|
Where are my Login locations?
|
We have four web accessible areas that you have access to.
Below is a short description of each and how to access them ....
- Your "Domain Information" page
This shows basic information about your domains account, links to your Barracuda and Report Servers and this FAQ page.
Access is at http://tcnoc.com/clientlogin.htm
- Your "Administration" page
Once logged in this shows the settings on the Barracuda server
that you can change to "tweak" your server to
give your domain the best possible protection.
(See "How can I administer my domain?")
Admin login is at http://tcnoc.com/clientlogin.htm
- Your "Barracuda" login page
If you already have an account on the Barracuda server and you
have forgetten its URL just enter your domain name below and then
click the link to your
You login with your full email address and password.
If your login fails then you either have not yet created an account
on your Barracuda Server or you have forgotten your password. To
find your password see our FAQ titled
"I forgot/lost my password"
If you do not have an account Please go to http://tcnoc.com/clientlogin.htm
and in the "Create User Account" area enter your FULL email address and the password
you want to use. An account will be created and an email message will be sent to you
telling you how to log into your new account.
- Your "Report Server" login page
Once logged in this shows you your personal statistics and mail
logs. If your account has been upgraded to
domain status you can also see statistics
and mail logs for your entire domain and/or any
user in your domain.
To log into your Report server just enter you email address and password you used when creating your login on the Tangent Barracuda Server.
More information on your Report Server pages can be found in the section
"How do I use the Barracuda Report Server?)"
If you do not know where your Barracuda or Report Servers
are then please do the following...
1. Go To http://tcnoc.com/clientlogin.htm.
2. Go to the "Domain Information" box.
2. Enter your domain name.
3. Click the "Find Domain" Button.
4. Links to your Barracuda and Report Server will be displayed.
Your domain name is everything after the "@" symbol
in your email address.
NOTE your domain must be activate on our service
to see these links.
|
|
|
Creating and using your Barracuda user account.
|
|
I forgot/lost my password.
|
|
Adding email addresses to my White and Black lists.
|
Adding entries to your personal White and Black list area on the Barracuda is
very simple to do and takes very little time.
1. Log into your Barracuda Server
(If have not already created an account on your Barracdua Server
see "Creating and using your Barracuda user account.")
2. Click on the PREFERENCES tab
3. Click on the WHITELIST / BLACKLIST tab
You are now in your Whitelist/Blacklist configuration page.
You will see a whitelist section and a blacklist section each
with its own entry addition field.
4. Enter the Full Email Address, Full domain name or
Partial domain name into either the whitelist or blacklist
field and click ADD.
NOTE: White and Black list entries must be complete. For example adding this email address
bob.smith@my.domain.com
Can be done with these entries
bob.smith@my.domain.com
@my.domain.com
my.domain.com
domain.com
com
These however will NOT work
bob
bob.smith
smith
my.domain
Do not enter just the @ symbol. It can cause problems with your account.
NO WILDCARDS ARE ALLOWED
|
Examples (enter without quotes)
- "joe@Domain1.com" will ALLOW/BLOCK all mail from this address ONLY.
- "@Domain.com" will ALLOW/BLOCK all email from this domain Only.
- "Domain.com" will ALLOW/BLOCK all email from this domain and any sub-domain of "Domain.com".
- "edu" will ALLOW/BLOCK all email from any .edu address.
- "us" will ALLOW/BLOCK all email from any .us address.
- adding "." (just a period) to your blacklist will BLOCK all email not in your whitelist.
|
There are currently no wildcards allowed in these areas.
See the next section which explains how you can use your personal white
and black list area to protect you to the fullest.
|
How can I receive mail only listed in my whitelist?
|
If you want to ONLY receive mail from email addresses or domains that have been added to your personal Barracuda White List you can do the following.
1. Log into your Barracuda Account
(If have not already created an account on your Barracdua Server
see "Creating and using your Barracuda user account.")
2. Click on the Preferences Tab
3. You should be on the WhiteList/Blacklist page.
If not click on the whitelist/Blacklist tab.
4. Enter all the email addresses you want to receive
email from into your whitelist area (see below for
more details on this).
5. When all whitelist entries have been added enter
a period "." only (no quotes) into the blacklist area.
This will block all email coming to you except for addresses
that have been added to your personal whitelist. With this
system you must remember to add a whitelist entry for anyone
who sends you email.
When adding a whitelist entry you can add either the entire
email address (some.name@some_domain.com) or just a
domain name (some_domain.com) or just a domain extension
(com). Note that a domain extension only does not include a
leading period.
With very little work you could block all incoming mail from
off-shore domains and only allow mail from domains or domain
extensions you are comfortable with.
Along the same lines you can add to your blacklist only full
email addresses, domain names or domain extentions you do not
want to receive email from.
|
How will my incoming email change?
|
Most Spam and email-borne Viruses will no longer make it to your
email server. However, it is impossible to stop all Spam (refer to "I am
still seeing Spam, Why?"). To make dealing with Spam as effortless as
possible. Barracuda does the following:
- Mail that we are 100% sure is spam is BLOCKED. The message is
not saved and only a log entry is kept.
- Mail that our system determines is NOT spam is sent to you with
no modifications of any kind.
- Mail that our system can not be 100% sure is spam but has some spam
characteristics is delivered to you with [BULK] prefixed to the subject
line. If we were to tighten down the settings to stop all spam it would
result in a great deal of legitimate email being blocked. Adding the
[BULK] flag for borderline email makes it easy for you to filter these
for later review.
- Mail with OBJECTIONABLE content either in the subject line or body of
the message is delivered to you with [QUAR] prefixed to the subject line.
Blocking these types of messages would result in the blocking of messages
between friends that often has objectionable content so our solution is to
flag these messages in a way that makes them easy for you to filter.
- Mail with phrases that match known spam content have either
[QUAR] prefixed to the subject line or in cases where the content
is certain to be from a spammer the message is BLOCKED as spam.
- Mail with file attachments that might be used in a destructive manner
have either [QUAR] prefixed to the subject line or in cases where the
file is a known problem is BLOCKED. See our
File Attachment Information page for additional details.
- If your domain Quarantines Spam instead of deleting it that mail
will also have [QUAR] prefixed to the subject line. The system
default is to delete spam.
What can I do with messages that have the [BULK] or [QUAR] tags?
We recommend that you set up filters* on your local mail reader
(outlook, eudora, etc..) so that all mail with a [BULK] or [QUAR]
tag are saved in a separate folder for later review. This keeps
these messages out of your main inbox but keeps them easily
available for review when needed
* See your mail reader documentation
for information on setting up filters.
If you receive mail with [QUAR] prefixed to the subject and would like to know
what content filter it matched you can look at the hidden header..
X-ASG-Quarantine: BODY (friends)
this would indicate that the body of the message has the string "friends" in it
and that "friends" was in our content filter (just an example, "friends" really
isn't there)
You can, if desired, log into your Barracuda Server and turn on a
feature called Quarantine. This forces any message that would normally
get the [QUAR] flag to be saved on the Barracuda server in a password
protected area for later review by the recipient.
See "
How do I Log in?"
above for information on how to access your account.
THIS QUARANTINE FEATURE IS OFF FOR ALL USERS BY DEFAULT. We
do not recommend that anyone turn this feature on as it only results in a
delay in receiving email and forces you to log into another service to read
your mail.
As with any anti-spam service it is possible that you will still receive
spam as no-one can stop all spam. If you feel that mail you received should
have been blocked and you want to inform us please read the section on "
How do I report spam that I still receive?"
File Attachements
Barracuda monitors and checks all file attachments to you email for
viruses. Please review the information on our
Attachment page for details on how barracdua handles all attachments.
|
How do I report spam that I still receive?
|
At Tangent we endeavor to stop all spam but it is realistically
not possible and some spam will get through. If you feel that the
spam you are getting should have been blocked you can provide us
with a "SPAM REPORT".
|
Please DO NOT just forward mail you think is spam to us.
Forwarded mail does not include the information we require. Incomplete
spam reports are deleted and NOT reviewed.
|
THERE ARE TWO STEPS TO REPORTING SPAM
STEP NUMBER ONE..
Verify if the spam you received was filtered by us. This is done by
reviewing the INTERNET HEADERS of the mail you received. If it was
filtered by our service the headers will include lines that say
BARRACUDA or X-BARRACUDA or tcnoc.com similar the following.
| |
----------------------------------------
X-Persona: <Support>
Received: from ms3.tcnoc.com (ms3.tcnoc.com [63.150.10.30])
by mailsite.tangent.com (Rockliffe SMTPRA 2.1.6) with
SMTP id <B0008715519@mailsite.tangent.com> for <Support@tangent.com>
Tue, 24 Feb 2004 10:38:30 -0800
X-ASG-Debug-ID: 1077647511-19735-25-0
X-Barracuda-URL: http://ms3.tcnoc.com:80/cgi-bin/mark.cgi
Received: from mail.domain.net (mail.domain.net [192.168.69.115])
by ms3.tcnoc.com (Barracuda Spam Firewall) with SMTP id DDC4ED06F3B2
for <support@tangent.com> Tue, 01 Jan 2004 10:38:26 -0800 (PST)
----------------------------------------
viewing header information is done many different ways.
See your mail reader documentation for instructions.
|
|
If the Barracuda headers are not present, then that message was sent
directly to your mail server and was NOT filtered by our service.
You should contact your local Mail Administrator and inform them of this problem.
|
STEP NUMBER TWO..
If the message was reviewed by Barracuda and you want to report it there are two methods we provide.
1. Email Spam Report (preferred)
Send a copy of the INTERNET HEADERS and the MESSAGE CONTENT
to spam@tcnoc.com.
If you are sending a VIRUS report please send it to
virus@tcnoc.com
A spam report must include both the Header Information and the Body of
the message all in a single message. The header data should come first
followed by the body of the message. Personal signature lines, comments
or any other additional information should not be included as it can
result in that being a key for a spam block.
CLICK HERE FOR AN EXAMPLE OF A COMPLETE SPAM REPORT
IMPORTANT.. Any spam report submitted without the correct
information is deleted and is NOT reviewed.
ONLY SEND ONE EMAIL MESSAGE PER SPAM REPORT
2. Outlook Spam Report
If you are using OUTLOOK you can download and install our spam
reporting tool (CLICK HERE).
This will add an additional tool bar to
Outlook that will allow you to directly report the spam to our server.
This report will modify your spam filtering (bayesian) database which
over time may reduce the amount of spam you are receiving.
|
If you use the Outlook reporting tool it is very important that you report both spam and non-spam messages.
|
IMAGE BASED SPAM
Many spam messages are an image with random text below the message to "fool"
spam filtering services. These messages while obviously spam to a person are
almost impossible for a computer to detect. The problem is that Images are only
converted from the sending text to the actual image at the recipients mail
client. To convert the included text to an image, OCR the image, filter it and
then convert it back to text for delivery would result in monstrous mail delays.
All spam filtering services are working on this problem. If you receive spam
that is image based please report it using the EMAIL SPAM REPORT method above.
This will give us the IP address of the sending servers which we can then add
to our blacklists.
LOCAL FILTERING OF MAIL
We strongly recommend to all users that you set up a simple filter on your mail
reader to separate mail with either the [BULK] or [QUAR] flags. Then you can easily
review the FROM address for this mail. Read the ones from people you know and just delete the rest.
|
What do I do when a message I need is Missing?
|
Legitimate email is almost never blocked, but occasionally it does happen.
If a legitimate message is blocked and it does not contain a virus, you should:
This ensures that future emails sent from this individual will not be blocked.
If, after adding the sender to your whitelist their mail is still missing or
being blocked a test message can be sent that we can then track through our
system which may assist us in finding the problem.
IMPORTANT:
This must be done in real time so the message must be sent
between the hours of 7:00am to 2:00pm (PT) M-F when our research staff is
available. If this in not convenient please let us know and we can arrange for
a special test time.
It MUST be the message that is missing or being blocked.
It MUST be CC'ed to spamtest@tcnoc.com.
It MUST have the original subject line.
(prefix SPAM BLOCK TEST to the original
subject. ie: SPAM BLOCK TEST - our vacation pictures)
When we receive the message we can check your spam filtering server and find out
exactly what happened to the message.
NOTE : mail sent to spamtest@tcnoc.com is not filtered in any way so is always delivered
We recommend adding any automated email service that you receive mail from to
your personal whitelist. Many list services use outdated software which is not
compliant with current email standards.
Note that you can also check your message log (see "How do I use the Barracuda Report Server?")
to see if the message was received by our service (the message log covers the last 72 hours of messages).
|
Attachments, what is blocked and Why?
|
One of the primary destructive forces that organizations face is the eMail
message with either a VIRUS attached or with a destructive script in an otherwise
inocent looking file attachment.
Tangent Barracuda stops all know VIRUS eMail and is updated instantly whenever
a new virus is discovered.
Tangent Barracuda also blocks most types of file attachments that can be used
in a destructive manner.
Other then ZIP files for some domains we do not BLOCK or [QUAR]
any other ARCHIVE type files (ARC, LZH, SIT, etc.)
or any document files (DOC, XLS, TXT, PDF, PPT, etc.). We
also do not BLOCK or [QUAR] any image files (GIF, JPG, BMP, etc.)
If you are on one of our servers that BLOCKS .ZIP files and need to receive
a ZIP file from a sender you can either add the sender to your whitelist on
the Barracuda Server or the sender can change the extention of the file from
.zip to .zi_
What follows is the complete list of all file attachments that we do BLOCK.
If someone needs to send one of these files to your domain they can
rename the file (ie: file.pif to file.pi_) which the receiver can then rename
back to the correct extension.
The following attachment types are BLOCKED. If these were in your eMail it is
99.99% certain that it was a worm or virus.
pif, scr, vbs
The following attachment types are flaged with [QUAR].
Extreme caution should be used when opening
any message containing these file attachments.
|
acx, ade, adp, app, asp, bas, bat, chm, cmd, cmdl, com, cpl, cpp, crt,
dll, eml, exe, hlp, hta, htt, inf, ins, isp, jar, js, jse, lnk, mdb,
mde, mhtm, mhtml, msc, msi, msp, mst, ocx, pcd, pl, reg, sct, shb, shs,
shtm, shtml,vb, vbe, vbe, vxd, wsc, wsf, wsh, xml
Note : Attachments are always checked even if the sender has been added
to a white list. If you have "quarantine" enabled any attachment in the
above list will not be delivered but will instead be saved, in your
quarantine area on Barracuda, for later delivery.
We block no attachement based on the size of the file.
|
How do I use the Barracuda Report Server?
|
The Report Server provides you with
reports on the email that we filter. It shows you statistical data,
and message information (date, time, to, subject, status, messageID)
on each of the individual messages that we filter.
The report server DOES NOT store messages. Lost or deleted messages
can not be retrieved from the report server.
To access the Report Server you need to first have created an account
on your Tangent Barracuda server (see "Creating and using your Barracuda user account."). You can then...
1. Go to your report server login page (http://breport.tcnoc.com)
2. Enter your FULL email address in the "username" field
3. Enter your Barracuda User password in the "password" field
4. Press enter or click "LOG IN"
Once logged in, the report server will show you a list of your most recent 25 emails
filtered by our service. At the top of this list is a search bar that you can use
to find specific email messages or to change your search criteria.
Please note that this log only covers approximately the last 72 hours of mail activity.
Administrator Notes: If you are an administrator of your Tangent Barracuda Account
you can review the email of any user in your domain. Once you are logged into the report
server just enter the persons FULL email address in the TO: field on the search line
(where you address currently is listed)
MULTIPLE DOMAINS
If you have multiple domains and you would like to receive the bi-monthly activity
report for each you will have to request that a valid email address for each domain
be upgraded to "Report Server Admin". A "Report Server Admin" can monitor the report
server logs for any user in your domain and will also received the bi-monthly
activity report.
Each of your domains may have up to two (2) report server admins. NOTE that only
an email address that has logged into the report server can be upgraded to report
server admin.
|
What does the block "SPF/Caller ID" mean?
|
An SPF block is one generated by the SENDING DOMAINS dns server.
The sending domain has posted, using an spf record, the IP addresses of machines allowed to send mail for their domain.
This SPF record tells RECEIVING mail servers to block all mail that comes from any IP address not listed in it offical SPF record.
The mail that is blocked, if legitimate, is usually sent from a home office or from on the road (hotel, starbucks, etc..). In that case the mail will be sent out using the local ISP's mail server instead of the Senders actual Mail Server.
SPF records STOP spammers from spoofing domain names by blocking mail coming from un-authorized mail servers.
There are several ways to "FIX" this problem
1. The sender should set, in their mail client, their outgoing SMTP server to their domains actual mail server. This may require special setups by the domains network administrator. If their domain has webmail access they can use that as well. Webmail sends out mail via the authorized mail server for the domain.
2. The senders domain can remove the SPF record (not a good idea)
3. The senders domain can modify the SPF records to be a warning and not a block. This however defeats the purpose of the SPF record so is also not a good idea.
4. The sending server could add the IP address of the senders home ISP mail server (not really feasible as this can and does vary)
5. The recipient can add the sender domain to their Barracuda white list.
The correct "FIX" is option number one (1). All mail sent out for a domain should be sent out from that domains authorized mail server. That is the correct way to do it. It should never be sent out using a remote ISP's mail server.
Sending out your mail using your local ISP's mail server is the easy way to do mail when at home or on the road but is NOT the correct way. Over time all mail will be required to come from an authorized mail server.
As noted we are not blocking this mail. It is a block requested by the senders domain. We are only honoring their request.
|
Has our domain been activated for Spam filtering?
|
To determine if your domain has been activated on Barracuda you need to do the following..
FIRST, Check to see if your domain has a "Barracuda Information Page" with
the following Search utility. This information database is updated at 8:00am (PT) M-F.
SECOND, If you have a "Barracuda Information page, check your MX listing with the following utility
Here are examples of correct and incorrect MX records
The following is an example only. DO NOT use
these MX (mail server) names for your changes
|
|
A CORRECT MX EXAMPLE
my.domain MX preference = 1, mail exchanger = scan1.tcnoc.com.
my.domain MX preference = 10, mail exchanger = scan2.tcnoc.com.
AN INCORRECT MX EXAMPLE
my.domain MX preference = 1, mail exchanger = scan1.tcnoc.com.my.domain.
my.domain MX preference = 10, mail exchanger = scan2.tcnoc.com.my.domain.
|
If your domain name is appended to the end of your MX listing then there
is an error. This can happen if the DNS server that you are
using requires a "PERIOD" at the end of a full domain name when it is
added. If the "PERIOD" is left out many DNS servers automatically append
the default domain name to the end of the entry.
Finally... From your Barracuda Information Page (use lookup utility above) you can
access your daily traffic report. If your domain is active you will get a
report on the email traffic we are filtering for your domain.
If your domain is active on our service and you are still seeing large
amounts of Spam delived to your users please review the section on
"I am still seeing Spam, Why?"
before contacting us with the problem.
|
How can I administer my domain?
|
|
How can I manage my users accounts?
|
If the user has an account on the Barracuda Server you can log into it, as that user, and change their settings.
If you do not know a users password you can get it from your administration page by entering their email name only (everything before the @ symbol) in the "Display list of a users White and Black list entries" field located in the tools section. The list returned includes their password. This will also tell you wether or not they have an account on the Barracuda Server.
If they do not have an account you can create one for them by doing the following
1. Log into your administration page
2. Set "Jumble Passwords" to NO
3. Set "Send Welcome Message" to NO
4. Save your settings
5. Go to http://tcnoc.com/clientlogin.htm
6. Create their account
7. Go back to your Administration page
8. Change above settings back to YES
For security reasons it is important that you only leave the above settings at NO while you are creating the accounts you will be managing. Leaving these settings at YES would allow anyone to create an account, for a users that did not have one, access that account and potentially delete all that users email.
|
How can I monitor activity for my domain?
|
If your login to the report server has been upgraded to
"domain" status you can monitor the current activity for
your domain on the Report Server. See
"How do I use the Barracuda Report Server?" above.
Note that our report server does not show the hundreds of thousands of
messages that we receive on a daily basis that are rejected due to
False Sender Domains, Dictionary Attacks, Corrupted Messages and so on.
Normally these type of messages make up an additional 40-70% of your mail
traffic.
|
I am also using a Local Anti-Spam solution, Is this OK?
|
Additional anti-spam solutions (software or hardware) will adversely
affect Barracuda’s ability to talk with your mail server and receive
the responses required in order to instantly relay email. Some examples of
such Spam controls are
- Tar-pitting.
- Rejection of recipients after X number of invalid recipient requests have been made.
- Checks to limit the number of connections from a single IP address.
- External or Internal Black lists.
If you are running anti-spam software that does any or all of the above it
can result in mail we attempt to deliver being rejected by your server.
IMPORTANT: This does NOT apply to Anti-Virus protection. All email servers
should have full anti-virus protection installed. This protects your server
from internal as well as external sources of attack.
|
We are using SPF, Is this OK?
|
If your mail server is doing SPF testing then your mail server will
reject any mail our service filters that comes from a domain with SPF
records. This is because the IP address of our server is not listed
as a valid address for their domain.
The Fix for this is ...
SPF setups are supposed to have an ignore field where you can
add the IP address of any mail server you want the system to
ignore when doing its SPF testing.
This does not disable the SPF test. It just tells your system to
not test any RECEIVED line that have that IP address in it. It will
test all the other RECEIVED lines in the message.
For Example... Here are the received lines for a typical message
that passes through our service..
Received: from ms6.tcnoc.com [63.209.10.246]
by mail.tangent.com (Rockliffe SMTPRA 4.5.6)
with ESMTP id B0000786503@mail.tangent.com
for postmaster@tangent.com;
Fri, 15 Sep 2006 07:17:08 -0700
Received: from tam.rfpdepot.com [209.90.77.129]
by ms6.tcnoc.com (Spam Firewall)
with ESMTP id B14A1CDBEF
for postmaster@tangent.com;
Fri, 15 Sep 2006 07:12:14 -0700 (PDT)
|
If the sending domain (in this case "tam.rfpdepot.com") has SPF
records and the receiving domains mail server did SPF testing it
would verify that "63.209.10.246" and "209.90.77.129" were in the
SPF records for "tam.rfpdepot.com"
As "63.209.10.246" would not be listed the mail would be bounced.
To tell the SPF test to not test the RECEIVED line for "63.209.10.246"
you would add it to the exclusion list in the SPF setup. It
would still test for "209.90.77.129" which it would find as valid
and so would accept the email.
Here is how SPF works
1. SPF records are added to the sending domains DNS server.
2. They list the IP addresses of their legitimate mail servers.
3. Receiving mail servers read the records for the domains sending it mail.
4. If the IP address in the RECEIVED line (ie:ours) is not listed it will deny the message.
|
For you to use SPF testing you must add the IP address of your Barracuda
Server to the exclude list of your SPF testing software.
|
I am using a MS Exchange mail server. What do I need to know?
|
It is very important that you set up your Microsoft Exchange server correctly for our service.
Click here for instrucions on Microsoft Exchange v7.0 (2007) server
Click here for instrucions on Microsoft Exchange v6.0 (2003) server
Click here for instrucions on Microsoft Exchange PRIOR TO V6.0 (2003)
|
Required settings for MS Exchange 2007 Servers
|
Please follow this procedure to enable Microsoft Exchange Server 2007
to allow emails for valid recipients only. This step is necessary to
allow the Microsoft Exchange 2007 server to work with the SMTP verification
feature of the Tangent Barracuda Spam Firewall.
Recipient Verification is configured in the "Anti-Spam agents" module. The
Anti-Spam agents are enabled by default on Edge Transport servers, but not
Hub Transport servers. If you do not have an Edge Transport Exchange 2007
server, you can enable the Anti-Spam agents on a Hub Transport server. Please
follow this link to a Microsoft knowledgebase article below if you need to
enable the "Anti-Spam agents" module on your Exchange 2007 server.
http://support.microsoft.com/kb/555924
Once you have verified that the Anti-Spam agents are enabled, you can
configure Exchange 2007 to block mail addressed to recipients that don't
exist at your organization. This feature is called Recipient Lookup, and
can be enabled by following these steps:
1. Open the Exchange Management Console.
2. Expand Organization Configuration.
3. Click on Hub Transport.
4. Click the Anti-Spam Tab.
5. Double click Recipient Filtering.
6. Click the Blocked Recipients tab.
7. Check the first option, labeled Block messages sent to recipients
not listed in the Global Address list.
Now when someone tries to send an email to a user that does not exist in
your Active Directory domain, your server will send this error to the
Tangent Barracuda Server:
550 5.5.1 User unknown
NOTE: Because deployment scenarios with Exchange 2007 vary we recommend that
you review the Microsoft Knowledge base for additional information on this..
For more information see
How to Enable Anti-Spam Functionality on a Hub Transport Server
http://technet.microsoft.com/en-us/library/bb201691.aspx
and
How to Enable Recipient Filtering
http://technet.microsoft.com/en-us/library/bb125187.aspx
|
|
Required settings for MS Exchange 2003 Servers
|
Recipient Filtering in Microsoft Exchange Server 2003. This is a new
feature that Microsoft has added to Exchange 2003 so that it complies
with current mail standards. It is off by default and needs to be turned on
to use our service. Recipient Verification is REQUIRED by our service.
From Exchange System Manager:
Expand Exchange Organization, Global Settings.
Right click on Message Delivery, choose Properties.
On the Recipient Filtering tab, check the box
"Filter recipients who are not in the directory"
You must NOW enable Recipient Filtering on your SMTP Server.
Expand Servers, <server name>, Protocols, SMTP.
Right click on your SMTP server and open properties.
On the General tab, click the Advanced button.
Select the IP Address of your Exchange Server
Click Edit.
Check the boxs
"Apply Recipient Filter"
Click OK
Connection filtering allows you to create global accept lists. You can use these lists
to always accept mail that is sent from our IP addresses. Any IP address that appears
on the global accept list is automatically accepted, and any connection filtering rules
are bypassed. To add our IP address (see your administration page for these addresses)
to this list you ...
1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.
2. In the console tree, expand Global Settings, right-click Message Delivery, and then click Properties.
3. Click the Connection Filtering tab.
4. Click Accept. The Accept List dialog box appears.
Click ADD
(you may need to add any local IP address or address ranges there as well, including
internal addresses ie:192.168.*.* or 10.*.*.*).
You must NOW enable Connection Filtering on your SMTP Server.
Expand Servers, <server name>, Protocols, SMTP.
Right click on your SMTP server and open properties.
On the General tab, click the Advanced button.
Select the IP Address of your Exchange Server
Click Edit.
Check the boxs
"Apply Connection Filter"
Click OK
|
|
Required settings for Microsoft Exchange Servers prior to v6.0 (2003)
|
If you do not have the "Accept Connections" set to "From any host (secure
or non-secure)" then you must add the IP addresses (see your administration page
for these addresses) of the Tangent Barracuda service to your Exchange Server in the
"Specify by Host" area (see image below). They must be set to allow relaying
(you may need to add any local IP address or address ranges there as well, including
internal addresses ie:192.168.*.* or 10.*.*.*).
Recipient Verification for MS Exchange Servers prior to v6.0 (2003)
If you are using Microsoft Exchange Server prior to v6.0 (2003) we
can use the LDAP service built into it to do Recipient Verification.
Verifying a user before delivering the email will reduce the
amount of email that your server needs to handle.
NOTE: Recipient Verification is a REQUIREMENT of our service.
Enabling LDAP verification is very simple..
1. Create an account called "BARRACUDA" on your NT Server
2. Give it a password of your choice (we recommend "tangent")
3. Create an account on your Exchange Server using the above account.
4. Test your LDAP service. Do the following AT your Exchange Server.
a) open a command prompt window
b) at the prompt type the following
c) c:\> telnet localhost 389
d) press enter
e) If the test works, the window will go blank
f) If the test fails, you get an error message
5. If the above test works please email your username and password to : support@tcnoc.com. If the test failed then LDAP is not enabled on your Exchange Server (LDAP is enabled by default) and will have to be enabled.
Once we receive your email we will test this connection from our end. If we can not connect to your LDAP server and your test (see above) worked then it means that either...
1. Port 389 (LDAP port) at your firewall/router is not open.
2. If you are running Exchange on a server that has a local firewall you will need to add port 389 to the allow list.
PLEASE NOTE: LDAP is not a reliable method of verifying email addresses. LDAP verification takes a long time to complete (in computer terms) and often times out especially across long distances (ie: our server to yours)
When an LDAP query fails we default to "Deliver Mail".
LDAP is not supposed to be used for Recipient Verification and is not a part of SMTP communication between mail servers. We added it as a part of our service in an attempt to verify users on non-compliant email servers.
NOTE that only email addresses or distribution groups that are listed in the Exchange Address Book are verified. Make sure that you have un-checked "hide from address book" all email addresses and distribution groups for your domain that receive email.
We recommend that you consider upgrading to a mail server that does actual Recipient Verification which occurs during the actual SMTP session.
This will not only reduce the amount of email that is delivered to your mail server but will also eliminate the false bounce messages that your mail server sends out (called backscattering) which spam other networks and increase the amount of mail traffic on the internet.
|
|
I am using a FirstClass mail server. What do I need to know?
|
One of the problems that occurs when using a hosted service
like ours is that all mail delivered to your mail server will
come from a single IP address. Many mail servers see this as an
attack and as a result will start blocking these connection attempts.
To ensure that mail from our service is accepted by your
FirstClass server we recommend that you do the following.
Log in to your FirstClass account either as the ADMIN or w/Admin privileges.
Go into...
Admin Desktop/
Internet Services/
Filters folder
There should be a file called: Allow-White List
open it for editing and Type:
+xxx.xxx.xxx.xxx <-- Your Primary IP Address
+xxx.xxx.xxx.xxx <-- Your Secondary IP Address
Save and exit the file
Note the plus sign (+) at the beginning of the IP address. This is very important.
You can find your Primary and Secondary IP addresses on your Barracuda
Administration page in the MX record section. Your FirstClass mail
server will now accept mail from our service.
|
How do I change our accounts IP address?
|
We recommend the following when making making an IP address change...
1. Let us know approximately when the change is going to take place.
(email support@tcnoc.com)
2. About one (1) hour before the change is to take place update the IP address
for your account (found on your administration page) which will let us
know you are actually making the change.
3. Make the required changes on your end.
We will, at the time of the change, update your IP address and test the
connection to see if everything is working. If we have any problems we
will call the number of the contact of record (see your administration
page for this information)
If there is a different or emergency number that we should call it
should be sent to us before the change so we can update your records
accordingly
|
How do I forward mail to my secondary (backup) mail server?
|
Our service delivers mail to the IP address of your mail
server as listed on your Barracuda Administration page.
If you mail server is off line we do not switch to a
secondary (backup) server. We are your secondary (backup)
server and we queue your mail for up to 48 hours if your mail
server is off line. After 48 hours the mail is returned to the
sender so they can resend if needed.
If you think your mail server is going to be off line for
longer then 48 hours and you have a secondary (backup) mail
server we recommend changing your mail server IP address on
your administration page to this secondary server. We will
verify that the new IP address is valid and will then forward
your mail to that server.
|
I am still seeing Spam, Why?
|
It is impossible to for any Spam Filter Solution to claim or guarantee to
block 100% of all Spam.
For example, take the word piss. Parents and kids talk about being pissed
off etc to their friends. It is a common phrase around the world. Blocking
mail with that keyword string would also block all kinds of legitimate
email.
Barracuda almost completely eliminates the massive amount of Spam users
receive. We can not be a censor of email but can and do warn people that the
email they are getting may have objectionable content. That is what the [QUAR]
tag indicates.
Barracuda subject and body filtering is without doubt, the best in the
industry. Our engineers sort thru millions of pieces of Spam to determine
Spam patterns and then update our subject and body keyword strings on a
daily basis.
In joining our Barracuda service you have taken the first step in
stopping your spam problem however spam will continue to reach your mail
server for some time as spammers send email using old MX records and to
email servers directly. Over time, most of your email will be filtered
through our system but there will always be those stubborn spammers (those that
keep long term records of where mail servers are) that send email and
viruses directly to your mail server bypassing all anti-spam services
(even local hardware solutions)
To verify whether the Spam you are receiving is bypassing Barracuda, look
at the header information for that particular Spam email. If the email
in question was filtered through Barracuda, the header information will include
lines that say BARRACUDA or X-BARRACUDA. If the Barracuda headers are not present,
then that message was sent directly to your mail server bypassing Barracuda.
Here is an example of a header from a message that WAS filtered by the Barracuda system
| |
----------------------------------------
X-Persona: <Support>
Received: from ms3.tcnoc.com (ms3.tcnoc.com [63.150.10.30])
by mailsite.tangent.com (Rockliffe SMTPRA 2.1.6) with
SMTP id <B0008715519@mailsite.tangent.com> for <Support@tangent.com>
Tue, 24 Feb 2004 10:38:30 -0800
X-ASG-Debug-ID: 1077647511-19735-25-0
X-Barracuda-URL: http://ms3.tcnoc.com:80/cgi-bin/mark.cgi
Received: from mail.domain.net (mail.domain.net [192.168.69.115])
by ms3.tcnoc.com (Barracuda Spam Firewall) with SMTP id DDC4ED06F3B2
for <support@tangent.com> Tue, 01 Jan 2004 10:38:26 -0800 (PST)
----------------------------------------
viewing header information is done many different ways.
See your mail reader documentation for instructions.
|
With that said there are two additional steps you can take to stop
the spammer from sending you spam.
One way, which we strongly recommend, is to remove from your DNS server the
MX record for your on-site mail server. Spammers love to send email to every
MX record that they find on your DNS server. Removing this MX record will
prevent this method of attack. This should be done about two (2) days after
joining our service to ensure that mail for your domain is being redirected
to our service.
Removing the MX record for your on-site mail server is a good deterrent but
many spammers keep their own list of known good mail servers and can still
reach you directly via this list. If you want to make sure that all mail is
being filtered by Barracuda, then you need to lock down your mail server so
that only the Barracuda is allowed to send it email. We strongly recommend that
all permanent clients of our service take this next step.
There are two ways to do this:
If you mail server supports it you can set it up to only allow mail from
our servers. This is usually done by adding our IP addresses in the relay features of your mail server.
IMPORTANT : This next way should only be done by a qualified network administrator
If your mail server is behind a firewall or router (most are) then
you can block port 25 so that only our servers can access it. 1
a. Using your firewall you DENY all incoming SMTP traffic (port 25) to your mail server from any outside IP address.
b. Using your firewall you ALLOW incoming SMTP traffic (port 25) to your mail server ONLY from the Barracuda Primary and Secondary IP addresses 1
Locking down port 25 or your mail server does not affect your users ability to send or receive email (see note below)
VERY IMPORTANT : If you are securing your server you must REMOVE any MX records that point to your Local Mail Server. This is important because if you do not remove these MX records some of the mail for your domain will bounce.
Note on locking down port 25 or your mail server.
Anyone, outside your network, trying to use your mail
server to send email will not be able to. This would
include any of your users who access their mail from
off site (home) and who use your mail server for their
outgoing mail.
There are two fairly simple methods to resolve this problem.
- The easiest is to just have all off site (home) users send their outgoing mail through their local ISP (company they are using to access the internet ie: DIALUP, CABLE, DSL, etc..). This is done by setting the outgoing SMTP connection in the mail client they are using to their local ISP mail server.
- A bit more complex solution would be to Institute a VPN (Virtual Private Network) solution.
- And finally, if available, your users can use your mail servers web interface to access their mail.
|
|
It is very important that you notify us when you secure port 25 on your mail server. Failure to do
so could result in lost email.
To notify us of this change you can either update your administration page (Mail Server Secure) or send an email message to support@tcnoc.com
|
Taking the precautions above should stop all non-filtered email from reaching
your email server from outside your network.
|
Note that both of the above options will block anyone,
except our service, from sending mail directly to your mail server.
Any legitimate email that is addressed to your mail
server (ie: user@mail.yourdomain.com) instead of to your
domain will also be blocked. You can however remedy this by adding
MX records for your mail server as you did for your domain.
For example..
| tangent.com | mx | 1 | scan1.tcnoc.com |
| tangent.com | mx | 10 | scan2.tcnoc.com |
| mail.tangent.com | mx | 1 | scan1.tcnoc.com |
| mail.tangent.com | mx | 10 | scan2.tcnoc.com |
Anyone sending mail to either tangent.com or mail.tangent.com will have
their mail redirected to our filtering service.
IMPORTANT : Our service only filters and delivers mail for the EXACT domain
names that have been added. If you add an MX record for your mail server
name that points to our service, and it has NOT been added to our service, any
mail addressed to that name will be rejected by our service.
The above is an example only. DO NOT use these MX (mail
server) names for your changes
|
|
Global Whitelisting of an Email Address or Domain.
|
If an email address or domain for a user needs to be whitelisted
we recommed adding them to the users personal whitelist area
(see "Adding email addresses to my White and Black lists")
For security reasons we do NOT Globally Whitelist either email
addresses or domains. If we were to add an email address or
domain to a Global whitelist it would open a door in our service
that spammers could easily use to inundate our customers with spam.
We can, and do when required, add the IP address of SOME mail
servers depending on who they are and wether or not they are
listed on any SPAM reports.
Government agencies, list services, notification services and
the like can be added if requested by the customer. This is
accomplished by sending in a request to support@tcnoc.com
This request must include the full "hidden header" information
of an email message you have recently received (see sample below)
or, if this is not available, the full email address of the sender
or the IP address of the senders mail server. Requests may only be
submitted by a contact listed on your domain administration page.
----------------------------------------
X-Persona: <Support>
Received: from ms3.tcnoc.com (ms3.tcnoc.com [63.150.10.30])
by mailsite.tangent.com (Rockliffe SMTPRA 2.1.6) with
SMTP id <B0008715519@mailsite.tangent.com> for <Support@tangent.com>
Tue, 24 Feb 2004 10:38:30 -0800
X-ASG-Debug-ID: 1077647511-19735-25-0
X-Barracuda-URL: http://ms3.tcnoc.com:80/cgi-bin/mark.cgi
Received: from mail.domain.net (mail.domain.net [192.168.69.115])
by ms3.tcnoc.com (Barracuda Spam Firewall) with SMTP id DDC4ED06F3B2
for <support@tangent.com> Tue, 01 Jan 2004 10:38:26 -0800 (PST)
----------------------------------------
viewing header information is done many different ways.
See your mail reader documentation for instructions.
|
We will investigate the mail server to determine if it
is being used for spamming. We then review our logs to see if any
mail we have received from that server was either blocked or tagged.
|
If no mail is being blocked or tagged there is no reason to add
the IP address to our whitelist.
If the mail is Blocked we investigate the reasons and if the
problems are fixable we inform the customer, and the domain sending
the mail, what the problems are and how they can be fixed. The
IP Address is added to our whitelist.
|
Potential Problem..
Adding a servers IP address to a whitelist can result in problems
if their server is compromised either with a worm or virus or if a
spammer with enough talent is able to spoof their IP address. If
this were to happen our only course of action to protect our clients
would be to remove the IP address from the whitelist. It could also
result in the servers IP address being added to a national Black List.
The BEST solution, if mail is being blocked or tagged, is to find
out what the problem is and fix it.
Finally ...
If mail is tagged it is still delivered to the user. Tagging mail does
not delay or stop any mail from being delivered. If a user has a good
email setup (filters and folders) then they should never lose a piece
of mail that has been "tagged" by our service.
One of our jobs it to Tag suspected spam email with either [BULK] or
[QUAR]. Users can then use these tags to either filter or just not read
any mail that is not from someone they know.
If users or administrators are deleting at either their mail server
or mail client email that includes these tags there is a very good
chance that they will be deleting legitimate email. If is far more
efficient to instead just filter email with these tags in to a
separate folder at the mail client.
|
How do I modify my BULK, QUAR and DELETE levels?
|
|
How do I change my Mail Server IP Address?
|
The process for changing an IP address would be to
1. Set up your server at the new address
2. Check that it can send out email
3. Log into your administration page
4. Change and save your IP address
Your IP address is listed under your MAIL SERVER settings.
When the change is submitted we will verify that everything is working correctly
and if it is we will make the required change. If there are any problems we will
contact the account administrator.
This change can take up to an hour during which time our service will continue to
accept your incoming email. It will be held in our outbound queue and delivered
as soon as your IP address change in completed.
We recommend that you send an email notice to support@tcnoc.com the day before
the change request. This notice should include the approximate time you will be
making your IP address change.
|
Our outgoing mail rejected for rDNS (PTR) reasons.
|
Many domains, Like AOL, are using rDNS (PTR) lookups as a method
of reducing spam. This is not a good idea as many, many legitimate
domains do not have their rDNS set up or have it set up incorrectly.
If your outgoing mail is being blocked because your domain does
not have an rDNS entry you will have to create one.
rDNS is a function of your primary DNS server.
Depending on the type of DNS server you have it is either a file
you create or an option you select when creating an entry. If it
is a file you have to create you will have to find how to create
that in your documentation. If it is created when you create the
actual record you will, in most cases, have to delete the record
in question and re-create it.
The rDNS entry they are looking for is for your MailServer IP address.
It is not for your domain name IP address although it is a very
good idea to have one for it as well.
Most DNS "A" records should have an rDNS entry. It speeds up access
times and as noted is being used more and more as a validity check.
How does this work? When you send out a piece of email the recipients
mail server receives the mail and checks to see if the IP address it
received the mail from has a valid rDNS entry.
If there is not an rDNS entry the mail is rejected.
More and more mail servers are using this as a way to reduce spam.
Tangent Barracuda does not use this method as there are still far
too many legitimate domains that do not have rDNS entries.
We recommend that all domains have the following..
1. An IP address associated with their DOMAIN name
2. An rDNS entry for the IP address of their DOMIN name
3. An rDNS entry for the IP address(s) of their Mail Server
Here is an example of how DNS and rDNS entries work
DNS query on "tangent.com" returns "63.150.10.10"
rDNS query on "63.150.10.10" returns "tangent.com"
DNS query on "mail.tangent.com" returns "63.150.10.221"
rDNS query on "63.150.10.221" returns "mail.tangent.com"
|
Note, Outgoing mail is sent directly from your mail server
to the recipients mail server and does not pass through our service,
unless we are filtering mail for the recipients domain.
|
Why do I get Undeliverable or Attachment Deleted messages?
|
When a mail virus/worm infects someones PC it does its very best to infect others. Because of this many domains are receiving mail of the following types
Undeliverable
This is the result of mail sent out by
virus infected computers using your email
address as the from address. It was sent
to an invalid email address. The recipients
mail server then sends you back a message
saying that your message could not be
delivered.
Attachment Deleted
This is the result of mail sent out by
virus infected computers that use your
email address as the from address. It was
cleaned by the recipients anti-virus software.
This software then sends you back a message
saying it cleaned your attachment.
Note that in both cases above your email address is being spoofed by the virus. There is no way to determine where or who is sending out the messages.
You may ask how did your email address get used (spoofed) by the virus. When the virus infects a computer it looks for the email address book and picks names at random to use when sending out the email. As you can tell this causes major confusion for everyone.
Unfortunately both of the message types above are perfectly legitimate email and under normal situations are very important in tracking down email problems. When a virus hits they turn into major headaches.
What can be done..
You could send a message to the domain sending you the Attachment Deleted message telling them that they are spamming you (having their anti-spam software send out unsolicited email) and that if they do not desist you will report them to several Blacklists. Let them know that viruses spoof sending email addresses and they are telling the wrong person they have a virus.
Note: The above only pertains to Attachment Deleted messages and not to UNDELIVERABLE messages you receive. Most mail servers can not turn off this feature.
You can set up a filter or rule on your mail server that either forwards all Attachment Deleted messages to a unique email account or deletes the mail outright. If forwarded this account can then be purged on a weekly basis.
|
Why is our mail log filling up with connection attempts?
|
Our server sends a request to your server to verify the email address for
each piece of email we receive.
If your server accepts the connection we accept the message, filter it
and deliver it. If you server rejects the connection we block the message
and close the connection. Apparently when your server rejects the
connection it logs the event.
Using our service will reduce the amount of bandwidth that your mail
server requires (by as much a 90%) but the number of log entries will
be about the same because we verify each piece of mail as it comes in.
We do not keep a list of your users on our server for verification.
This is because any change that you make to your mail server (add or
remove users) would not be "caught" by our server for many hours which
would result in the loss of users emails. All verification that we do
is in real time.
Note: If you are using a MS Exchange mail server please see our FAQ titled
"
I am using a MS Exchange Mail Server. What do I need to know?" sub paragraph
"Exchange Servers and LDAP"
|
Why do senders get a "554 Too many connections" error?
|
This happens with a mail server that routinely mass emails your domain..
We protect your domain from mass email attacks from spammers who can send
millions of messages to your domain in just a few minutes resulting in
mail server failures and huge bandwidth costs.
Our "Rate Control" blocks prevent this from happening. If however you have
services that routinely mass email your domain you need to provide us with
the IP address of their outgoing mail servers so that we can add then to our
"Rate Control" whitelist.
This will prevent mail from those servers from being blocked when they
mass email you. Their mail will however still be scanned for spam and
viruses.
Note that most services that mass email domains do not have a problem with
these blocks as they retry the message a few times until it is delivered.
Our service allows individual domains to connect to your domain up to 25
times every 30 minutes. Each of these connections can deliver up to 30 messages
so as you can see even a busy sending domain should be able to deliver mail
without any problems after a few attempts.
|
