And this is what the email's recipient will see in the summary of their inbox contents. The individual
user could then decide to set up their own filters in the local client to deal with such tagged emails,
possibly sending it to a separate folder.
Adding X-SPAM Information
If an email is determined to be SPAM and a forwarding address is configured for dropped emails,
then the administrator has the option to Add TXT Records to the email. A TXT Record is the
information sent back from the DNSBL server when the server thinks the sender is a source of
SPAM. This information can be inserted into the header of the email using the X-SPAM tagging
convention before it is sent on. The X-SPAM fields added are:
•
X-Spam-Flag - This value will always be Yes.
•
X-Spam-Checker-Version - The NetDefendOS version that tagged the email.
•
X-Spam-Status - This will always be DNSBL.
•
X-Spam-Report - A list of DNSBL servers that flagged the email as SPAM.
•
X-Spam-TXT-Records - A list of TXT records sent by the DNSBL servers that identified the
email as SPAM.
•
X-Spam_Sender-IP - IP address used by the email sender.
These fields can be referred to in filtering rules set up by the administrator in mail server software.
Allowing for Failed DNSBL Servers
If a query to a DNSBL server times out then NetDefendOS will consider that the query has failed
and the weight given to that server will be automatically subtracted from both the SPAM and Drop
thresholds for the scoring calculation done for that email.
If enough DNSBL servers do not respond then this subtraction could mean that the threshold values
become negative. Since the scoring calculation will always produce a value of zero or greater
(servers cannot have negative weights) then all email will be allowed through if both the SPAM and
Drop thresholds become negative.
A log message is generated whenever a configured DNSBL server does not respond within the
required time. This is done only once at the beginning of a consecutive sequence of response
failures from a single server to avoid unnecessarily repeating the message.
Verifying the Sender Email
As part of the Anti-SPAM module, the option to verify the email sender denies emails with a
mismatch of the SMTP "From" address and the header "From" address. In other words, the source
address in the SMTP protocol header and the SMTP data load header must be the same. Spamming
can cause these to be different so this feature provides an extra check on email integrity.
Logging
There are three types of logging done by the SPAM filtering module:
•
Logging of dropped or SPAM tagged emails - These log messages include the source email
address and IP as well as its weighted points score and which DNSBLs caused the event.
•
DNSBLs not responding - DNSBL query timeouts are logged.
•
All defined DNBSLs stop responding - This is a high severity event since all email will be
6.2.5. The SMTP ALG
Chapter 6. Security Mechanisms
213
Summary of Contents for 800 - DFL 800 - Security Appliance
Page 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Page 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Page 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Page 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Page 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Page 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Page 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Page 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Page 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Page 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Page 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Page 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Page 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Page 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Page 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...