Reverse DNS and IP Reputation in Barracuda AntiSpam / AntiVirus Firewall
CHUONG K. NGUYEN – BSc., MCSEx2, MCSAx2, MCP, MCTS, MCITP, CCNA
A while back, I configured the Barracuda AntiSpam / Antivirus Firewall 300 for my home lab to block email with Russian Character Set. I did this under Block/Accept, Regional Settings, Block Russian. This means if any email (coming from any domain) that contains Russian characters will be blocked.
Additionally, I also blocked any email coming from domain that ends with “ru”. Under Sender Filter, I chose to block “ru”. This means email coming from *.ru is being blocked.
Recently I re-thought about this issue. What if my organization has a Russian client and she wants to receive email with Russian Character Set. I then changed Chracter Set Policy to Tag instead of Block.
As an extra level of security, Go to Reverse DNS, select to Block the ru TLD. This means that email coming from the top level domains of the Russia country will be blocked.
Barracuda has built-in RBL checking mechanism. Suppose that an email flowing into the Barracuda, it will be checked against those built-in RBL lists to make sure that the source of the email is not inside that RBL list. If the source is found within any of the built-in RBL lists, the message will be blocked (in my case) as illustrated below.
Additionally, we can add custom RBL that we would like to use. I recommend the following list.
1.) zen.spamhaus.org – http://www.spamhaus.org/zen/
2.) rhsbl.ahbl.org – http://www.ahbl.org/documents/rhsbl
3.) truncate.gbudb.net – http://www.gbudb.com/truncate/
4.) b.barracudacentral.org – http://www.barracudacentral.org/account/register
5.) bl.blocklist.de – http://www.blocklist.de/en/api.html#dns
6.) dnsbl.dronebl.org – http://dronebl.org/docs/howtouse
7.) new.spam.dnsbl.sorbs.net – http://new.spam.dnsbl.sorbs.net/
8.) nomail.rhsbl.sorbs.net – http://nomail.rhsbl.sorbs.net/
9.) zombie.dnsbl.sorbs.net – http://zombie.dnsbl.sorbs.net
10.) srnblack.surgate.net – http://www.srntools.com/
11.) dnsbl-1.uceprotect.net – http://www.uceprotect.net/en/index.php?m=6&s=10
12.) all.s5h.net – http://www.usenix.org.uk/content/rbl.html
13.) ubl.unsubscore.com – http://blacklist.lashback.com/
In the figure below, I entered the above list and added them to the Custom Extended RBLs. Click BLOCK/ACCCEPT, IP Reputation, under Custom External RBLs. Enter the entries one by one. (Note, entering rouge RBLs into this area could compromise your Barracuda device).