D-Link NetDefend DFL-210 User Manual page 149

6.2.5. SMTP
Buy this stock today!
And if the tag text is defined to be "*** SPAM ***", then the modified email's Subject field will
become:
*** SPAM *** Buy this stock today!
And this is what the email's recipient will see in the summary of their inbox contents. The individual
user could then decide to set up their own filters in the local client to deal with such tagged emails,
possibly sending it to a separate folder.
In addition, the content of the email has X-SPAM fields added to it. These consist of:
• X-Spam-Flag - This value will always be Yes
• X-Spam-Checker-Version - The NetDefendOS version that tagged the email
• X-Spam-Status - This will always be DNSBL
• X-Spam-Report - A list of DNSBL servers that flagged the email as SPAM
These fields can be referred to in mail server filtering rules set up by the administrator.
Dropping SPAM Email
If the calculated sum is greater than or equal to the Drop threshold value then the email is not
forwarded to the intended recipient. Instead the administrator can choose one of two alternatives for
dropped email:
• A special email address can be configured to receive all dropped email. If this is done then any
TXT messages (mentioned earlier) sent by the DNSBL servers that identified the email as SPAM
can be optionally appended by NetDefendOS as an attachment to the forwarded email.
• If no receiver email address is configured for dropped emails then they are discarded by
NetDefendOS and an error message sent back to the sender address along with the TXT
messages from the DNSBL servers that failed the email.
Allowing for Failed DNSBL Servers
If a query to a DNSBL server times out then NetDefendOS will consider that the query has failed
and the weight given to that server will be automatically subtracted from both the SPAM and Drop
thresholds for the scoring calculation done for that email.
If enough DNSBL servers don't respond then this subtraction could mean that the threshold values
become negative. Since the scoring calculation will always produce a value of zero or greater
(servers can't have negative weights) then all email will be allowed through if both the SPAM and
Drop thresholds become negative.
A log message is generated whenever a configured DNSBL server does not respond within the
required time. This is done only once at the beginning of a consecutive sequence of response
failures from a single server to avoid unecessarily repeating the message.
Verifying the Sender Email
As part of the Anti-SPAM module, the option to verify the email sender denies emails with a
mismatch of the SMTP "From" address and the header "From" address. In other words, the source
address in the SMTP protocol header and the SMTP data load header must be the same. Spamming
can cause these to be different so this feature provides an extra check on email integrity.
149
Chapter 6. Security Mechanisms