We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Barracuda Email Security Gateway

Why is mail being blocked by my Barracuda Spam Firewall for reason of Intent?

  • Type: Knowledgebase
  • Date changed: 2 years ago
Solution #00001581

Scope:
This solution applies to all Barracuda Spam Firewalls, all firmware versions.

Answer:
The Barracuda Spam Firewall's Intent Analysis database is a list of known spammer URLs that are found within the body of spam messages. You can configure this option on the Basic > Bayesian/Intent (3.5.x and earlier) or Basic > Spam Checking (4.0 and later) page of the Barracuda Spam & Virus Firewall's web interface. Barracuda Intention Analysis attempts to match URLs in a message against a database of URLs from known spam. Blocking messages with such URLs has proven to be an effective defense against spam. What this means is that if an incoming email message contains one or more domains in the body of the email, and if at least one of those domains is in Barracuda's Intent Analysis database with a poor reputation, the Barracuda Spam Firewall will block that message and list the reason as Intent (<domain>) in the Basic > Message Log, where <domain> is the domain the Barracuda found to have a poor reputation.

Barracuda Intent Analysis can be configured to tag, quarantine, or block a message. Setting the Intent Analysis option to Tag or Quarantine may reduce performance as the Barracuda Spam Firewall continues to process the message in an attempt to filter possible spam using the stricter rules of other the spam scanning features. Barracuda Intention Analysis can also be turned off entirely, although this is not recommended.

A Barracuda Spam Firewall with Multi-Level Intent Analysis feature enabled will attempt to load the URLs in each message, even though the domain reputations are not poor, to see whether the destination website redirects traffic to another website whose reputation is poor. Enabling this option means the Barracuda will make frequent outgoing connections on port 80 to questionable websites, and as such may need to be exempted from any web filters or other devices that monitor or block outgoing port 80 traffic.

In addition to using the database of URLs that the Barracuda Spam Firewall receives from the Energize Updates on an hourly basis, the Barracuda can also communicate with Barracuda Central in realtime to check against the latest lists and block even the newest spam if the Realtime Intent Analysis option is turned on. Enabling this option can cause a slight increase in mail scanning time as network (DNS) lookups are performed. In other words, the Barracuda Spam Firewall will do a DNS lookup of each domain in the body of a given email and check its IPs against an IP list in real time. Realtime Intent Analysis blocks are displayed as Intent blocks in the Basic > Message Log with an asterisk (*) preceding the domain (in the Reason column); it will look like Intent (*<domain>), where <domain> is the domain whose IP address was blocked for Realtime Intent Analysis.

Additional Notes:
Firmware version 3.5.x and earlier:
You can configure these options under Basic > Bayesian/Intent.

Firmware version 4.0.x and later:
You can configure these options under Basic > Spam Checking
.

To disable this functionality, set the Intent Analysis, Multi-Level Intent Analysis, and Realtime Intent Analysis to No.

In the event of a false positive, please contact Barracuda Networks Technical Support. In the meantime, you can exempt the domain in question on your own Barracuda Spam Firewall by entering it on the Basic > Bayesian/Intent page in the URL Exemptions field and clicking Save Changes.

Link to This Page:
https://campus.barracuda.com/solution/50160000000GT6TAAW