Jon LaBadie
2016-Jul-20 03:06 UTC
[CentOS] ?barracuda? listing in logwatch session 123 of user root.
My nightly logwatch report had a never before seen section last night, "barracuda spam firewall". I have not problem with the emails it noted as being rejected. But I've always thought of "barracuda" as a commercial product. I have neither configured nor enabled any barracuda software and "yum list '*barrac*'" comes up empty. What is this? Jon -- Jon H. LaBadie jon at jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
Always Learning
2016-Jul-20 15:14 UTC
[CentOS] ?barracuda? listing in logwatch session 123 of user root.
On Tue, 2016-07-19 at 23:06 -0400, Jon LaBadie wrote:> My nightly logwatch report had a never before seen > section last night, "barracuda spam firewall".Is this a C7 issue, as opposed to C5 or C6 matter ? Was the section empty or populated with entries ? -- Regards, Paul. England, EU. England's place is in the European Union.
Johnny Hughes
2016-Jul-20 15:22 UTC
[CentOS] ?barracuda? listing in logwatch session 123 of user root.
On 07/19/2016 10:06 PM, Jon LaBadie wrote:> My nightly logwatch report had a never before seen > section last night, "barracuda spam firewall". > > I have not problem with the emails it noted as > being rejected. But I've always thought of "barracuda" > as a commercial product. > > I have neither configured nor enabled any barracuda > software and "yum list '*barrac*'" comes up empty. > > What is this?Well, Barracuda Spam Firewall is a hardware device that filters spam and can be setup to log things to a syslog server. Do you have one in your infrastructure? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20160720/72bb188d/attachment-0001.sig>
Valeri Galtsev
2016-Jul-20 15:24 UTC
[CentOS] ?barracuda? listing in logwatch session 123 of user root.
On Tue, July 19, 2016 10:06 pm, Jon LaBadie wrote:> My nightly logwatch report had a never before seen > section last night, "barracuda spam firewall". > > I have not problem with the emails it noted as > being rejected. But I've always thought of "barracuda" > as a commercial product.Maybe it is your server that had been "barracuded"? <rant> I personally hate "barracuda". The way that company operates is this: they have their proprietary software running on clients. Which allegedly analyses incoming mail (no one can be sure he/she knows what proprietary software does, and there was no documentation when I needed to take a look into it). If percentage of spam from particular IP exceeds threshold, then that IP is added to database on some barracuda central server, and all their client's servers will reject mail from that IP. You are barracuded! The stupidity of this approach is exemplified by the following quite real scenario. Which was my own server's barracuda related incident: Your server accepts all mail, analyzes it for spam, labels spam as such, and upon delivery to user spam is sorted into Junk folder (if user decided to). But all mail arrived for user is delivered into that user's account: everybody is entitled so see everything sent to his/her account. Now, one of the users moves on to new institution, and [as UNIX mail servers were doing forever] he sets forwarding mail to new place. While he was here he managed to get his account to multitude of spammers databases. All is getting forwarded for him, including what has been analyzed as spam - it is user's choice what to do with it, and can only be done in our case on destination server. As you already guessed, our server got "barracuded", and it happened a day before grant submission deadline (grants with that institution that uses barracuda). Of course, sysadmins upon my phone call "unbarracuded" us on their side. However, ever since I have an exemption: I never let mail forwarded from my servers to domains using brain dead (IMHO) barracuda way of fighting spam. And my attitude will never change, even if they changed the way they do it. </rant> Good luck figuring it out. Incidentally, relevant portion of mail log posted on this mail list may shed some light on your situation. Valeri> > I have neither configured nor enabled any barracuda > software and "yum list '*barrac*'" comes up empty. > > What is this? > > Jon > -- > Jon H. LaBadie jon at jgcomp.com > 11226 South Shore Rd. (703) 787-0688 (H) > Reston, VA 20190 (703) 935-6720 (C) > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Jon LaBadie
2016-Jul-21 05:57 UTC
[CentOS] ?barracuda? listing in logwatch session 123 of user root.
On Wed, Jul 20, 2016 at 04:14:36PM +0100, Always Learning wrote:> > On Tue, 2016-07-19 at 23:06 -0400, Jon LaBadie wrote: > > > My nightly logwatch report had a never before seen > > section last night, "barracuda spam firewall". > > Is this a C7 issue, as opposed to C5 or C6 matter ? >C7.2, postfix, amavisd, spamassassin, clamav.> Was the section empty or populated with entries ?There were 3 pairs of entries: --------------------- barracuda spam firewall Begin ------------------------ **Unmatched Entries** Jul 18 10:16:52 mums amavis[4557]: (04557-16) (!)wxxeqBJaeOLR(cxRyepkC7qq6) \ SEND from <> -> <reception025 at jgcomp.com>, \ ENVID=AM.wxxeqBJaeOLR.20160718T141652Z at mums.jgcomp.com BODY=7BIT 550 5.1.1 \ from MTA(smtp:[127.0.0.1]:10025): 550 5.1.1 <reception025 at jgcomp.com>: \ Recipient address rejected: User unknown in local recipient table Jul 18 10:16:52 mums amavis[4557]: (04557-16) (!)NOTICE: UNABLE TO SEND DSN \ to <reception025 at jgcomp.com>: 550 5.1.1 from MTA(smtp:[127.0.0.1]:10025): \ 550 5.1.1 <reception025 at jgcomp.com>: Recipient address rejected: \ User unknown in local recipient table [ snipped two more pairs for other messages, identical format ] ---------------------- barracuda spam firewall End ------------------------- Scanning two months worth of maillogs, these three entries are the only ones with "ENVID=AM" and "UNABLE TO SEND DSN". There were lots of 550 errors (unknown local recipient) but their logfile entries did not contain the ENVID and DSN comments. Jon -- Jon H. LaBadie jon at jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
Jon LaBadie
2016-Jul-21 05:59 UTC
[CentOS] ?barracuda? listing in logwatch session 123 of user root.
On Wed, Jul 20, 2016 at 10:22:59AM -0500, Johnny Hughes wrote:> On 07/19/2016 10:06 PM, Jon LaBadie wrote: > > My nightly logwatch report had a never before seen > > section last night, "barracuda spam firewall". > > > > I have not problem with the emails it noted as > > being rejected. But I've always thought of "barracuda" > > as a commercial product. > > > > I have neither configured nor enabled any barracuda > > software and "yum list '*barrac*'" comes up empty. > > > > What is this? > > Well, Barracuda Spam Firewall is a hardware device that filters spam and > can be setup to log things to a syslog server. > > Do you have one in your infrastructure?This is a home network. Maybe my wife snuck one in ;) jl -- Jon H. LaBadie jon at jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
Jon LaBadie
2016-Jul-21 06:01 UTC
[CentOS] ?barracuda? listing in logwatch session 123 of user root.
On Wed, Jul 20, 2016 at 10:24:19AM -0500, Valeri Galtsev wrote:> > On Tue, July 19, 2016 10:06 pm, Jon LaBadie wrote: > > My nightly logwatch report had a never before seen > > section last night, "barracuda spam firewall". > > > > I have not problem with the emails it noted as > > being rejected. But I've always thought of "barracuda" > > as a commercial product. > > Maybe it is your server that had been "barracuded"? >Its my own server. Inbound email comes direct to the server. jl -- Jon H. LaBadie jon at jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
Mark Milhollan
2016-Jul-22 16:31 UTC
[CentOS] ?barracuda? listing in logwatch session 123 of user root.
On Tue, 19 Jul 2016, Jon LaBadie wrote:>My nightly logwatch report had a never before seen >section last night, "barracuda spam firewall". > >I have not problem with the emails it noted as >being rejected. But I've always thought of "barracuda" >as a commercial product. > >I have neither configured nor enabled any barracuda >software and "yum list '*barrac*'" comes up empty. > >What is this?AIUI they provide a public blacklist, which is used by SpamAssassin and probably others. <http://multirbl.valli.org/detail/bb.barracudacentral.org.html> /mark
m.roth at 5-cent.us
2016-Jul-22 16:39 UTC
[CentOS] ?barracuda? listing in logwatch session 123 of user root.
Mark Milhollan wrote:> On Tue, 19 Jul 2016, Jon LaBadie wrote: > >>My nightly logwatch report had a never before seen >>section last night, "barracuda spam firewall". >> >>I have not problem with the emails it noted as >>being rejected. But I've always thought of "barracuda" >>as a commercial product. >> >>I have neither configured nor enabled any barracuda >>software and "yum list '*barrac*'" comes up empty. >> >>What is this? > > AIUI they provide a public blacklist, which is used by SpamAssassin and > probably others. > <http://multirbl.valli.org/detail/bb.barracudacentral.org.html> >Yeah. Just like nixspam/manitu mark