Solved

Barracuda versus Symantec Mail Security for Exhange

Posted on 2006-11-25
4
1,490 Views
Last Modified: 2011-10-03
Our Barracuda Firewall gets over 90,000 emails a day and blocks over 80,000.  A lot of the blocked spam has .jpgs attached.  Barracuda does not have a way to whitelist a sender with a .jpg attached so even ligitimate mail with a .jpg is being blocked.  This is a real pain and takes a lot of admin time during the day to unblock these legitimate emails.

I am thinking about letting all .jpgs through the Barracuda firewall and letting Symantec Mail Security catch them.  I can setup an allow list of legitimate senders in Symantec.

My concerns are:

1.  Will this be a security risk to allow all .jpgs through the Barracuda firewall and let Symantec filter them?
2.  Will this degrade performance on my Exchange boxes since they will be doing the processing instead of the Barracuda
3.  Will this take up more storage on my Exchange boxes and how fast?

I will greatly appreciate your answers to the above questions.

Thanks,

Joel
0
Comment
Question by:Joele111
  • 2
4 Comments
 
LVL 9

Expert Comment

by:trenes
ID: 18011584
Hi Joele111,

This seems a retorical question to me.
1. Yes.
2. Yes.
3. Yes. Depends on the percentage of the 80.000 are jpg's and how Symantec is configured do you want to store the failed jpg's for one day, week, month? You can do the math on that.

I think you are on a good path and I'm sure you knew the answers I gave you.


Cheers!
regards,

Trenes
0
 
LVL 9

Expert Comment

by:jjoseph_x
ID: 18014819
Alternately, instead of using Symantec Mail Security on your Exchange box, you could use the the Symantec Mail Security for SMTP Gateways on a another box to act as a SMPT gateway for your Exchange box (the advantage being that you won't have to install Symantec Mail Security on your Exchange box).

So the mail flow would look something like this:

Internet ----> Baracuda ----> Symantec SMTP Gateway  ---->  Exchange

The Symantec SMTP Gateway ought to be able to catch most of the SPAM among the messages with JPG attachments.
0
 

Author Comment

by:Joele111
ID: 18022690
Thanks.  I will definitely look into that.

I really wish there were a way I could configure the Barracuda to let me whitelist mail with a .jpg from users I specify but still block all other mail with a .jpg from users that are not specified on the whitelist.

The Barracuda does a great job except for this one lacking feature.  I feel like I am punching a hole in the dike by allowing all .jpgs to pass through the firewall.

0
 
LVL 9

Accepted Solution

by:
jjoseph_x earned 500 total points
ID: 18029396
You're not compromising security by letting the .jpgs through the baracuda... as long as you've got something that will filter them before they reach the exchange server.  It sucks, but sometimes, due to product limitations, you have not choice but to go with a layered secure/anti-spam model.

At least the Symantec SMPT Gateway will can the .JPGs for virus and is a reasonably decent SPAM filter (if you purchase the optional Premium Antispam license, it's actually really solid... which is something I rarely say of any Symantec product).
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to Access NetScaler admin URL from external source 8 1,035
Firewall Analyzer Reporting Software 4 54
cannot send E-mails to one company 15 64
SSH over http/https 8 109
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now