Configuring Server-Based Spam Filtering

You can use J-Web or the CLI to configure the device to use server-based spam filtering.

This topic contains:

• Configuration Overview
• J-Web Quick Configuration
• J-Web View and Edit Configuration
• CLI Configuration

Configuration Overview

For each UTM feature, you should configure feature parameters in the following order:

1. First configure UTM custom objects (if any) for the feature in question. Custom objects are global parameters for UTM features. This means that configured custom objects can be applied to all UTM policies where applicable, rather than only to individual policies.

   The CLI command for setting custom objects is :

   user@host# set security utm custom-objects

2. Configure main feature parameters, called feature profiles.

   The CLI command for setting antispam feature profiles is:

   user@host# set security utm feature-profile anti-spam

3. Configure a UTM policy for each protocol and attach this policy to a profile.

   CLI commands for configuring a UTM policy for SMTP and attaching that policy to a profile are:

   Note: At this time, the antispam feature is only supported for the SMTP protocol.

   user@host# set security utm utm-policy <name>

   user@host# set security utm utm-policy utmp1 anti-spam smtp-profile smtp1

4. Attach the UTM policy to a firewall security policy.

   The CLI command for attaching a UTM policy to a security policy is:

   user@host# set security policies

   user@host# set security policies from-zone trust to-zone untrust policy p1 then permit application-services utm-policy utmp1

J-Web Quick Configuration

To configure server-based antispam using the J-Web Quick Configuration editor:

1. Select the Configuration tab at the top of the page.
2. Select UTM in the left pane, under Quick Configuration, to expand the UTM category. Once UTM is expanded, Anti-Virus, Web Filtering, Anti-Spam, Content Filtering, and Custom Objects become available.
3. Select Anti-Spam in the left pane.
4. In the right pane, under Anti-Spam global options, select an Address Whitelist and/or an Address Blacklist from the list if you are using local lists for spam filtering. (These lists are configured as Custom Objects and are made available for selection here. Because you are configuring server-based spam, you do not select a local Address Whitelist or a Blacklist. For more information on configuring these lists, refer to Using Local List Spam Filtering.)
5. Under Anti-Spam profiles, click the Add button to configure a profile for the Symantec SBL server. This takes you to the profile configuration page.
6. In the Profile Name box, enter a unique name for the antispam profile you are creating.
7. If you are using the default server, select the check box beside Symantec default SBL server. If you are not using the default server, leave the check box unselected. The SBL server is predefined on the device. It ships knowing the name and address of the Symantec SBL server. If you do not select this check box, you are disabling sever-based spam filtering. You would disable it if you are using only local lists or if you do not have a license for server-based spam filtering.
8. In the antispam action list, select one of the following: Tag subject of e-mail, Block e-mail, Tag header of e-mail. Here you are selecting the action to be taken by the device when spam is detected.
9. In the Custom tag string box, enter a custom string for identifying a message as spam. By default, the devices uses ***SPAM***.
10. Click OK to save your profile. See Figure 178 (This takes you back to main antispam configuration page. Under Anti-Spam profiles, the profile you created is now listed.)

    Figure 178: Antispam Server-Based Profile Configuration, Quick Configuration

    

11. Under Anti-Spam profiles, select the check box for the profile you are using.
12. Click Apply.

Next, you configure a UTM policy for SMTP to which you attach the antispam profile you have configured.

1. Select Security Policies > UTM Policies.
2. Click Add.
3. In the Policy Name box, enter a unique name for the UTM policy you are creating.
4. Scroll down to the antispam section of the page and locate the SMTP Profile list. Select the antispam profile you are attaching to this UTM policy. (For these instructions, you are only attaching an antispam profile to this UTM policy. But note that you can attach several profiles for multiple features to one UTM policy.)
5. In the Session Per Client Over Limit list, select one of the following: Log and Permit, Block. This is the action the device takes when the session per client limit for this UTM policy is exceeded.
6. In the Session Per Client Limit box, enter a session per client limit from 0 to 20000 for this UTM policy.
7. Click OK. This takes you back to the UTM Policies page.
8. Select the check box in the UTM Policy table for the policy you are using.
9. Click Apply.

Next, you attach the UTM policy to a security policy that you create.

1. Select Security Policies > FW / VPN Policies.
2. Next to Default Policy Action, select one of the following: Deny-All, Permit-All.
3. Next to From Zone, select a zone from the list.
4. Next to To Zone, select a zone from the list.
5. Under Zone Direction, click Add a Policy.
6. In the Policy Name box, enter a unique name for the security policy you are creating.
7. Under Match Criterias, choose a Source Address. Do this by selecting an entry in the Source Address Book box and clicking the <— button to move it to the Matched box.
8. Under Match Criterias, choose a Destination Address. Do this by selecting an entry in the Destination Address Book box and clicking the <— button to move it to the Matched box.
9. Under Match Criterias, choose an Application. Do this by selecting junos-smtp (for antispam) in the Application Sets box and clicking the <— button to move it to the Matched box.
10. Next to Policy Action, select one of the following: Permit, Deny, Reject.

    Note: When you select Permit for Policy Action, several additional fields become available, including UTM Policy.

11. Next to UTM Policy, select the appropriate policy from the list. This attaches your UTM policy to the security policy.

    Note: There are several fields on this page that are not described in this section. See the section on Security Policies for detailed information on configuring security policies and all the available fields.

12. Click OK. This takes you back to the main Security Policies configuration page.
13. Under Policies, select the check box beside the security policy you created.
14. Click Apply.

J-Web View and Edit Configuration

To configure server-based antispam using the J-Web View and Edit editor:

1. Select Configuration>View and Edit >Edit Configuration.
2. Next to Security, click Configure or Edit.
3. Next to UTM, click Configure.
4. Next to Feature Profile, click Configure.
5. Next to Anti spam, click Configure.
6. Next to Symantec sbl, select the Yes check box. A Configure link appears. (Because you are configuring server-based spam, you do not select a local Address whitelist or an Address blacklist.)
7. Next to Symantec sbl, Yes checkbox, click the Configure link.
8. Next to Profile, click Add new entry.
9. In the Name box, enter a unique name for the antispam profile you are creating.
10. In the Custom tag string box, enter a custom string for identifying a message as spam. By default, the devices uses ***SPAM***.
11. Select the Yes check box beside the Symantec default SBL default server if you are using the default server. Otherwise, select the No check box.
12. In the Spam action list, select one of the following: tag subject (of e-mail), block (e-mail), tag header (of e-mail). Here you are selecting the action to be taken by the device when spam is detected.
13. Click OK. See Figure 179.

    Figure 179: Antispam Server-Based Profile Configuration, View and Edit Configuration

    

Next, you configure a UTM policy for SMTP to which you attach the antispam profile you have configured.

1. Select Configuration>View and Edit >Edit Configuration.
2. Next to Security, click Configure or Edit.
3. Next to UTM, click Configure.
4. Next to UTM policy, click Add new entry.
5. In the Name box, enter a unique name for the UTM policy you are creating.
6. Next to Anti spam, click Configure.
7. In the Smtp profile box, enter the name of the antispam profile you created earlier.
8. Click OK.
9. Click OK again to return to main UTM configuration page. Your UTM antispam policy is now listed in the UTM policy table.

Next, you attach the UTM policy to a security policy that you create.

1. Select Configuration>View and Edit >Edit Configuration.
2. Next to Security, click Configure or Edit.
3. Next to Security, click Configure.
4. Next to Policy, select the Yes check box click Edit.
5. Next to Policy, click Add new entry.

   Note: Refer to the section on security policy configuration for further details on configuring a policy. Note that when you configure the Then field as part of the policy, select Permit as the action, and then configure Application services, you are able to enter the Utm policy name as part of this security policy.

6. Next to Utm policy (in the Application services security policy screen), enter the name of the appropriate policy. This attaches your UTM policy to the security policy.
7. Click OK.

CLI Configuration

1. To configure server-based antispam using the CLI, first create a profile name.

   user@host# set security utm feature-profile anti-spam symantec-sbl profile sblprofile1

2. Configure the default SBL server lookup as enabled or disabled. If you are using server-based spam filtering, you should enter sbl-default-server to enable the Symantec default SBL server. (The SBL server is predefined on the device. It ships knowing the name and address of the Symantec SBL server.) Entering no-sbl-default-server disables server-based spam filtering. You would disable it if you are using only local lists or if you do not have a license for server-based spam filtering.

   user@host# set security utm feature-profile anti-spam symantec-sbl profile sblprofile1 sbl-default-server

3. Configure the action to be taken by the device when spam is detected (block, tag-header, tag-subject).

   user@host# set security utm feature-profile anti-spam symantec-sbl profile sblprofile1 sbl-default-server spam-action block

4. Configure a custom string for identifying a message as spam.

   user@host# set security utm feature-profile anti-spam symantec-sbl profile sblprofile1 sbl-default-server custom-tag-string ***spam***

5. Configure a UTM policy for SMTP to which you attach the antispam feature profile you have configured.

   user@host# set security utm utm-policy spampolicy1

6. Attach the spam feature profile to the UTM policy you have created.

   user@host# set security utm utm-policy spampolicy1 anti-spam smtp-profile sblprofile1

7. Configure a security policy for UTM and attach the UTM policy you created to the security policy.

   user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 match source-address any

   user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 match destination-address any

   user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 match application junos-smtp

   user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 then permit application-services utm-policy spampolicy1

   Note: A default antispam policy ships with the device. It is called junos-as-defaults. It contains the following configuration parameters: anti-spam { symantec-sbl { profile junos-as-defaults { sbl-default-server; spam-action block; custom-tag-string "***SPAM***"; } } }