known as spammers, can waste resources, transport malware as well as try to direct the reader to
webpages which might exploit browser vulnerabilities.
Integral to the NetDefendOS SMTP ALG is a SPAM module that provides the ability to apply spam
filtering to incoming email based on its origin. This can significantly reduce the burden of such
email in the mailboxes of users behind the D-Link Firewall. NetDefendOS offers two approaches to
handling SPAM:
•
Dropping email which has a very high probability of being SPAM.
•
Letting through but flagging email that has a moderate probability of being SPAM.
The NetDefendOS Implementation
SMTP functions as a protocol for sending emails between servers. NetDefendOS applies SPAM
filtering to emails as they pass through the D-Link Firewall from a remote SMTP server to the local
SMTP server (from which local clients will later download the emails). Typically the local SMTP
server will be set up on a DMZ and there will usually be only one "hop" between the sending server
and the local, receiving server.
A number of trusted organizations maintain publicly available databases of the origin IP address of
known spamming SMTP servers and these can be queried over the public Internet. These lists are
known as DNS Black List (DNSBL) databases and the information is accessible using a standardized
query method supported by NetDefendOS. The image below illustrates all the components involved:
When the NetDefendOS SPAM filtering function is configured, the IP address of the email's
sending server can be sent to one or more DNSBL servers to find out if any DNSBL servers think it
is from a spammer or not (NetDefendOS examines the IP packet headers to do this). The reply sent
back by a server is either a not listed response or a listed response. In the latter case of being listed,
the DSNBL server is indicating the email might be SPAM and it will usually also provide
information known as a TXT record which is a textual explanation for the listing.
Figure 6.4. DNSBL SPAM Filtering
The administrator can configure the NetDefendOS SMTP ALG to consult multiple DNSBL servers
in order to form a consensus opinion on an email's origin address. As each new email arrives,
servers are queried to assess the likelihood that the email is SPAM, based on its origin address. The
NetDefendOS administrator assigns a weight greater than zero to each configured server so that a
weighted sum can then be calculated based on all responses. The administrator can configure one of
6.2.5. The SMTP ALG
Chapter 6. Security Mechanisms
211
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...