Dnsbl Spam Filtering - D-Link NetDefend DFL-210 User Manual

6.2.5. The SMTP ALG
The NetDefendOS SMTP ALG does not support all ESMTP extensions including Pipelining and
Chunking. The ALG therefore removes any unsupported extensions from the supported extension
list that is returned to the client by an SMTP server behind the D-Link Firewall. When an extension
is removed, a log message is generated with the text:
The parameter "capa=" in the log message indicates which extension the ALG removed from the
server response. For example, this parameter may appear in the log message as:
To indicate that the pipelining extension was removed from the SMTP server reply to an EHLO
client command.
Although ESMTP extensions may be removed by the ALG and related log messages generated, this
does not mean that any emails are dropped. Email transfers will take place as usual but without
making use of unsupported extensions removed by the ALG.
SMTP ALG with ZoneDefense
SMTP is used for both mail clients that want to send emails as well as mail servers that relay emails
to other mail servers. When using ZoneDefense together with the SMTP ALG, the only scenario of
interest is to block local clients that try to spread viruses in the outgoing emails.
Using ZoneDefense for blocking relayed emails to an incoming SMTP server would be inadvisable
since it would disallow all incoming emails from the blocked email server. For example, if a remote
user is sending an infected email using a well known free email company, blocking the sending
server using ZoneDefense would block all future emails from that same company to any local
receiver. Using ZoneDefense together with the SMTP ALG should therefore be used principally for
blocking local email clients.
To implement blocking, the administrator configures the ZoneDefense network range to include all
local SMTP clients. It is made sure that the SMTP-server is excluded from this range.
When a client tries to send an email infected with a virus, the virus is blocked and ZoneDefense
isolates the host from the rest of the network.
The steps to setting up ZoneDefense with the SMTP ALG are:
• Configure the ZoneDefense switches to be used with ZoneDefense in the ZoneDefense section
of the WebUI.
• Set up the SMTP ALG to use Anti-Virus scanning in enabled mode.
• Choose the ZoneDefense network in the Anti-Virus configuration of the ALG that is to be
affected by ZoneDefense when a virus is detected.
For more information on this topic refer to Chapter 12, ZoneDefense.

6.2.5.1. DNSBL SPAM Filtering

Unsolicited email, often referred to as SPAM, has become both a major annoyance as well as a
security issue on the public Internet. Unsolicited email, sent out in massive quantities by groups
unsupported_extension
capability_removed
capa=PIPELINING
Note
It is possible to manually configure certain hosts and servers to be excluded from
being blocked by adding them to the ZoneDefense Exclude list.
210
Chapter 6. Security Mechanisms