"Blocked: Rate Control"

The Barracuda Spam Firewall's Rate Control feature protects the system from spammers or spam-programs (also known as "spam-bots") that send large amounts of email to the server in a small amount of time. It also protects us against "mail bomb" attacks.

The rate control mechanism counts the number of connections to the Spam Firewall in a half hour period. The threshold set is the maximum number of connections from the same IP address in this half-hour timeframe. If the number goes over the threshold the Spam Firewall will temporarily block further connections/messages until the next timeframe. If the sender continues to make connections during this period, and exceeds double the configured threshold, the Spam Firewall will permanently reject connections until the next timeframe.

Well-behaving email servers will act on the temporary reject message and inform the sender or sending mail server to try again later. Most spam senders will not do anything with this message and they, or their automated programs, will often trigger the permanent block.

This number can also be used to reduce the rate of incoming email if the Barracuda has started to get behind. Set the rate control number to 5 or less. As stated above legitimate email servers will queue up the good mail and try again later. While temporary decrease is in affect, monitor the message log for email blocked due to 'Rate Control'. Look at the source IP of that message and set the filter in the message log to filter all messages based on that source IP. If all the messages that are not blocked by rate control with that source IP were non-legitimate, then the temporary decrease is not causing any legitimate mail loss. If however the filtered list does contain legitimate email from that source IP, that IP address can be placed in the Rate Control Exclude section and that source will no longer be subject to rate control. It is possible that the majority of legitimate email arrives only from a small number of IP addresses and rate control can be left at a lower-than-default level.

"Blocked: Bad Recipient"
The Barracuda Spam Firewall rejected the message because it was addresses to a non-Macalester address. This means a spammer was trying to send a message to a third party using our mail server. Misconfigured mail servers which allow this are known as "open relays" and are often abused by spammers. The Barracuda is configured to accept messages only for @macalester.edu addresses.

"Blocked: Spam"
The Barracuda Spam Firewall uses some public RBLs (Realtime Blackhole List -- a list of identified spammers) such as SpamHaus.org. But more effectively, all customer-owned Barracuda systems automatically send messages which customers have identified as spam back to the company. They aggregate the data and push it back out to each customer. This provides a very up-to-date and thorough list of current spammers. Messages from senders on this list are discarded.

"Blocked: Virus "
The Barracuda Spam Firewall runs anti-virus software which scans all incoming email for viruses. Any messages with a virus are discarded. Also, any message with an attached file with one of the following extensions is also automatically discarded: .exe, .com, .bat, .pif, .scr, .cmd. (These are all executable program files and are how many viruses are transmitted via e-mail.)

"Quarantine"
The Barracuda Spam Firewall has a quarantine feature to hold messages it thinks may be spam. Any user with held messages in quarantine is automatically notified (on a daily basis) if they have any quarantined messages to review. The Barracuda is currently configured to not quarantine any messages, but to tag and deliver them instead.

"Allowed: Tagged"
The Barracuda Spam Firewall will tag and deliver any messages it thinks may be spam, but isn't absolutely certain about. It will prepend "[SPAM]" to the subject of any such messages.

"Allowed"
The Barracuda Spam Firewall delivers messages it doesn't think are spam.