Jump to content


Photo

Forcing Deferred e-mails to be blocked by Firewall not Antispam

Deferred messages firewall

  • Please log in to reply
No replies to this topic

#1 opjose

opjose
  • Members
  • 252 posts
  • LocationWashington D.C. Area

Posted 08 August 2018 - 01:15 PM

We have both Barracuda Firewalls and Anti-spam systems.

 

It would be REALLY nice if the anti-spam system could talk to the firewall and tell it when it sees incoming deferred messages that exceed a threshold.

 

A firewall rule should have the originating IP blocked.

 

Often e-mail authentication is used to verify password hack attempts.

 

I frequently manually block IP's subnets on my firewalls that I see originating thousands of deferred bogus authentication attempts.

 

My threshold is in the thousands to catch only those with malicious intent.

 

I block ALL firewall traffic from those IP's.

 

The systems could do this automatically.

 

This interaction creates a "feature" requiring both systems be from Barracuda... more sales?

 

BTW: Since I even have authenticated relaying turned off, the anti-spam system is acting as a "honeypot" catching hack attempts on our network(s).

Blocking the originating IP range makes our systems "disappear" to them.