1. Barracuda Email Security Service - Overview . . . 2
1.1 Release Notes . . . 2
1.2 Getting Started . . . 12
1.2.1 Step 1: Understand How the Service Works . . . 12
1.2.2 Step 2: Initial Setup of the Service . . . 14
1.2.2.1 How to Create User Accounts . . . 16
1.2.2.2 How to Validate Your Domain . . . 17
1.2.2.3 How to Set Up MX Records for Domain Verification . . . 18
1.2.3 Step 3: Configure Scanning of Outbound Mail . . . 18
1.2.4 Step 4: Tune and Monitor the Default Spam and Virus Settings . . . 20
1.3 Advanced Inbound Email Filtering Policy . . . 20
1.3.1 IP Analysis - Inbound . . . 21
1.3.1.1 Barracuda Reputation and Email Categorization . . . 21
1.3.2 Content Analysis - Inbound Mail . . . 22
1.3.2.1 Attachment Filtering - Inbound . . . 22
1.3.2.2 Image Analysis - Inbound Mail . . . 23
1.3.2.3 Intent Analysis - Inbound Mail . . . 23
1.3.3 Bulk Email Detection . . . 23
1.3.4 Rate Control Inbound . . . 23
1.4 The Message Log . . . 24
1.4.1 Message Actions . . . 25
1.5 Configure Outbound Filtering Policy . . . 25
1.5.1 How to Use DLP and Encryption of Outbound Mail . . . 26
1.5.1.1 Medical Dictionary Source for DLP HIPAA Compliance . . . 28
1.5.2 Content Analysis - Outbound Mail . . . 28
1.5.3 Abuse Monitoring and Notifications . . . 28
1.5.4 Outbound Quarantine . . . 29
1.6 Advanced Configuration . . . 30
1.6.1 Secured Message Transmission . . . 30
1.6.2 Sender Authentication . . . 30
1.6.3 How to Configure Sender Policy Framework (SPF) for the Barracuda Email Security Service . . . 31
1.6.4 How to Configure Recipient Verification Using LDAP . . . 32
1.6.5 How to Configure Hosted Email Services . . . 33
1.6.5.1 How to Configure Google Apps for Inbound and Outbound Mail . . . 33
1.6.5.2 How to Configure Office 365 for Inbound and Outbound Mail . . . 35
1.7 Managing Domains . . . 38
1.8 Managing User Accounts . . . 39
1.8.1 Quarantine Notifications . . . 40
1.9 Reporting . . . 40
1.10 Barracuda Email Security Service User Guide . . . 41
1.11 How to Re-Enable A Suspended or Disabled Account . . . 45
1.12 Limited Warranty . . . 45
Barracuda Email Security Service - Overview
The Barracuda Email Security Service is a comprehensive and affordable cloud-based email security service that protects both inbound and outbound email against the latest spam, viruses, worms, phishing and denial of service attacks. Whether you manage your own mail server such as Microsoft Exchange or use a hosted service like Office 365, Spam and viruses are blocked in the cloud prior to delivery to your network, saving network bandwidth and providing additional Denial of Service protection.
Where to Start
Step 1: Understand How the Service Works Step 2: Initial Setup of the Service
Step 3: Configure Scanning of Outbound Mail
Step 4: Tune and Monitor the Default Spam and Virus Settings
Key Features
Protects against inbound malware, spam, phishing and Denial of Service attacks. Service is continuously updated with the latest threat definitions and software update.
Policy configuration to automatically encrypt, quarantine or even block certain outbound emails based on their content, sender or recipient.
Outbound filtering to keep sensitive data from leaving your organization while simultaneously ensuring that legitimate emails are delivered: create and enforce content policies to prevent credit card numbers, social security numbers, HIPAA data, customer lists and other private information from being sent by email.
Release Notes
What's New With Version 2.8.4
Stability improvements.What's New With Version 2.8.3
Improved Dashboard performance. (BNESS-3885)
Improved handling of message rejection in Outbound Quarantine. (BNESS-3889)
Fixed in Version 2.8.1
Messages are now deferred if either the virus scanner or Cloudscan are unavailable. (BNESS-3660)
What's New With Version 2.8.0
Web Interface
New Dashboard Page Layout and Features -
Threat Origins indicates the geographical region where blocked emails originate.
Top Recipient Domains shows the volume of email received by, and average number of recipients for, each domain. Traffic Status lets the user know when the last messages were received and delivered.
Subscription details shows when the subscription expires.
Inbound Email Statistics shows various statistics about incoming emails. Outbound Email Statistics shows various statistics about outgoing emails. Inbound Top Recipients shows information about the most common recipients.
Administrators - Give this guide to your users: Barracuda Email Security Service User Guide. It includes screenshots and easy-to-follow instructions for them to manage their accounts.
Outbound Top Senders shows information about the the most common senders. Documentation
Updated domain LDAP documentation. Mail Processing
Mail sent to a child domain that is not managed by the Barracuda Email Security Service will be delivered to the parent domain if it is managed by the Barracuda Email Security Service.
Spam Accuracy
Added support for Microsoft Access files in attachment filters. Added support for archived Microsoft Office files to attachment filters. Added support for archived PDF files to attachment filters.
Envelope senders with spoofed postmaster address will now be blocked.
Fixed in Version 2.8.0
Fix for rare occurrences of “duplicate serial” when transferring serials to new accounts. (BNESS-3676) Account expiration warning notices now include account information. (BNESS-3449)
What's New With Version 2.7.2
Web InterfaceScalability and performance improvements:
Improved web server response time. (BNESS-3491) Spam Accuracy
Scalability and performance improvements: Improved spam accuracy. (BNESS-3320)
What's New With Version 2.7.1
Web Interface'Empty message' text for tables with the ability to add inline will no longer be displayed. (BNESS-3440) Reports can now be exported to CSV format. (BNESS-2779)
Messages delivered through the Message Log are now marked as UI Delivered. (BNESS-3479) Headers of messages contain a virus display. (BNES-2739)
Spam Accuracy
Ability to use Domain Key Identified Mail (DKIM) for inbound spam blocking. (BNESS-3419, BNESS-3420, BNESS-3426)
Fixed in Version 2.7.1
Web Interface
Removed Subject tag from Email Categorization setting table. (BNESS-3407)
Minor behavioral changes to Message / Quarantine logs. (BNESS-3400, BNESS-3357, BNESS-3270) Spam Accuracy
Improvements on inherited policy settings. (BNESS-3405) General Spam Accuracy improvements. (BNESS-3346)
What's New With Version 2.7.0
Web Interface
Tables can now be sorted by some or all data columns throughout the web interface. (BNESS-3397)
New INBOUND SETTINGS > Sender Authentication page. On this page you can configure Sender Policy Framework (previously configured on the INBOUND SETTINGS > Anti-Spam/Antivirus page).
Spam Accuracy
Option to block on missing PTR Records, configured on the INBOUND SETTINGS > Sender Authentication page. (BNESS-3383)
Fixed in Version 2.7.0
Message Log
The Saved Searches window now shows all saved searches. (BNESS-2890) Web Interface
Layout improvements for tables. (BNESS-3393, BNESS-3394)
The primary tab will now remain highlighted after a refresh/reload. (BNESS-3164)
The USERS > Users List page now has a Next Page link at the bottom of the page. (BNESS-3349)
What's New With Version 2.6.2
Web Interface
Moved location of Save and Cancel buttons in web interface. (BNESS-3307)
Replaced Help link with a 'question mark' icon next to the page title to click for a help pop-up window.?
Message Log
Added support for "size_lt:" (message size less than <size in bytes>) search. (BNESS-1261)
Fixed in Version 2.6.2
Improved accuracy of "size_gt:" (message size greater than) search. (BNESS-3277) Searching users in linked accounts in Users list works as expected. (BNESS-3329) Browser-specific improvements in rendering web interface. (BNESS-3278, BNESS-3279) Improved Spam Accuracy. (BNESS-3167)
What's New With Version 2.6.1
Message Processing
Improved efficiency of Multilevel-Intent. (BNESS-3081)
Web Interface
Updated the web interface styling for improved look and feel, consistency. Improved Self-Service setup wizard. (BNESS-3150)
Improved LDAP efficiency for authentication. (BNESS-3149)
Fixed in Version 2.6.1
Improved handling of users' policies (See USERS > Default Policy). (BNESS-2386)
What's New With Version 2.6.0
Message Processing
Rate Control for inbound mail. This feature protects your mail server from spammers or spam-programs (also known as "spam-bots") that send large amounts of email to the server in a small amount of time. See the INBOUND SETTINGS > Rate Control page to configure.
Updated the web interface styling for improved look and feel. There are no navigation changes.
Added support for domain verification via CNAME records or via the technical contact from the WHOIS database. See the DOMAINS pag e or How to Validate Your Domain.
Added support for domain verification via the technical contact from the WHOIS database in the Barracuda Email Security Service Setup wizard.
Fixed in Version 2.6.0
On the OUTBOUND SETTINGS> Notifications page, the Quarantine Sender Notification default setting is No. (BNESS-3043) If the admin tries to reject a message in the OUTBOUND QUARANTINE, but has not already filled in the Reject Notification Address fi eld on the OUTBOUND SETTINGS > Notifications page, the error message now provides a link for the admin to click to enter that email address (BNESS-3043)
What's New With Version 2.5.4
Quarantine
Outbound quarantine support enables administrators to quarantine outbound messages based on policy - see the OUTBOUND page to configure.
SETTINGS > Content Policies
Quarantined messages are moved to an inbox, on the OUTBOUND QUARANTINE page, where the administrator can export, deliver, reject and delete messages in the list. Notification summary emails for quarantined messages can be sent to the administrator immediately, or on a daily or weekly basis. See the OUTBOUND SETTINGS > Notifications page to configure.
Quarantine notifications to senders of outbound quarantined messages can be enabled by the administrator to indicate that the message has not been delivered, and awaits evaluation by the administrator.
An NDR (non-delivery report) will be sent to senders of quarantined outbound messages that are rejected by the administrator. See the O page to configure.
UTBOUND SETTINGS > Notifications
Web Interface
With the Barracuda Express Setup, new Barracuda Email Security Service accounts have an updated setup wizard that includes Office 365 configuration.
Fixed in Version in 2.5.4
Improved message processing. [BNESS-2785]
What's New With Version 2.5.3
Mail Processing
Added support for Perfect Forward Secrecy. (BNESS-2871)
"Domain Not Found" response now includes IP address. (BNESS-2817) Improved recipient verification. (BNESS-2785)
Spam Accuracy
Improved outbound multi-level policy processing. (BNESS-2851) Apply email chain exemptions to bulk email. (BNESS-2869)
Documentation
Enhanced documentation regarding encryption for domain settings and for CloudScan settings.
Fixed in Version 2.5.3
Mail Processing
Ability to 'pass through' known cloud archivers for outbound traffic. (BNESS-2865) Improved check for adding outbound IP addresses. (BNESS-2765)
The Whitelist ALL function works as expected on the Quarantined Delivered page. (BNESS-2807)
Web Interface
The Domain pull-down menu now only displays when necessary. (BNESS-2766) Improved domain-level access control. (BNESS-2810, BNESS-2527)
Increased limits on access to messages that were sent to the Barracuda Message Center (Encryption Service). (BNESS-2792) General web interface improvements. (BNESS-2435)
Fixed rare cases in which some messages were not always listed in the user Quarantine. (BNESS-2864)
What's New With Version 2.5.2
Spam Accuracy
New cloud-based spam scanning engine, CloudScan, which leverages many of the spam scanning and detection techniques currently available on the Barracuda Spam Firewall appliance, including spam scoring.
Improved ability to handle long email discussions. (BNESS-2754) Improved response times to TLS setting changes. (BNESS-2683) Improved handling of URL redirects. (BNESS-2381)
Improved handling of MX record lookups. (BNESS-2388)
Additional SPF information added to message headers. (BNESS-2711)
Message Log
System-wide sender block policies as put into place by Barracuda are now identified as "System Sender Policies", to distinguish them from sender block policies as configured by administrators. [BNESS-2773]
Ability to submit categorization requests for previously uncategorized messages. [BNESS-2737]
Multiple improvements to the Message Log, including to its display and filtering capabilities. [BNESS-847, BNESS-1033, BNESS-2193, BNESS-2340, BNESS-2577, BNESS-2641, BNESS-2692, BNESS-2721]
Web Interface
Ability to limit synchronization of primary and linked addresses to the current domain. Takes effect starting after the new option on the Directory Services section of the DOMAINS > Domain Manager > Settings page is selected. [BNESS-1798]
Ability for administrators to initiate password resets for their users. [BNESS-935]
Multiple improvements to the web interface, including to the handling of entries on the Filters page. [BNESS-990, BNESS-1919, BNESS-2104, BNESS-2394, BNESS-2704, BNESS-2718, BNESS-2720, BNESS-2724, BNESS-2726, BNESS-2733, BNESS-2742, BNESS-2770]
Fixed in Version 2.5.2
Bulk deletion of users works as expected. [BNESS-2735] Repaired report generation. [BNESS-2675]
What's New With Version 2.5.1
Mail Processing
Received headers now include TLS information, when appropriate.
More detail provided for outbound message log entries when inbound side (Barracuda Email Security Service customer) blocks messages based on a DNSBL/RBL.
Web Interface:
Improved Barracuda Message Center user experience. New outbound attachment type / extension filter.
New Whitelist option in users' quarantine confirmation screen.
Fixed in Version 2.5.1
Improved handling of duplicate emails. [BNESS-2673]
Improved handling of HTTP queries during intent checks. [BNESS-2681] Fixed bug in handling of bulkmail setting. [BNESS-2682]
Spam Accuracy
Allow content blocks to override defer actions found earlier in intent. [BNESS-2699] Improved spam-accuracy around content intent. [BNESS-2700]
Continue to look for multilevel intent block action even if there is already a Defer action for the message. [BNESS-2701]
User Management
Correctly display default quarantine notification interval for users. [BNESS-1836] Ensure deleting linked users when deleting primary user email addresses. [BNESS-1858] Prevent creation of users that conflict with existing linked users. [BNESS-2657]
Web Interface
The Check Archives option works as expected for Inbound Attachment filter. [BNESS-1329] Avoid local cache for certain web interface checks of customer DNS. [BNESS-2484] Improved user/administrator session handling. [BNESS-2641, BNESS-2702]
Correct wording in Email Categories web interface elements on the INBOUND SETTINGS > Anti-spam/Antivirus page. [BNESS-2690]
Message Log
Improved message rendering. [BNESS-2558, BNESS-2697] Improved message log search function. [BNESS-2577] Improved Saved Searches function. [BNESS-2644]
Miscellaneous
More robust DNS queries. [BNESS-2569]
What's New With Version 2.5
Mail Processing
Email Categorization. This feature gives administrators an additional way to decide what to do with various types of emails from senders on the Barracuda Reputation Whitelist. These emails are separated into different categories such as Transactional Emails, Corporate Emails, and Marketing Materials, each of which can have a different delivery action associated with it from the INBOUND SETTINGS >
page. See for more details.
Anti-spam/Antivirus Barracuda Reputation and Email Categorization
Sender Policy Framework (SPF) Exemptions. You can exempt trusted/known IP addresses from SPF checks by clicking Add and adding the IP address(es) and associated netmask(s) to the table. Mail from these IP addresses will still be scanned for Exemption
spam.
Optional user notification when that user's password is changed by an account or domain admin. Saved searches now indicate the search type (inbound, outbound)
Fixed in Version 2.5
Mail Processing
Ability to block a message from the Message Details view. [BNESS-611] Ability to exempt IP addresses from SPF checking. [BNESS-2442] LDAP test now takes user filter into consideration. [BNESS-2618]
Improvements to the Request IP Exemption feature on the OUTBOUND SETTINGS > Abuse Monitor page. [BNESS-1317]
Domain Management
When a domain admin manages multiple domains, the Settings page shows correct information for each domain. [BNESS-2634] Domain admins that add a new domain are automatically granted management permissions for that domain. [BNESS-1188]
Message Delivery
Encrypted messages now display only the message headers when viewed from the Message Log and when downloaded. [BNESS-720] Redelivery for encrypted messages is now disabled. [BNESS-2076]
Delivering from a user's quarantine delivers to only that recipient. [BNESS-2589] Avoid redelivery of empty messages. [BNESS-2431]
Now blocking mail with no subject and no body. [BNESS-2626]
Improved detection of HTTPS URLs in multi-level intent checking. [BNESS-2632]
Messages blocked due to recipient verification are now logged with action 'Blocked' and reason 'Invalid Recipient'. [BNESS-2645]
Miscellaneous
Find (and use) primary account if user logs in with linked account [BNESS-2637]
What's New With Version 2.4.2
Web Interface
Improved validation of entered data, including for incorrectly-formatted domains and other entries made via bulk edit. [BNESS-943, BNESS-2188, BNESS-2500]
The USERS > User List page now includes the total number of users, displayed in Results number above the users list. [BNESS-1028] Statistics for messages classified as Bulk Email are now included in the Emails Processed by Action section of the BASIC > Status pa ge. [BNESS-2509]
The Domain level Status page now only displays the information relevant to that domain. [BNESS-1086]
The User column on the INBOUND SETTINGS > Sender Policies page has been renamed to Sender. [BNESS-1424]
Added Quarantine Status column to USERS > Users List page for account and domain admins, indicating whether or not each user in the list receives a quarantine digest (e.g. the Quarantine Notification Interval for the user is either Daily, Weekly, Custom or Never). [BNESS-1887]
The Sender Policy time stamp now reflects the Last Modified Time of that entry. [BNESS-2161]
The version number at the bottom of the status page now links to this Release Notes page. [BNESS-1869]
Message Log
Added a Reason column to the Message Log that indicates why a message had the listed action taken with it. [BNESS-2232]
A link for each domain within the Top Domains by Volume (30 days) report on the BASIC > Status page now leads to a 30-day Message Log search. [BNESS-856]
Expanded contents of Exported Logs. [BNESS-1266]
Quarantined items now show as yellow in the Action column. [BNESS-1760]
Fixed in Version 2.4.2
Improvements to multilevel intent analysis [BNESS-2533, BNESS-2573] Improved LDAP synchronization of user lists [BNESS-2563]
Improved delivery of New User Welcome Emails. Improved scanning of extracted content. [BNESS-2344]
Restored ability for all users to specify their own Quarantine Notification interval. [BNESS-2574] Encryption honored on explicitly allowed messages. [BNESS-2462]
Addressed rare situation where mail was sent to a domain's A record entry. [BNESS-2572]
Corrected display of special characters like and in recipient addresses in the % + Message Log [BNESS-2106. ]
Security
Resolved the following vulnerabilities:
High severity: Unauthenticated; remotely exploitable; account takeover; brute force [BNSEC-3196 / BNESS-2541] Medium severity: Cross-site request forgery (CSRF) [BNSEC-2339 / BNESS-2480, BNESS-2542]
What's New With Version 2.4.1
Mail Processing
Forwarders) to the Barracuda Email Security Service from outside sources. The Barracuda Email Security Service exempts any IP address in this list from Rate Control, SPF checks and IP Reputation. In the Received headers, the Barracuda Email Security Service will continue looking beyond a Trusted Forwarder IP address until it encounters the first non-trusted IP address. At this point, Rate Control, SPF checks and IP Reputation checks will be applied. Configure on the INBOUND SETTINGS > IP Address Policies page.
Sender Policy Framework (SPF) blocking options. When enabling SPF, you must specify one of two options:
BLOCK FAIL - The SPF FAIL (also referred to as Hard Fail) response indicates that the IP address of the message sender does not match the IP address or range of IP addresses specified in the sending domain name's SPF record, and that the real owner of the domain has specifically indicated that such messages should be rejected (blocked) as spoofed.
BLOCK FAIL, SOFTFAIL - The SPF SOFTFAIL response indicates that the message sender's IP address does not match the IP address or range of IP addresses specified in the sending domain name's SPF record. A SOFTFAIL means that the domain owner did not specify how such messages should be handled. Selecting this option means that messages in either the SPF SOFTFAIL or FAIL state are blocked.
Improved recipient verification process. Improved spam accuracy.
Web Interface
The Blocked action in the Emails processed by action section of the STATUS page now includes the Bulk reason.
Message Log
The Date field is now included in the Message Log export file. Improved message search performance for related domains.
Miscellaneous
Extended medical dictionary (HIPAA) for Predefined Filters (see the OUTBOUND SETTINGS > Content Policies page).
Fixed in Version 2.4.1
When the sender and recipient domain are both protected by the Barracuda Email Security Service, a blocked message from/to the same domain shows the Reason for the block only in the inbound Message Log. [BNESS-2348]
On the DOMAINS > Settings page, clicking the Synchronize Now button does not product an error message if the synchronization with the specified LDAP server is successful. [BNESS-1812]
What's New With Version 2.4.0
Dynamic Bulk Email Detection. Enables taking action with messages that contain anything that looks like unsubscribe links or unsubscribe instructions in the message body. Configurable on the INBOUND SETTINGS > Anti-Spam/Antivirus page. Option to create exemptions for predefined filters. See the OUTBOUND SETTINGS > Content Policies page.
Ability to scan more attachment types.
Message Log
Added time/date as a filter in Message Log. [BNESS-2407, BNESS-2445]
Adjusted Action Reasons for increased clarity and consistency, as displayed in Message View details in the Message Log. [BNESS-2185, BNESS-2297]
Improved rendering of messages, including those with absent or malformed content. [BNESS-2414, BNESS-2446] Downloaded messages now include X-BESS-* headers. [BNESS-2420]
Improved search performance in the Message Log. [BNESS-2449]
Spam accuracy
Improved detection of suspect URLs in message body. [BNESS-2443]
Improved interaction between Trusted Forwarder and Sender Policy Framework (SPF). [BNESS-2459]
What's New With Version 2.3.5
Mail Processing
All messages going through the Barracuda Email Security Service will now be subject to a size limit of 300MB. [BNESS-1082] Enhancements to spam detection, including improved URL scanning and handling of embedded URLs.
Improved support for customer domains that rely on suspect nameservers. [BNESS-2419] Improved handling of emails sent to multiple recipients of different suspect domains. [BNESS-2426] Improved outbound TLS functionality. [BNESS-2428]
Search
Ability to search through MIME-encoded From, To, Subject header fields (only for messages received using version 2.3.5 and later). [BNESS-2370]
Administration
Confirmation now required when deleting users. [BNESS-2400] "451 possible mail loop" events are now logged. [BNESS-2311]
Web Interface
Improved performance when displaying information for accounts with a large number of emails. [BNESS-2415] Improved display of messages encoded in UTF-8. [BNESS-2418]
Filtering for aliases (on the USERS > Users List page) is no longer case sensitive. [BNESS-2434]
Fixed in Version 2.3.5
Handling of emails with lines greater than 990 characters. [BNESS-2187] Whitelist function in the Users' Message Log. [BNESS-2408]
What's New With Version 2.3.4
Improved Spam Accuracy
Enhanced the algorithms for detecting spams in attachments, multi-level intent, and URL detection.
LDAP Support Enhancements
New User Filter setting in the Directory Services section of DOMAINS > Domain Settings page. This allows the administrator to better manage which accounts should be synced with the LDAP server.
Administration
Ability to disable notifications when adding aliases (linked addresses) to user accounts. [BNESS-2308]
Miscellaneous
Support for using CNAMEs in PTR records. IP addresses that resolve to a CNAME record can now be used as an outbound IP address, avoiding lack of Reverse DNS errors. [BNESS-2294]
Fixed in Version 2.3.4
Enhancements: Message Log
Improved layout for usability. [BNESS-2306] Updated the Reason filters. [BNESS-1244]
Various documentation updates. [BNESS-2323, BNESS-2322, BNESS-1005] Improved font size consistency in Quarantine Notifications. [BNESS-2325] Improved deferral deduplication with multi-recipient messages. [BNESS-2355]
What's New With Version 2.3.3
Message Log
Long domain or email address entries do not run into the Policy column. [BNESS-1009] The Message Log properly displays large HTML-rich messages. [BNESS-2279]
The Saved Searches section has been moved to the right of Advanced Filters [BNESS-2270. ] Improved search performance. [BNESS-946]
Improved description of multilevel/intent action reasons
URL blocking for Multi-Level Intent is correctly reported. [BNESS-2295]
Quarantine notifications
Improved rendering of non-English text in Subject and From fields.
Quarantine Notifications render character encodings as expected. [BNESS-1036], [BNESS-1767]
Fixed in Version 2.3.3
Enhancements:
Length of domain names is now limited. [BNESS-1126]
When a domain administrator adds a new domain, it is immediately visible in the domain administrator's view. [BNESS-1188] Fixes:
Count for graph Emails processed in the last 30 days no longer repeat when the range is 0k - 3k. [BNESS-1026] Email notification to alias (Linked) address is no longer blocked when UnManaged Users are set to BLOCK. [BNESS-1098] One alias email address cannot be linked to multiple BESS users. [BNESS-2194]
The Return to Previous Page link in the Printable View works as expected. [BNESS-2272] Destination server priority defaults to the current priority instead of 10. [BNESS-2293]
Selecting (No Content) messages and clicking the SPAM button works as expected. [BNESS-2296]
Clicking the SPAM button for a selected message does not show the message as Delivered in the Message Log. [BNESS-2305] Trying to deliver a blocked message changes the Delivery Status in the Message Log list and in the Message Details page as expected. [BNESS-2315]
Immediate notification in web interface if an IP address the admin enters is on the BRBL. [BNESS-2206] Message Content Filter matching attachments works as expected for PDFs. [BNESS-2115]
Predefined Filtering blocks PDF attachments containing a valid credit card number, as expected. [BNESS-2170]
LDAP syncing of user names works as expected, preventing incorrect blocking of legitimate users when UnManaged Users is set to BLOCK. [BNESS-2286]
When a message includes a domain which indicates suspicious intent, then Multi-Level Intent correctly defers the message instead of blocking it. [BNESS-2300]
The IP address owner is correctly identified when applying outbound rate control. [BNESS-2317]
What's New With Version 2.3.2
Enhancements to the Message Log functionality including:
Sender's email address is now displayed in the From column instead of display name. [BNESS-2212] Resizable columns. [BNESS-1825]
Message preview pane, which can be configured for location on the screen or can be turned off. Double clicking on a message now opens a new web page.
Ability to edit Mail Server configuration. [BNESS-1856]
Ability to define action (Defer, Block, Quarantine, or No Action) on Multi-Level Intent scanning from the INBOUND SETTINGS > page. [BNESS-2247]
Anti-Spam/Antivirus
Ability to print Message Log & Help screens. [BNESS-2251]
Support for multiple Barracuda Cloud Control accounts. [BNESS-2264]
Fixed in Version 2.3.2
Ensure duplicate entries are not being created [BNESS-987] E
Email addresses that have underscores work as expected. [BNESS-2216] Ensure rate control is applied even to trusted forwarders. [BNESS-2215] PTR records are cached correctly. [BNESS-2143]
Getting Started
In this Section
Step 1: Understand How the Service Works Step 2: Initial Setup of the Service
Step 3: Configure Scanning of Outbound Mail
Step 4: Tune and Monitor the Default Spam and Virus Settings
Step 1: Understand How the Service Works
The Barracuda Email Security Service is a pass-through service, accepting connections from a mail server, getting the initial "rcpt to" line and connecting to the destination mail server. The service then monitors the data stream for any spam or virus content and applies policies you configure in the service on the INBOUND SETTINGS and OUTBOUND SETTINGS pages.
The following topics help you understand what your Barracuda Email Security Service can do and how to approach configuring the features that are important to your organization policies. It is recommended that you understand these concepts before customizing the configuration of your Barracuda Email Security Service.
In this article:
Connection Management Layers Denial of Service Protection Rate Control
IP Analysis
Sender Authentication Mail Scanning Layers
Virus Scanning Intent Analysis Predictive Sender Profiling Notifications
Monitored Outbound Email Volume
Connection Management Layers
These layers identify and block unwanted email messages before accepting the message body for further processing. For the average small or medium business, more than half of the total email volume can be blocked using Connection Management techniques. Extremely large Internet Service Providers (ISPs) or even small web hosts, while under attack, may observe block rates at the Connection Management layers exceeding 99 percent of total email volume.
Denial of Service Protection
The Barracuda Email Security Service receives inbound email on behalf of the organization, insulating your organization's mail server from receiving direct Internet connections and associated threats. This layer does not apply to outbound mail.
Rate Control
Automated spam software can be used to send large amounts of email to a single mail server. To protect the email infrastructure from these flood-based attacks, the Barracuda Email Security Service counts the number of recipients from a sender to a domain during a 30 minute interval and defers the connections once a particular threshold is exceeded. Inbound Rate Control is a threshold for the number of recipients a domain is willing to receive from a sender (a single IP address) during a 30 minute interval. See also Rate Control Inbound. Inbound Rate control is configurable on the INBOUND SETTINGS > Rate Control page. Outbound rate control is set automatically by the Barracuda Email Security Service.
IP Analysis
following:
Barracuda Reputation - this feature leverages data on network addresses and domain names collected from spam traps and throughout other systems on the Internet. The sending histories associated with the IP addresses of all sending mail servers are analyzed to determine the likelihood of legitimate messages arriving from those addresses. IP addresses of incoming connections are compared to the Barracuda Reputation list, if enabled, and connections from suspicious senders are dropped.
External blocklists - Also known as real-time blocklists (RBLs) or DNS blocklists (DNSBLs). Several organizations maintain external blocklists of known spammers.
Allowed and blocked IP address lists - Customer-defined policy for allowed and blocked IP addresses. By listing trusted mail servers by IP address, administrators can avoid spam scanning of good email, both reducing processing requirements and eliminating the chances of false positives. Likewise, administrators can define a list of bad email senders for blocking. In some cases, administrators may choose to utilize the IP blocklists to restrict specific mail servers as a matter of policy rather than as a matter of spam protection.
Sender Authentication
Declaring an invalid "from" address is a common practice used by spammers. The Barracuda Email Security Service Sender Authentication layer uses a number of techniques on inbound mail to both validate the sender of an email message and apply policy. Sender Policy Framework (SPF) tracks sender authentication by having domains publish reverse MX records to display which machines are designated as mail sending machines for that domain. The recipient can check those records to make sure mail is coming from a designated sending machine.
Mail Scanning Layers
Virus Scanning
The most basic level of mail scanning is virus scanning. The Barracuda Email Security Service utilizes three layers of virus scanning and automatically decompresses archives for comprehensive protection. By utilizing virus definitions, Barracuda Email Security Service customers receive the best and most comprehensive virus and malware protection available. The three layers of virus scanning of inbound and outbound mail include:
Powerful open source virus definitions from the open source community help monitor and block the latest virus threats.
Proprietary virus definitions, gathered and maintained by Barracuda Central, our advanced 24/7 security operations center that works to continuously monitor and block the latest Internet threats.
Barracuda Real-Time System (BRTS). This feature provides fingerprint analysis, virus protection and intent analysis. When BRTS is enabled, any new virus or spam outbreak can be stopped in real-time for industry-leading response times to email-borne threats. The Barracuda Real-Time System allows customers the ability to report virus and spam propagation activity at an early stage to Barracuda Central. Virus Scanning takes precedence over all other mail scanning techniques and is applied even when mail passes through the Connection Management layers. As such, even email coming from "whitelisted" IP addresses, sender domains, sender email addresses or recipients are still scanned for viruses and blocked if a virus is detected.
Barracuda Antivirus Supercomputing Grid
An additional, patent-pending layer of virus protection offered by the Barracuda Email Security Service is the Barracuda Antivirus Supercomputing Grid, which can protect your network from polymorphic viruses. Not only does it detect new outbreaks similar to known viruses, it also identifies new threats for which signatures have never existed using "premonition" technology.
Intent Analysis
All spam messages have an "intent" – to get a user to reply to an email, to visit a website or to call a phone number. Intent analysis involves researching email addresses, web links and phone numbers embedded in email messages to determine whether they are associated with legitimate entities. Frequently, Intent Analysis is the defense layer that catches phishing attacks. The Barracuda Email Security Service applies various forms of Intent Analysis to both inbound and outbound mail, including real-time and multi-level intent (or 'content') analysis. Multi-level, or
intent, is the process of identifying URLs in an email message body that redirect to known spam or malware sites. content
Enable or disable intent on the INBOUND SETTINGS > Anti-Spam/Antivirus page. Advanced Spam Detection
You can configure spam detection for custom categories by setting a 'score' for content type on the INBOUND SETTINGS >
page. This score ranges from 0 (definitely not spam) to 5 (definitely spam). Based on this score, the Barracuda Email Anti-Spam/Antivirus
Security Service will block messages that appear to be spam and they will appear in the user's Message Log with the category responsible for the block.
When spammers try to hide their identities, the Barracuda Email Security Service can use Predictive Sender Profiling to identify behaviors of all senders and reject connections and/or messages from spammers. This involves looking beyond the reputation of the apparent sender of a message, just like a bank needs to look beyond the reputation of a valid credit card holder of a card that is lost or stolen and used for fraud. Some examples of spammer behavior that attempts to hide behind a valid domain, and the Barracuda Email Security Service features that address them, include the following:
Sending too many emails from a single network address: Automated spam software can be used to send large amounts of email from a single mail server. The Rate Control feature on the Barracuda Email Security Service limits the number of connections made from any IP address within a 30 minute time period. Violations are logged to identify spammers. Rate Control is automatically configured by the Barracuda Email Security Service.
Attempting to send to too many invalid recipients: Many spammers attack email infrastructures by harvesting email addresses. Recipient Verification on the Barracuda Email Security Service enables the system to automatically reject SMTP connection attempts from email senders that attempt to send to too many invalid recipients, a behavior indicative of directory harvest or dictionary attacks. You can exempt email addresses of trusted, verified recipients from Recipient Verification using the INBOUND SETTINGS > Recipient Policies p age.
Registering new domains for spam campaigns: Because registering new domain names is fast and inexpensive, many spammers switch domain names used in a campaign and send blast emails on the first day of domain registration. Realtime Intent Analysis on the Barracuda Email Security Service is typically used for new domain names and involves performing DNS lookups and comparing DNS configuration of new domains against the DNS configurations of known spammer domains. Enable Intent Analysis on the INBOUND
page. SETTINGS > Anti-Spam/Antivirus
Using free Internet services to redirect to known spam domains: Use of free websites to redirect to known spammer websites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. With Multilevel Intent Analysis, the Barracuda Email Security Service inspects the results of web queries to URIs of well-known free websites for redirections to known spammer sites. Enable Intent Analysis on the INBOUND SETTINGS > Anti-Spam/Antivirus page. Notifications
The Barracuda Email Security Service sends out two kinds of notifications:
Quarantine Digest: For email recipients which are listed in the Barracuda Email Security Service database (see Managing User Accounts) , a notification email containing a summary of quarantined email is sent to their email address at an interval you specify for users. See Qu
for information about configuring these types of notifications. arantine Notifications
Attachment Blocking for Content: A notification will be sent to the sender of a message when it is blocked due to attachment content filtering. Configure content filtering for inbound email from the INBOUND SETTINGS > Content Policies page.
Monitored Outbound Email Volume
The Barracuda Email Security Service monitors the volume of outbound email from the system to the internet. If the volume exceeds normal thresholds during any given 30 minute interval, the Rate Control function will take effect, causing all outbound mail to be deferred until the end of the 30 minute time frame. The outbound mail flow will then continue unless the volume is exceeded again in the next 30 minute interval. If so, Rate Control will again be triggered and outbound mail will be deferred until the end of the time frame. The allowable volume of outbound mail for an IP address can potentially be increased if the user clicks the Request Increased Limit button on the OUTBOUND Settings > Abuse Monitor p age. The request will be reviewed by Barracuda Networks and the limit on the rate of outbound mail from the Barracuda Email Security Service may be increased. If this situation occurs frequently for a particular sending IP address, that IP address will be listed in the OUTBOUND Settings
page in the IP Addresses With Recent Abuse table. > Abuse Monitor
Continue with Step 2: Initial Setup of the Service.
Step 2: Initial Setup of the Service
To get started with the Barracuda Email Security Service, visit https://www.barracuda.com/products/emailsecurityservice and click Sign Up Free. This will bring up the sign up page where you can create a customer account with Barracuda Networks and then configure your installation per the steps listed here. After you log into your account you can link your Barracuda Email Security Service to Barracuda Cloud Control.
If you already have an account, log in by visiting https://www.barracuda.com/ and clicking the Customer Login button, and then skip to Connect below.
to the Service In this article: Create An Account Connect to the Service
Purchase and Activate Your Subscription
1. 2. 3. 4. 1. 2. a. b. 1. a. b. c. d. 2.
Configure Your Mail Servers and Domain Secure Your Mail Server
Set Up User Accounts
Create An Account
To create a Barracuda Cloud Control account:
Visit https://login.barracudanetworks.com/ and enter your email address and password. Click Sign In to log into your account. Click the Create a user link.
Enter your name, email address, and company name, and click Create User. Follow the instructions emailed to the entered email account to log in and create your Barracuda Cloud Control account.
After submitting your new account information, the Account page displays your account name, associated privileges, username, and Barracuda Networks products you associate with your Barracuda Cloud Control account.
Connect to the Service
Click on the Email Security Service product link on the left navigation pane of your customer account page to connect with the service. On the setup page, click the Start Email Security Service Setup button. You will be directed to enter your contact information and number of users. Once the form is complete, click Create Account .
You will see the Welcome page where you can either:
Click the Begin Express Setup button to use the setup wizard, or
Click the Email Security Service link on the left side of the page to use the web interface and configure domains and settings manually as described below.
Purchase and Activate Your Subscription
If you have not yet purchased a Barracuda Email Security Service subscription, you will have 30 days to try the service before purchase. Once you have paid for the service, you'll receive a confirmation email with a Serial Number and a Linking Code. To activate your subscription, click Ap
in the section of the page and enter both of these values on the
ply new Linking Code Subscription DASHBOARD Enter purchased linking
page. code
Ensuring Connectivity and Redundancy With the Service
Important: To ensure connectivity between your mail server, LDAP server (where applicable) and the Barracuda Email Security Service, note the following. The Getting Started steps that follow will guide you in proper configuration.
Open up your firewall ports to allow the IP address range 64.235.144.0/20 such that your LDAP and MS Exchange servers can communicate with the Barracuda Email Security Service.
Where relevant, make sure that your network subnet is granted access in the ACL on your mail server (and LDAP server, for that matter).
Configure Your Mail Servers and Domain
Add each domain and mail server you want the Barracuda Email Security Service to secure on the DOMAINS > Domains Manager page :
Enter the domain name and Smart host or mail server IP address or hostname (FQDN). If you need to specify a destination port, append it to the hostname or IP address of the mail server (e.g. my.mail.servername:587).
Click the Add button. You'll be redirected to the DOMAINS > Domain Settings page.
Enter a Priority for the mail server (this is optional and only applies if there are multiple mail server hostnames added). To add additional mail servers, click the Add Mail Server button.
To test the mail server, click the Test link in the table for that server. To delete the mail server entry, click the Remove link in the table.
Verify each domain. This must be done with the Barracuda Email Security Service for proof of ownership. Repeat the steps below for each domain for which Barracuda Email Security Service will be processing mail. If you don't verify all of the domains you add, you'll be Important: If your trial period expires before you purchase a subscription, or if you do not renew your subscription, you will see a warning message at the top of every page indicating that your account has expired and is either suspended or disabled.
If Suspended, the service will only continue to scan viruses. Configured policies will no longer be applied, spam will not be blocked, and spooling will be disabled.
2. a. a. b. c. 3. a. b. c. d. e.
prompted by an error message at the top of the page to verify them.
Click the Verify link in the Status column. The DOMAINS > Domain Verification page will prompt you to select one of the following ways to verify the domain ownership:
MX Records – See How to Set Up MX Records for Domain Verification. CNAME Records – Configure this option with these steps:
Log into your DNS Server and, under this domain, create a subdomain whose name is created by concatenating 'barracuda' and the CNAME token shown on the Domain Verification page. For example: barracuda30929916985.
. mydomain.com
Point the CNAME record of that subdomain to ess.barracuda.com You might have to wait for a short time for the DNS propagation to take effect.
Click Next on the page to complete the domain verification process. This domain should then show as Validated in the DOMAINS page when you log into the service web interface.
Email to the domain's technical contact – This method sends a verification email to the technical contact email address, if it exists, listed on your domain's WHOIS entry. This verification option is not available if the Barracuda Email Security Service cannot find your domain's WHOIS entry. If there is not a technical contact, then only the MX Records and Email to the
options displays on this page. Postmaster
Email to the postmaster – This method sends a verification email to the postmaster email address for your domain. The confirmation email will include a link that the recipient can click to verify the domain.
From the DOMAINS > Domains Manager page, click Settings for each domain, which brings up the DOMAINS > Domain Settings pa ge, and configure the following.
Alias the domain to another domain you've already added and configured. This feature is optional. If you make this domain an alias for one you've already configured, this domain will 'inherit' the settings you created for the other domain.
Configure SMTP Over TLS if you want to send messages from this domain via a secure TLS connection. This feature is optional. Enable Spooling if you want the Barracuda Email Security Service to retain all of your email for up to 96 hours if your mail server goes down. Select On to enable or Off to disable. If Spooling is Off and the service cannot connect to your mail server, the mail is deferred and the Delivery Status in the Message Log will be Not Delivered. The sending mail server, depending on its configuration, has the option of retrying the message or notifying the sender that the mail was deferred or failed. Follow instructions in the Help for the DOMAINS > Domain Settings page page to configure how you will add users, and optional LDAP settings.
Click Save Changes.
Secure Your Mail Server
Set Up User Accounts
There are two ways to create an account in the Barracuda Email Security Service. You can manually create 'local' user accounts or, if you are using LDAP, you can have the service automatically synchronize with your LDAP server and create accounts for users of each domain you have added to the service.
If you want to synchronize the Barracuda Email Security Service with your existing LDAP server, you can configure that from the DOMAINS >
page. See for how to configure.
Domain Settings Recipient Verification Using LDAP
For details on user account creation and configuration, see Managing Accounts. Continue with Step 3: Configure Scanning of Outbound Mail.
Important!
Important: If you have Sender Policy Framework (SPF) checking enabled on your mail server or network, it is critical when using the Barracuda Email Security Service that you either disable SPF checking in the service OR add the Barracuda Email Security Service IP range (64.235.144.0/20) to your SPF exemptions. If this is not done, your SPF checker will block mail from domains with an SPF record set to Block. This is because the mail will be coming from a Barracuda Email Security Service IP address which is not in the sender's SPF record. For more information about SPF, see Sender Authentication.
You will need to block all port 25 traffic except for that originating from the Barracuda Email Security Service IP address range. The service will communicate with your network for LDAP lookup (if you enable LDAP) from this range as well.
1. 2. 3. 1. a. b. 2. a. 3.
How to Create User Accounts
Local User Accounts
From the USERS > User List page you can manually add, update or delete local user accounts in the Barracuda Email Security Service if you are not using LDAP, or if you just want to create a few test accounts.
The first time the Barracuda Email Security Service receives an email for that user and the message is quarantined, and if Enable User is set to on the page, the user will receive a quarantine notification email at the scheduled Quarantine Yes USERS > Add/Update Users
quarantine notification interval. Depending on how you configure the quarantine notification interval on the USERS > Quarantine Notification pa ge, the user will receive a quarantine digest at a specified time. From the USERS > Quarantine Notification page you can also enable the user to set their own quarantine notification interval.
If Notify New Users is set to Yes on the USERS > Add/Update Users page, then the user will receive a welcome email upon account creation.
Automatic Account Creation
There are two ways to have the Barracuda Email Security Service create user accounts:
LDAP Synchronization: For increased security you can configure the Barracuda Email Security Service to validate the receiving email address of a message against your LDAP server before creating an account. This helps prevent creating accounts for invalid users. Configuration of LDAP parameters is detailed under How to Configure Recipient Verification Using LDAP.
With LDAP synchronization, the Barracuda Email Security Service can create user accounts for all users in the domain automatically based on your LDAP directory. The user list will then be synchronized with your LDAP server on a regular basis. The first time the Barracuda Email Security Service receives a Not Allowed email for a valid user, the service does the following:
Uses the email address of the recipient as the username of the account and auto-generates a password. If Use LDAP for
is set to on the page, the user will receive an email with the login information so they Authentication No DOMAINS > Domain Settings
can access their quarantine account. Otherwise the user will use single sign-on via LDAP lookup. Places the quarantined message in the account holder’s quarantine inbox.
Sends a quarantine summary report to the account holder at the specified notification interval, as set on the USERS > Quarantine page. If is set to on this page, then the quarantine summary report will be sent to the Notification Allow users to specify interval Yes
user on the schedule they specify on the SETTINGS > Quarantine Notification page once they log into their account. Default is Daily. Auto Creation: The first time the Barracuda Email Security Service receives an Allowed email for a nonexistent user at a domain configured for the service, if that same recipient receives a second email 1-6 days later, a new user account is created. This method of new account creation does not use LDAP lookup, and the user will receive an email from the Barracuda Email Security Service with their login information so they can access their quarantine account.
How to Validate Your Domain
Before you can route mail for your domain through the Barracuda Email Security Service, you must verify ownership of the domain. If you didn't already do this through the Setup wizard, see the DOMAINS page and click on Verify in the Status column next to your domain. Choose one of the following methods for ownership verification.
MX Records - See How to Set Up MX Records for Domain Verification.
CNAME Validation - This method requires that you have access to your DNS server and requires the following steps: If you are validating in the Express (Self-service) Setup wizard:
Click I do not want to route my e-mail through Barracuda at this time. Show me more options to verify domain , and then you'll see additional verification options.
ownership.
Log into your DNS Server and, under this domain, create a subdomain whose name is created by concatenating barrac
and the CNAME token as shown in the page. For example: .
uda barracuda30929916985.mydomain.com
If you are validating from the DOMAINS page in the Barracuda Web Security Service web interface:
Log into your DNS Server and, under this domain, create a subdomain whose name is created by concatenating 'barracuda' and the CNAME token shown on the Domain Verification page. For example: barracuda30929916985.
. mydomain.com
Point the CNAME record of that subdomain to ess.barracuda.com
The welcome email is only sent to a user when you manually create the account - it is not sent if the account was created automatically as described below.
3.
4.
1. 2. 3.
You might have to wait for a short time for the DNS propagation to take effect.
To complete the domain verification process, click Confirm Validation on the Barracuda Email Security Service Setup screen, or click Next from the DOMAINS > Domain Verification page. This domain should then show as validated in the DOMAINS pag e in the service web interface.
Email to Technical Contact - This method sends a verification email to the Technical Contact email address, if it exists, listed on your domain's WHOIS entry. This verification option is not available if the Barracuda Email Security Service cannot find your domain's WHOIS entry. If there is not a Technical Contact, then only the MX Records CNAME, and Email to the Postmaster options are available. Email to the Postmaster -This method sends a verification email to the postmaster email address for your domain. The confirmation email will include a link that the recipient can click to verify the domain.
How to Set Up MX Records for Domain Verification
Begin by adding each domain for which you want the Barracuda Email Security Service to filter email on the DOMAINS page. Each of the domains must be verified by the Barracuda Email Security Service for proof of ownership. After adding a domain, the DOMAINS > Domain
page will prompt you to select one of three ways to verify the domain ownership. To use the MX Records method: Verification
Click the (Verify) link for your newly added domain on the DOMAINS page. Click the radio button for the MX records.
Replace your current MX records with the BESS MX records displayed on the verify page.
NOTE: If you want to first test the Barracuda Email Security Service, or you just want to be careful moving your mail to the Barracuda service, then just ADD the MX records with a LOW priority (99 for example). This will allow you to complete the verification process, but your legitimate mail will still use your current mail server.
For example:
mydomain.com. 21600 IN MX 10 mailserver1.mydomain.com. mydomain.com. 21600 IN MX 15 mailserver2.mydomain.com. mydomain.com. 21600 IN MX 99 xxxxxxx.ess.barracudanetworks.com. mydomain.com. 21600 IN MX 99 xxxxxxx.ess.barracudanetworks.com.
Once you have made the change to your MX records, return to the verification page in the Barracuda Email Security Service and click Next. The Barracuda Email Security Service should see the changes made and verify your domain. If the domain does not verify correctly, please check that your MX changes are live. You can do this by using the following sites that return your MX information:
http://mxtoolbox.com/
(select the MX option) https://toolbox.googleapps.com/apps/dig/
If your domain's MX records are not yet showing the Barracuda Email Security Service MX records, then you will need to wait until they do before your domain can be verified.
To view the MX record configuration or mail statistics for a verified domain, click the Settings link in the table for your domain on the Domains page.
Manager
Step 3: Configure Scanning of Outbound Mail
The Barracuda Email Security Service may be configured to scan outgoing mail simultaneously with scanning inbound mail. To enable spam and virus scanning of outbound mail, follow the steps below.
In this article:
Add Valid Sender IP Address Ranges Configure Your Mail Server or Smart Host Verify That Mail is Flowing
What Outbound Mail Scanning Includes Encryption of Outbound Mail
It is possible that you may see some mail in the Message Log after making this MX record change. This is because spammers routinely send mail to all MX records for a domain.
1. 2.
Outbound Message Footer
Add Valid Sender IP Address Ranges
From the OUTBOUND SETTINGS > Sender IP Address Ranges page:
Add and verify domains for outbound mail by following the steps in Step 2: Initial Setup of the Service.
Click the Add button. Enter the IP Address and Domain Name (logging domain) and an optional Comment, and then click Add. Note that each mail server must contain a reverse DNS PTR record.
Each IP address from which you want to allow outgoing mail through the Barracuda Email Security Service must be listed on this page. The Logg is the domain name that will appear in the as the sending domain for the associated IP address.
ing Domain Message Log
Configure Your Mail Server or Smart Host
To relay outbound mail through the Barracuda Email Security Service, in your mail server or Smart host, specify the hostname value from the Out field on the page for each domain from which you'll be relaying outbound mail.
bound Hostname DOMAINS > Domain Manager
Verify That Mail is Flowing
Check the DASHBOARD and MESSAGE LOG pages to make sure that inbound and outbound messages are being logged for the selected domain. The Message Log page provides rich searching using a set of keywords with your search words or phrases. See The Message Log for more information on filtering messages.
What Outbound Mail Scanning Includes
Spam Scanning with Block or Quarantine actions Virus Scanning
IP Address Filtering
Sender Domain, Username or Email Address Filtering Recipient Email Address Filtering
Content Filtering (Subject, Header and Body) with Block, Allow, Encrypt or Quarantine actions Attachment Filtering
Intent Analysis See also Outbound Quarantine.
The following scanning tools are not applied to outbound mail: IP Reputation, a sender authentication mechanism
SPF (Sender Policy Framework), a sender authentication mechanism Whitelist/blocklist
Encryption of Outbound Mail
To prevent data leakage and ensure compliance with financial, health care and other federally regulated agency information policies, you can require all email sent from any or all domains configured in your Barracuda Email Security Service to be encrypted. Create policies for encryption of outbound mail in the OUTBOUND > Content Policies page at the domain level. See How to Use DLP and Encryption of Outbound Mail for more information.
Transmission of inbound and outbound email can be required over a TLS channel as well - see Secured Message Transmission for details.
Outbound Message Footer
The Barracuda Email Security Service can append a custom text and/or html footer to each outbound message, configurable at the global level on Important: To assure recipients of outbound mail from your Barracuda Email Security Service that Barracuda Networks is the
authorized sending mail service, please add the following to the INCLUDE line of the SPF record for each of your domains sending outbound mail: include:spf.ess.barracudanetworks.com
All messages going through the Barracuda Email Security Service are subject to a size limit of 300MB. This includes all headers, body and attached content.
the OUTBOUND SETTINGS > Tagline/Footer page.
Continue with Step 4: Tune and Monitor the Default Spam and Virus Settings.
Step 4: Tune and Monitor the Default Spam and Virus Settings
Once email is flowing through the Barracuda Email Security Service, use the MESSAGE LOG page to get an idea of how many messages are being blocked or quarantined and for what reasons. Click on any message in the Message Log to see the message details, including the action and reason if the message was blocked or quarantined. Reviewing this log will give an idea of how current settings are filtering messages. See Th
for more information on using the log. e Message Log
Per-Domain Management
Configure specific settings, including spam and virus settings, policies for inbound and outbound mail, and quarantine settings for each domain you add to the service by drilling down via the DOMAINS > Domain Manager page. Click the Manage link for the domain you want to configure. You will see the same feature configuration pages available at the global level for the domain. For example, you might want to turn off virus scanning for a domain that is internal and already protected by an anti-virus solution. Or you might want to customize content and attachment filtering policies for each domain, depending on the type of email you expect to be flowing to and from the domains.
You can then return to global management of all of your domains by click the Return to account management link above the feature configuration pages.
Basic Spam and Virus Checking
Virus scanning is automatically enabled in the Barracuda Email Security Service and the system checks for definition updates on a regular basis (hourly by default). Virus Scanning takes precedence over all other mail scanning techniques, so even email coming from whitelisted IP addresses, sender domains, sender email addresses or recipients are scanned for viruses and blocked if a virus is detected.
The INBOUND SETTING > Anti-Spam/Antivirus page allows you to enable or disable virus checking. If you enable Use Barracuda Real-Time
on the page, the Barracuda Email Security Service will check unrecognized spam and
System INBOUND SETTINGS > Anti-Spam/Antivirus
virus fingerprints against the latest virus threats logged at Barracuda Central.
Use the INBOUND SETTINGS > Anti-Spam/Antivirus page to enable/disable spam filtering mechanisms and set scoring for spam categories. See Advanced Inbound Email Filtering Policy for information about how spam filtering works and determine what might work best for your organization. After you change the settings, you can use the DASHBOARD and MESSAGE LOG pages to monitor and tune your configuration.
Viewing Email Statistics
The DASHBOARD page provides an overview email statistics for inbound and outbound mail traffic protected by the Barracuda Email Security Service, including:
A graph of the geograpic origins of threats detected by the Barracuda Email Security Service.
Hourly or daily email statistics that display the number of inbound and outbound messages blocked, allowed and quarantined for the last 24 hours and 30 days.
Top domains for which mail has been processed by the system. Top blocked domain, recipients and senders for the timeframe.
Click the Help link on the DASHBOARD page for more information.
Each time you log into the Barracuda Email Security Service, you’ll first be presented with the DASHBOARD page. If you have added domains which have not yet been verified by the service, you’ll see this message with a warning symbol at the top of the page:
You have one or more unverified domains. Click hereto verify your domains.
Advanced Inbound Email Filtering Policy
In this Section
Important
When you click the Manage link on the DOMAINS > Domain Manager page, the settings you change apply to that domain specifically and override global settings for that domain.
