Modifying a Barracuda Anti-Spam Firewall

Does anyone currently use a Barracuda Firewall without the Energize updates?  Does it take any hacks to do so and if it does, has anyone had any luck modifying a Barracuda firewall so that they could use it without requiring the updates?  

I can pick up a used Barracuda for relatively cheap but the annual updates are $400+ just to be able to download their spam list updates. For a very small network, that's a lot.  It's my understanding that 90% of the spam is filtered by other methods before it even gets to the point of using the updates Barracuda provides.  (See the 12 layers of defense for the Barracuda here: http://www.barracudanetworks.com/ns/technology/anti-spam-tech.php ).

I'm not asking this question because I want to get one over on Barracuda Networks.  I am a network consultant and I have been looking into building an anti-spam appliance solution and it seems going the Linux route using Spam Assassin is the most reliable and maybe cost effective.  I don't have much Linux knowledge though and to save a lot of time I don't have in learning and setting up a computer with Linux and all the other components to make it a good appliance, it seems easier to just purchase an appliance second-hand that already fits the bill and start from there.  Since the Barracuda uses Linux and other open license software, modifying it to fit my needs if necessary shouldn't be an issue (see Linksys vs. Linux).  Really, I just want to know if it's useable and effective without the expensive Energize updates or if it can be pointed elsewhere to get other blacklist and fingerprint lists.  Does anyone here have enough experience with it or playing with it's configuration to shed some light?  Thanks in advance.
LVL 5
VortexAdminAsked:
Who is Participating?
 
grbladesConnect With a Mentor Commented:
I havent looked into Barracuda. I would suggest you have a look at DefenderMX from http://www.fsl.com/downloads.html. You can download a full ISO which you burn to a CD and install. It is based upon Centos Linux and MailScanner which I mentioned in your other question.
It is commercial software and they will give you a demo license. Basically all that it does can be done with MailScanner and the mailwatch web based front end. defenderMX has some more web tools and full support. You can also get BarricadeMX which sits infront and accepts the mail like Postfix would otherwise do but can reject most spam before it is accepted. Its their own design and does far more than just RBL lookups.
0
 
VortexAdminAuthor Commented:
I had already looked at SpamTitan which seems to be the same idea.  A downloadable ISO would be perfect.  However, both of these are expensive.  http://www.fsl.com/docs/BMX-DMXPriceSheet-Mar2008.pdf.   You're thinking of this in 100 user terms, I'm talking about helping some small companies with 2 - 12 people.  I can't sell it if it's going to be a couple hundred dollars per person, they'd rather hit the delete key or buy Norton Anti-Spam for $20.  I can however put some hardware together and sell services on it myself. My limitation is Linux and Linux apps.  I'm open to exploring what it would take to load my own open apps to accomplish the goal. I just suggested using something like the Barracuda (or the Defender MX appliance) to jumpstart since it already has the hardware, Linux, web GUI, and anti-spam apps loaded.

On a side note, do you know of a Linux ISO that would allow me to blow an image onto a PC that already has a decent GUI, maybe a web interface and some of these apps you're talking about so I can just get right down to configuring?
0
 
grbladesCommented:
I was thinking that you could try defendermx and get a system up and running very quickly. You can them have a play at look at the mailscanner and other configuration. It will give you good starting point and a point of reference if you decide to install a Linux system by itself.

If you want a gui then something like Centos5 and plesk (http://www.parallels.com/kr/products/plesk/) would be a good start. Plesk is commercial software and I dont know how much it costs.

Suse linux tends to have their own configuration program called yast which is quite good. Its command based (graphical) rather that a web application.
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
ParadiseITSConnect With a Mentor Commented:
The short answer is that while we use the Energize updates, it is not reliant on using them.  You are correct in assuming that the "other 11" are effective -- they are.  90% of our blocked email never gets to the energize updates.  They are blocked by RBL, a rule or something else...  not by the Barracuda update.  You can configure the Barracuda to use specific blacklists (RBL) and your own specific rules based on content.
0
 
VortexAdminAuthor Commented:
That's great info, now I'd like the long answer.  :-)  Specifically, I wanted to find out if there was any kind of "activation" process or anything grouped with the energize updates/annual fees that disables any part of the device (as opposed to just not keeping it up to date.) As far as you know, the device is still completely useable without getting updates and paying monthly fees back to Barracuda?  Can anyone confirm this?
0
 
ParadiseITSCommented:
I can tell you it is useable.  I cannot tell you EXACTLY how effective it is but based on what I've seen most of the traffic is blocked by OTHER rules, not by the Energize updates.  And the Barracuda has a number of settings in it for effective SPAM blocking that you would find in SPAM Assassin.  What it has WITH the updates is fairly effective virus protection and additional SPAM protection -- you do not NEED that to use the SPAM Firewall.

You do not have to register it with Barracuda to have it work, as a matter of fact I had mine online "learning" my traffic without Energize updates and unregistered for about a month before I bothered -- I wasn't actually blocking anything at the time just using it as a pass through.  You will need to "train" your Barracuda too.

Barracuda does not require monthly fees or anything else if you don't purchase the Energize updates, but you also won't get any support from them, which if you check one of my other posts is marginal anyway.  However, they do retard the box a little as far as support goes.  For instance, I have been struggling with messages being stuck in my outgoing queue with no way to clear them (that I have found so far) and apparently Barracuda Techs are the only ones who can clear them out.  I think there must be a way, just haven't found it yet.  But the bottom line is they didn't help me one sniff worth as far as actually solving my problem which only occured when the Barracuda was in the loop.

One more consideration is Firmware updates.  I do not think you will get them without a support contract of some sort.  However, I have not had any real issues with the firmware mine shipped with, but have had a few with the new (3.5) firmware.  Go figure.
0
 
VortexAdminAuthor Commented:
Thanks for the info.  Anyone else use it without the energize updates?
0
 
VortexAdminAuthor Commented:
Well I didn't get positive confirmation from someone using the Barracuda without the updates but ParadiseITS, your answer does leave me to believe it can be done.  I may pick one up cheaply and experiment with it. I would also like to experiment with the Defender MX product perhaps in an appliance form factor.  Splitting the points for both of you.  ParadiseITS, if you leave a reply at the pointer question for the Barracuda I'll give you those points too.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Q_23153444.html

Thanks guys.
0
 
TorxbitCommented:
Yes you can use it without Energize updates.  It will track spam via spamassassin.  You will be without virus and kernel updates.  Unlike anti-virus however, spam detection does not have to be 100% accurate.

I personally find the licensing on the box to be outrageous.  They charge $400 a year to update free software, running on a free OS.
0
All Courses

From novice to tech pro — start learning today.