A. Create an SMTP ALG object:
1.
Go to: Objects > ALG > Add > SMTP ALG
2.
Under General enter:
•
Name: SMTP_inbound_alg
3.
Under File Integrity enter:
•
Select exe and msi for blocked file types
•
Enable the option Block file with extension that does not match MIME type
4.
Under Anti-Virus enter:
•
Mode: Protect
5.
Under Anti-Spam enter:
•
Enable DNS Anti-Spam Filter
•
Under DNS Blacklists add zen.spamhaus.org with a value of 5 and dnsbl.dronebl.org with
a value of 3.
6.
Under Whitelist/Blacklist select Add and enter:
•
Action: Blacklist
•
Type: Sender
•
Email: *.@example.com
7.
Click OK
B. Create a new Service object for inbound SMTP:
1.
Go to: Objects > Services > Add > TCP/UDP Service
2.
Now enter:
•
Name: smtp_inbound_service
•
Type: TCP
•
Destination: 110
•
Enable SYN Flood Protection
•
ALG: smtp_inbound_alg
3.
Click OK
C. Create an IP Rule for email traffic to the mail server from the Internet:
i. Create a SAT IP rule to translate the server address:
1.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2.
Now enter:
455
Chapter 6: Security Mechanisms