BarracudaSpamFirewall/Scoring: Difference between revisions

From UMIACS
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 35: Line 35:
X-Barracuda-Spam-Status: Yes, SCORE=10.11 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=9.0 KILL_LEVEL=1000.0 tests=BSF_SC0_MISMATCH_TO, BSF_SC0_SA912_RP_FR, BSF_SC5_MJ1963, FH_HELO_EQ_D_D_D_D, FROM_LOCAL_HEX, HTML_IMAGE_ONLY_08, HTML_MESSAGE, HTML_SHORT_LINK_IMG_1, MIME_HTML_ONLY, RDNS_DYNAMIC, URLBL_BC
X-Barracuda-Spam-Status: Yes, SCORE=10.11 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=9.0 KILL_LEVEL=1000.0 tests=BSF_SC0_MISMATCH_TO, BSF_SC0_SA912_RP_FR, BSF_SC5_MJ1963, FH_HELO_EQ_D_D_D_D, FROM_LOCAL_HEX, HTML_IMAGE_ONLY_08, HTML_MESSAGE, HTML_SHORT_LINK_IMG_1, MIME_HTML_ONLY, RDNS_DYNAMIC, URLBL_BC
</pre>
</pre>
If your email client of choice allows you to filter on message headers, you can filter on the presence of either the <code>X-Barracuda-Spam-Status: Yes</code> or <code>X-Barracuda-Spam-Flag: YES</code> headers to route messages that the Barracuda tags to your Spam folder or another folder of your choice.

Latest revision as of 14:45, 26 June 2020

Our Barracuda spam firewalls will score every message that passes through them based on a number of internal rules and inject message headers into the message based on the outcome/action taken. The specifics of these headers will vary based on the score the message receives. Our domain defaults for scoring are:

  • 0.0 to 3.4: Allow the message
  • 3.5 to 8.9: Tag the message
  • 9.0 and above: Quarantine the message

Barracuda scoring.png

Notes on the above:

  • Although the Tag action states that the subject line is modified, we do not modify the subject line (i.e. prepend a tag) at all, and it is not possible to set this on a per-user account level.
  • Although Block is listed as an action for a score of anything of 10.0 and above, we do not block any messages with the domain default settings.

You can change these default scoring thresholds and actions if you would like by logging into the Barracudas, going to Preferences -> Spam Settings from the top menu bar, changing Use Domain Defaults from Yes to No, clicking Save, and then customizing the score thresholds for each action and/or disabling or enabling one or more actions.

Barracuda scoring2.png

Headers

As an example of the headers injected into a message for each possible action our firewalls will take:

Allowed message (passes through to your Inbox):

X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=8.0 KILL_LEVEL=1000.0 tests=

Tagged message (passes through to your Inbox):

X-Barracuda-Spam-Score: 3.60
X-Barracuda-Spam-Status: Yes, SCORE=3.60 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=9.0 KILL_LEVEL=1000.0 tests=BSF_SC0_MISMATCH_TO, BSF_SC0_MV0951, BSF_SC0_MV0951_2, BSF_SC0_MV0951_5, HTML_MESSAGE
X-Barracuda-Spam-Flag: YES

Quarantined message (goes to your spam quarantine):

X-Barracuda-Spam-Score: 10.11
X-Barracuda-Spam-Status: Yes, SCORE=10.11 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=9.0 KILL_LEVEL=1000.0 tests=BSF_SC0_MISMATCH_TO, BSF_SC0_SA912_RP_FR, BSF_SC5_MJ1963, FH_HELO_EQ_D_D_D_D, FROM_LOCAL_HEX, HTML_IMAGE_ONLY_08, HTML_MESSAGE, HTML_SHORT_LINK_IMG_1, MIME_HTML_ONLY, RDNS_DYNAMIC, URLBL_BC

If your email client of choice allows you to filter on message headers, you can filter on the presence of either the X-Barracuda-Spam-Status: Yes or X-Barracuda-Spam-Flag: YES headers to route messages that the Barracuda tags to your Spam folder or another folder of your choice.