Your SlideShare is downloading. ×
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Build Your Own Spam Firewall
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Build Your Own Spam Firewall


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT
  • 2. Agenda
    • Introduction to Barracuda Networks (10 Min)
    • Building a security appliance using open source technologies (10 Min)
    • Anti-Spam technologies (40 Min)
    • System considerations (10 Min)
    • Q/A
  • 3. Company Background
    • Mission
      • Deliver easy to use and cost effective solutions for protecting email servers
    • Founded December 2002
      • Research and development since 2001
    • Barracuda Spam Firewall Launch October 2003
    • Barracuda Spyware Firewall Launch April 2005
    • Headquarters in Cupertino, California
      • Offices in Europe (UK), China (Shanghai), Canada, Australia, India, Pakistan, United Arab Emirates (Dubai), and USA
      • 100+ employees worldwide
      • Experienced management & development team
    • Privately Funded
      • Profitable
    • Market Leader
      • 14,000 customers worldwide
  • 4. Barracuda Spam Firewall
    • Comprehensive email protection
      • Blocks spam and virus
      • Integrated hardware and software solution
    • Ease of use
      • Plug-and-play
      • No changes needed to email servers
    • Enterprise Features
      • Reliable and Robust
    • Aggressively Priced
      • No per user licensing fees
    • Market leading anti-spam appliance
    Launched Oct. 13, 2003
  • 5. Barracuda Spam Firewall - Outbound Edition
    • Comprehensive MTA
    • Includes Barracuda Spam Firewall Features
      • Easy to use and Configure (web interface)
      • Secure
      • Reporting and logging
    • Stops Virus Proliferation
    • Enforces Corporate & Regulatory Policies
      • Foul language and security
      • HIPAA, Sarbanes-Oxley
    • Prevents Spamming & Open Relay Function
    Launched Jan. 17, 2005
  • 6. Barracuda Spyware Firewall Features
    • Gateway appliance
    • Powerful, easy to use & install
      • Intuitive user interface
    • Affordable
      • Prices starting at $1,999
    • Available in five models:
      • Spyware Firewall 210 ($1,999)
      • Spyware Firewall 310 ($ 3,299)
      • Spyware Firewall 410 ($ 5,999 )
    • Inline hardware appliance
    • Complete scalability for growing organizations
  • 7. Customers
  • 8. Cardinal Rules of Spam Filtering
    • No false positives!
    • A false positive where the sender is not notified is even worse
    • Reject rather than bounce
    • Don’t assume everyone’s mail looks like yours
  • 9. Open Source Technical Issues
    • Immature products: One size does not fit all
    • Mature products: Bloated codebase – hard to maintain
    • Security issues
      • Pro: an active community will find and fix security issues.
      • Con: an active community will introduce security flaws.
      • Con: publishing your source does expose you to more exploits. Hackers go for the lowest common denominator.
      • Chroot, chroot, chroot – it’s always worth it.
  • 10. Open Source Business Issues
    • Giving back to the community
      • Many changes aren’t for everyone
      • Extra time to polish changes for contribution
    • Separating proprietary technology
      • Configuration files are yours
      • Absolutely no linking if you don’t want to share.
  • 11. Anti-spam Technologies
    • Intent Analysis
      • Open alternative: SURBL – Bill Stearns’ URL Blacklist
      • Real-time query performance issues
    • RBLs
      • Spamhaus – only list with minimal false positives
    • SpamAssassin
      • Rules Updates
    • SPF
    • Rate Control/Throttling
    • Virus scanning
      • Several fairly good open source solutions…
      • No one solution catches all…
      • Combine them
  • 12. Anti-Spam Technologies (Cont.)
    • Bayesian
      • International Charsets
        • IBM’s ICU library very efficient
        • Token Chaining Crucial
      • Per-user Bayes very important
      • Noise reduction very helpful
      • Pro: most proactive anti-spam technique
      • Con: Troubleshooting is usually a nightmare!
      • Make user classification easy
  • 13. Controversial Anti-Spam Techniques
    • Graylisting
      • Pro: Very effective at blocking spam
      • Con: Potentially delays all messages from new senders by several hours
      • Con: Spammers know how to defeat it, but most don’t yet
    • Tarpitting
      • Pro: effective at slowing down dictionary attacks
      • Con: Will bury a busy system if a process or thread is required per connection.
    • Challenge-response
      • Increases internet chatter
      • Unless linked to outbound SMTP, can lead to “Deadlock”
  • 14. DNS MX Records
    • Example MX record
    • MX preference = 10, mail exchanger =
    • MX preference = 10, mail exchanger =
    • SMTP is great to load-balancing/failover
      • Put as many systems as you like at the same “Preference” and all known clients will round-robin until they find an available system
      • DON’T LEAVE YOUR MAIL SERVER AS A BACKUP MX FOR YOUR SPAM FILTER!! Spammers will attack it directly
  • 15. Phishing
    • No link should ever say that it is HTTPS in a message and then actually link to a non-HTTPS page
    • Relatively small list of known scams – fairly easy to keep up with if you have a good sample of email. It is worth the effort.
  • 16. Quarantine
    • Effective tool for reducing “False Positives” while increasing catch rate.
    • Best if integrated with directory services so that a user with multiple email addresses only has one quarantine box.
    • No perfect open-source solution:
      • Need web interface
      • Should send daily digest
  • 17. Per-User Settings
    • Major reduction in administration if users can update personal allow/block lists, passphrases, etc.
    • Again, best when integrated with directory services.
    • User interface issues.
  • 18. System Considerations
    • Databases:
      • Most open source databases are great for low-volume, general purpose applications.
      • In high load situations they all break down – specialized databases become necessary.
    • High-availability
      • Syncing of configurations (meta-data)
      • Syncing of quarantine information (data)
  • 19. System Considerations (Cont.)
    • Hard drives
      • Typical drives will last 6-12 months under a constant and steady mail load.
      • Use Raid
      • Turn off write cache (hdparm)
    • Filesystems
      • Use Journaling Filesystem
        • Ext3: slow, but robust
        • XFS/ReiserFS: faster, but less robust
        • Mount with synchronous I/O (sync)
  • 20. Fighting Spam Can Be Effective
    • False positives are not acceptable or necessary.
    • Keep your spam rules and virus definitions up to date.
    • Reduce your administration load and false positives/negatives by giving control to your users through personal settings and quarantine.
  • 21. Q/A