disabled, it is a copy of the predefined
Service
object called
smtp
. Predefined
Service
objects
could be used but this is not recommended.
•
Associate the new
SMTP ALG
object with the newly created
Service
object.
•
Create an
IP Rule
object that that uses the relevant
Service
and that has the appropriate
source and destination filters. This could be one of the following options:
i.
For mail being uploaded to the server from clients using SMTP, an IP rule is required
where the source will be the clients and the destination will be the mail server.
ii.
For mail being sent to the server from the public Internet, an IP rule is required where
the destination is the mail server and the source is the Internet. If the mail server does
not have its own public IP address, this will require a SAT IP rule and an ALLOW IP rule to
translate a public IP address to the private address of the server.
iii.
For mail from clients being forwarded out to the public Internet by the mail server, an IP
rule is required where the server is the source and the Internet is the destination.
•
Associate the
Service
object with the IP rule.
The most common use for the SMTP ALG is to examine the email traffic that is flowing to a mail
server from the public Internet and this is described in the example given later. However, it can
be possible for malware to infect either protected clients and/or a mail server in which case an
SMTP ALG can be used to monitor mail traffic that is flowing from clients and/or being relayed by
the mail server out on the public Internet.
SMTP ALG Options
Key options of the SMTP ALG are:
•
Email rate limiting
A maximum allowable rate of email messages can be specified. This rate is calculated on a
per
source IP address
basis. In other words, it is not the total rate that is of interest but the rate
from a certain email source.
This is a very useful feature to have since it is possible to put in a block against either an
infected client or an infected server sending large amounts of malware generated emails.
•
Email size limiting
A maximum allowable size of email messages can be specified. This feature counts the total
amount of bytes sent for a single email which is the header size plus body size plus the size of
any email attachments after they are encoded. It should be kept in mind that an email with,
for example, an attachment of 100 Kbytes, will be larger than 100 Kbytes. The transferred size
might be 120 Kbytes or more since the encoding which takes place automatically for
attachments may substantially increase the transferred attachment size.
The administrator should therefore add a reasonable margin above the anticipated email size
when setting this limit.
•
Email address blacklisting
A blacklist of sender or recipient email addresses can be specified so that mail from/to those
addresses is blocked. The blacklist is applied after the whitelist so that if an address matches a
whitelist entry it is not then checked against the blacklist.
•
Email address whitelisting
Chapter 6: Security Mechanisms
450
Summary of Contents for NetDefendOS
Page 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Page 32: ...Chapter 1 NetDefendOS Overview 32 ...
Page 144: ...Chapter 2 Management and Maintenance 144 ...
Page 284: ...Chapter 3 Fundamentals 284 ...
Page 392: ...Chapter 4 Routing 392 ...
Page 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Page 420: ...Chapter 5 DHCP Services 420 ...
Page 573: ...Chapter 6 Security Mechanisms 573 ...
Page 607: ...Chapter 7 Address Translation 607 ...
Page 666: ...Chapter 8 User Authentication 666 ...
Page 775: ...Chapter 9 VPN 775 ...
Page 819: ...Chapter 10 Traffic Management 819 ...
Page 842: ...Chapter 11 High Availability 842 ...
Page 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Page 879: ...Chapter 13 Advanced Settings 879 ...