Difference between revisions of "BarracudaSpamFirewall/Scoring"

From UMIACS
Jump to navigation Jump to search
(Created page with "Our Barracuda spam firewalls will score every message that passes through them based on a number of internal rules and inject message headers into...")
 
 
(4 intermediate revisions by the same user not shown)
Line 6: Line 6:
 
[[File:Barracuda_scoring.png]]
 
[[File:Barracuda_scoring.png]]
  
Notes:
+
Notes on the above:
- Although the Tag action states that the subject line is modified, we do not modify the subject line at all.
+
* Although the Tag action states that the subject line is modified, we do not modify the subject line (i.e. prepend a tag) at all, and it is not possible to set this on a per-user account level.
- Although Block is listed as an action for a score of anything of 10.0 and above, we do not block any messages.
+
* Although Block is listed as an action for a score of anything of 10.0 and above, we do not block any messages with the domain default settings.
 +
 
 +
You can change these default scoring thresholds and actions if you would like by [[BarracudaSpamFirewall#Introduction | logging into the Barracudas]], going to Preferences -> Spam Settings from the top menu bar, changing Use Domain Defaults from Yes to No, clicking Save, and then customizing the score thresholds for each action and/or disabling or enabling one or more actions.
 +
 
 +
[[File:Barracuda_scoring2.png]]
  
 
==Headers==
 
==Headers==
Line 31: Line 35:
 
X-Barracuda-Spam-Status: Yes, SCORE=10.11 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=9.0 KILL_LEVEL=1000.0 tests=BSF_SC0_MISMATCH_TO, BSF_SC0_SA912_RP_FR, BSF_SC5_MJ1963, FH_HELO_EQ_D_D_D_D, FROM_LOCAL_HEX, HTML_IMAGE_ONLY_08, HTML_MESSAGE, HTML_SHORT_LINK_IMG_1, MIME_HTML_ONLY, RDNS_DYNAMIC, URLBL_BC
 
X-Barracuda-Spam-Status: Yes, SCORE=10.11 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=9.0 KILL_LEVEL=1000.0 tests=BSF_SC0_MISMATCH_TO, BSF_SC0_SA912_RP_FR, BSF_SC5_MJ1963, FH_HELO_EQ_D_D_D_D, FROM_LOCAL_HEX, HTML_IMAGE_ONLY_08, HTML_MESSAGE, HTML_SHORT_LINK_IMG_1, MIME_HTML_ONLY, RDNS_DYNAMIC, URLBL_BC
 
</pre>
 
</pre>
 +
 +
If your email client of choice allows you to filter on message headers, you can filter on the presence of either the <code>X-Barracuda-Spam-Status: Yes</code> or <code>X-Barracuda-Spam-Flag: YES</code> headers to route messages that the Barracuda tags to your Spam folder or another folder of your choice.

Latest revision as of 14:45, 26 June 2020

Our Barracuda spam firewalls will score every message that passes through them based on a number of internal rules and inject message headers into the message based on the outcome/action taken. The specifics of these headers will vary based on the score the message receives. Our domain defaults for scoring are:

  • 0.0 to 3.4: Allow the message
  • 3.5 to 8.9: Tag the message
  • 9.0 and above: Quarantine the message

Barracuda scoring.png

Notes on the above:

  • Although the Tag action states that the subject line is modified, we do not modify the subject line (i.e. prepend a tag) at all, and it is not possible to set this on a per-user account level.
  • Although Block is listed as an action for a score of anything of 10.0 and above, we do not block any messages with the domain default settings.

You can change these default scoring thresholds and actions if you would like by logging into the Barracudas, going to Preferences -> Spam Settings from the top menu bar, changing Use Domain Defaults from Yes to No, clicking Save, and then customizing the score thresholds for each action and/or disabling or enabling one or more actions.

Barracuda scoring2.png

Headers

As an example of the headers injected into a message for each possible action our firewalls will take:

Allowed message (passes through to your Inbox):

X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=8.0 KILL_LEVEL=1000.0 tests=

Tagged message (passes through to your Inbox):

X-Barracuda-Spam-Score: 3.60
X-Barracuda-Spam-Status: Yes, SCORE=3.60 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=9.0 KILL_LEVEL=1000.0 tests=BSF_SC0_MISMATCH_TO, BSF_SC0_MV0951, BSF_SC0_MV0951_2, BSF_SC0_MV0951_5, HTML_MESSAGE
X-Barracuda-Spam-Flag: YES

Quarantined message (goes to your spam quarantine):

X-Barracuda-Spam-Score: 10.11
X-Barracuda-Spam-Status: Yes, SCORE=10.11 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=9.0 KILL_LEVEL=1000.0 tests=BSF_SC0_MISMATCH_TO, BSF_SC0_SA912_RP_FR, BSF_SC5_MJ1963, FH_HELO_EQ_D_D_D_D, FROM_LOCAL_HEX, HTML_IMAGE_ONLY_08, HTML_MESSAGE, HTML_SHORT_LINK_IMG_1, MIME_HTML_ONLY, RDNS_DYNAMIC, URLBL_BC

If your email client of choice allows you to filter on message headers, you can filter on the presence of either the X-Barracuda-Spam-Status: Yes or X-Barracuda-Spam-Flag: YES headers to route messages that the Barracuda tags to your Spam folder or another folder of your choice.