Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Problems with Barracuda Networks blacklist

171 views
Skip to first unread message

Andrew Daviel

unread,
Dec 4, 2007, 6:53:31 PM12/4/07
to
Since October 22, we have been having problems with Barracuda Networks
listing our outgoing mailserver on their intent list, with a "poor" reputation
as a source of spam.

I wondered if anyone else had had problems with them. I have had private email
suggesting that a few sites have.

Two issues:
- they won't say why we are on the list, or at least won't show
any evidence
- they distribute the blacklist to their customers who use their appliances,
and the out-of-box config seems to be to totally block SMTP connects prior
to EHLO with a 554 status message, and then have a 2 business day turnaround
to investigate/delist.
As many customers are clueless about mail (which is why they outsourced
their mail filtering) it's hard to get them to whitelist us.

My suspicions are that they tag full-body DSNs as spam, and attribute them to
us when our email forwards have failed. But they won't say.

See
http://andrew.triumf.ca/barracuda-problems.html

--
Andrew Daviel
TRIUMF

Outsider

unread,
Dec 5, 2007, 8:25:23 PM12/5/07
to
Andrew Daviel <ad...@triumf.ca> wrote in news:%Ll5j.68$sg.34@pd7urf1no:


I read your web page and your other post here. If Barracuda sites are
"looking" at DSN emails then they should make sure the bounces come from
their own site and are not backscatter; this can be done with a milter.
If they are "tagging" your site based on these kinds of tests they are
doing a bad job.

Andy

Outsider

unread,
Dec 5, 2007, 8:30:44 PM12/5/07
to
Outsider <not@this_address.com> wrote in
news:Xns99FDCF695FA5...@69.28.186.158:


Now I think about it I guess that would not help. You could do the
backscatter test on your end which would help if the nobody does not help
(assuming this is even the cause).

Message has been deleted

David F. Skoll

unread,
Dec 5, 2007, 10:09:03 PM12/5/07
to
Andrew Daviel wrote:

> See http://andrew.triumf.ca/barracuda-problems.html

I read your note. I think your best course of action is to phone
your major business partners and explain: "Barracuda Networks is
blocking legitimate mail from us to you. If you want to receive mail
from us, please whitelist us or disable the Barracuda spam filter. If
neither approach appeals to you, please complain to Barracuda technical
support."

Now... as to your suspicion that backscatter may have gotten you
blacklisted: You should do everything in your power to avoid
backscatter. I'm not sure how your forwarding is set up, but maybe
you can use a milter to determine whether or not mail will be accepted
before attempting to forward it. (This may or may not be easy/possible.)

Regards,

David.

Grant Taylor

unread,
Dec 6, 2007, 10:43:20 AM12/6/07
to
On 12/05/07 21:09, David F. Skoll wrote:
> Now... as to your suspicion that backscatter may have gotten you
> blacklisted: You should do everything in your power to avoid
> backscatter. I'm not sure how your forwarding is set up, but maybe
> you can use a milter to determine whether or not mail will be
> accepted before attempting to forward it. (This may or may not be
> easy/possible.)

I'm betting that the Barracuda is the edge SMTP device that would need
to be ""educated (I use the term loosely) and / or enhanced with a
milter, which may be rather difficult if my understanding of the fact
that Barracuda's are suppose to be maintenance free (administrative
changes to existing configuration values aside) turn key appliances.
I'm not even aware if it is possible to get terminal access to alter things.

Grant. . . .

feen...@gmail.com

unread,
Dec 7, 2007, 9:07:27 AM12/7/07
to
> Seehttp://andrew.triumf.ca/barracuda-problems.html
>
> --
> Andrew Daviel
> TRIUMF

It is hard to convince a DNSBL operator to listen to a stranger.
Rather than ask your email receipients to whitelist you, why not ask
them to raise a support question with Barracuda? The "we only talk to
customers" line is a common one, and usually can't be gotten around
any other way. In the meantime, why not change the MTA IP address? If
Barracuda fat-fingered an address, or otherwise made a not likely to
be repeated mistake, that will solve the problem for you. I highly
doubt they have a systematic misunderstanding of SMTP such as the one
you propose - if they did you would have much company. More likely
they just goofed up on your record, and don't want to bother fixing
it, because they have a lot of requests and only a few are legitimate.

Daniel Feenberg

David F. Skoll

unread,
Dec 7, 2007, 4:45:40 PM12/7/07
to
Grant Taylor wrote:

> I'm betting that the Barracuda is the edge SMTP device that would need
> to be ""educated (I use the term loosely) and / or enhanced with a
> milter, which may be rather difficult if my understanding of the fact
> that Barracuda's are suppose to be maintenance free (administrative
> changes to existing configuration values aside) turn key appliances.
> I'm not even aware if it is possible to get terminal access to alter
> things.

It's probably not officially possible, but it's also probably not
that difficult if you're determined enough.

Barracuda doesn't use Sendmail (I believe their MTA used to be
Postfix, though they may have written their own MTA in recent versions
of their appliance.)

The Barracuda boxes are stock Linux servers. It is possible to
"repurpose" them with better software (and we have a small number of
customers who have done exactly that... :-))

Regards,

David.

Andrew Daviel

unread,
Dec 16, 2007, 4:15:49 AM12/16/07
to
Res <r...@ausics.net> wrote:
>
> More of a reason not to use that type of junk.
> Just contact your partners and have them whitelist you, make it known to
> anyone who wants to do business with you as well.
> Recommend they use MIMEDefang or MailScanner, both of these in my
> experience (and of many others I know who have used that crap) work FAR
> better.

Heh.

One partner whitelisted us quickly, and now has stopped using the blacklist.

Another finally whitelisted us, but it was uphill work just trying to contact their outsourced IT dept.

The rest of the 45-odd orgs that we saw blocking us are "little guys" in terms of volume, and it would be a pain to
try to contact them all.

I haven't noticed any more Barracuda blocking recently, so maybe changing the DSN body return fixed the problem.


--
--
Andrew Daviel

Andrew Daviel

unread,
Dec 16, 2007, 4:31:56 AM12/16/07
to
David F. Skoll <d...@roaringpenguin.com> wrote:
>
> Now... as to your suspicion that backscatter may have gotten you
> blacklisted: You should do everything in your power to avoid
> backscatter. I'm not sure how your forwarding is set up, but maybe
> you can use a milter to determine whether or not mail will be accepted
> before attempting to forward it. (This may or may not be easy/possible.)

Our forwarding is simple historical Unix/sendmail .forward files.
Just checking bounces to postmaster should show no-such-user errors, if we actually go read them.
I don't think it would be possible to test if mail would be accepted first. At least, our
sendmail setup won't send DATA if RCPT fails to all recipients, but we have some orgs now (ourselves
included) using e.g. a spamassassin milter to reject based on content, i.e. the DATA session
gets a 5xx status if the message looks too spammy. Which would cause our server to generate
a DSN for a forwarded message.
It would be possible in theory to suppress DSN for forwarded messages which we (or the remote site) tag as spam
but preserve it for non-spam. We have 2 thresholds - one at which messages get rejected outright, and
a lower one at which messages are tagged for users to decide what to do. So there is a range
in which we think it's spam but the user has indicated they want it, or want to check for themselves.

Anyway, if we don't have any more Barracuda problems, probably I won't bother trying to
implement anything fancy ...

--
--
Andrew Daviel

0 new messages