Barracuda Spam Firewall Product Launch

1

Build Your Own Spam Firewall Using Postfix
SpamAssassin Zach Levow, vp engineering April
20, 2005 / SecureIT
2
Agenda

• Introduction to Barracuda Networks (10 Min)
• Building a security appliance using open source
  technologies (10 Min)
• Anti-Spam technologies (40 Min)
• System considerations (10 Min)
• Q/A

3
Company Background

• Mission
• Deliver easy to use and cost effective solutions
  for protecting email servers
• Founded December 2002
• Research and development since 2001
• Barracuda Spam Firewall Launch October 2003
• Barracuda Spyware Firewall Launch April 2005
• Headquarters in Cupertino, California
• Offices in Europe (UK), China (Shanghai), Canada,
  Australia, India, Pakistan, United Arab Emirates
  (Dubai), and USA
• 100 employees worldwide
• Experienced management development team
• Privately Funded
• Profitable
• Market Leader
• 14,000 customers worldwide

4
Barracuda Spam Firewall

• Comprehensive email protection
• Blocks spam and virus
• Integrated hardware and software solution
• Ease of use
• Plug-and-play
• No changes needed to email servers
• Enterprise Features
• Reliable and Robust
• Aggressively Priced
• No per user licensing fees
• Market leading anti-spam appliance

Launched Oct. 13, 2003
5
Barracuda Spam Firewall - Outbound Edition

• Comprehensive MTA
• Includes Barracuda Spam Firewall Features
• Easy to use and Configure (web interface)
• Secure
• Reporting and logging
• Stops Virus Proliferation
• Enforces Corporate Regulatory Policies
• Foul language and security
• HIPAA, Sarbanes-Oxley
• Prevents Spamming Open Relay Function

Launched Jan. 17, 2005
6
Barracuda Spyware Firewall Features

• Gateway appliance
• Powerful, easy to use install
• Intuitive user interface
• Affordable
• Prices starting at 1,999
• Available in five models
• Spyware Firewall 210 (1,999)
• Spyware Firewall 310 (3,299)
• Spyware Firewall 410 (5,999)
• Inline hardware appliance
• Complete scalability for growing organizations

7
Customers
8
Cardinal Rules of Spam Filtering

• No false positives!
• A false positive where the sender is not notified
  is even worse
• Reject rather than bounce
• Dont assume everyones mail looks like yours

9
Open Source Technical Issues

• Immature products One size does not fit all
• Mature products Bloated codebase hard to
  maintain
• Security issues
• Pro an active community will find and fix
  security issues.
• Con an active community will introduce security
  flaws.
• Con publishing your source does expose you to
  more exploits. Hackers go for the lowest common
  denominator.
• Chroot, chroot, chroot its always worth it.

10
Open Source Business Issues

• Giving back to the community
• Many changes arent for everyone
• Extra time to polish changes for contribution
• Separating proprietary technology
• Configuration files are yours
• Absolutely no linking if you dont want to share.

11
Anti-spam Technologies

• Intent Analysis
• Open alternative SURBL Bill Stearns URL
  Blacklist
• Real-time query performance issues
• RBLs
• Spamhaus only list with minimal false positives
• SpamAssassin
• Rules Updates
• SPF
• Rate Control/Throttling
• Virus scanning
• Several fairly good open source solutions
• No one solution catches all
• Combine them

12
Anti-Spam Technologies (Cont.)

• Bayesian
• International Charsets
• IBMs ICU library very efficient
• Token Chaining Crucial
• Per-user Bayes very important
• Noise reduction very helpful
• Pro most proactive anti-spam technique
• Con Troubleshooting is usually a nightmare!
• Make user classification easy

13
Controversial Anti-Spam Techniques

• Graylisting
• Pro Very effective at blocking spam
• Con Potentially delays all messages from new
  senders by several hours
• Con Spammers know how to defeat it, but most
  dont yet
• Tarpitting
• Pro effective at slowing down dictionary attacks
• Con Will bury a busy system if a process or
  thread is required per connection.
• Challenge-response
• Increases internet chatter
• Unless linked to outbound SMTP, can lead to
  Deadlock

14
DNS MX Records

• Example MX record
• barracudanetworks.com MX preference 10, mail
  exchanger barracuda2.barracudanetworks.com
• barracudanetworks.com MX preference 10, mail
  exchanger barracuda.barracudanetworks.com
• SMTP is great to load-balancing/failover
• Put as many systems as you like at the same
  Preference and all known clients will
  round-robin until they find an available system
• DONT LEAVE YOUR MAIL SERVER AS A BACKUP MX FOR
  YOUR SPAM FILTER!! Spammers will attack it
  directly

15
Phishing

• No link should ever say that it is HTTPS in a
  message and then actually link to a non-HTTPS
  page
• Relatively small list of known scams fairly
  easy to keep up with if you have a good sample of
  email. It is worth the effort.

16
Quarantine

• Effective tool for reducing False Positives
  while increasing catch rate.
• Best if integrated with directory services so
  that a user with multiple email addresses only
  has one quarantine box.
• No perfect open-source solution
• Need web interface
• Should send daily digest

17
Per-User Settings

• Major reduction in administration if users can
  update personal allow/block lists, passphrases,
  etc.
• Again, best when integrated with directory
  services.
• User interface issues.

18
System Considerations

• Databases
• Most open source databases are great for
  low-volume, general purpose applications.
• In high load situations they all break down
  specialized databases become necessary.
• High-availability
• Syncing of configurations (meta-data)
• Syncing of quarantine information (data)

19
System Considerations (Cont.)

• Hard drives
• Typical drives will last 6-12 months under a
  constant and steady mail load.
• Use Raid
• Turn off write cache (hdparm)
• Filesystems
• Use Journaling Filesystem
• Ext3 slow, but robust
• XFS/ReiserFS faster, but less robust
• Mount with synchronous I/O (sync)

20
Fighting Spam Can Be Effective

• False positives are not acceptable or necessary.
• Keep your spam rules and virus definitions up to
  date.
• Reduce your administration load and false
  positives/negatives by giving control to your
  users through personal settings and quarantine.

21
Q/A