That should read "upon which" On Tue, Jan 29, 2013 at 2:32 PM, Kurt Buff <[email protected]> wrote: > My best guess is that it's parsing the content gained from the URLs > for spam/malware. This is, IIRC, a feature of SpamAssassin, upon with > the Barracudas are built. > > In the case of those for which it doesn't fetch content, I'm guessing > that the embedded URLs are already known. > > Kurt > > On Tue, Jan 29, 2013 at 1:25 PM, Richard Stovall <[email protected]> wrote: >> Would any of you who have Barracuda spam filters mind checking something for >> me? >> >> The other day I noticed outbound traffic from my spam appliance to port 80 >> at destinations not owned by Barracuda Networks. I started a packet cap on >> my firewall and got some very interesting results. In addition to traffic >> for legitimate updates and whatnot, the appliance is actually going out to >> and downloading content from the URLs embedded in some (but nowhere near >> all) inbound spam messages. I haven't yet figured out any pattern to why it >> happens on some e-mails and not others. >> >> I created a case with Barracuda this morning just to confirm that it is >> expected behavior and get an explanation of the logic behind it, but the >> tech I spoke to had never heard of this. I sent him the packet cap and he >> said he would kick it upstairs and get back to me, but I haven't heard >> anything yet. >> >> Anyone want to capture traffic from your Barracuda spam firewall on outbound >> port 80 and see if you see anything similar? >> >> Thanks, >> RS >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
