We help IT Professionals succeed at work.

How can I determine if a Server 2003 SBS server is connected to a Barracuda spam filter?

IT Guy
IT Guy used Ask the Experts™
on
How can I determine if a Server 2003 SBS server is connected to a Barracuda spam filter?

This Server 2003 SBS server is running Exchange Server 2003.

This server is located in another state. I don't have physical access to the server or network room.

I have been told by the users at this site that there is a Barracuda spam filter in the server closet.

We are not sure if this Barracuda spam filter is only being used by another company that shares the same networking closet or if it is still also being used for the company that I support.

I have run several tests from the Server 2003 SBS sever including running tracert commands, but these commands don't tell me what network devices are connected to the network which might be scanning and possibly quarantining incoming emails.

So what type of utility or test can I run that will tell me if this Barracuda spam filter is still being used by the company that I now support?

We don't have any information as to what the IP address assigned to this Barracuda spam filter might be.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If it's a single server type configuration I would get the outside ip address of the email server and telnet to port 25

Get ms record:
Nslookup -type mx your domain.com

Will return ip address then telnet

Telnet 123.123.123.123 25

Exchange will typically respond with exchange information.

You can also look at your firewall configs.
You can also check smtp on the server to see if a smart host is being used.  It there is open a web browser to http://ipadress:8000 and see if you get a barracuda login page.
Almost forgot, also check the email headers on any message you receive for anything that says Barracuda. If you see it, then you are using the firewall.  
IT GuyNetwork Engineer

Author

Commented:
Does anyone else have any further comments or suggestions?
This may be a stretch but here is a thought...
Typically Barracuda devices are deployed in "inline" mode which means they are between your router and "core" LAN switch -- the ports on barracuda devices are nothing more than a brige in most cases which means they are seen as switchports - If you can view the MAC address table of your switch you may find that the port the router is connected to also shows another MAC address on it (almost as if the router LAN was plugged into a switch) - this would be a sign.

I would then obtain any suspect MAC addresses and run them through a decoder for a "rough" guess at the manufacturer. I am not saying the info would be highly accurate but it might be worth a shot. Here is a mac decoder resource if needed.
http://www.techzoom.net/tools/check-mac.en 
the tool expects the mac in xx-xx-xx-xx-xx-xx format --
For example one barracuda device may come up as the following using the above tool - as mine did.
00-17-54-00-E3-xx      Arkino Corporation., Ltd

Hope this helps some at least...
Sudeep SharmaTechnical Designer
Commented:
I would recommend digerati1's suggestion. Email from your company to your personal address like yahoo.com, hotmail.com or gmail.com and check for message headers. You would see something like X-Sapm-Barracuda or something like that starting with X and has Barracuda.

Message headers

Headers contain tracking information for an individual email, detailing the path a message took as it crossed mail servers. Select your webmail provider or email client below for instructions on finding headers for a message.

http://mail.google.com/support/bin/answer.py?answer=22454

Sudeep