Antispam Settings In Screenos Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide
Related
Documentation

Antispam Settings in ScreenOS Overview

186
the device level. Although disabling attack objects does not improve throughput
performance for the security device, this fine-tuning of the attacks detected by each
device helps reduce false positives in your logs.
To disable attack objects, the attack object database on the managed device must match
the version of the database on the GUI server. If the databases do not match, the Disable
Attacks option does not appear in the device navigation tree, and a validation icon appears
next to the Attack Database Version setting in Security > Attack DB > Settings.
To disable an attack object on a device, double-click the device to open the device
configuration. In the device navigation tree, select Security > Attack DB > Disable Attacks,
and then select the attack objects you want to disable.
NOTE: Disabled attack objects are device-specific. For example, disabling
an attack object within the root system does not disable the attack object in
any of its virtual systems, and disabling an attack object in one vsys does not
affect that attack object in any other vsys.
For more information about the attack object database, see the "Attack Detection and
Defense Mechanisms" volume in the Concepts & Examples ScreenOS Reference Guide.
Antispam Settings in ScreenOS Overview on page 186
Configuring Antispam Settings in ScreenOS (NSM Procedure) on page 187
Attack Object Database Overview on page 184
Spam consists of unwanted e-mail messages, usually sent by commercial, malicious, or
fraudulent entities. The antispam feature examines transmitted messages to identify
spam. When the device detects a message deemed to be spam, it either drops the
message or tags the message field with a preprogrammed string. This antispam feature
is not meant to replace your antispam server, but to complement it. Configuring this
command prevents an internal corporate e-mail server from receiving and distributing
spams. Devices running ScreenOS 5.3 or later support antispam functionality.
You can configure antispam to tag or block unwanted e-mails based on e-mail ID,
hostname, domain name, or IP address. SMTP is supported but not POP3 or IMAP.
Advanced features such as Bayesian filtering are not supported.
E-mail is tagged or blocked based on blacklists and whitelists, which can be configured
locally. Juniper Networks provides a server with a blacklist of known spammers. NSM
first attempts to match each e-mail against the local lists. If it does not match a local
list, it then attempts to match the e-mail against the list on the Juniper Networks server.
Table 44 on page 187 lists the match criteria for the local whitelist, local blacklist, Juniper
Networks blacklist, and corresponding actions.
Copyright © 2010, Juniper Networks, Inc.