We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Security Gateway

What methods of recipient verification are available on my Barracuda Spam Firewall? How do they work?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00003521

Scope:
All Barracuda Spam Firewalls, all firmware versions.

Answer:
When recipient verification is configured, the Barracuda Spam Firewall will reject email addressed to users that do not exist at the addressed domain. This is an SMTP-level block that occurs before other, more resource-intensive defense layers that will increase both the effectiveness and efficiency of the Barracuda Spam Firewall, when enabled.

You may configure three different types of recipient verification on the Barracuda Spam Firewall:
  1. SMTP Verification

    The Barracuda Spam Firewall will automatically reject email addressed to any recipients that would be rejected by the configured destination server. There is no place to configure this on the Barracuda Spam Firewall; if your mail server is rejecting mail to invalid recipients with an SMTP reject code like 550 No such user, the Barracuda Spam Firewall will block incoming email in the same way.

    If SMTP verification is active, when the Barracuda Spam Firewall accepts an SMTP connection and receives the destination email address, it will momentarily put that connection on hold and make an SMTP connection to the destination mail server for that domain, echoing the recipient address. If the mail server accepts the recipient, the Barracuda Spam Firewall will close that connection without actually sending an email, and resume accepting the email from the sending mail server. If the destination mail server rejects the message because that user does not exist at that domain, the Barracuda Spam Firewall, will send a similar SMTP block message to the sending mail server, rejecting the message. These messages will appear as having been blocked for reason of Invalid Recipient on the Basic > Message Log page of the Barracuda Spam Firewall's web interface.

  2. LDAP/Active Directory Verification (models 300 and above)

    If you have an LDAP or Active Directory server, you can configure the Barracuda Spam Firewall to connect to that directory server and verify the recipient email addresses of incoming mail with that LDAP or Active Directory server. LDAP/Active Directory verification is usually faster than SMTP verification, and enabling it will automatically disable SMTP verification. For more information on configuring LDAP/Active Directory on the Barracuda Spam Firewall, see Solution #00002192 and Solution #00001330.

    LDAP/Active Directory verification works by querying the directory server with the account provided to see whether the recipient exists for that particular domain. If that user does exist, the Barracuda Spam Firewall will receive the message and hand it off to the next defense layer. If that user is not present on the directory server, the Barracuda Spam Firewall will block that message at the SMTP level.

  3. The Valid Recipients List (firmware versions 3.5.11 and above)

    New to firmware version 3.5.11, the Valid Recipients list allows you to specify a local list of valid recipients for each of your domains on the Barracuda Spam  Firewall. This means that the Barracuda Spam Firewall will not make any connections to external devices to verify any of the users listed on the Valid Recipients list. This feature is useful if you do not have any other means of recipient verification, or if your LDAP or Active Directory server will only properly verify a portion of your users.

    You can configure the Valid Recipients list to work with either SMTP or LDAP/Active Directory verification, or you can restrict valid users to only those present on the list. For more information on configuring the Valid Recipients list, see Solution #00003395.
Additional Notes:
When testing recipients over SMTP with the destination mail server (before sending the recipient address for verification), the Barracuda Spam Firewall will, by default, use the sender address postmaster@barracudanetworks.com. If your mail server is configured to block mail addressed to invalid recipients, and recipient verification is not working, you may need to whitelist this address on your mail server. Alternatively, if you need to change this address, you'll need to go to the Advanced > Expert Variables page to set the Recipient Verification From Address option to anything that you know your mail server will allow. The Barracuda Spam Firewall should now use this sender address when verifying recipient addresses over SMTP.

For notes on configuring a Microsoft Exchange 2003 server to work with the SMTP verification feature on the Barracuda Spam Firewall, see Solution #00002976.

Link to This Page:
https://campus.barracuda.com/solution/50160000000HHbbAAG