All Barracuda Spam Firewalls, all firmware versions.
Preliminary note: If you have a web-filter it is important that you exempt the IP of your Barracuda Spam Firewall from any web filtering. It gets updates and investigates urls via the web which often fail if web filtering is in place.
To initially set up your Barracuda Spam Firewall, please follow these steps:
- Plug a keyboard and monitor to the unit
- Turn on the unit
- Login as User: admin, Password: admin
- Go to CHANGE and complete IP Configuration, Configure the IP Address, Subnet Mask, Default Gateway, Primary and Secondary DNS servers, as appropriate for your network.
- Save your changes
Login to Web Interface
In your Web browser’s address bar, enter http:// followed by the Barracuda’s IP address, followed by the default Web Interface HTTP Port (:8000).
For example, if you configured the Barracuda with an IP address of 192.168.200.200, you would type: http://192.168.200.200:8000
Log in to the Barracuda Spam Firewall Web interface as the administrator: Username: admin Password: admin
Go to the Basic >
IP Configuration page and perform the following:
- Verify that the IP Address, Subnet Mask, and Default Gateway are correct.
- Enter the Server Name/IP of your destination email server where you want the Barracuda to deliver mail. For example, type: mail.<yourdomainname>.com
- Verify that the Primary and Secondary DNS Server are correct
- Enter Default Hostname and Default Domain. This is the name that will be associated with bounced messages. For example, enter barracuda as the Default Hostname and <yourdomain.com> as the Default Domain.
Note: Make sure
to enter all above information and then save changes, missing any of above
settings will not let you to save changes
Under Allowed Email Recipient Domain(s), enter each domain for which the Barracuda will receive email. Click Add after each domain entry. Note: The Barracuda will reject all incoming email addressed to domains not specified here.
MODEL 100 ONLY
Go to the Users page and perform at least one of the following:
- Enter the email address(s) on which the Barracuda is to perform spam and virus scanning under User Configuration, one entry per line.
- To have email addresses automatically added to the Barracuda as mail arrives, make sure the Enable User Addition option is turned on otherwise you need to add all existing users manually.
Note: If no users
are specified AND the Enable User
Addition option is set to No,
then no scanning of ANY incoming email will be performed.
Adding/checking Domains and Destination Servers
Go to Domains > Advanced Domain Configuration. This page is used to add and edit domain settings. Click Add Domain to add an entry for a new domain. Any domain added in this manner will use the default settings (from Basic > IP Configuration) for new domains until Edit Domain is performed on that domain. Once a domain has been added, it can be edited or removed using the links provided in the display area.
Set up LDAP (Recipient Verification)
The LDAP setting used for each domain is under:
Firmware 3.5.x.x and below: Domains > Advanced Domain Configuration > Edit LDAP
Firmware 4.0.x.x and above: Domains > Manage Domain > Users > LDAP Configuration
To set up LDAP please refer to Solution #00002192.
Verify that the Energize Updates feature is activated on your Barracuda by going to Basic > Status. Under Subscription Status, make sure the Energize Updates subscription is Current. If the Energize Updates is Not Activated, click the corresponding activation link to go to the Barracuda Networks Product Activation page and complete activation of your subscriptions.
Change the Administrator Password
To avoid unauthorized use, we recommend you change the default administrator password to a more secure password. You can only change the administrator password for the Web interface. You cannot change the password for the Administrative Console, but this is only accessible via the keyboard which you can disconnect at any time.
1. Go to Basic > Administration and enter your old and new passwords.
2. Click on Save Password.
The IP addresses/networks added under Basic > Administration, are allowed to access the Web-based configuration interface for the Barracuda Spam & Virus Firewall. Enter a Netmask of 255.255.255.255 to specify an individual IP (instead of an entire network).
Note: All systems are granted access with the correct password if no administrative IP addresses or networks are specified.
Update the Firmware
You can update your firmware in Advanced > Firmware Update. Please refer to the following
solutions for more information on firmware updates.
Steps to update the firmware: Solution #00003989.
If you have one or more units clustered, please go to Solution #00002354.
Route Inbound Email to the Barracuda Spam Firewall
To take advantage of the spam and virus filtering features of the Barracuda Spam Firewall, you must route all incoming email to the Barracuda.
Spam Firewall will only filter SMTP traffic on port 25. If you have
users using Webmail, that traffic should bypass Barracuda Spam Firewall and be sent to your mail server from your firewall.
There are two common options for routing email to the Barracuda Spam Firewall:
Change the port forwarding settings on your corporate firewall to route incoming email to your Barracuda Spam & Virus Firewall. To do this, modify your corporate firewall port settings as required. For instructions, see your firewall documentation or administrator.
Create a DNS entry for your Barracuda Spam & Virus Firewall and change your DNS MX record to route incoming email to the Barracuda. Typically, this is done on your DNS server or through your DNS service.
Example: DNS Entry for Barracuda Spam & Virus Firewall
barracuda.barracudanetworks.com IN A 18.104.22.168
Example: Modified MX Record
IN MX 10 barracuda.barracudanetworks.com
Although DNS programs and services vary, your new DNS and MX
entries should resemble the examples above. The above example shows a priority
of 10, for illustration only. Note: Some DNS servers cache information for up
to 7 days, so it may take time for your email to be routed to the new MX
Route Outbound Email to the Barracuda Spam Firewall
To take advantage of the spam and virus filtering features of the Barracuda Spam Firewall, you can route all outgoing email to the Barracuda.
This can be done in two ways:
Full Inbound (Hybrid mode): in this mode you can set up the
unit as Full Inbound (which is the default mode) and also relay outbound
traffic through the unit at the same time, to set up outbound relay please go
to Solution #00002087.
Full Outbound mode: Available only in 3.5.x and earlier firmware versions, this mode scans all outgoing messages (from your users) for viruses and spam probability. This mode ensures email leaving your network is virus-free and legitimate.
To change from Inbound to Outbound operation mode you can go to Basic > Administration > Operating Mode.
Warning: When switching from Inbound mode to Outbound mode and back, ALL message log data and quarantined messages will be REMOVED. All configuration options should also be re-verified.
Note: Do not try to route outgoing email through the Barracuda Spam Firewall unless you have configured Relay operation or are using the Barracuda Spam Firewall in Outbound Mode. We recommend turning off all spam controls on your email server in order to eliminate potential conflicts.
Tuning your Spam Controls
Initially, your Barracuda Spam Firewall is configured to Tag most spam. The subject line of the spam messages will be prepended with the word [BULK]. This allows user configuration of email client programs to put the messages into a separate folder. You can adjust the aggressiveness of the spam scoring algorithm at any time. These changes can easily be made on the Basic > Spam Scoring page. We recommend using an initial configuration that does only tagging. After you have some familiarity and see how email is being tagged you can adjust the configuration to suit your needs.
Link to this Page: