Spam filters/firewalls.

I currently run Barracuda Spam Firewall Model 300. We use our current appliance for the following:
Spam Filtering / AV Filtering. Inbound and Outbound
E-Mail Encryption using keywords in the subject and body of the e-mail message.

I need to upgrade/replace the device is because of admin permissions. The appliance seems to have only 3 types of users: Domain admin, helpdesk, and user. We tried using the helpdesk user accounts, but they do not have the required permissions to make changes to the appliance. We’re not allowed to use the domain admin permissions because domain admins are able to view messages leaving the appliance. Do you know if there’s a better model Barracuda has that has better permission levels for IT support, or a better a spam filter appliance that will block spam (obviously), encrypt outbound messages, and have more flexible permission levels that I can assign to IT support?
Domenic DiPasqualeSystem / Network AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
The appliance still have one type of account role called GRC role that provides DLP (data loss prevention) for your company by assigning one or more responsible persons with the task of viewing either message entries (Subject, From, To, etc.). Maybe should try if suite your case
This account always exists on the Barracuda Spam Firewall, but must be enabled via the Enable GRC Account setting on the BASIC > Administration page to be active. The administrator can enable or disable the GRC account at any time, but must re-create a password each time the account is re-enabled. The GRC account only has access to Outbound Quarantine logs, and can take the following actions with outbound quarantined messages:

Deliver – GRC determines that the message is allowed, per policy, and clicks the Deliver button.
Reject – GRC determines that the message is not allowed for delivery, per policy, and clicks the Reject button. If the Admin has configured it on the ADVANCED > Bounce/NDR Settings page, this action sends a bounce message to the sender in addition to deleting the message.
Delete – GRC determines that the message is not allowed to be sent and clicks the Delete button. The message will then be removed from the Outbound Quarantine log.
Otherwise, doubt other Barracuda can fulfil as a spam filter, hence maybe consider

- Watchguard XCS SecureMail Email Encryption. It will have the filtering as well
See its model matrix - 
(pdf @ and Encryption policy -

XCS has admin roles as well. Catch the section on "Configure the Admin User" onwards and maybe the delegation of additional admin user may helped though they also has on main admin user
Add Admin Users
There is only one primary admin user account, but you can add additional administrative users with Tiered Administration. This feature allows you to configure another user with full admin rights or with granular permissions that only give administrative rights to certain options.

For example, you can add a user who has permissions to administer reports or vacation notifications, but does not have any other administrative access. Granting full or partial admin access to one or more user accounts allows you to log actions performed by administrators because they have an identifiable user ID that can be tracked by the system.

....6. In the Administrator Privileges section, select the required administrative access for the user:

Full Admin
The user has administrative privileges equivalent to the admin user.

Delegated Domain Admin
The user has administrative privileges to a specific domain. No tiered admin permissions
are available when this is enabled.

there are also hosted email service for such as this if interested but may be quite out of scope...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Domenic DiPasqualeSystem / Network AdministratorAuthor Commented:
Ultimately, the goal is to be able to create users that can make any configuration changes to the Barracuda spam firewall, except be able to read the contents of any messages inbound or outbound. The GRC account seems to be the opposite of what I need. I'll research what WatchGuard has to offer.
btanExec ConsultantCommented:
Sure no solution is one size fit all fr long run as threat evolves and requirement changes too...product do not innovate at the same pace. We just have to open up for possible candidate. thks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.