[Owasp-leaders] Barracuda

Matt Tesauro matt.tesauro at owasp.org
Wed Jan 16 01:39:08 UTC 2019


TLDR:  Barracuda is a Anti-SPAM gateway upstream of lists.owasp.org.  It
occasionally has false positives - far less then 0.1% get mis-classified.
If you have an issue with Barracusa, the thing to do is put in a case
in "Contact
Us" <https://www.tfaforms.com/308703> with the info on the incorrectly
blocked email and we can make corrections.

If you don't like Mailman or how it's currently working, I'd remind you of
an item in the December Connector - we're actively looking to retire
Mailman in 2019 and suggesting current users mover over to Discourse
<https://discourse.owasp.org/>. The lists server is running on an EOS/EOL
OS with an EOS/EOL version of Mailman at a particularly expensive hosting
company in an highly "customized" (in a bad way) installation that was
never documented and has a very, very dated UI.  It's time for it to be
retired.  Replacing Mailman has been discussed for years see here
<https://www.owasp.org/index.php/About_Mailman_at_OWASP>.

In general, if you're not sure where to get help, we created a "Request
Help" <https://www.owasp.org/index.php/Request_help>  wiki page - just
search for "request" on any wiki page and it will be in the drop down.  If
there's a topic missing, feel free to suggest it via a case or just edit
that wiki page.  I currently have 800+ emails in my inbox, 0 open cases,
and 9 non-closed OSD requests.  Getting requests to the right channels
greatly improves response time.

Merging the multiple emails into one longer non-TLDR response:

> 1) Have others experienced the same (proper MUA setup and sending to any
lists hosted at lists.owasp.org)?

Yes others have experience false-positive/rejected legit emails. Barracuda
is a Anti-SPAM gateway and it's not perfect.  From time to time a small
percentage of emails are mis-classified as SPAM and held.  I logged into
Barracuda this AM and here's some numbers:

   - 6,467 messages were allowed (owasp-barracuda_2019-01-15.png)
   - 7,541 were blocked
      - Of this your false positive represents 0.01% of the blocked messages
   - Of the blocked requests, 'intent analysis' aka BRTP (Barracuda
   Real-time Protection) discovers the least and is usually the source of
   false positives for community emails. (owasp-barracuda-blocked_2019-01-15)
   - There were 6,467 successfully delivered emails so your false positive
   represents incorrectly handling 0.01% of the legit messages.
   (owasp-barracuda-allowed_2019-01-15.png)

So, I totally agree, its annoying when your message is in that 0.01% but
let's have some perspective on how accurate/inaccurate the classification
really is.

> 2) Why do I get no bounces with some hint of a reason when a mail doesn't
get through -- as it is usual in the rest of the big bad internet out there?

I can't speak to your situation as I don't have specifics.

I do know that Barracuda does send out bounce/reject notifications because
other community members have forwarded them to me to help fix an issue they
had.  I cannot say what your MTA does Barracuda's bounce/reject
notifications when they are sent

I can see that there's been a post to owasp-germany in the archives
<http://lists.owasp.org/pipermail/owasp-germany/2019-January/thread.html>
to it must be working to some extent.  I don't follow that list so not sure
what a normal level of email traffic is for it.

I also looked at the logs in Barracuda for owasp-germany and all the
blocked messages I saw were obvious SPAM.

> 3) Why do we have for the lists a hosted solution? [1].

I'm assuming you're asking why we have a 'Cloud provider' or SaaS doing
what Barracuda is doing.  The answer is very simple, Mailman doesn't
include any Anti-SPAM capabilities and it didn't make sense to have staff
running Anti-SPAM software 5+ years ago when the mail lists were more SPAM
messages then legit messages. It also saves us from having to run
additional infrastructure. Barracuda has done a good job of removing SPAM
from lists - there's ~7,000 bad emails that didn't make it to our lists
today thanks for Barracuda.

> 4) Why do we have that in front of the Google-MXs in the first place?
Google's SPAM and other protection is normally quite good.

(1) There's two different email flows.  Inbound email for owasp.org goes to
Google's mail servers as part of our G Suite (formerly Google Apps)
account.  We get this for free from Google.  Inbound email for
lists.owasp.org goes to Barracuda for the reasons above (see #3)

Why was it setup this way?  Easy, the Google account we have doesn't
support having it act as an Anti-SPAM gateway for emails like Barracuda
does.  When I set that up 5+ years ago, I tried that first because it's a
simpler setup.  It's not possible.

> 5) Do we even pay for this?

No. Barracuda has been offering this server for free to the Foundation for
many years (5+) and has never asked for anything in return.  I'm quite
happy with their donation of services.  It's not perfect but it's certainly
better then not having it and great for the price.

> It's not just you - I can no longer send any e-mail from my owasp.org address
to my chapter mailing list ... and I don't get any notification that it
didn't go through until many days later.

Did you put in a case for this <https://www.tfaforms.com/308703>?  There's
not enough staff bandwidth to actively monitor all the mail lists so if
you're having issues, you need to put in a case so it can be known/worked
on.  I looked for "justin.ferguson at owasp.org" in the logs and see the posts
to this list (which worked) and one on Jan 11th that got held for Spooled
(162.209.12.188:25:No response to HELO/EHLO)"  Now that I know about it, I
can look into why that one email didn't make it.

>  have also experienced this in the past.  As a workaround, I would resend
the email and it would eventually go through.  AFAIK, I have only
experienced this with the Santa Barbara chapter mailing list, and never >
with other owasp mailing lists.
>
> +1 to Dirk's questions
> +1 to making this a high priority issue to fix since it does make
communication difficult and very annoying.

Your email address (martin.villalba at owasp.org) has been whitelisted as a
sender so your emails won't be categorized as SPAM.  Like above, I was
unaware of these issues - was there a case on this
<https://www.tfaforms.com/308703>?  I don't see any emails in the last
month failing for you in the Barracuda logs.  If it happens again,
please submit
a case <https://www.tfaforms.com/308703> ideally closely after it happens
so it's easier to diagnose.

Cheers!

--
-- Matt Tesauro
*OWASP Foundation*
Director of Community and Operations
matt.tesauro at owasp.org

Consider giving back, and supporting the open source community by becoming
a member <https://www.owasp.org/index.php/Membership> or making a donation
<https://www.owasp.org/index.php/Donate> today!


On Tue, Jan 15, 2019 at 9:13 AM Dirk Wetter <dirk at owasp.org> wrote:

>
>
> On 15.01.19 15:59, Justin Ferguson wrote:
> > While I know there's a lot involved in the word "just", why can we not
> just migrate these lists
> > to Google Groups lists?
>
> Google Groups is again something completely different and
> the mailing list software is highly likely not the culprit.
>
> The easiest thing would be just to update the MX records
> so that the Barracudas are bypassed -- as is is the
> case if you e.g. send the mails directly to any owasp.org
> address (which doesn't contain list.owasp.org).
>
> Cheers, Dirk
>
> >
> > JF
> >
> > On Tue, Jan 15, 2019 at 8:56 AM Martín Villalba <
> martin.villalba at owasp.org
> > <mailto:martin.villalba at owasp.org>> wrote:
> >
> >     I have also experienced this in the past.  As a workaround, I would
> resend the email and it
> >     would eventually go through.  AFAIK, I have only experienced this
> with the Santa Barbara
> >     chapter mailing list, and never with other owasp mailing lists.
> >
> >     +1 to Dirk's questions
> >     +1 to making this a high priority issue to fix since it does make
> communication difficult
> >     and very annoying.
> >
> >     Cheers,
> >     Martín.
> >
> >
> >     On Tue, Jan 15, 2019 at 6:52 AM Justin Ferguson <
> justin.ferguson at owasp.org
> >     <mailto:justin.ferguson at owasp.org>> wrote:
> >
> >         It's not just you - I can no longer send any e-mail from my
> owasp.org
> >         <http://owasp.org> address to my chapter mailing list ... and I
> don't get any
> >         notification that it didn't go through until many days later.
> >
> >         JF
> >
> >         On Tue, Jan 15, 2019 at 8:49 AM Dirk Wetter <dirk at owasp.org
> <mailto:dirk at owasp.org>> wrote:
> >
> >
> >             Hi,
> >
> >             we noticed in the past that several legitimate mails were
> dropped to our German
> >             Chapter mailing list -- which is kind of annoying as there
> was not even a
> >             notification bounce. That doesn't help in communicating at
> all.
> >
> >             In a few instances Achim (Hoffmann) helped to debug it. It
> seems though
> >             that the cases I remember the Barracuda appliance is the
> primary suspect.
> >
> >             I have a couple of questions:
> >
> >             1) Have others experienced the same (proper MUA setup and
> sending to
> >                any lists hosted at lists.owasp.org <
> http://lists.owasp.org>)?
> >
> >             2) Why do I get no bounces with some hint of a reason when a
> mail doesn't get
> >                through -- as it is usual in the rest of the big bad
> internet out there?
> >
> >             3) Why do we have for the lists a hosted solution? [1].
> >
> >             4) Why do we have that in front of the Google-MXs in the
> first place?
> >                Google's SPAM and other protection is normally quite good.
> >
> >             5) Do we even pay for this?
> >
> >
> >             Cheers, Dirk
> >
> >
> >
> >             [1]
> >
> >             prompt:~ 0# host -t mx lists.owasp.org <
> http://lists.owasp.org>
> >             lists.owasp.org <http://lists.owasp.org> mail is handled by
> 20
> >             d15006b.ess.barracudanetworks.com <
> http://d15006b.ess.barracudanetworks.com>.
> >             lists.owasp.org <http://lists.owasp.org> mail is handled by
> 10
> >             d15006a.ess.barracudanetworks.com <
> http://d15006a.ess.barracudanetworks.com>.
> >             prompt:~ 0# host -t mx owasp.org <http://owasp.org>
> >             owasp.org <http://owasp.org> mail is handled by 5
> ALT1.ASPMX.L.GOOGLE.COM
> >             <http://ALT1.ASPMX.L.GOOGLE.COM>.
> >             owasp.org <http://owasp.org> mail is handled by 10
> ALT3.ASPMX.L.GOOGLE.COM
> >             <http://ALT3.ASPMX.L.GOOGLE.COM>.
> >             owasp.org <http://owasp.org> mail is handled by 10
> ALT4.ASPMX.L.GOOGLE.COM
> >             <http://ALT4.ASPMX.L.GOOGLE.COM>.
> >             owasp.org <http://owasp.org> mail is handled by 5
> ALT2.ASPMX.L.GOOGLE.COM
> >             <http://ALT2.ASPMX.L.GOOGLE.COM>.
> >             owasp.org <http://owasp.org> mail is handled by 1
> ASPMX.L.GOOGLE.COM
> >             <http://ASPMX.L.GOOGLE.COM>.
> >             prompt:~ 0# whois $(dig +short
> d15006a.ess.barracudanetworks.com
> >             <http://d15006a.ess.barracudanetworks.com>. | head -1) |
> grep -v '^#' |
> >             head -15
> >
> >
> >
> >
> >             NetRange:       209.222.80.0 - 209.222.87.255
> >             CIDR:           209.222.80.0/21 <http://209.222.80.0/21>
> >             NetName:        BARRA-7
> >             NetHandle:      NET-209-222-80-0-1
> >             Parent:         NET209 (NET-209-0-0-0-0)
> >             NetType:        Direct Assignment
> >             OriginAS:       AS15324
> >             Organization:   Barracuda Networks, Inc. (BARRA-7)
> >             RegDate:        2015-05-08
> >             Updated:        2016-12-22
> >             Comment:        -----BEGIN
> >
>  CERTIFICATE-----MIID3zCCAsegAwIBAgIJAN9U0pgbs7lTMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEfMB0GA1UECgwWQmFycmFjdWRhIE5ldHdvcmtzIEluYzEXMBUGA1UEAwwOdGVzdC50ZXN0LnRlc3QxJzAlBgkqhkiG9w0BCQEWGGhvc3RtYXN0ZXJAYmFycmFjdWRhLmNvbTAeFw0xODExMDkwMDU1NDRaFw0xOTExMDkwMDU1NDRaMIGFMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEfMB0GA1UECgwWQmFycmFjdWRhIE5ldHdvcmtzIEluYzEXMBUGA1UEAwwOdGVzdC50ZXN0LnRlc3QxJzAlBgkqhkiG9w0BCQEWGGhvc3RtYXN0ZXJAYmFycmFjdWRhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALUK1i8n7FfYRw+27DPMlCAPXiC+UnC1VYfQ1fSGTBP8fBUfg0KlVX9DODOswbTzE8ddJ5/RsC91PxhPl32x1L9RTsrYrsFGq2VrhrdiZ0/lsziyZIDoSDDLV5ga+VRvNcmQuOvm2rQlBzY4dAmVA3VDPuwwp2d3lRshSBtYLkjn3tMPb804XrKp+PGSVowully2EzKPzmlLSECkTQ9GVKe4vD91K1bMxLubV6wgOI+LpelJBDb53mDDxT0X8VhWB/EGYfIPAZyFPNhW06RP+rU0V7OTcPXXCIII3TWmPQEtwtWUMXcv3ClZGlBc5VRS2DgdroKxju5X1hORI57alGkCAwEAAaNQME4wHQYDVR0OBBYEFEr65JtUcdK6NoEUQ8WsKEpMraPVMB8GA1UdIwQYMBaAFEr65JtUcdK6NoEUQ8WsKEpMraPVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNA!
> >
>   QELBQADggEBAANysfx6uz8hCvUaRMPf1R9405c/9u5Tpki+SuSvAkkmoQ2mkk2I7+gVHhL99/riJMAW9q4UZSriqK+f5zKMJuZCk/4r70QU7qMUyZwSG/kzZZYXoiK+jdqtDO7zHv5riZDea0Yhg4azcZJ0jPP3XLLHBppkF0BOwWPIb8bbNP73pfoZTbJPJsSX+EOqJLBfKfeBRPd08A3PQTEE9IIldkWA0MAllktvAni1j0MLeGiIDNDaa9MxvTQjmyaw/8/PjYYIZIzfy2ORLb4fuvjTKJgwFdu8kU5/gzFetB+svHQKqu4gajWAo415GtYI8WU2yRSwSiuTR1xEa93H+GTX1oQ=-----END
> >             CERTIFICATE-----
> >             Ref:
> https://rdap.arin.net/registry/ip/209.222.80.0
> >
> >
> >             --
> >             OWASP Volunteer
> >             Send me encrypted mails (Key ID 0xD0A74569)
> >             @drwetter
> >
> >             _______________________________________________
> >             OWASP-Leaders mailing list
> >             OWASP-Leaders at lists.owasp.org <mailto:
> OWASP-Leaders at lists.owasp.org>
> >             https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >         _______________________________________________
> >         OWASP-Leaders mailing list
> >         OWASP-Leaders at lists.owasp.org <mailto:
> OWASP-Leaders at lists.owasp.org>
> >         https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
> @drwetter
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20190115/15e93abc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp-baracuda-blocked_2019-01-15.png
Type: image/png
Size: 53318 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20190115/15e93abc/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp-barracuda-allowed_2019-01-15.png
Type: image/png
Size: 25448 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20190115/15e93abc/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp-barracuda_2019-01-15.png
Type: image/png
Size: 45098 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20190115/15e93abc/attachment-0005.png>


More information about the OWASP-Leaders mailing list