Tautvydas wrote:
Little off topic, but I need some help. For a week I'm working in a
small company. (~250 workstations). Till 2008 there will be 400-600
workstations. So, they are planning to buy something for spam/mail
filtering (http://www.barracudanetworks.com/ns/products/spam_overview.php).
I think the best would be to use openbsd+pf+spamd (with carp if
necessary). But - I have quite stupid CEO and I need many arguments,
why blackbox for many $$$ is bad (from corporate view).
Please, help me with these arguments.
We use a pair of Barracuda devices at work. I admin them now, but I
wasn't involved with the purchase. They do function reasonably well, we
get around 430k spam emails per day recently on ~40k valid messages into
3000 mailboxes.
Users love it. They like being able to manage their own level of spam
and release their own messages from quarantine.
Our first boxes were the "400" models, like someone else said they're
just cheap clones inside a 1U box. We had lots of problems with the
hardware, a bunch of boxes died or would crash. (Oddly, it was only one
box that would die, the other one was fine.) The 400s wouldn't handle
our mail volume, so we eventually made them replace them with the "600"
model at no cost. The 600 seems like a mid-level clone 1U box, it's a
dual-proc with two SATA hotswap drives. We've had no hardware problems
with these machines. Even with the 400s, Barracuda was always good
about sending out a new box overnight.
The software is somewhat buggy, but they're quick with patches.
Our current big problem is that we get such a volume of spam that we can
only keep 3 days of quarantine, which annoys the users. The next
version of the software (currently in beta) is supposed to fix that.
I've proposed putting a spamd greylisting firewall in front of the boxes
to take off most of the load. (There, now this isn't completely off-topic!)
For the most part, the Barracudas have taken up little of my time,
except for driving to our offsite location to replace bad hardware...
I'm working on implementing Maia Mailguard at home
(http://www.maiamailguard.com), but that seems somewhat difficult to
configure.
For a more negative view on the Barracuda setup, see
http://packetstormsecurity.nl/papers/evaluation/Barracuda_Evil.txt.
They seem to have resolved their GPL problems, but the rest of it seems
to be true. It also contains instructions on how to get root access
with physical access to the box.
In all, the devices require very little maintenance and mostly solve the
spam problem, but they have the usual problems "black boxes" have.
