[CentOS] ?barracuda? listing in logwatch session 123 of user root.

Wed Jul 20 15:24:19 UTC 2016
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Tue, July 19, 2016 10:06 pm, Jon LaBadie wrote:
> My nightly logwatch report had a never before seen
> section last night, "barracuda spam firewall".
> I have not problem with the emails it noted as
> being rejected.  But I've always thought of "barracuda"
> as a commercial product.

Maybe it is your server that had been "barracuded"?

I personally hate "barracuda". The way that company operates is this: they
have their proprietary software running on clients. Which allegedly
analyses incoming mail (no one can be sure he/she knows what proprietary
software does, and there was no documentation when I needed to take a look
into it). If percentage of spam from particular IP exceeds threshold, then
that IP is added to database on some barracuda central server, and all
their client's servers will reject mail from that IP. You are barracuded!
The stupidity of this approach is exemplified by the following quite real
scenario. Which was my own server's barracuda related incident:

Your server accepts all mail, analyzes it for spam, labels spam as such,
and upon delivery to user spam is sorted into Junk folder (if user decided
to). But all mail arrived for user is delivered into that user's account:
everybody is entitled so see everything sent to his/her account. Now, one
of the users moves on to new institution, and [as UNIX mail servers were
doing forever] he sets forwarding mail to new place. While he was here he
managed to get his account to multitude of spammers databases. All is
getting forwarded for him, including what has been analyzed as spam - it
is user's choice what to do with it, and can only be done in our case on
destination server.

As you already guessed, our server got "barracuded", and it happened a day
before grant submission deadline (grants with that institution that uses
barracuda). Of course, sysadmins upon my phone call "unbarracuded" us on
their side. However, ever since I have an exemption: I never let mail
forwarded from my servers to domains using brain dead (IMHO) barracuda way
of fighting spam. And my attitude will never change, even if they changed
the way they do it.

Good luck figuring it out. Incidentally, relevant portion of mail log
posted on this mail list may shed some light on your situation.


> I have neither configured nor enabled any barracuda
> software and "yum list '*barrac*'" comes up empty.
> What is this?
> Jon
> --
> Jon H. LaBadie                 jon at jgcomp.com
>  11226 South Shore Rd.          (703) 787-0688 (H)
>  Reston, VA  20190              (703) 935-6720 (C)
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247