The Barracuda Spam Firewall is hands down, the absolute best spam filter / gateway I have ever used. It rocks, and if you don’t believe me, shoot me an email at jholbrook@empoweris.com and I will get you a 30 day trial.
I spent the better part of today learning how to properly configure my Barracuda Spam Firewall. During the configuration, I decided that it would be in the best interest of Empower to integrate LDAP connectivity in order to help protect against dictionary spam attacks and aid in auto white listing of Valid Email addresses. Auto white listing will also aid in the training of the Barracuda Spam Firewall Bayesian filter.
That is when the fun began. I was attempting to do the LDAP integration and I began to beat my head. I kept getting test unsuccessful. I hit the web to find out what I was doing wrong. When it comes to Barracuda, I think the best place to go is their support forums. I found the posting for the most part relevant and informative. Anyway enough of that. The documentation i had to go on that comes stock with the Barracuda was not working for me. When i look at the LDAP log I was getting two main errors:
- failed to bind to LDAP server empdc01: Invalid credentials
- In order to perform this operation a successful bind must be completed on the connection., data 0, vece
LDAP verify failed on user ******@empoweris.com: Connection failed
So for anyone who is going through this or may go through this, below is a screen shot and a description of how I fixed my issue. I hope in advance that this will save anyone working on this a lot of time troubleshooting something that I found had a relatively simple fix.
This is what you need to do in order to get LDAP on the Baracuda and Exchange 2003 working
-
Create a new user account and email address with domain user privaledges. I made barracuda@empoweris.com my account
-
Do not use an admin account in the LDAP setup, flat out it will not work!!
-
forward the email the new user account to the appropriate admin email address. *This is optional
-
From the Barracuda login and go to Domain
-
Select “Edit LDAP” for your domain
-
Scroll Down to Edit LDAP Settings
-
Entries:
-
LDAP Server: myldapserver.empoweris.com
-
LDAP Port: 389
-
Exchange Acceleration: YES - This enable the LDAP Feature
-
Unify: No
-
SSL: NO - this is a preference call, that means it’s up to you ** Requires a differnet port
-
Require SSL: No - Again, up to you
-
Bind DN: barracuda@empoweris.com ***** This is was the most impoertant for me!!!!
Use the new account you created above in AD -
Bind Password: blahblahblah*&^%$#@ - whatever the password you created was
-
LDAP Filter: Use default
If you need to speed up the search, you can use (|(proxyaddresses=smtp:${recipient_email})(mail=${recipient_email})) ***At your own risk. -
LDAP Search Base: use default
-
LDAP UID: sAMAccount - for Active Directory, different for Open LDAP
-
LDAP Email Attribute: mail
-
Canary Email: blank
-
Valid Email: jholbrook@empoweris.com - any valid email in your domain
-
Select Test
If it works, you will see something similar to below:
LDAP Settings
If you have any question, drop them in comments, I will be happy to help if I can.
Powered by FireStats
June 21st, 2008 at 10:27 am
The default location of your ldap bound user in the Active Directory must be the Users OU! It is important in order to succeed the test!!!!
June 21st, 2008 at 11:07 am
Great Point!!
I posted this article baed on the fact that it took me a while to get this service running. Thank you for your input Vassiliadis. Please feel free to post any time.
September 26th, 2008 at 10:22 am
Jill:
First of all thank you for visiting our blog. I appreciate the comments. I would recommend that you do run your Barracuda with LDAP integration. There are a couple of reasons why.
1. It will reduce false or fictitious NDR’s
2. It will prevent your organization from handling email for nonexistent users
3. Allows for recipient verification (Blocks email to users that do not exist)
I choose, I should say our team choose to implement the feature when we started with the product and we noticed an immediate reduction in the amount of messages that we had to manage. We were always getting junk sent to addresses like as8frty@empoweris.com and xp4328@empoweris.com and so forth. Of course those addresses are examples and do not exist. My point to all of this is the LDAP integration will stem or completely stop junk mail / spam from going to fake users cutting down on your admin time. I feel that is a plus.
I have taken the liberty of providing additional links that will possible clarify your question as well. The links can also provide more information to additional questions that could be raised by your original.
Resources:
Trainning Video from Barracuda: http://www.barracudanetworks.com/ns/support/videos/BSF-Configuring-ldap.htm
Anti-Spoofing: http://www.barracudanetworks.com/ns/downloads/barracuda_anti_spoofing_solution_white_paper.pdf
Dealing with NDR’s: http://www.barracudanetworks.com/ns/downloads/barracuda_NDR_whitepaper.pdf
Reduce Back Scatter: http://tinyurl.com/4jeh3g
Spam Firewall LDAP Integration: http://www.barracudanetworks.com/ns/support/solutions.php?id=50160000000GkhT
Empower LDAP Notes: http://www.empoweris.com/2008/06/13/how-to-configure-ldap-connectivity-between-a-barracuda-spam-firewall-and-exchange-server-2003/
October 11th, 2008 at 11:40 am
Thanks for sharing with me Great info dude.The Baracuda Spam Firewall provides comprehensive spam-blocking for your organization. The algorithms and methods used by the The Baracuda Spam Firewall are the most comprehensive and most advanced in the industry.