ZyXEL Communications ZYWALL USG 2000 Manual page 577

E-mail Header Buffer Size
The ZyWALL has a 5 K buffer for an individual e-mail header. If an e-mail's header
is longer than 5 K, the ZyWALL only checks up to the first 5 K.
DNSBL
A DNS Blacklist (DNSBL) is a server that hosts a list of IP addresses known or
suspected of having sent or forwarded spam. A DNSBL is also known as a DNS
spam blocking list. The ZyWALL can check the routing addresses of e-mail against
DNSBLs and classify an e-mail as spam if it was sent or forwarded by a computer
with an IP address in the DNSBL.
Here's how the ZyWALL uses DNSBLs.
Figure 385 DNSBL Example
4
The ZyWALL checks the e-mail's header for sender or relay IP addresses and
1
sends them to all of the DNSBL domains configured in the ZyWALL.
The DNSBL servers reply as to whether or not the IP addresses match an entry in
2
their list. In this example, DNSBL 1's reply came first. Since DNSBL 1 says the IP
addresses are not in its list, the ZyWALL waits for more responses.
DNSBL 2 has one of the IP addresses in its list.
3
The ZyWALL immediately classifies the e-mail as spam and takes the action for
4
spam that you defined in the anti-spam policy (in this example it was an SMTP
mail and the defined action is to drop the mail). After a positive match is found in
a DNSBL, the ZyWALL does not wait for any more DNSBL responses.
ZyWALL USG 2000 User's Guide
1
IPs: a.b.c.d
w.x.y.z
Chapter 34 Anti-Spam
DNSBL 1
2
Not spam.
DNSBL 2
3
Spam!
DNSBL 3
577