All Email Security Gateways, all firmware versions.
Preliminary note: If you have a web-filter it is important that you exempt the IP of your Email Security Gateway from any web filtering. It gets updates and investigates urls via the web which often fail if web filtering is in place.
To initially set up your Email Security Gateway, please follow these steps:
- Plug a keyboard and monitor to the unit
- Turn on the unit
- Login as User: admin, Password: admin
- Go to CHANGE and complete IP Configuration, Configure the IP Address, Subnet Mask, Default Gateway, Primary and Secondary DNS servers, as appropriate for your network.
- Save your changes
Login to Web Interface
In your Web browser?s address bar, enter http:// followed by the Barracuda?s IP address, followed by the default Web Interface HTTP Port (:8000).
For example, if you configured the Barracuda with an IP address of 192.168.200.200, you would type: http://192.168.200.200:8000
Log in to the Email Security Gateway Web interface as the administrator: Username: admin Password: admin
Go to the Basic > IP Configuration page and perform the following:
- Verify that the IP Address, Subnet Mask, and Default Gateway are correct.
- Enter the Server Name/IP of your destination email server where you want the Barracuda to deliver mail. For example, type: mail.<yourdomainname>.com
- Verify that the Primary and Secondary DNS Server are correct
- Enter Default Hostname and Default Domain. This is the name that will be associated with bounced messages. For example, enter barracuda as the Default Hostname and <yourdomain.com> as the Default Domain.
Note: Make sure to enter all above information and then save changes, missing any of above settings will not let you to save changes
Under Allowed Email Recipient Domain(s), enter each domain for which the Barracuda will receive email. Click Add after each domain entry. Note: The Barracuda will reject all incoming email addressed to domains not specified here.
MODEL 100 ONLY
Go to the Users page and perform at least one of the following:
- Enter the email address(s) on which the Barracuda is to perform spam and virus scanning under User Configuration, one entry per line.
- To have email addresses automatically added to the Barracuda as mail arrives, make sure the Enable User Addition option is turned on otherwise you need to add all existing users manually.
Note: If no users are specified AND the Enable User Addition option is set to No, then no scanning of ANY incoming email will be performed.
Adding/checking Domains and Destination Servers
Go to Domains > Advanced Domain Configuration. This page is used to add and edit domain settings. Click Add Domain to add an entry for a new domain. Any domain added in this manner will use the default settings (from Basic > IP Configuration) for new domains until Edit Domain is performed on that domain. Once a domain has been added, it can be edited or removed using the links provided in the display area.
Set up LDAP (Recipient Verification)
The LDAP setting used for each domain is under:
Firmware 3.5.x.x and below: Domains > Advanced Domain Configuration > Edit LDAP
Firmware 4.0.x.x and above: Domains > Manage Domain > Users > LDAP Configuration
To set up LDAP please refer to Solution #00002192.
Verify that the Energize Updates feature is activated on your Barracuda by going to Basic > Status. Under Subscription Status, make sure the Energize Updates subscription is Current. If the Energize Updates is Not Activated, click the corresponding activation link to go to the Barracuda Networks Product Activation page and complete activation of your subscriptions.
Change the Administrator Password
To avoid unauthorized use, we recommend you change the default administrator password to a more secure password. You can only change the administrator password for the Web interface. You cannot change the password for the Administrative Console, but this is only accessible via the keyboard which you can disconnect at any time.
1. Go to Basic > Administration and enter your old and new passwords.
2. Click on Save Password.
The IP addresses/networks added under Basic > Administration, are allowed to access the Web-based configuration interface for the Email Security Gateway. Enter a Netmask of 255.255.255.255 to specify an individual IP (instead of an entire network).
Note: All systems are granted access with the correct password if no administrative IP addresses or networks are specified.
Update the Firmware
You can update your firmware in Advanced > Firmware Update. Please refer to the following solutions for more information on firmware updates.
Steps to update the firmware: Solution #00003989.
If you have one or more units clustered, please go to Solution #00002354.
Route Inbound Email to the Email Security Gateway
To take advantage of the spam and virus filtering features of the Email Security Gateway, you must route all incoming email to the Barracuda.
Note: Email Security Gateway will only filter SMTP traffic on port 25. If you have users using Webmail, that traffic should bypass Email Security Gateway and be sent to your mail server from your firewall.
There are two common options for routing email to the Email Security Gateway:
Change the port forwarding settings on your corporate firewall to route incoming email to your Email Security Gateway. To do this, modify your corporate firewall port settings as required. For instructions, see your firewall documentation or administrator.
Create a DNS entry for your Email Security Gateway and change your DNS MX record to route incoming email to the Barracuda. Typically, this is done on your DNS server or through your DNS service.
Example: DNS Entry for Email Security Gateway
barracuda.barracudanetworks.com IN A 220.127.116.11
Example: Modified MX Record
IN MX 10 barracuda.barracudanetworks.com
Although DNS programs and services vary, your new DNS and MX entries should resemble the examples above. The above example shows a priority of 10, for illustration only. Note: Some DNS servers cache information for up to 7 days, so it may take time for your email to be routed to the new MX record.
Route Outbound Email to the Email Security Gateway
To take advantage of the spam and virus filtering features of the Email Security Gateway, you can route all outgoing email to the Barracuda.
This can be done in two ways:
Full Inbound (Hybrid mode): in this mode you can set up the unit as Full Inbound (which is the default mode) and also relay outbound traffic through the unit at the same time, to set up outbound relay please go to Solution #00002087.
Full Outbound mode: Available only in 3.5.x and earlier firmware versions, this mode scans all outgoing messages (from your users) for viruses and spam probability. This mode ensures email leaving your network is virus-free and legitimate.
To change from Inbound to Outbound operation mode you can go to Basic > Administration > Operating Mode.
Warning: When switching from Inbound mode to Outbound mode and back, ALL message log data and quarantined messages will be REMOVED. All configuration options should also be re-verified.
Note: Do not try to route outgoing email through the Email Security Gateway unless you have configured Relay operation or are using the Email Security Gateway in Outbound Mode. We recommend turning off all spam controls on your email server in order to eliminate potential conflicts.
Tuning your Spam Controls
Initially, your Email Security Gateway is configured to Tag most spam. The subject line of the spam messages will be prepended with the word [BULK]. This allows user configuration of email client programs to put the messages into a separate folder. You can adjust the aggressiveness of the spam scoring algorithm at any time. These changes can easily be made on the Basic > Spam Scoring page. We recommend using an initial configuration that does only tagging. After you have some familiarity and see how email is being tagged you can adjust the configuration to suit your needs.
Link to this Page: