Problems with Barracuda Networks blacklist

Since October 22, we have been having problems with Barracuda Networks
listing our outgoing mailserver on their intent list, with a "poor" reputation
as a source of spam.

I wondered if anyone else had had problems with them. I have had private email
suggesting that a few sites have.

Two issues:
- they won't say why we are on the list, or at least won't show
any evidence
- they distribute the blacklist to their customers who use their appliances,
and the out-of-box config seems to be to totally block SMTP connects prior
to EHLO with a 554 status message, and then have a 2 business day turnaround
to investigate/delist.
As many customers are clueless about mail (which is why they outsourced
their mail filtering) it's hard to get them to whitelist us.

My suspicions are that they tag full-body DSNs as spam, and attribute them to
us when our email forwards have failed. But they won't say.

See
http://andrew.triumf.ca/barracuda-problems.html

--
Andrew Daviel
TRIUMF

Re: Problems with Barracuda Networks blacklist

Andrew Daviel wrote in news:%Ll5j.68$sg.34@pd7urf1no:

> Since October 22, we have been having problems with Barracuda Networks
> listing our outgoing mailserver on their intent list, with a "poor"
> reputation as a source of spam.
>
> I wondered if anyone else had had problems with them. I have had
> private email suggesting that a few sites have.
>
> Two issues:
> - they won't say why we are on the list, or at least won't show
> any evidence
> - they distribute the blacklist to their customers who use their
> appliances, and the out-of-box config seems to be to totally block
> SMTP connects prior to EHLO with a 554 status message, and then have a
> 2 business day turnaround to investigate/delist.
> As many customers are clueless about mail (which is why they
> outsourced their mail filtering) it's hard to get them to whitelist
> us.
>
> My suspicions are that they tag full-body DSNs as spam, and attribute
> them to us when our email forwards have failed. But they won't say.
>
> See
> http://andrew.triumf.ca/barracuda-problems.html
>


I read your web page and your other post here. If Barracuda sites are
"looking" at DSN emails then they should make sure the bounces come from
their own site and are not backscatter; this can be done with a milter.
If they are "tagging" your site based on these kinds of tests they are
doing a bad job.

Andy

Re: Problems with Barracuda Networks blacklist

Outsider wrote in
news:Xns99FDCF695FA56outsideroutnet@69.28.186.158:

> Andrew Daviel wrote in news:%Ll5j.68$sg.34@pd7urf1no:
>
>> Since October 22, we have been having problems with Barracuda Networks
>> listing our outgoing mailserver on their intent list, with a "poor"
>> reputation as a source of spam.
>>
>> I wondered if anyone else had had problems with them. I have had
>> private email suggesting that a few sites have.
>>
>> Two issues:
>> - they won't say why we are on the list, or at least won't show
>> any evidence
>> - they distribute the blacklist to their customers who use their
>> appliances, and the out-of-box config seems to be to totally block
>> SMTP connects prior to EHLO with a 554 status message, and then have a
>> 2 business day turnaround to investigate/delist.
>> As many customers are clueless about mail (which is why they
>> outsourced their mail filtering) it's hard to get them to whitelist
>> us.
>>
>> My suspicions are that they tag full-body DSNs as spam, and attribute
>> them to us when our email forwards have failed. But they won't say.
>>
>> See
>> http://andrew.triumf.ca/barracuda-problems.html
>>
>
>
> I read your web page and your other post here. If Barracuda sites are
> "looking" at DSN emails then they should make sure the bounces come
from
> their own site and are not backscatter; this can be done with a milter.
> If they are "tagging" your site based on these kinds of tests they are
> doing a bad job.
>
> Andy
>


Now I think about it I guess that would not help. You could do the
backscatter test on your end which would help if the nobody does not help
(assuming this is even the cause).

Re: Problems with Barracuda Networks blacklist

Post removed (X-No-Archive: yes)

Re: Problems with Barracuda Networks blacklist

Andrew Daviel wrote:

> See http://andrew.triumf.ca/barracuda-problems.html

I read your note. I think your best course of action is to phone
your major business partners and explain: "Barracuda Networks is
blocking legitimate mail from us to you. If you want to receive mail
from us, please whitelist us or disable the Barracuda spam filter. If
neither approach appeals to you, please complain to Barracuda technical
support."

Now... as to your suspicion that backscatter may have gotten you
blacklisted: You should do everything in your power to avoid
backscatter. I'm not sure how your forwarding is set up, but maybe
you can use a milter to determine whether or not mail will be accepted
before attempting to forward it. (This may or may not be easy/possible.)

Regards,

David.

Re: Problems with Barracuda Networks blacklist

On 12/05/07 21:09, David F. Skoll wrote:
> Now... as to your suspicion that backscatter may have gotten you
> blacklisted: You should do everything in your power to avoid
> backscatter. I'm not sure how your forwarding is set up, but maybe
> you can use a milter to determine whether or not mail will be
> accepted before attempting to forward it. (This may or may not be
> easy/possible.)

I'm betting that the Barracuda is the edge SMTP device that would need
to be ""educated (I use the term loosely) and / or enhanced with a
milter, which may be rather difficult if my understanding of the fact
that Barracuda's are suppose to be maintenance free (administrative
changes to existing configuration values aside) turn key appliances.
I'm not even aware if it is possible to get terminal access to alter things.



Grant. . . .

Re: Problems with Barracuda Networks blacklist

On Dec 4, 6:53 pm, Andrew Daviel wrote:
> Since October 22, we have been having problems with Barracuda Networks
> listing our outgoing mailserver on their intent list, with a "poor" reputation
> as a source of spam.
>
> I wondered if anyone else had had problems with them. I have had private email
> suggesting that a few sites have.
>
> Two issues:
> - they won't say why we are on the list, or at least won't show
> any evidence
> - they distribute the blacklist to their customers who use their appliances,
> and the out-of-box config seems to be to totally block SMTP connects prior
> to EHLO with a 554 status message, and then have a 2 business day turnaround
> to investigate/delist.
> As many customers are clueless about mail (which is why they outsourced
> their mail filtering) it's hard to get them to whitelist us.
>
> My suspicions are that they tag full-body DSNs as spam, and attribute them to
> us when our email forwards have failed. But they won't say.
>
> Seehttp://andrew.triumf.ca/barracuda-problems.html
>
> --
> Andrew Daviel
> TRIUMF

It is hard to convince a DNSBL operator to listen to a stranger.
Rather than ask your email receipients to whitelist you, why not ask
them to raise a support question with Barracuda? The "we only talk to
customers" line is a common one, and usually can't be gotten around
any other way. In the meantime, why not change the MTA IP address? If
Barracuda fat-fingered an address, or otherwise made a not likely to
be repeated mistake, that will solve the problem for you. I highly
doubt they have a systematic misunderstanding of SMTP such as the one
you propose - if they did you would have much company. More likely
they just goofed up on your record, and don't want to bother fixing
it, because they have a lot of requests and only a few are legitimate.

Daniel Feenberg

Re: Problems with Barracuda Networks blacklist

Grant Taylor wrote:

> I'm betting that the Barracuda is the edge SMTP device that would need
> to be ""educated (I use the term loosely) and / or enhanced with a
> milter, which may be rather difficult if my understanding of the fact
> that Barracuda's are suppose to be maintenance free (administrative
> changes to existing configuration values aside) turn key appliances.
> I'm not even aware if it is possible to get terminal access to alter
> things.

It's probably not officially possible, but it's also probably not
that difficult if you're determined enough.

Barracuda doesn't use Sendmail (I believe their MTA used to be
Postfix, though they may have written their own MTA in recent versions
of their appliance.)

The Barracuda boxes are stock Linux servers. It is possible to
"repurpose" them with better software (and we have a small number of
customers who have done exactly that... :-))

Regards,

David.