[70502] in North American Network Operators' Group
Re: Barracuda Networks Spam Firewall
daemon@ATHENA.MIT.EDU (Jared B. Reimer)
Mon May 17 17:30:02 2004
Date: Mon, 17 May 2004 14:26:37 -0700
To: "John Neiberger" <John.Neiberger@efirstbank.com>
From: "Jared B. Reimer" <jared@theriver.com>
Cc: <nanog@merit.edu>
In-Reply-To: <s0a8d647.054@fstest05.fb>
Errors-To: owner-nanog-outgoing@merit.edu
>Did you not receive some basic support from them during your
>evaluation? A perceived 90% drop in performance is pretty significant
>and I'd imagine that they'd be interested in helping to determine the
>cause.
Sadly, they have not responded to my email on the topic, sent four days ago.
However, someone unrelated to the company emailed me off-list saying that
basically this is a known flaw in the product with back-end systems like
qmail that asynchronously bounce mail for invalid recipients. See below quote:
>We had this problem when our inbound-smtp server ( the server the
>barracuda is dumping mail to) was accepting all RCPT TOs: As a result
>dictionary attacks were getting through and creating 'unique recipients'
>on the Barracuda. As soon as I fixed my mail server to reject with a 220
>error on bogus RCPT TOs the problem cleared up.
This is a pretty serious flaw IMHO, if it is (in fact) true. qmail isn't
the only mailer that behaves this way. It looks like they may have tried
to kludge their way around this with LDAP in the case of MS Exchange, which
also does asynchronous bouncing of undeliverable mail IIRC.
-- Jared
