You must have a Barracuda Cloud Control account before you can connect the Barracuda Email Security Service to Barracuda Cloud Control.
- Go to https://login.barracudanetworks.com/ and enter your Barracuda Cloud Control credentials. If you do not have an account:
- Click Create a User.
Enter your name, email address, and company name, and specify whether this is a partner account. Click Create User.
- Follow the instructions emailed to the entered email account to log in and create your Barracuda Cloud Control account.
- After submitting your new account information, the Account page displays your account name, associated privileges, and username.
- Click Email Security in the left pane, click Start Email Security setup, and follow the onscreen steps to get started.
Enter your credit card and billing information, and click Place Order. An email confirmation is sent to the address of record.
- Once the setup process is complete, click Launch Barracuda Cloud Control.
- You are redirected to Barracuda Cloud Control.
Step 1. Ensure Connectivity and Redundancy
- Open your firewall ports to allow the IP address ranges based on your Barracuda Email Security Service instance
- Where relevant, verify your network subnet is granted access in the ACL on your mail server (and LDAP server where applicable)
- Block all port 25 traffic except for that originating from the Barracuda Email Security Service IP address ranges based on your Barracuda Email Security Service instance
Step 2. Launch the Barracuda Email Security Service Setup Wizard
- In the login screen, enter your Barracuda Cloud Control credentials, and click Sign In.
- The Barracuda Email Security Service Dashboard displays. Click the Wizard link at the top of the page to use the setup wizard. Alternatively, you can click the Domains tab to use the web interface to manually configure domains and settings.
- In the Setup Wizard, click Get Started.
- In the Specify Primary Email Domain page, enter the primary email domain you want to filter, for example:
Click Next. In the Specify Email Servers page, enter the mail server hostname (FQDN) or IP address for the domain entered in the previous step, for example:
- Click Add. Enter an email address to test the server configuration, and click Test All Mail Servers.
- Once the mail server is verified, the Verified () icon displays in the status column and a confirmation message displays at the top of the page.
- Click Next. The Configure Settings page displays. Select from the following options:
- Virus Protection – Set to On to direct the Barracuda Email Security Service to detect and block viruses on inbound email.
- Spam Protection – Set to On to direct the Barracuda Email Security Service to evaluate inbound mail for spam based on a score assigned to each processed message. When set to Off inbound mail is not scanned for spam.
Spam Scoring – Set Spam Protection to On to enable Spam Scoring. Scoring ranges from 1 (definitely not spam) to 10 (definitely spam). Setting a score of '1' blocks most legitimate messages while setting a score of '10' allows more messages through the system. Based on this score the Barracuda Email Security Service blocks messages that appear to be spam and logs these messages in the user's Message Log with Score as the reason for the block.
Click Next. The Route Email Through Barracuda page displays.
To verify your domain, replace your current MX records with the Barracuda Email Security Service Primary and Backup MX records displayed on the page.
- If you only want to route your inbound mail through the Barracuda Email Security Service and not your outbound mail, select I do not want to route my e-mail through Barracuda at this time, and select the verification option:
- CNAME Records – To use the CNAME records method to verify the domain ownership:
Log in to your DNS Server and, under this domain, create a subdomain whose name is created by concatenating 'barracuda' and the CNAME token shown in the Route Email Through Barracuda page. For example:
Point the CNAME record of that subdomain to ess.barracuda.com
Click Confirm Validation in the Route Email Through Barracuda page.
Email to Technical Contact – This method sends a verification email to the technical contact email address, if it exists, listed on your domain's WHOIS entry.
Email to Postmaster – This method sends a verification email to the postmaster email address for your domain. The confirmation email includes a link that the recipient must click to verify the domain. Click Send Email.
- CNAME Records – To use the CNAME records method to verify the domain ownership:
Click Next, and click Next once again.
- On the Select Data Center Region page, select the data center for your locale, and click Get Started.
- Complete the wizard pages.
The Confirmation page displays. Confirm domain ownership, and click Done.
Step 3. Set Up User Accounts
You can add users manually or use LDAP authentication to automatically synchronize the Barracuda Email Security Service with your LDAP server.
Manually Add Users
- Go to Users > Add/Update Users.
- In the User Accounts field, enter each user email address for the domain on a separate line, and then select from the following options:
Enable User Quarantine – All emails for the user which meet the configured block policy go to the user's quarantine account.
- Notify New Users – When set to Yes, users receive a welcome email when the account is created.
- Click Save Changes. The users are added to the Users > Users List table where you can select from the following actions:
- Edit – Click to specify domains this user can manage.
- Reset – Click to send the user an email with instructions on how to reset their account password.
- Log in as this user – Click to view or change the user's settings (for example, quarantine notifications), view/manage the domains this user manages, and view/search/manage the user's Message Log.
- Delete – Click to remove the user account.
Automatically create user accounts for all users in the domain based on your LDAP directory.
- Click Domains, and click Edit in the Settings column for the desired domain.
- In the Domains > Domain Settings page, scroll to the Directory Services section, and enter your LDAP settings:
- LDAP Host – LDAP lookup server. If this setting is a hostname, and is contained in multiple A records, or multiple space-separated hosts are provided, then fail-over capabilities will be available if the Barracuda Email Security Service is unable to connect to one of the machines listed here.
- Port – Port used to connect to the LDAP service on the specified LDAP server. Typically port 389 is used for regular LDAP and LDAP using the STARTTLS mode for privacy. Port 636 is assigned to the LDAP over SSL/TLS (LDAPS) service.
- Use SSL (LDAPS) – By default, LDAP traffic is transmitted unsecured. Set to Yes to use Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology to make LDAP traffic confidential and secure.
- Bind DN/Username – Username used to connect to the LDAP service on the specified LDAP server. If of the form firstname.lastname@example.org, the username is transformed into a proper LDAP bind DN when accessing the LDAP server, for example, CN=accountname,CN=users,DC=domain,DC=com. Sometimes the default transformation does not generate a proper bind DN. In such cases, you must enter a fully formed and valid bind DN.
- Bind Password – Password used to connect to the LDAP service on the specified LDAP server.
- Base DN – Base DN directory. This is the starting search point in the LDAP tree. The default value looks up the defaultNamingContext top-level attribute and uses it as the search base. For example, if your domain is test.com and your Base DN is dc=test,dc=com.
- Authentication Filter – Filter used to look up an email address and determine if it is valid for this domain. The filter consists of a series of attributes that might contain the email address. If the email address is found in any of those attributes, then the account is valid and is allowed by the Barracuda Email Security Service.
- User Filter – Filter used to limit the accounts that the Barracuda Email Security Service creates when an LDAP query is made. For example, limit the LDAP synchronization to users in sub-domains using the mail= parameter, or synchronize user-objects in a specific organizational unit (OU) using the ou= parameter. Each type of LDAP server has specific query syntax, so consult the documentation for your LDAP server. See the Microsoft TechNet article LDAP Query Basics for LDAP query syntax and examples.
Example: The list of valid users in your directory server includes 'User1', 'User2', 'User3', 'BJones', 'RWong', and 'JDoe', and you create the User Filter (name=*User*). In this case, the service only creates accounts for 'User1', 'User2', and 'User3'.
- Custom User Filter – Set to Yes to limit newly synchronized email users and linked email users to this one domain.
- Mail Attributes – Attribute in your LDAP directory that contains the user's email address.
- Testing Email Address – Valid email address for use in testing LDAP settings. When left blank, LDAP settings are only tested for connection.
- Synchronize Automatically – Set to Yes to automatically synchronize your LDAP users to the Barracuda Email Security Service database on a regular basis for recipient verification. With Microsoft Exchange server, the synchronization is incremental. When set to No, you must click Synchronize Now at the top of the section to manually synchronize your LDAP users to the Barracuda Email Security Service database.
- Use LDAP for Authentication – Set to Yes to enable LDAP for user login authentication. Set to No if your LDAP server will be unavailable for a period of time.
- In the Advanced Configurations section, set Sender Rewriting Scheme (SRS) to On to direct the Barracuda Email Security Service to rewrite the Envelope FROM address of inbound messages so that they appear to come from Barracuda Networks rather than the original sender. This is useful if you are using a hosted email service that cannot turn off Sender Policy Framework (SPF) checking. For more information, see Sender Policy Framework.
- Click Save Changes.
Continue with Step 2 - Configure Outbound Mail Scanning.