Email Filtering And Anti-Spam; Ip Policy Based Email Filtering - D-Link NetDefendOS User Manual

6.4. Email Filtering and Anti-Spam

Email traffic can be a major concern for the system administrator, both because of its volume and
because of the security threats it can carry. Unsolicited email is both a major annoyance as well
as a security issue on the public Internet. Unsolicited email, often referred to as Spam, sent out by
groups known as spammers in massive quantities, can waste resources, transport malware as well
as try to direct the reader to webpages that could exploit vulnerabilities.
NetDefendOS provides two different email filtering subsystems:
• IP Policy based Email Filtering for IMAP, POP3 and SMTP
This is enabled directly on an IP Policy object and includes a fully comprehensive anti-spam
capability. It offers an array of different filtering techniques, many of which are not available
in SMTP ALG based filtering which is listed next. It cannot be configured using IP rules and at
this time it is applicable to POP3, IMAP and SMTP traffic.
This type of email filtering is described in Section 6.4.1, "IP Policy Based Email Filtering".
• SMTP ALG Based Email Filtering
This provides an email filtering capability which is enabled via the SMTP ALG. It relies
primarily on the use of DNSBL blacklist databases for its anti-spam filtering.
This type of email filtering is described in Section 6.4.2, "ALG Based Email Filtering".

6.4.1. IP Policy Based Email Filtering

The email filtering features available with IP policies provide a full set of tools. This method of
filtering can be applied to IMAP, POP3 and SMTP traffic. With IMAP and POP3 filtering, emails
cannot be dropped when they fail filtering but only marked as failed. With SMTP, emails can be
dropped or forwarded.
IP policy based email is set up with the following steps:
• Create an Email Control Profile object which defines how email is to be filtered. If anti-spam
filtering is required it must be explicitly enabled in the profile (by default, it is disabled).
• Optionally add one or more Email Filter objects as children to the Email Control Profile object.
Each will specify an email address (or addresses using wildcards) which are to be blacklisted
(automatically rejected before filtering) or whitelisted (never subject to filtering).
• Associate the Email Control Profile object created above with an IP Policy object which triggers
on the email traffic. Only a single profile can be associated with an IP policy.
• The Service property for this IP policy must trigger on the IMAP, POP3 or SMTP protocols so it
must be set to an appropriate Service object. The Service object used must have its Protocol
property set to IMAP, POP3 or SMTP (whichever applies).
The predefined IMAP, POP3 and SMTP services could be used by setting their Protocol
property to be IMAP or POP3 or SMTP. However, it is recommended to instead create a new
custom Service object and this is done in the setup example found at the end of this section.
• Optionally enable anti-virus scanning on the IP policy. This will scan any email attachments
for viruses and will function with the IMAP, POP3 or SMTP protocol. Anti-virus scanning is
discussed further in Section 6.5, "Anti-Virus Scanning".
526
Chapter 6: Security Mechanisms