?barracuda? Listing In Logwatch Session 123 Of User Root.

Home » CentOS » ?barracuda? Listing In Logwatch Session 123 Of User Root.
CentOS 8 Comments

My nightly logwatch report had a never before seen section last night, “barracuda spam firewall”.

I have not problem with the emails it noted as being rejected. But I’ve always thought of “barracuda”
as a commercial product.

I have neither configured nor enabled any barracuda software and “yum list ‘*barrac*'” comes up empty.

What is this?


8 thoughts on - ?barracuda? Listing In Logwatch Session 123 Of User Root.

  • –etajocclTCDaKDibqHe4LUBa9GgXBABp3
    Content-Type: text/plain; charset=windows-1252
    Content-Transfer-Encoding: quoted-printable

    Well, Barracuda Spam Firewall is a hardware device that filters spam and can be setup to log things to a syslog server.

    Do you have one in your infrastructure?


  • Maybe it is your server that had been “barracuded”?

    I personally hate “barracuda”. The way that company operates is this: they have their proprietary software running on clients. Which allegedly analyses incoming mail (no one can be sure he/she knows what proprietary software does, and there was no documentation when I needed to take a look into it). If percentage of spam from particular IP exceeds threshold, then that IP is added to database on some barracuda central server, and all their client’s servers will reject mail from that IP. You are barracuded!
    The stupidity of this approach is exemplified by the following quite real scenario. Which was my own server’s barracuda related incident:

    Your server accepts all mail, analyzes it for spam, labels spam as such, and upon delivery to user spam is sorted into Junk folder (if user decided to). But all mail arrived for user is delivered into that user’s account:
    everybody is entitled so see everything sent to his/her account. Now, one of the users moves on to new institution, and [as UNIX mail servers were doing forever] he sets forwarding mail to new place. While he was here he managed to get his account to multitude of spammers databases. All is getting forwarded for him, including what has been analyzed as spam – it is user’s choice what to do with it, and can only be done in our case on destination server.

    As you already guessed, our server got “barracuded”, and it happened a day before grant submission deadline (grants with that institution that uses barracuda). Of course, sysadmins upon my phone call “unbarracuded” us on their side. However, ever since I have an exemption: I never let mail forwarded from my servers to domains using brain dead (IMHO) barracuda way of fighting spam. And my attitude will never change, even if they changed the way they do it.

    Good luck figuring it out. Incidentally, relevant portion of mail log posted on this mail list may shed some light on your situation.


    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247

  • C7.2, postfix, amavisd, spamassassin, clamav.

    There were 3 pairs of entries:

    ——————— barracuda spam firewall Begin ———————-