How To Configure an Anti-Spam Policy with Mail Scan and DNSBL ?

Zyxel_Charlie · February 2018

This is an example of using ZyWALL/USG UTM Profile to mark or discard spam (unsolicited commercial or junk e-mail). Use the Anti-Spam white list to identify legitimate e-mail. Use the Anti-Spam black list to identify spam e-mail. The ZyWALL/USG can also check e-mail against a DNS Black List (DNSBL) of IP addresses of servers that are suspected of being used by spammers.

ZyWALL/USG with Anti-Spam Profile to mark or discard spam e-mail Example

Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG310 (Firmware Version: ZLD 4.13).

Step

Set Up the Anti-Spam Profile on the ZyWALL/USG

1. In the ZyWALL/USG, go to CONFIGURATION > UTM Profile > Anti-Spam> Profile > Profile Management > Add rule, configure a Name for you to identify the Anti-Spam profile.

Select from the list of available Scan Options and desired Log type whether to have the ZyWALL/USG generate a log (log), log and alert (log alert) or neither (no) by default when traffic matches this policy. Click OK to return to the General screen.

CONFIGURATION > UTM Profile > Anti-Spam> Profile > Profile Management > Add rule

2. In the ZyWALL/USG, go to CONFIGURATION > UTM Profile > Anti-Spam> Mail Scan. Select Enable Sender Reputation Checking (SMTP only) to have the ZyWALL/USG scan for spam e-mail by IP Reputation. Select Enable Mail Content Analysis to identify Spam Email by content, such as malicious content. Select Enable Virus Outbreak Detection to scan viruses attached in emails. Leave Query Timeout Settings to be the default settings. Click Apply.

CONFIGURATION > UTM Profile > Anti-Virus > Anti-Spam> Mail Scan

3. In the ZyWALL/USG, go to CONFIGURATION > UTM Profile > Anti-Spam> Black/White List > Black List > General Settings, select Enable Black List Checking to have the ZyWALL/USG treat e-mail that matches (an active) black list entry as spam.

CONFIGURATION > UTM Profile > Anti-Virus > Black/White List > Black List > General Settings

4. Continue to Rule Summary, click the Add icon. A pop-up screen will appear allowing you to configure Content (Subject,IP/IPv6 Address, E-Mail Address and Mail Header), Use wildcards (*) to configure Mail Subject Keyword. (*sell* in this example). Click OK to return to the General screen.

CONFIGURATION > UTM Profile > Anti-Virus > Black/White List > Black List > Rule Summary > Add rule

5. In the ZyWALL/USG, go to CONFIGURATION > UTM Profile > Anti-Spam> DNSBL, select Enable DNS Black List (DNSBL) Checking and enter the DNSBL Domain for a DNSBL service (zen.spamhaus.org in this example). Click Apply.

CONFIGURATION > UTM Profile > Anti-Virus > DNSBL

Set Up the Security Policy on the ZyWALL/USG

1. In the ZyWALL/USG, go to CONFIGURATION > Security Policy > Policy Control, configure a Name for you to identify the Security Policy profile. For From and To policies, select the direction of travel of packets to which the policy applies.

Scroll down to UTM Profile, select Anti-Virus and select a profile from the list box (Anti_Spam_Check in this example).

CONFIGURATION > Security Policy > Policy Control

Verification

Test the Result

1. Send the mail subject with “sell”.

2. You will receive the mail subject with [Spam] tag.

3. Go to the ZyWALL/USG Monitor > Log, you will see [alert] log message such as below.

Monitor > Log

What Can Go Wrong?

1. If you are not be able to If you are not be able to configure any Anti-Spam policies or it’s not working, there are two possible reasons:

a. You have not subscribed for the Anti- Spam service.

b. You have subscribed for the Anti- Spam service but the license is expired.

You can click the link from the CONFIGURATION > Licensing > Registration screen of your ZyXEL device’s Web Configurator or click the myZyXEL.com 2.0 icon from the portal page (https://portal.myzyxel.com/) to register or extend your Anti- Spamlicense.