Barracuda BRBL DNS Blacklist

EQ Admin

EQ Forum Admin
Staff member
Hello,

A new free and public RBL called the BRBL has been launched by Barracuda Networks.

To register for access to the BRBL please see the Barracuda BRBL Registration Page.

According to the BRBL instructions once you have been granted access you can test that the BRBL works with these steps:

On Unix/Linux:

$ host 2.0.0.127.b.barracudacentral.org
2.0.0.127.b.barracudacentral.org has address 127.0.0.2

On Windows:
C:\>nslookup 2.0.0.127.b.barracudacentral.org
Server: {Your DNS server hostname}
Address: {Your DNS server IP addresses}

Non-authoritative answer:
Name: 2.0.0.127.b.barracudacentral.org
Address: 127.0.0.3

On my personal qmail server I am testing it by adding it to my RBL lineup in my $qmail/supervise/qmail-smtpd/run file.

Here is the relevant section of that file:

exec /usr/local/bin/softlimit -m 30000000 \
/usr/local/bin/tcpserver -v -H -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd -t 5 \
-b -r b.barracudacentral.org \
-b -r zen.spamhaus.org \
/var/qmail/bin/qmail-smtpd 2>&1
To test the BRBL from within SpamAssassin add this to the end of your local.cf file:

header IN_BCUDA_RBL rbleval:check_rbl('bcuda', 'b.barracudacentral.org')
describe IN_BCUDA_RBL Received via a relay listed by Barracuda BRBL
tflags IN_BCUDA_RBL net

header RCVD_IN_BCUDA_RELAY rbleval:check_rbl_results_for('bcuda',
'127.0.0.2')
describe RCVD_IN_BCUDA_RELAY BCUDA: relay ip is convicted spammer
tflags RCVD_IN_BCUDA_RELAY net

score RCVD_IN_BCUDA_RELAY 1.00
If you block connections based on IP address in the qmail-smtpd example, you do not need to also do the duplicate SpamAssassin check.

I will post a more in depth product review after I have had some time to gather meaningful statistics from several high volume mail servers.
 
Last edited:

EQ Admin

EQ Forum Admin
Staff member
Hello,

My first results are in on some lower volume mail servers. These statistics are for a pair of servers handling e-mail for about 10,000 valid addresses across 6 domains. I started the RBL evaluation on September 26th, 2008. At that time the only RBL being used to reject IP connections was Spamhaus's zen RBL. The Spamhaus RBL was blocking 68.74% of incoming connections to the mail servers. I then added the Barracuda BRBL in front of the Spamhaus RBL to give it the maximum exposure. The following dates are the last date of several days worth of logs being examined.

September 26th, 2008:
  • Barracuda BRBL evaluation begins.
  • Spamhaus Zen - 68.74%
  • Total connections blocked with RBL's - 68.74%
September 29, 2008:
  • Barracuda BRBL - 68.85%
  • Spamhaus Zen - 14.97%
  • Total connections blocked with RBL's - 83.82%
October 08, 2008:
  • Barracuda BRBL - 47.40%
  • Spamhaus Zen - 36.61%
  • Total connections blocked with RBL's - 84.01%
October 23, 2008:
  • Barracuda BRBL - 50.25%
  • Spamhaus Zen - 23.01%
  • Total connections blocked by RBL's - 73.26%
The Barracuda BRBL has been in production for 4 weeks now on my mail servers. There have had 0 complaints about blocked e-mails due to the Barracuda BRBL during this time. I am consistently blocking more spam before needing to process it with more resource intensive applications such as SpamAssassin. My conclusion at this time is that the Barracuda BRBL is likely to be safe when used on small to medium size mail servers for most people.

Until rsync access to an rbldnsd compatible zonefile is available I am unwilling to evaluate the Barracuda BRBL on my higher volume mail servers.
 
Last edited:
Top