Configure Barracuda Spam Filter behind Postfix to use client IP when do RBL-checking


I have the following setup:

Internet -> Postfix Mail setup as Proxy -> Barracuda Spam Filter -> Microsoft Exchange

I have tried searching through the documentation and configuration panels to see how I could get the Barracuda to use the original client IP to compare against black lists. I could not find anything related to mail proxies before the Barracuda.

Is there any way to configure either my Postfix relay or the Barracuda so that the Barracuda can see and use the original client IP as the origin of the email?

My initial guess is I would have to set a header, sort of like using nginx as a web proxy. e.g. X-ORIGINAL-IP or the like, but I am unsure what I would have to set.

Best Answer

Look for the Barracuda "Deep-Header Scan" feature. Depending on your unit and firmware revision, it's likely masked under the IP Configuration > Trusted Forwarder setting.

Trusted Forwarder Configuration

Enter the IP addresses of machines that you have set up to forward email (i.e. Trusted Forwarders) to the Barracuda Spam & Virus Firewall from outside sources. The Barracuda Spam & Virus Firewall exempts any IP address in this list from Rate Control, SPF checks and IP Reputation. In the Received headers, the Barracuda Spam & Virus Firewall will continue looking beyond a Trusted Forwarder IP address until it encounters the first non-trusted IP address. At this point, Rate Control, SPF checks and IP Reputation checks will be applied.

This used to be a separate feature, but in the v5.1 changelog, Barracuda removed it from the UI:

Mail Processing

The Deep Header Scan setting for use with Trusted Forwarder IP addresses has been removed from the web interface, as this functionality is now part of the Trusted Forwarder feature.

enter image description here

Related Topic