Comprehensive Anti-Spam Service



Similar documents
University of Mary s Spam Solution

Security 8.0 User Guide

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

Green House Data Spam Firewall Administrator Guide

SonicWALL Security Quick Start Guide. Version 4.6

Configuration Information

Purchase College Barracuda Anti-Spam Firewall User s Guide

How to Use Red Condor Spam Filtering

Hosted Security Administrator s Guide

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

YSU Spam Solution Guide to Using Proofpoint

Introduction. SonicWALL Security

IBM Express Managed Security Services for Security. Anti-Spam Administrator s Guide. Version 5.32

PureMessage for Microsoft Exchange Help. Product version: 4.0

Migration Manual (For Outlook Express 6)

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

MailFoundry Users Manual. MailFoundry User Manual Revision: MF Copyright 2005, Solinus Inc. All Rights Reserved

SonicWALL Security Appliance Administrator Guide

Barracuda Security Service User Guide

Setting up Microsoft Office 365

Cloud Services. Anti-Spam. Admin Guide

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

How does the Excalibur Technology SPAM & Virus Protection System work?

eprism Security Suite

FILTERING FAQ

Migration Manual (For Outlook 2010)

Symantec Hosted Mail Security Getting Started Guide

Security 8.0 Administrator s Guide

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

SSL-VPN 200 Getting Started Guide

Setting up Microsoft Office 365

Core Protection Suite

eprism Security Suite

PureMessage for Microsoft Exchange Help. Product version: 3.1

How To Manage Your Quarantine On A Blackberry.Com

Configuring Trend Micro Content Security

About this documentation

1 You will need the following items to get started:

1 Accessing accounts on the Axxess Mail Server

Migration Quick Reference Guide for Administrators

Overview. Accessing the User Interface. Logging In. Resetting your Password

Using SonicWall Anti-Spam Utility Managing your junkbox settings

SonicWALL Security Dashboard

Implementing MDaemon as an Security Gateway to Exchange Server

Using the Barracuda Spam Firewall to Filter Your s

Get Started Guide - PC Tools Internet Security

Dell SonicWALL Hosted Security. Administration Guide

Barracuda Spam Firewall User s Guide

Hosted Security Quick Start Guide

Websense Security Transition Guide

ESET Mobile Security Business Edition for Windows Mobile

Security 7.4 Administrator s Guide

SonicWALL Anti-Spam Desktop User Guide

Configuration Information

Admin Guide Boundary Defense for Anti-Virus & Anti-Spam

KUMC Spam Firewall: Barracuda Instructions

The Institute of Education Spam filter service allows you to take control of your spam filtering.

ExchangeDefender. Understanding the tool that can save and secure your business

Filtering Admin Guide. Guide to Administrative Functions of Spam and Virus Filtering Service

ModusMail Software Instructions.

Deploying Layered Security. What is Layered Security?

FastNetSecurity SpamGuard Spam Filter How-To

Barracuda Spam Firewall Users Guide. How to Download, Review and Manage Spam

Barracuda Security Service

Mimecast Services for Outlook (MSO4)

Quick Start Policy Patrol Mail Security 10

MailFoundry User Manual. Page 1 of 86. Revision: MF Copyright 2007, Solinus Inc. All Rights Reserved. Page 1 of 86

Barracuda Spam Firewall User s Guide

GREEN HOUSE DATA. Services Guide. Built right. Just for you. greenhousedata.com. Green House Data 340 Progress Circle Cheyenne, WY 82007

Version 3.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

Barracuda Spam Firewall

Sophos for Microsoft SharePoint startup guide

EnterGroup offers multiple spam fighting technologies so that you can pick and choose one or more that are right for you.

BULLGUARD SPAMFILTER

Security. Help Documentation

Intercept Anti-Spam Quick Start Guide

Deployment Guide. For the latest version of this document please go to:

eprism Security Appliance 6.0 Release Notes What's New in 6.0

SonicWALL Security Solutions SonicWALL Security

Quick Start Guide Sendio Hosted

Avira Managed Security AMES FAQ.

Version 5.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

Hosted Security 2.0 Quick Start Guide

More Details About Your Spam Digest & Dashboard

Trustwave SEG Cloud Customer Guide

Hosting Control Panel (CP) Admin Guide

Admin Quick Start Guide Protection Service Anti-Virus & Anti-Spam

Avira Managed Security (AMES) User Guide

SonicWALL GMS Custom Reports

PROOFPOINT - SPAM FILTER

Hosting Control Panel (CP) Admin Guide

Transcription:

Comprehensive Anti-Spam Service Chapter 1: Document Scope This document describes how to implement and manage the Comprehensive Anti-Spam Service. This document contains the following sections: Comprehensive Anti-Spam Service Overview section on page 1 Setting up Comprehensive Anti-Spam Service section on page 8 Using Comprehensive Anti-Spam Service section on page 17 Comprehensive Anti-Spam Service Overview This section provides an introduction to the Comprehensive Anti-Spam Service. This section contains the following subsections: What is Comprehensive Anti-Spam Service? section on page 2 Benefits section on page 3 How Does Comprehensive Anti-Spam Service Work? section on page 3 Platforms section on page 8 1

What is Comprehensive Anti-Spam Service? Comprehensive Anti-Spam Service Overview The Comprehensive Anti-Spam Service feature provides a quick, efficient, and effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your existing SonicWALL UTM Appliance. In a typical configuration of Comprehensive Anti-Spam Service, the administrator chooses to add Anti-Spam capabilities by selecting it in the SonicOS interface and licensing it. The SonicWALL UTM Appliance then uses the same advanced spam-filtering technology as the SonicWALL Email Security products to reduce the amount of junk email the organization delivers to users. There are two primary ways inbound messages are analyzed by the Anti-Spam feature - Advanced IP Reputation Management and Cloud-base Message Analysis. IP Address Reputation uses the GRID Network to identify the IP addresses of known spammers, and reject any mail from those senders without even allowing a connection. GRID Network Sender IP Reputation Management checks the IP address of incoming connecting requests against a series of lists and statistics to ensure that the connection has a probability of delivering valuable email. The lists are compiled using the collaborative intelligence of the SonicWALL GRID Network. Known spammers are prevented from connecting to the SonicWALL UTM server, and their junk email payloads never consume system resources on the targeted systems. Email that does not come from known spammers is analyzed based on GRIDprints generated by SonicWALL s research laboratories and are based on data from millions of business endpoints, hundreds of millions of messages, and billions of reputation votes from the users of the GRID Network. Our Grid Network uses data from multiple SonicWALL solutions to create a collaborative intelligence network that defends against the worldwide threat landscape. GRIDprints uniquely identify messages without exposing data contained in the email message. Comprehensive Anti-Spam Service determines that an email fits only one of the following threats: Spam, Likely Spam, Phishing, Likely Phishing, Virus, or Likely Virus. It uses the following precedence order when evaluating threats in email messages: Phishing Likely Phishing Virus Spam Likely Spam Likely Virus For example, if a message is both a virus and a spam, the message will be categorized as a virus since virus is higher in precedence than spam. If SonicWALL Email Security determines that the message is not any of the above threats, it is judged as good email and is delivered to the destination server. 2

Comprehensive Anti-Spam Service Overview Benefits Adding anti-spam protection to your SonicWALL UTM Appliance increases the efficiency of your system as a whole by filtering and rejecting junk messages before users see it in their inboxes. Reduced amount of bandwidth and resources consumed by junk email in your network Reduced number of incoming messages sent to the mail server Reduced threat to the organization, because users cannot accidentally infect their computers by clicking on virus spam Better protection for users from phishing attacks How Does Comprehensive Anti-Spam Service Work? This section describes the Comprehensive Anti-Spam Service feature, including the SonicWALL GRID Network, and how it interacts with SonicOS as a whole. The two points of significant connection with SonicOS are Address and Service Objects. Use the address and service objects to configure the Anti-Spam feature to function smoothly with SonicOS. For example, use the Anti-Spam Service Object to configure NAT policies to archive inbound email as well as sending it through a filter. Comprehensive Anti-Spam Service analyzes messages headers and contents, and uses collaborative GRIDprinting to block spam email. GRID Network Feature Overview This section describes the Comprehensive Anti-Spam Service feature GRID Connection Management with Sender IP Reputation. GRID Network Sender IP Reputation is the reputation a particular IP address has with members of the SonicWALL GRID Network. When this feature is enabled, email is not accepted from IP addresses with a bad reputation. When SonicWALL Email Security will not accept a connection from a known bad IP address, mail from that IP address never reaches the Email Security server. Feature Overview section on page 3 GRID Connection Management with Sender IP Reputation and Connection Management Precedence Order section on page 4 GRID Network Sender IP Reputation checks the IP address of incoming connection requests against a series of lists and statistics to ensure that the connection has a probability of delivering valuable email. The lists are compiled using the collaborative intelligence of the SonicWALL GRID Network. Known spammers are prevented from connecting to the SonicWALL UTM server, and their junk email payloads never consume system resources on the targeted systems. Benefits: As much as 80 percent of junk email is blocked at the connection level, before the email is ever accepted into you network. Fewer resources are required to maintain your level of spam protection. Your bandwidth is not wasted on receiving junk email on your servers, only to analyze and delete it. 3

Comprehensive Anti-Spam Service Overview A global network watches for spammers and helps legitimate users restore their IP reputations if needed. GRID Connection Management with Sender IP Reputation and Connection Management Precedence Order When a request is sent to your first-touch SonicWALL Unified Threat Monitoring server, the server evaluates the reputation of the requestor. The reputation is compiled from white lists of known-good senders, block lists of known spammers, and denial-of-service thresholds. If IP Reputation is enabled, the source IP address is checked in this order: Evaluation Allow-list Block-list Reputation-list Defer-list DoS Description If an IP address is on this list, it is allowed to pass messages through Connection Management. The messages will be analyzed by your SonicWALL Unified Threat Monitoring server as usual. This IP address is banned from connecting to the SonicWALL UTM server. If the IP address is not in the previous lists, the SonicWALL UTM server checks with the GRID Network to see if this IP address has a bad reputation. Connections from this IP address are deferred. A set interval must pass before the connection is allowed. If the IP address is not on the previous lists, the SonicWALL UTM server checks to see if the IP address has crossed the Denial of Service threshold. If it has, the server uses the existing DoS settings to take action. Only if the IP address passes all of these tests does the SonicWALL Unified Threat Monitoring server allow that server to make a connection and transfer mail. If the IP address does not pass the tests, there is a message from the SonicWALL server to the requesting server indicating that there is no SMTP server. The connection request is not accepted. Address and Service Objects The Anti-Spam feature of SonicOS introduces new Address and Service Objects to manage a customer s email server(s). For an introduction to Address and Service Objects, see the SonicOS Enhanced Administrator s Guide, available at: http://www.sonicwall.com/us/support.html SonicOS Enhanced 5.4 provides new Address Objects and Service Objects specific to the Anti-Spam service. These objects are used by the Anti-Spam Service for its NAT and Access Rule policies. Automatically-created rules are not editable and will be deleted if the Anti-Spam Service is disabled. When enabled, the Anti-Spam service creates NAT policies and Access Rules to control and redirect email traffic. The policies and rules are visible in the Network > NAT Policies and Firewall Rules pages, but are not editable. These automatically-created policies are only available when Comprehensive Anti-Spam Service is enabled. When the Anti-Spam service is licensed and activated, the Anti-Spam > Settings page shows a single checkbox to enable Anti-Spam. Selecting the checkbox invokes the Destination Mail Server Policy Wizard if there is no existing custom access rule and NAT policy for an 4

Comprehensive Anti-Spam Service Overview already-deployed scenario. When you set up generated policies, the Anti-Spam service must know where the emails are routed behind the SonicWALL UTM device. Specifically it needs the destination mail server IP address and its zone assignment. The Destination Mail Server Policy Wizard is launched if this data cannot be found. You will need the following information for the wizard: Destination Mail Server Public IP Address The IP address to which external MTAs will be connecting by SMTP. Destination Mail Server Private IP Address The internal IP address (behind the UTM device) of the Exchange or SMTP server. Zone Assignment Which zone the Exchange or SMTP server is assigned. Inbound Email Port The TCP service port number to which emails will be sent to, also known as the inbound SMTP port. Policies and Address Object created by the wizard are editable and persist even if the Anti-Spam service is disabled. Objects Created When Comprehensive Anti-Spam Service Is Enabled This section provides an example of the type of Email Security rules and objects generated automatically as Firewall Access Rules, NAT Policies, and Service Objects. These objects are not editable and will be removed if the Comprehensive Anti-Spam Service is disabled. The Firewall > Access Rules page shows the generated rules used for Anti-Spam. Figure 1:1 Generated Access Rules The Anti-Spam Service Object is created in the Network > Services page. Figure 1:2 Generated Anti-Spam Service Object This Service Object is referenced by the generated NAT policies. 5

Comprehensive Anti-Spam Service Overview Figure 1:3 Generated NAT Policies Objects Created by the Wizard Policy and Object Changes Object created from an administrator s interaction with the wizard can be edited and stay in the system even if Comprehensive Anti-Spam Service is disabled. The following considerations apply to the auto-generation of policies: A system Address Group Object called the Public Mail Server Address Group is created as a default for the original destination for generated policies. This group contains the Address Object, Destination Mail Server Public IP, which takes the IP address value provided during the wizard. In the case where a SonicWALL UTM device already has existing policies for SMTP, the following procedures occur: If the existing policy s original destination is a host type Address Object, then the generated policies use the Public Mail Server Address Group object as their original destination. If the existing policy s original destination is a non-host type Address Object, the generated policies use this non-host type Address Object as their original destination. If there is more than one public IP address for SMTP, users can manually add Address Objects to the Public Mail Server Address Group. In the diag.html page, the Delete Policies and Objects button can be used to remove Anti-Spam Address and Service Objects and policies that are not deleted when the service is turned off. When this button is clicked, SonicOS attempts to remove all the automatically generated objects and policies. This operation is only allowed when the Anti-Spam service is off. Figure 1:4 Diagnostics Options The other diag.html page options relating to Anti-Spam are: Disable SYN Flood Protection for Anti-Spam related connections SYN Flood protection by default is turned on for SMTP (25) and Anti-Spam service (10025) ports. This disables the protection. 6

Comprehensive Anti-Spam Service Overview Use GRID IP reputation check only When selected, this overrides the probing result and simulates an Email Security service being unavailable (admin down). When an email is sent, it still goes through both the SYN FLOOD check and GRID IP check, but other email scanning is not performed. Real-Time Black List (RBL) Filter The RBL Filter configuration screen was previously located under Security Services in the left navigation pane. Now find it under the Anti-Spam menu group. When Comprehensive Anti-Spam Service is turned on, RBL Filtering is automatically disabled. 7

Platforms Comprehensive Anti-Spam Service is supported on all appliances that support SonicWALL SonicOS 5.4.0.0 or higher. Setting up Comprehensive Anti-Spam Service This section contains the following subsections: Administrator Prerequisites section on page 8 Administrator Configuration Tasks section on page 8 Administrator Prerequisites The following deployment prerequisites are required to use the Comprehensive Anti-Spam Service feature: A licensed SonicWALL UTM appliance running 5.4.0.0 or higher firmware Anti-Spam License for the UTM An Exchange or other SMTP server Administrator Configuration Tasks To configure the Comprehensive Anti-Spam Service feature, the appliance must be licensed with a sufficient Comprehensive Anti-Spam Service license. System settings and junk boxes are configured after license activation. This section contains the following subsections: Purchasing Licenses and Support section on page 8 Configuring Comprehensive Anti-Spam Service section on page 10 Using Comprehensive Anti-Spam Service section on page 17 Purchasing Licenses and Support Purchase a Comprehensive Anti-Spam Service license for the UTM appliance. This can be done directly through mysonicwall.com or through your reseller. 8

Note Your UTM appliance must be registered with mysonicwall.com before use. Refer to the SonicWALL UTM Getting Started Guide for further information on registering your appliance. Step 1 Step 2 Step 3 Step 4 Open a Web browser on the computer you are using to manage the SonicWALL SonicOS. Enter http://www.mysonicwall.com in the location or address field. Enter your mysonicwall.com account user name and password in the appropriate fields and click the submit button. Navigate to My Products in the left-hand navigation bar Step 5 Step 6 Step 7 Step 8 Select the UTM appliance you wish to add anti-spam capability to. Register for a Comprehensive Anti-Spam Service license. Login to your SonicWALL UTM appliance s web management interface. Navigate to the Licenses page in the navigation bar. Step 9 Step 10 In the Manage Security Services Online section, click the link to activate or renew your license. Alternately, enter your key or keyset. Enter your mysonicwall.com login information. 9

Activating Comprehensive Anti-Spam Service Once you have registered Comprehensive Anti-Spam Service, activate it to start your UTM appliance-level protection from spam, phishing, and virus messages. Step 1 Navigate to the Anti-Spam menu item in the navigation bar. You are directed to the Settings submenu. Step 2 Step 3 Click Enable Anti-Spam Service to activate the Comprehensive Anti-Spam Service feature. You have activated the Comprehensive Anti-Spam Service! Optionally, click the Junk Store Installer icon to install the junk store on your Exchange server. Configuring Comprehensive Anti-Spam Service Settings When Comprehensive Anti-Spam Service is activated, set your preferences. Once these are configured, your email will be filtered and sorted according to your configuration The Email Threat Category Settings section enables administrator to set default settings for users messages. Choose default settings for messages that contain spam, phishing, and virus issues. Use the dropdown options to choose how to handle messages in each threat category. Your options are: Response Filtering off Effect Comprehensive Anti-Spam Service will not scan and filter any email for this threat category, so all the email messages are delivered to the recipients. 10

Response Tag With Store in Junk Box (default setting) Reject Mail Permanently Delete Effect The email is tagged with a term in the subject line, for example, [JUNK] or [Possible Junk?]. Selecting this option allows the user to have control of the email and can junk it if it is unwanted. The email message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. This option is the recommended setting. The message is returned to sender with a message indicating that it was not deliverable. The email message is permanently deleted. CAUTION: If you select this option, your organization risks losing wanted email. Comprehensive Anti-Spam Service supports up to 5 domains. If you are using more than one domain, choose the Multiple Domains option and contact SonicWALL or your SonicWALL reseller for more information. User-defined Access Lists designate which clients are allowed to connect to deliver email. You can also set clients to be automatically rejected. Advanced options allow you to set the following: Setting Allow/Reject delivery of unprocessed mails when Comprehensive Anti-Spam Service is unavailable Tag and Deliver/Reject/Delete emails when SonicWALL Junk Store is unavailable Probe Interval Success Count Threshold Failure Count Threshold Server Public IP Address Server Private IP Address Description If the Anti-Spam service is not enabled or unavailable for some other reason, you can choose to let all unprocessed emails go through. Spam messages will be delivered to users, as well as good email. If the setting is reject, no email will be delivered until the Anti-Spam Service is re-enabled. If the SonicWALL Junk Store cannot accept spam messages, you can choose to delete them, reject them, or deliver them with cautionary subject lines such as [Phishing]Please renew your account Set the number of minutes between messages to the monitoring service. Set the number of successes required to report a success to the monitoring service. Set the number of failures required to report a failure to the monitoring service. The IP address of the server that is available for external connections. The IP address of the server for internal traffic. Inbound Email Port The port your UTM has open to receive email from outside sources. 11

Setting Enable Subsystem Detection Description Detect other systems running in your mail stream. Installing the Junk Box on Microsoft Outlook Comprehensive Anti-Spam Service can create a Junk Store on your Microsoft Exchange Server. The Junk Store quarantines messages for end-user analysis and provides statistics. Log in to your Exchange system, then open a browser and log in to the SonicWALL Web management interface, and install the Junk Store. If you are using an Exchange server: Step 1 Step 2 1. Log in to your Exchange system, and on that system, open a web browser and log in to the SonicWALL Web Management Interface. On the Anti-Spam > Settings page, click the Junk Store Installer icon to install the Junk Store on your Exchange Server. Figure 1:5 Junk Store Installer Step 3 Step 4 Step 5 Step 6 Your browser may warn you that the Web site is trying to load the SonicWALL Email Security add-on. Click in the Information Bar and select Install ActiveX Control in the popup menu. On the Security Warning screen, click Install to install the ActiveX Control. On the Anti-Spam > Settings page, click the Junk Store Installer icon again. A progress bar is displayed on the page. The installer launches when it is fully downloaded. Migrating data in the Junk Store may take a long time. Wait for the data migration to complete. 12

Step 7 Navigate to the Anti-Spam > Status page and verify that the SonicWALL Junk Store is Operational. It typically takes about 15 minutes for the Junk Store to become operational. Statistics Junk Box Summary Use this page to view the statistics on how many messages are being blocked by your Comprehensive Anti-Spam Service feature. The type of message blocked and the number are listed. SonicWALL SonicOS sends an email message to users listing all the messages that have been placed in their Junk Box. The Junk Box Summary includes: Good vs Junk count (organization) Number of blocked messages (per user) Users can unjunk items listed in the Junk Box Summary email by clicking links in the email. When unjunking there is an option not to add a sender to the Allowed list. To manage the Junk Box summary Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Choose Frequency of Summaries from the drop-down box. Choose the dates and times to receive email notification. Individual users can override these settings. Choose whether to include in message summary All Junk Messages or Likely Junk Only (hide definite junk). Choose Language of summary emails from the drop-down list. Choose a plain or graphics rich summary. Select the name to be displayed in end user s email client for the summary emails. Subject Enter the subject line for the Junk Box Summary email. URL for User View This text box is filled in automatically based on your server configuration and is included in the Junk Box Summary email. Clicking on the email link will allow users to unjunk messages. Test the link if you make any changes to ensure connectivity. If you have multiple SonicWALL Email Security deployments, enter the virtual host name here. 13

Step 7 Test this Link Users unjunk items in the Junk Box summary email by clicking links in the email. To test the URL, click Test this Link. If the test fails, check that the URL is correct. (Installation checklist parameters B, C, D) Click the Apply Changes button. Junk Box View On the Anti-Spam > Junk Box View page, you can view, search, and manage all email messages that are currently in the Junk Store on the Exchange or SMTP server. This functionality is only available if the Junk Store is installed. This section contains the following subsections: Searching in the Junk Box View section on page 14 Managing the Junk Store in the Junk Box View section on page 15 Searching in the Junk Box View Search the Junk Store for a text string in any of the following email fields: To Subject From Date Or, select one or more email threat categories to search. 14

To search the Junk Store, perform the following steps: Step 1 Step 2 Step 3 On the Inbound tab of the Anti-Spam > Junk Box View page, type the text for which to search into the Search text box. Select the desired email field in which to search from the in drop-down list. Select one or more checkboxes for the email threat categories to search. Categories that are not selected will not be searched. Only messages belonging to one of the Email Threat Categories that are set to Store in Junk Box on the Anti-Spam > Settings page are included in the Junk Store. However, all categories are listed on this page, whether or not any messages of that type are stored in the Junk Store. Click the Go button to perform the search. The results are displayed in the bottom section of the page. Managing the Junk Store in the Junk Box View Use the buttons at the top and bottom of the search results list to perform the following Junk Store management tasks on the Anti-Spam > Junk Box View page: Check All Uncheck All Delete Unjunk Send Copy To Select the checkbox for all lines on the page. If there are more lines in the search results than are displayed on the current page, only the results on the current page are selected. Clear the checkbox for all lines on the page. If there are more lines in the search results than are displayed on the current page, only the results on the current page are cleared. Permanently delete the selected message(s) from the Junk Store Remove the selected message(s) from the Junk Store and deliver them to the user(s) to whom they are addressed. The delivery time and date will be set by the Exchange server when each message is delivered to the user mailbox. Keep the selected message(s) in the Junk Store, and send a copy of it or them to a user. Display Set the number of lines of the search results to display on the page. The choices are 10, 25, and 50 lines per page. Pagination controls are provided to navigate to the first page, previous page, next page, and last page of the results. Sort Click any of the column headings in the results list to sort the results by that field. 15

To manage the Junk Store: Step 1 Step 2 In the results list, select the checkbox for the messages that you want to manage. To permanently delete the selected messages from the Junk Store, click the Delete button at the top or bottom of the list. The selected messages are deleted immediately there is no confirmation dialog box before the deletion. If the deletion is successful, a green notification is displayed at the top of the page. If the deletion fails, the notification is red. Step 3 Step 4 To remove the selected messages from the Junk Store and deliver them to the users, click the Unjunk button. The selected messages are unjunked and sent immediately there is no confirmation dialog box before the action. If the action is successful, a green notification is displayed at the top of the page. If the action fails, the notification is red. To send a copy of the selected messages to a user, click the Send Copy To button. Type the email address into the Send Copy To dialog box and then click Send. Real-Time Black List Filtering You can only use RBL if the Anti-Spam Service is not enabled. SMTP Real-time Black List (RBL) is a mechanism for publishing the IP addresses of SMTP spammers use. There are a number of organizations that compile this information both for free: http://www.spamhaus.org, and for profit: http://www.mail-abuse.com. A well-maintained list of RBL services and their efficacy can be found at: http://www.sdsc.edu/~jeff/spam/cbc.html Note SMTP RBL is an aggressive spam filtering technique that can be prone to false-positives because it is based on lists compiled from reported spam activity. The SonicOS implementation of SMTP RBL filtering provides a number of fine-tuning mechanisms to help ensure filtering accuracy. 16

Using Comprehensive Anti-Spam Service RBL list providers publish their lists using DNS. Blacklisted IP addresses appear in the database of the list provider's DNS domain using inverted IP notation of the SMTP server in question as a prefix to the domain name. A response code from 127.0.0.2 to 127.0.0.9 indicates some type of undesirability: For example, if an SMTP server with IP address 1.2.3.4 has been blacklisted by RBL list provider sbl-xbl.spamhaus.org, then a DNS query to 4.3.2.1.sbl-xbl.spamhaus.org will provide a 127.0.0.4 response, indicating that the server is a known source of spam, and the connection will be dropped. For more information on the RBL, see the SonicOS Administrator Guide. Using Comprehensive Anti-Spam Service Once you have configured Comprehensive Anti-Spam Service, it will work automatically until you disable it. Messages are sent to the Junk Box and users unjunk them if they are wrongly categorized. Use the Status page to view the state of your licensing and monitoring. The status page also includes the Email Stream Diagnostics Capture section. Start the capture to create an application-formatted report on the SMTP-related traffic passing through your UTM appliance. Stop the capture at any time. Download the data to view the information in another application. This report only contains inbound traffic. To look up the MX record of an emailer, enter it in the Lookup name or IP: field and click Go. Comprehensive Anti-Spam Service will attempt to connect to that server and retrieve the SMTP banner. This feature allows you to verify that an email sender is not spoofing an address to appear more legitimate. Document Part Number: 232-001751-00 Rev. A Last Updated: 6/24/09 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information