Solved

Barracuda versus Symantec Mail Security for Exhange

Posted on 2006-11-25
4
1,480 Views
Last Modified: 2011-10-03
Our Barracuda Firewall gets over 90,000 emails a day and blocks over 80,000.  A lot of the blocked spam has .jpgs attached.  Barracuda does not have a way to whitelist a sender with a .jpg attached so even ligitimate mail with a .jpg is being blocked.  This is a real pain and takes a lot of admin time during the day to unblock these legitimate emails.

I am thinking about letting all .jpgs through the Barracuda firewall and letting Symantec Mail Security catch them.  I can setup an allow list of legitimate senders in Symantec.

My concerns are:

1.  Will this be a security risk to allow all .jpgs through the Barracuda firewall and let Symantec filter them?
2.  Will this degrade performance on my Exchange boxes since they will be doing the processing instead of the Barracuda
3.  Will this take up more storage on my Exchange boxes and how fast?

I will greatly appreciate your answers to the above questions.

Thanks,

Joel
0
Comment
Question by:Joele111
  • 2
4 Comments
 
LVL 9

Expert Comment

by:trenes
ID: 18011584
Hi Joele111,

This seems a retorical question to me.
1. Yes.
2. Yes.
3. Yes. Depends on the percentage of the 80.000 are jpg's and how Symantec is configured do you want to store the failed jpg's for one day, week, month? You can do the math on that.

I think you are on a good path and I'm sure you knew the answers I gave you.


Cheers!
regards,

Trenes
0
 
LVL 9

Expert Comment

by:jjoseph_x
ID: 18014819
Alternately, instead of using Symantec Mail Security on your Exchange box, you could use the the Symantec Mail Security for SMTP Gateways on a another box to act as a SMPT gateway for your Exchange box (the advantage being that you won't have to install Symantec Mail Security on your Exchange box).

So the mail flow would look something like this:

Internet ----> Baracuda ----> Symantec SMTP Gateway  ---->  Exchange

The Symantec SMTP Gateway ought to be able to catch most of the SPAM among the messages with JPG attachments.
0
 

Author Comment

by:Joele111
ID: 18022690
Thanks.  I will definitely look into that.

I really wish there were a way I could configure the Barracuda to let me whitelist mail with a .jpg from users I specify but still block all other mail with a .jpg from users that are not specified on the whitelist.

The Barracuda does a great job except for this one lacking feature.  I feel like I am punching a hole in the dike by allowing all .jpgs to pass through the firewall.

0
 
LVL 9

Accepted Solution

by:
jjoseph_x earned 500 total points
ID: 18029396
You're not compromising security by letting the .jpgs through the baracuda... as long as you've got something that will filter them before they reach the exchange server.  It sucks, but sometimes, due to product limitations, you have not choice but to go with a layered secure/anti-spam model.

At least the Symantec SMPT Gateway will can the .JPGs for virus and is a reasonably decent SPAM filter (if you purchase the optional Premium Antispam license, it's actually really solid... which is something I rarely say of any Symantec product).
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now