Configuring Server-Based Spam Filtering

You can use J-Web or the CLI to configure the device to use server-based spam filtering.

This topic contains:

• Configuration Overview
• J-Web Configuration
• J-Web Point and Click CLI Configuration
• CLI Configuration

Configuration Overview

For each UTM feature, you should configure feature parameters in the following order:

1. First configure UTM custom objects (if any) for the feature in question. Custom objects are global parameters for UTM features. This means that configured custom objects can be applied to all UTM policies where applicable, rather than only to individual policies.

   The CLI command for setting custom objects is :

   user@host# set security utm custom-objects

2. Configure main feature parameters, called feature profiles.

   The CLI command for setting antispam feature profiles is:

   user@host# set security utm feature-profile anti-spam

3. Configure a UTM policy for each protocol and attach this policy to a profile.

   CLI commands for configuring a UTM policy for SMTP and attaching that policy to a profile are:

   Note: At this time, the antispam feature is only supported for the SMTP protocol.

   user@host# set security utm utm-policy <name>

   user@host# set security utm utm-policy utmp1 anti-spam smtp-profile smtp1

4. Attach the UTM policy to a firewall security policy.

   The CLI command for attaching a UTM policy to a security policy is:

   user@host# set security policies

   user@host# set security policies from-zone trust to-zone untrust policy p1 then permit application-services utm-policy utmp1

J-Web Configuration

To configure server-based antispam using the J-Web Configuration editor:

1. Select Configure>Security>UTM>Anti-Spam.
2. In the Anti-Spam profiles configuration window, click Add to configure a profile for the Symantec SBL server.

   The profile configuration pop-up window appears. (To edit an existing item, select it and click the Edit button.)

3. In the Profile name box, enter a unique name for the antispam profile you are creating.
4. If you are using the default server, select Yes next to Symantec default SBL server. If you are not using the default server, select No.

   The SBL server is predefined on the device. It ships knowing the name and address of the Symantec SBL server. If you do not select Yes, you are disabling server-based spam filtering. You would disable it if you are using only local lists or if you do not have a license for server-based spam filtering.

5. In the Custom tag string box, enter a custom string for identifying a message as spam.

   By default, the devices uses ***SPAM***.

6. In the antispam action list, select one of the following: Tag subject, Block email, or Tag header.

   Here you are selecting the action to be taken by the device when spam is detected.

7. Click OK to save your profile.
8. If the profile is saved successfully, you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Next, you configure a UTM policy for SMTP to which you attach the antispam profile you have configured.

1. Select Configure>Security>Policy>UTM Policies.
2. In the UTM policy configuration window, click Add to configure a UTM policy.
3. In the policy configuration window, select the Main tab.
4. In the Policy name box, enter a unique name for the UTM policy you are creating.
5. In the Session per client limit box, enter a session per client limit from 0 to 20000 for this UTM policy.
6. In the Session per client over limit list, select one of the following: Log and permit or Block.

   This is the action the device takes when the session per client limit for this UTM policy is exceeded.

7. Select the Anti-Spam profiles tab in the pop-up window.
8. From the SMTP profile list, select the antispam profile you are attaching to this UTM policy.
9. Click OK to save your policy.
10. If the policy is saved successfully, you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Next, you attach the UTM policy to a security policy that you create.

1. Select Configure>Security>Policy>FW Policies.
2. In the Security Policy window, click Add to configure a security policy with UTM.

   This takes you to the policy configuration pop-up window. (To edit an existing item, select it and click the Edit button.)

3. In the Policy tab, enter a name in the Policy Name box.
4. Next to From Zone, select a zone from the list.
5. Next to To Zone, select a zone from the list.
6. Choose a Source Address.
7. Choose a Destination Address.
8. Choose an Application.

   Do this by selecting junos-smtp (for antispam) in the Application Sets box and clicking the —> button to move it to the Matched box.

9. Next to Policy Action, select one of the following: Permit, Deny, or Reject.

   Note: When you select Permit for Policy Action, several additional fields become available in the Applications Services tab, including UTM Policy.

10. Select the Application Services tab in the pop-up window.
11. Next to UTM Policy, select the appropriate policy from the list. This attaches your UTM policy to the security policy.

    Note: There are several fields in this pop-up window that are not described in this section. See the section on Security Policies for detailed information on configuring security policies and all the available fields.

12. Click OK to save your policy.
13. If the policy is saved successfully, you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details in the pop-up window that appears to discover why.

    Note: You must activate your new policy to apply it.

J-Web Point and Click CLI Configuration

To configure server-based antispam using the J-Web Point and Click CLI:

1. Select the Configure>CLI Tools>Point and Click CLI.
2. Next to Security, click Configure or Edit.
3. Next to Utm, click Configure.
4. Next to Feature Profile, click Configure.
5. Next to Anti spam, click Configure.
6. Next to Symantec sbl, select the Yes check box and click Configure. (Because you are configuring server-based spam, you do not select a local Address whitelist or an Address blacklist.)
7. Next to Profile, click Add new entry.
8. In the Name box, enter a unique name for the antispam profile you are creating.
9. In the Custom tag string box, enter a custom string for identifying a message as spam. By default, the devices uses ***SPAM***.
10. Select the Yes check box beside the Symantec default SBL default server if you are using the default server. Otherwise, select the No check box.
11. In the Spam action list, select one of the following: tag subject (of e-mail), block (e-mail), or tag header (of e-mail). Here you are selecting the action to be taken by the device when spam is detected.
12. Click OK. See Figure 117.

    Figure 117: Antispam Server-Based Profile Configuration, Point and Click CLI Configuration

    

Next, you configure a UTM policy for SMTP to which you attach the antispam profile you have configured.

1. Select Configure>CLI Tools>Point and Click CLI.
2. Next to Security, click Configure or Edit.
3. Next to Utm, click Configure.
4. Next to Utm policy, click Add new entry.
5. In the Name box, enter a unique name for the UTM policy you are creating.
6. Next to Anti spam, click Configure.
7. In the Smtp profile box, enter the name of the antispam profile you created earlier.
8. Click OK.
9. Click OK again to return to main UTM configuration page. Your UTM antispam policy is now listed in the UTM policy table.

Next, you attach the UTM policy to a security policy that you create.

1. Select Configure>CLI Tools>Point and Click CLI.
2. Next to Security, click Configure or Edit.
3. Next to Security, click Configure.
4. Next to Policy, select the Yes check box click Edit.
5. Next to Policy, click Add new entry.

   Note: Refer to the section on security policy configuration for further details on configuring a policy. Note that when you configure the Then field as part of the policy, select Permit as the action, and then configure Application services, you are able to enter the Utm policy name as part of this security policy.

6. Next to Utm policy (in the Application services security policy window), enter the name of the appropriate policy. This attaches your UTM policy to the security policy.
7. Click OK.

CLI Configuration

1. To configure server-based antispam using the CLI, first create a profile name.

   user@host# set security utm feature-profile anti-spam symantec-sbl profile sblprofile1

2. Configure the default SBL server lookup as enabled or disabled. If you are using server-based spam filtering, you should enter sbl-default-server to enable the Symantec default SBL server. (The SBL server is predefined on the device. It ships knowing the name and address of the Symantec SBL server.) Entering no-sbl-default-server disables server-based spam filtering. You would disable it if you are using only local lists or if you do not have a license for server-based spam filtering.

   user@host# set security utm feature-profile anti-spam symantec-sbl profile sblprofile1 sbl-default-server

3. Configure the action to be taken by the device when spam is detected (block, tag-header, tag-subject).

   user@host# set security utm feature-profile anti-spam symantec-sbl profile sblprofile1 sbl-default-server spam-action block

4. Configure a custom string for identifying a message as spam.

   user@host# set security utm feature-profile anti-spam symantec-sbl profile sblprofile1 sbl-default-server custom-tag-string ***spam***

5. Configure a UTM policy for SMTP to which you attach the antispam feature profile you have configured.

   user@host# set security utm utm-policy spampolicy1

6. Attach the spam feature profile to the UTM policy you have created.

   user@host# set security utm utm-policy spampolicy1 anti-spam smtp-profile sblprofile1

7. Configure a security policy for UTM and attach the UTM policy you created to the security policy.

   user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 match source-address any

   user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 match destination-address any

   user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 match application junos-smtp

   user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 then permit application-services utm-policy spampolicy1

   Note: A default antispam policy ships with the device. It is called junos-as-defaults. It contains the following configuration parameters: anti-spam { symantec-sbl { profile junos-as-defaults { sbl-default-server; spam-action block; custom-tag-string "***SPAM***"; } } }