Configuring Barracuda Email Security Gateway and Advanced Threat Protection

Configure the Barracuda Email Security Gateway 

From a web browser, enter the IP address of the Barracuda Email Security Gateway followed by port 8000.

Default Port: http://192.168.200.200:8000

• Log in to the web interface using admin credential
• For maximum security, Barracuda recommends changing the administrator password on the BASIC > Administration page.

• On the BASIC > IP Configuration page, enter the required information in the fields as described in the following table:

Fields	Description
TCP/IP Configuration	The IP address, subnet mask, and default gateway of your Barracuda Email Security Gateway. The TCP port is the port on which the Barracuda Email Security Gateway receives incoming email. This is usually port 25.
Destination Mail Server TCP/IP Configuration	The hostname or IP address of your destination mail server; for example mail.yourdomain.com. This is the mail server that receives email after it has been checked for spam and viruses. I am adding mail server IP of my organization.
	You should specify your mail server’s hostname rather than its IP address so that the destination mail server can be moved and DNS updated at any time without any changes needed to the Barracuda Email Security Gateway.
	TCP port is the port on which the destination mail server receives all SMTP traffic such as inbound email. This is usually port 25.
	If you need to set up more than one domain or mail server, refer to Creating and Managing Domains.
DNS Configuration	The primary and secondary DNS servers you use on your network.
	It is strongly recommended that you specify a primary and secondary DNS server. Certain features of the Barracuda Email Security Gateway rely on DNS availability.
Domain Configuration	Default Host Name is the host name to be used in the reply address for email messages (non-delivery receipts, virus alert notifications, etc.) sent from the Barracuda Email Security Gateway. The Default Host Name is appended to the default domain.
	Default Domain is a required field and indicates the domain name to be used in the reply address for email messages (non-delivery receipts, virus alert notifications, etc.) sent from the Barracuda Email Security Gateway.
Accepted Email Recipients Domains	The domains managed by the Barracuda Email Security Gateway. Make sure this list is complete. The Barracuda Email Security Gateway rejects all incoming messages addressed to domains not in this list. See Creating and Managing Domains.
	Note: One Barracuda Email Security Gateway can support multiple domains and mail servers. If you have multiple mail servers, go to the DOMAINS tab and enter the mail server associated with each domain

Below are settings,  i have used for my organization.

• IP address: 10.X.X.X with Port 25. from default browsing port http://192.168.200.200:8000 it will be now browse from 10.X.X.X
• Server Name: It contains Email Server IP of my organization and after that i have enter IT support email address for test connection.
• DNS Configuration: Company DNS should be added for proper communication between Barracuda and Organization Email traffic

If you changed the IP address of your Barracuda Email Security Gateway, you are disconnected from the web interface and will need to log in again using the new IP address.

Advanced Threat Protection (ATP)

ATP features includes anti-phishing,antivirus,anti-spam,inbound email control,sender authentication, and sender policy features below are steps to configure each features 

Anti-phishing, antivirus, anti-spam protection

• Anti-phishing, configurable on the Cloud Protection Layer INBOUND SETTINGS > Anti-Phishing page:
• Intent analysis - set On
• Link protection - set On
• Typo squatting protection - set On
• Anti-fraud intelligence, which uses a special Bayesian database that is constantly learning for the detection of phishing scams.

• Anti-spam, antivirus, configurable on the Cloud Protection Layer INBOUND SETTINGS > Anti-Spam/Antivirus page:
• Barracuda Reputation Block List (BRBL) - set Block
• Virus scanning - set Yes
• Barracuda Real-Time System (BRTS) – An advanced service to detect zero-hour spam and virus outbreaks even where traditional heuristics and signatures to detect such messages do not yet exist. - set Block
• CloudScan – A cloud-based spam scanning engine, which assigns a score to each message processed ranging from 0 (unlikely spam) to 10 (definitely spam). Setting a score of 1 will likely block legitimate messages while setting a score of 10 will allow more messages through the system. - set Yes
• Bulk email detection - set Block

IP analysis

• Custom RBLs – On the INBOUND SETTINGS > Custom RBLs page, you can add any additional free or subscription blocklists. External IP blocklists, also known as DNSBLs or RBLs, are lists of Internet addresses that have been identified as potential originators of spam. These lists can be used to block potential spammers.

• Rate Control – This feature protects your mail server from spammers or spam-programs (also known as "spam-bots") that send large amounts of email to the server in a small amount of time. You can exempt known and trusted IP addresses or IP ranges from IP based Rate Control. Email messages are still scanned for spam and virus content. Configure on the INBOUND SETTINGS > Rate Control page.

• IP address block/accept policies – Add IP addresses or networks to always block or always exempt (whitelist). Whitelisted IP addresses/networks bypass spam scoring as well as all other blocklists. Virus scanning still applies. This list of IP addresses that you choose to block takes precedence over the Barracuda Reputation Block List and Custom RBL entries. Configure on the INBOUND SETTINGS > IP Address Policies page.

Recipient and sender policies

• Recipient Policies – Recipient email addresses you specifically want to always scan or always exempt (whitelist). Or you can apply a default behavior to all recipients, by selecting either Scan or Exempt from the Default policy for all users drop-down. Exempt (whitelisted) recipients bypass spam scoring as well as all other blocklists. Virus scanning still applies. Configure on the INBOUND SETTINGS >Recipient Policies page.

• Sender Policies – Sender policies allow you to exempt or block messages by username in a sender email address, domain name, or both. For details, see the INBOUND SETTINGS > Sender Policies page.

• Sender Authentication – Configure reverse DNS lookups for sender domain verification, domain-spoofing protection, DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC) for sender authentication. See the INBOUND SETTINGS > Sender Authentication. For more details about these methods, see Sender Authentication.  - i have set No to DMARC and Set Block to DKIM features.

How to Use ATP:

• Go to the BASIC > Virus Checking page. Set Advanced Threat Protection (ATP) to either:
• Deliver First, Then Scan – The downloaded file is delivered to the user while ATP scans the file. If the file is then determined to be infected, an alert is sent to the Threat Alerts Email Address defined on the BASIC > Administration page.
• Scan First, Then Deliver –

• Click Save

ATP Statistics and Logs

To view ATP log, login Barracuda and go to  BASIC > ATP Log page.

• Status - Possible values are:
• Clean - No infection was detected.
• Scanning - The attachment is undergoing scanning by ATP.
• Suspicious - The scan is complete but the outcome of the scan is not definitive.
• Infected - The ATP scan is complete and the infected file was blocked if the scan completed before delivery of the file. If not, the admin will receive an alert at the Threat Alerts Email Address.
• Error - Indicates network issues in connecting with the ATP service, or the file type was not supported.
• Filename - Name of the file being scanned or that was scanned by ATP. The maximum file name length supported for logging is 100 characters; anything longer than that will be truncated.
• Username - The user who downloaded the file.
• IP Address - IP address of the machine or network from which the threat was initiated.
• URL - The URL of the site from which the treat was initiated. The maximum URL length supported for logging is 2083 characters; anything longer than that will be truncated.
• Scan Completed - Date and time the ATP scan completed.
• Report - Click on view report link to check of ATP scan results.