• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 391
  • Last Modified:

SPAM Filtering

One of my clients is a medium sized business and has been experiencing a large increase of SPAM in the last couple of weeks. They are using a Barracuda SPAM Firewall 300 and it blocks about 50,000 SPAM per day and allows about 800 a day of legit email.
The Firewall device that was sitting in front of the Barracuda was totally flooded with all these incoming SMTP requests that RDP and other remote access into our LAN was sporatic, and if someone did get in they would eventually get disconnected. We replaced the current Firewall device with a larger more efficient and robust Firewall device and installed it and noticed that the remote connections were much more stable but the amount of SPAM of course is the same.
The problem/question actually is, How can I divert all this SPAM coming to the Firewall, our ISP doesnt support SPAM filtering either.
Thanks!
0
tolinrome
Asked:
tolinrome
  • 3
  • 3
  • 2
  • +1
2 Solutions
 
starmonkeyCommented:
See if the device supports real time blacklisting (RTBL)
0
 
tolinromeAuthor Commented:
we already have 2 blacklists setup on it.
0
 
grbladesCommented:
Have a look at http://www.spamhaus.org/faq/answers.lasso?section=Data%20Feed#153

Barracuda by default uses the spamhaus RBL's but if you get a lot of mails it is highly likely that you will have been blocked which will result in more spam getting through. We processed about 3000 mails and got blocked fairly quickly so I would guess that unless you have already subscribed to their data feed service you will have been blocked aswell.

A yearly subscription to the data feed is about $500 for 100 users and it will improve the spam you are rejecting (as currently it isnt working) aswell as speed things up since you wont have to wait for DNS checks as they will be local.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
grbladesCommented:
We use bl.spamcop.net and combined.njabl.org RBLs.

combined.njabl.org has now been taked over by spamhaus but you can still use the mirror and at some point in the future it will be disabled. If you have configured spamhaus RBL then I would recomend that you remove it and replace it with this one and at least get you back up and running better while you look into getting a spamhaus data feed.

bl.spamcop.net is another good RBL. I analysed all the spam coming into us and the top 3 RBLs that matched spam were:-
njabl
spamcop
sorbs
We implemented the first two in our MTA to cut out the majority of spam and let mailscanner process the rest.
0
 
tolinromeAuthor Commented:
Even if I follow your good advice wont the spam still be flooding the line? The problem isnt that the SPAM isnt being blocked its just the overwhelming amount of SPAM is flooding the connection.
0
 
grbladesCommented:
It will help as more emails will be rejected earlier on saving bandwidth and cpu time processing the full email later.

The domain that you have probably has the mail server specified as a priority of say 10 in the DNS.
You could add a couple of fake entries of priority 5 and 20 pointing to machines which dont exist. A lot of bots which send spam will only try and connect to the lowest MX entry (primary mail server) and others always try the highest as backup mail servers often dont have spam protection. Using this trick should reduce the number of spams you receive but at the cost of a longer mail delivery time.
0
 
starmonkeyCommented:
junkemailfilter.com (or a similay service) offers a hosted filtering service.  You need to have access to your MX records.

What happens is that mail gets delivered to thier filters, the spam is filtered out, then it gets to you.
0
 
rwaldicottCommented:
you might want to rerouting your MX records to a service that removes all the spam (or at least most of it) before actually sending it to your mailserver.  www.spamstopshere.com is a good service.

0
 
tolinromeAuthor Commented:
Thanks alot. I like both ideas and will implement the accepted one right away.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now