It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure Advanced Mail Gateway Settings

  • Last updated on

The following article refers to the section How to Configure the Mail Gateway Service and describes how to setup advanced parameters for the mail gateway service.

Configure Advanced Mail Gateway Settings

To configure the advanced settings for the mail gateway, complete the following steps:

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Mail-Gateway > Mail Gateway Settings.
  2. In the left menu, select Advanced Setup.
  3. Click Lock.
  4. In the Operational Settings section, configure the MTAs, maximum number of NextGen Admin connections to system on which the Mail Gateway service is installed, HA synchronization, and DSN mails.


    Mail Transfer Agents (MTAs)

    The maximum number of MTAs (default: 5). MTAs are service processes that deliver mails received from a client to other mail servers. MTA processes are only started when the mail gateway system needs them for mail delivery. They are stopped after delivery has succeeded. 

    Do not enter 0.

    MTAs for Urgent Mail

    The number of MTAs that are reserved for mail classified as urgent (default: 1). To specify which mail types are urgent, configure the settings in the Expert Settings section (use with care). For more information on the Expert Settings, see How to Configure Custom Mail Gateway Rules.


    Admin Connections

    The maximum number of NextGen Admin connections to the system on which the mail gateway service is installed (default: 5).  

    DNS Query

    Specifies if DNS servers are queried sequentially or in parallel. You can select:

    • parallel The local firewall blocks DNS reply packets from DNS servers if the mail gateway has already received an answer from another DNS server.
    • sequential – DNS servers are queried one after the other. If the queried DNS server replies with NX Domain to the DNS request for the MX records, the mail is not delivered, even if one of the other DNS servers in the list are able to successfully resolve the domain.

    Spool Queue Sync

    To synchronize mail between an HA pair, select yes. After enabling this setting, you must also restart the Mail Gateway service. Every ten seconds, the active mail gateway then sends mail bundles to the passive mail gateway for synchronization.

    Mail synchronization can increase the load on the Barracuda NextGen Firewall F-Series.

    DSN Mails in MIME-Format

    To send DSN mail in MIME format according to RFC1891 (SMTP Service Extension for Delivery Status Notifications), select yes. For more information on RFC 1891, see

    MTA Retry  Sequence

    In this field, enter the intervals in which the Mail Gateway service will attempt to deliver mail after an unsuccessful delivery.  You can enter a space-delimited list that specifies multiple intervals. Use the following characters to specify the unit of measurement of time:

    • m = minutes  
    • h = hours
    • d = days

    To send a Delivery Status Notification (DSN) to the original email sender after a specific interval, append the " w " character to the interval. The last message in the retry sequence generates a delivery failure notification.


    If you enter: 1m 5m 10m 1hw 1dw the following delay message is generated after one hour:

    Your Message to the following recipients <recipient> (reason: [reason for delivery failure])- maximum retries reached -could not be delivered. Received: from [IP]([hostname]) by [mail gateway] id [JOB ID Number]; [Day Date Time] From: "Sender" subject: [Subject of mail message]

    The following delivery failure notification is generated after one day:

    Your Message to the following recipients <recipient> (reason: [reason for delivery failure])- maximum retries reached -could not be delivered. Received: from [IP]([hostname]) by [mail gateway] id [JOB ID Number]; [Day Date Time] From: "Sender" subject: [Subject of mail message]

    Priority Switch after (minutes)

    The Barracuda NextGen Firewall F-Series mail gateway schedules all mail jobs received from the clients. This setting specifies the period of time (default: 60 minutes) after which the mail gateway automatically changes scheduling priority to the next higher level.

    This setting has nothing to do with the priority flag you can set in your email client software; this priority flag concerns the mail application only.

  5. In the Allowed Relaying section, specify the internal IP addresses (IPv4 and/or IPv6) that are allowed to forward mail traffic. Add these IP address to the Internal IP-Addresses table.

    Incorrect settings may cause security violations.

  6. In the Cloning and Archiving section, specify the email addresses of senders and/or recipients whose addresses must be rewritten before their mail is forwarded and archived to an external email archiving system. This mail can also be forwarded to multiple recipients (cloned). To clone and archive mail:

    1. From the Enable Cloning and Archiving list, select yes.
    2. Next to Archiving Settings, click Set or Edit.
    3. In the following tables, add the email addresses that must rewritten. You can use wildcard characters such as * or ? may be used in the pattern settings. To clone an email, enter a comma-delimited list of email addresses in the rewrite settings.

      Sender | Recipient - Full Address Manipulation

      In this table, add the email addresses that must be fully rewritten.

      It is not possible to rewrite the recipient email address if the target domain is not handled by the same mail server as the original domain.

      Sender | Recipient - Local Part ManipulationIn this table, add the email addresses whose local parts must be rewritten (string preceding @).
      Sender | Recipient - Domain ManipulationIn this table, add the domains whose local parts must be rewritten (string following @).
    4. Click OK

    Extended Domain Setup settings also apply to email addresses that have been rewritten. For example, if the sending domain address of an email, which has been accepted for delivery at the mail gateway's external listen address, is rewritten to a strictly internal sender domain, the mail will be discarded due to policy restrictions.

  7. Click Send Changes and Activate

Continue with How to Configure Antivirus Mail Gateway Integration.

Last updated on