|
Info Tech
Managing Spam with
Barracuda
|
Teller County
Information Technology
Technical Bulletin
Rev. 24 January 2007 |
Teller County subscribes to a service from
Tangent that uses the Barracuda email filtering engine to protect all of our
incoming email. This system sits between our local network and the outside
world, and examines every email message coming into
co.teller.co.us from the Internet. Some messages are discarded by
Barracuda as spam, and you will never see them.
Others are delivered to your inbox with special codes in the subject line to
call your attention to the fact that they might be junk mail. All
Teller County hosted email accounts are included in
this service.
In addition to basic filtering services, Barracuda also offers to users an
additional set of spam mail management tools. In
order to take advantage of these tools you need to set up a Barracude account,
as desribed in this document. This system addresses the reality that no single
filter configuration meets everyone's needs: for some users the default setup
is too rigid, blocking some legitimate email, while for other users it is too
permissive, allowing some spam and viruses to get through. With the help of a
Barracuda account you can fine-tune the filter engine to suit your personal
preferences. The purpose of this document is to guide you through the
configuration and use of this service.
In general terms, the Barracuda service evaluates incoming messages and
applies a series of tests to classify each message according to its likelihood
of being spam or carrying a virus. There are four possible categories:
- Messages that are clearly neither spam or virus-bearing are delivered
directly to your inbox.
- Messages that have some of the characteristics of spam but which may be
legitimate are marked in the subject line with the tag
[BULK] so that you can make a decision about how to handle them.
Messages from organizations, businesses, and mailing lists often fall into
this category.
- Messages that have objectionable content, attachments that might contain
viruses, or which match known spam content are marked in
the subject line with the tag [QUAR]. You have the option
of having these suspicious messages held on the Barracuda
server for your review or you can direct them to a
designated folder in your Outlook mailbox for your review.
- Messages that are clearly spam or virus-bearing are discarded before you
see them.
At the simplest level you can use your email program just as you have
always used it. Barracuda will strip out obvious spam and deliver the
remaining messages to your inbox. You will however notice one major
difference: some of the messages arriving in your inbox will bear the labels
[BULK] or [QUAR] in the subject line. These labels are there as a warning to
help you determine what needs to be done with those messages: read them,
delete them, store them in a separate folder, etc. You will need to be
cautious, particularly with messages marked [QUAR], since there is a small
probability that they could contain viruses.
This basic approach requires minimal time and effort on your part. The
downside is that when used at this level you're agreeing to accept Barracuda's
judgment as final, which means some unwanted messages may get through while
other desirable ones may get blocked, or at least labeled. If this isn't good
enough, you can take advantage of Barracuda's customization tools by setting
up an individual user account. Setting up and using that account is the
subject of the remainder of this document.
Setting up a Tangent/Barracuda user account
All Teller County email users have access to the
personal account management system that runs on Tangent's servers. To make use
of this system you must initialize your account. Follow these steps:
- Submit an account request from the Tangent/Barracuda web site.
All holders of Teller County hosted email accounts
can establish a Barracuda user account. Tangent provides a quick setup box
from their home page at
http://tcnoc.com. Click the Client Login link near the top of the page
to display the login panel illustrated below. If you have not yet
established a Barracuda account, you can create one by entering your
official Teller County email address (in the form
username@co.teller.co.us) and your choice of
password. Enter the password twice to confirm it, and then click
create.
- Log in to your account. After a submitting your
request, the system will take you to another page where you will be able to
log in using your new account. See the next section for more information on
configuring and using your account. After the
creation of you account, go to
http://ms16.tcnoc.com to
log on to your account (please make this link one of your favorites in order
for ease of access to your Barracuda account)
- Creating a new password. If you forget your password,
you can create a new one from the web page
http://ms16.tcnoc.com using the form displayed
below. Just enter your username, which is your regular
Teller County email address, and click Create New Password.
Your password will be sent to you in the form of an email message, which you
can use to log in to your account. (Note that you can also use this form to
set up a new account).
Setting your preferences
Once you have a valid Barracuda account you can log in from the screen
illustrated above to access your account settings. Initially there are some
basic preferences to set. All of these are available from the
Preferences tab. When the Preferences page appears, the default view
will show you the Security page, with the other options displayed as a row of
links.
Change password
You can use this form at any time to change your password. Click the
Password tab under Preferences to display the form shown
above. Fill in the fields and then click the Save Password
button to activate your changes. You will at this point be sent back to the
login page, where you will be able to log in again with your new password. If
at any time you happen to forget your new password, use the Create New
Password option on the login screen to get a reminder, as described above.
Quarantine Settings
Under the Quarantine Settings tab of the Preferences
section you can configure the way the Quarantine service operates. In the top
part of this form you have the opportunity to turn the quarantine service off
and on. If you select "Yes" for Enable Quarantine, then all messages that
would otherwise show up as [QUAR] in your inbox will instead be stored on this
server. This means that your regular inbox will not be clogged up with dubious
email messages, but it also means that you'll have to go to the Barracuda
server to act on quarantined messages. Click Save Changes
after you have made your choice.
Teller County I.T.
does not suggest enabling the quarantine function because you will have more
management overhead due to having to check your email in two separate
locations; your Outlook Inbox as well as your Barracuda account folder.
Rather we suggest creating a new folder in your Outlook mailbox named "QUAR/BLOCK",
for example, and creating a rule using the Outlook Rules Wizard to move all
the messages tagged [QUAR] or [BULK] to that folder. At that point
you can review all the emails that go into this folder and then log onto your
Barracuda account and white list or black list the email address or domains of
the sender as you see fit. If you choose to white list an email address
or domain any future emails from this sender will go directly to your Outlook
Inbox without the [QUAR] or [BULK] tag (unless they contain a virus or they
truly are known spam, in which case the email will be blocked). If you
black list an email address or domain, any future emails from that sender will
be blocked and never get to your Outlook Inbox. Accordingly, if you
manage your emails in this manner less and less emails tagged [QUAR] or [BULK]
will be sent to you.
If you have enabled the Quarantine service, messages that are labeled [QUAR]
will accumulate in your account on the Barracuda server, and sooner or later
you will want to review them. It's easy to forget to do this chore, and as a
result you may miss seeing important messages. Fortunately there is an
alternative. You can use the lower part of the Quarantine Settings page to
tell the system to send you regular email reports summarizing the contents of
your Quarantine box either daily or weekly. These notifications are graphic
email messages that looks very much like the Quarantine Inbox that you see
when you log into the Barracuda server. If you have more than one email
account and would prefer that your quarantine notifications go to a different
address, enter that address in the box provided. Click Save Changes
to record your settings.
Below is an example of a notification as it appears in your email inbox.
This is actually an interactive message: in most email clients clicking on a
link in the Actions column will open your browser and take you to directly to
the Quarantine Inbox display on the server without requiring a login. See
below for details on managing quarantined messages.
Spam Settings
On the Spam Settings tab of the Preferences section you can enable or
disable the spam filter. "Yes" is the default, and is the recommended option.
If you set this to "No" then you will not be protected by Barracuda. Click
Save Changes to record your settings.
Whitelist/Blacklist
Filtering spam is always an imperfect process, and in some ways a matter of
judgment and personal preference. Barracuda applies a set of standardized spam
tests, but if those tests are not producing the results you want you can use
this section of the Preferences section to modify how they are applied. You
have two choices. The Whitelist option allows you to
designate senders that you trust and whose messages you do not want to be
labeled as spam. Just enter the address of the sender and click Add.
Note that the whitelist option only applies to messages that have a
medium-probability spam rating. High probably spam and virus bearing messages
will not be delivered even if the sender's address is whitelisted.
The Blacklist option is just the opposite. Addresses
entered here will be blocked even if they do not register as spam to the
Barracuda engine. You can use this feature to make sure that you will receive
messages from certain favored senders, to block messages from unwanted
mailers, and more generally to reduce the number of items that arrive marked
as [QUAR] or [BULK], which will in turn cut down the amount of time you have
to spend on maintenance.
Note that you can enter either a fully qualified email address in these
tables, which will act only on the messages of a particular sender, or just a
domain name (everything after the @ sign in an email address), which will
affect the messages from all senders at that domain. See below for examples of
both types of entry. To remove an item from either list, click the trash can
icon next to its entry.
Managing Quarantined Mail
The Quarantine Inbox is your personal display on the Barracuda server of
any quarantined mail that has been saved for your review. Here's a screen shot
of a section this page listing the messages currently under quarantine.
The system assigns messages to the Quarantine category that have a high
likelihood of being unsolicited or unwanted mail. But because these messages
are quarantined rather than simply discarded, you have the opportunity to make
decisions about how to handle them.
Near the top of this screen are several controls that affect the display.
The Refresh button is like a browser's refresh or reload button, updating the
display to show the current state of the system. The Filter feature lets you
limit the display to specific items, and at the right (not visible on the
screen shot above) there are left and right arrow controls that page the
display forward and backwards if there are too many entries for a single page.
Below those controls is a row of five buttons that define various actions
that can be applied to messages. You can select one or more messages as
targets of the action by clicking the checkbox to left of each entry, or you
can click the checkbox at the top of the column (next to the Date label) to
select the entire group. The first three actions are fairly straightforward:
 | Deliver -- sends the selected message(s) on to your
regular Teller County Outlook inbox (this may take
several minutes). |
| Whitelist -- automatically adds the sender's
information to your whitelist. |
| Delete -- discards the selected message(s). |
These three functions are also available as links in the Actions column for
each entry -- you can use these to apply the action to single messages.
It's important to note that the "Deliver" and "Delete" options affect only
the current message, not any future messages with the same profile. For
example, choosing to have a quarantined message from a particular source
delivered will do nothing to change the fact that the next message from that
source will probably get quarantined as well, and by the same token deleting a
specific message won't stop the next message that comes in from that sender.
This just means more work for you. Fortunately there's a better way: taking
advantage of Barracuda's ability to learn by example.
Normally the Barracuda filter applies a series of global tests and each
tested message receives a cumulative score that determines how the message
will be classified. These tests are reasonable approximations of what most
users want, but there is a large gray area in between "spam" and "not spam"
and you may find that you don't always agree with Barracuda's decisions. The
solution to this problem is to feed Barracuda examples of messages you
consider to be spam and messages you consider to be valid. This is the purpose
of the other two action buttons on this screen:
| Classify as Not Spam -- submits the selected message to
the filter engine, which in turn uses its features to classify future
similar messages as valid email. |
| Classify as Spam -- submits the selected message to the
filter engine, which in turn uses its features to classify future messages
as spam. These messages are then deleted from your quarantine box. |
This is a dynamic system that in effect learns your preferences over time.
The more examples you present to the system, the more accurate its tests will
become and the number of messages appearing in the Quarantine Inbox will go
down. It's important to note that this is not a binary, yes/no decision making
process. It is instead "fuzzy" and constantly changing, and whether an
individual message is ultimately labeled as [BULK] or [QUAR] is a function not
of any single test but the cumulative effect of all the tests. What Barracuda
is giving you with these tools is a way to influence the criteria used when
these tests are applied. As the system learns your needs it will become, from
your perspective, "smarter" and will require less of your time and attention.
|