Barracuda Devices Installed To Help Catch Fishy E-mailCORRECTION TO THIS ARTICLE: The model of the device is a “Barracuda Spam Firewall Model 800,” not “BT-800.”
By John A. Hawkinson
Information Services and Technology has added new equipment to the campus e-mail system to improve handling of spam e-mail; this change has been driven by an increase in spam that has escaped MIT’s existing SpamAssassin filtering system.
Some incoming campus e-mail now goes through a cluster of three Barracuda Networks BT-800 Spam Firewall devices, according to Jeffrey I. Schiller ’79, who manages MIT’s network for IS&T. The change was made late Wednesday night on an experimental basis, Schiller said.
The Barracuda devices provide additional filtering beyond that provided by IS&T’s existing SpamAssassin installation, Schiller said. In particular, it is especially good at detecting spam in mail containing image attachments, of which there has been a substantial increase recently, Schiller said.
Schiller also said that the Barracudas update their spam filtering rules automatically on an hourly basis; IS&T’s SpamAssassin system, by contrast, has rules updated every few weeks. Frequent updates in filtering rules allow the system to better track changes in spam mail.
Previously, all incoming campus e-mail to @mit.edu addresses went through two of IS&T’s mail servers. After this change, that incoming e-mail is split four ways between the three Barracuda servers and one of the IS&T servers. (Incoming e-mail to other addresses, like @csail.mit.edu, is not affected.)
Schiller said this configuration was chosen by IS&T because the Barracudas are still an experiment, so an incremental approach is warranted. After the Barracudas receive and process the e-mail, they then forward it on to an existing IS&T mail server.
If the Barracudas perform well, then IS&T may reconfigure them so that all mail goes through them, Schiller said.
IS&T first deployed these Barracuda servers a few weeks ago, for incoming e-mail to alum.mit.edu, MIT’s alumni “E-mail Forwarding for Life” service. Schiller said that the expanded deployment for all incoming mail happened in “accelerated” fashion, because of a recent increase in spam with image attachments.
Both the Barracudas and IS&T’s existing spam filtering make use of SpamAssassin software, but the Barracudas add additional software and enhancements to produce better results in some cases, Schiller said. SpamAssassin is open-source software, so it is easy for vendors to make enhancements to it and use it as the basis for their commercial products. One difference between the two spam filtering mechanisms is that IS&T’s installation trains itself based on the mail in Spamscreen mailboxes of all users, and uses that training to filter everyone’s e-mail. The Barracudas, by contrast, learn based on a single user’s mailbox and apply that training only to that user; because of this, the learning and training feature of the Barracudas is currently disabled.
The spam score assigned to e-mail messages (visible as the X-Spam-Score header) is the higher of the two scores assigned by the Barracudas and the IS&T SpamAssassin system, Schiller said. IS&T has decided to not make the individual scores from the two systems available to users right now, Schiller said, to avoid affecting the way users do filtering.
Users can determine whether their mail went through one of the Barracuda servers by examining the Received headers and looking for the presence of “W92-130-BARRACUDA” or the phrase “Spam Firewall.”