We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Mail Security in the Firewall

  • Last updated on

The Barracuda NextGen Firewall F-Series enforces mail security in the firewall by transparently scanning incoming and outgoing SMTP connections for malware and checking the reputation of the sender's IP address via a DNS blacklist (DNSBL). SMTP connections are supported on the following ports:

  • SMTP and SMTP with StartTLS – TCP 25, TCP 587
  • SMTPS – TCP 465


SSL Interception for Mail

SSL-encrypted SMTP connections are decrypted differently for inbound and outbound connections. Outbound SSL-encrypted SMTP connections are SSL-intercepted using a dynamically generated SSL certificate derived from the root certificate uploaded in the SSL Interception configuration. Inbound SSL-encrypted connections are intercepted using the same SSL certificate chain as is installed on the internal mail server. The SSL certificates are bound to the IP address on the F-Series Firewall that the mail server domain's MX record resolves to. This allows remote MTAs to use the information included in the SSL certificate to verify the identify of the server it is connecting to. You must install the SSL Interception root certificate on all mail clients connecting to a mail server via an SSL-intercepted SMTP connection to avoid certificate errors.

For more Information see How to Configure SSL Interception in the Firewall.

Virus Scanning for Mail

Both inbound and outbound email attachments are scanned by the Virus Scanner service. If malware is detected in an email attachment, the infected file is removed and replaced by an attachment containing a customizable text, and the 5005 Virus Scan file blocked event is triggered. If Advanced Threat Protection (ATP) is enabled on the system, attachments that have passed the Virus Scanner are uploaded and analyzed in the Barracuda ATP cloud. Mail attachments are always scanned in Deliver first, then scan mode. If malware is found by ATP, the result is only reported; the email recipient is not placed in quarantine. The Virus Scanner fail-close policy does not apply to SMTP and SMTPS connections. If the Virus Scanner service is unavailable, emails with attachments are not scanned by either the Virus Scanner or ATP. Instead, they are delivered as-is to the internal mail server. A dedicated virus-scan log file is created if logging is activated under Firewall > Security Policy > Virus Scanner Configuration > Advanced.

DNS Blacklist

Inbound email can also be classified according to DNS blacklists (DNSBL), such as the Barracuda Reputation Block List. For sender IP addresses blacklisted by the DNSBL, [SPAM] is prepended to the subject line of the email, and the MIME headers of the email are modified to allow the email to be immediately identified as spam by the mail server. If the DNSBL server is not available, the email is not modified. The email itself is delivered to the internal mail server.

For more information, see How to Configure Mail Security in the Firewall.

Last updated on