam filter is a great piece of hardware. We have two of them clustered here. We filter about 60,000 messages per hour, roughly 97% of which are legitimate. The number of false positives is maybe 1 per month, and we filter for almost 100 domains, including two ISPs. The only bad thing I can say about them is that because they run Linux as their core, they are susceptible to any number of weird, random issues that you can't fix on your own, so you want to keep your Energize Update contract current for support.
Depending on how much inbound email you get, it might be better to contract out with someone who hosts spam filtering. For instance, some of our customers get litterally hundreds of spam emails every 5 minutes. If all of that traffic were to go through their internet connection, there'd be no more bandwidth left for regular traffic. Instead, they pay us to go through our filter which is hosted in our colocation. We weed out the crap and only send the good stuff to their onsite servers.
As far as the servers themselves go, inbound connections only need to be allowed for the barracuda (obviously discounting OWA and things like that). You don't need to expose your mailserver to the public at all. Open up port 25 in to the barracuda, and that's it.
Depending on how much inbound email you get, it might be better to contract out with someone who hosts spam filtering. For instance, some of our customers get litterally hundreds of spam emails every 5 minutes. If all of that traffic were to go through their internet connection, there'd be no more bandwidth left for regular traffic. Instead, they pay us to go through our filter which is hosted in our colocation. We weed out the crap and only send the good stuff to their onsite servers.
As far as the servers themselves go, inbound connections only need to be allowed for the barracuda (obviously discounting OWA and things like that). You don't need to expose your mailserver to the public at all. Open up port 25 in to the barracuda, and that's it.
we're installing Oracle Collaboration Suite ... yea dont ask, we're an oracle shop.
My personal boxes run Debian w/ postfix, clamav, dovecot and spamassassin and was so much easier to main and install.
For now, we're forwarding port 25 to the barracuda and then the barracuda fwds to our mail server.
My personal boxes run Debian w/ postfix, clamav, dovecot and spamassassin and was so much easier to main and install.
For now, we're forwarding port 25 to the barracuda and then the barracuda fwds to our mail server.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
