1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

D-Link NetDefend DFL-210 User Manual page 148

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

6.2.5. SMTP
When the NetDefendOS SPAM filtering function is configured, the IP address of the email's
sending server can be sent to one or more DNSBL servers to find out if any DNSBL servers think it
is from a spammer or not (NetDefendOS examines the IP packet headers to do this). The reply sent
back by a server is either a not listed response or a listed response. In the latter case of being listed,
the DSNBL server is indicating the email might be SPAM and it will usually also provide a
information known as a TXT record which is a textual explanation for the listing.
The administrator can configure the NetDefendOS SMTP ALG to consult multiple DNSBL servers
in order to form a consensus opinion on an email's origin address. As each new email arrives,
servers are queried to assess the likelihood that the email is SPAM, based on its origin address. The
NetDefendOS administrator assigns a weight greater than zero to each configured server so that a
weighted sum can then be calculated based on all responses. The administrator can configure one of
the following actions based on the sum calculated:
1.
If the sum is greater than or equal to a pre-defined Drop threshold then the email is considered
to be definately SPAM and is discarded or alternatively sent to a single, special mailbox.
2.
If the sum is greater than or equal to a pre-defined SPAM threshold then the email is considered
as probably being SPAM but forwarded to the recipient with notifying text attached to it.
A Threshold Calculation Example
As an example, lets suppose that three DNSBL servers are configured: dnsbl1, dnsbl2 and dnsbl3.
Weights of 3, 2 and 2 are assigned to these respectively. The SPAM threshold is then set to be 5.
If dnsbl1 and dnsbl2 say an email is SPAM but dnsbl3 does not, then the total calculated will be
3+2+0=5. Since the total of 5 is equal to (or greater than) the threshold then the email will be treated
as SPAM.
If the Drop threshold in this example is set at 7 then all three DNSBL servers would have to respond
in order for the calculated sum to cause the email to be dropped (3+2+2=7).
Tagging SPAM Emails
If an email is considered probably to be SPAM because the calculated sum is above the SPAM
threshold but it is below the Drop threshold, then the Subject field of the email is changed and
pre-fixed with a message and the email is forwarded on to the intended recipient. The tag message
text is specified by the administrator but can be left blank (although that is not recommended).
An example of tagging might be if the original Subject field is:
148
Chapter 6. Security Mechanisms

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Products for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Netdefend dfl-2500Dfl-1600Netdefend dfl-860Netdefend dfl-260Netdefend dfl-800 ... Show all

Table of Contents