Example: Configuring Local List Antispam Filtering

This example shows how to configure local list antispam filtering.

Requirements

Before you begin, review how to configure the feature parameters for each UTM feature. See Local List Antispam Filtering Configuration Overview.

Overview

Antispam filtering uses local lists for matching. When creating your own local whitelist and blacklist for antispam filtering, you can filter against domain names, e-mail addresses, and/or IP addresses.

Configuration

CLI Quick Configuration

To quickly configure local list antispam filtering, copy the following commands and paste them into the CLI.

[edit]set security utm custom-objects url-pattern as-black value [150.61.8.134]set security utm custom-objects url-pattern as-white value [150.1.2.3] set security utm custom-objects custom-url-category whitecusturl1 value as-white set security utm feature-profile anti-spam address-whitelist whitecusturl1 set security utm feature-profile anti-spam sbl profile localprofile1 set security utm feature-profile anti-spam sbl profile localprofile1 spam-action block set security utm feature-profile anti-spam sbl profile localprofile1 custom-tag-string ***spam*** set security utm utm-policy spampolicy2 anti-spam smtp-profile localprofile1 set security policies from-zone trust to-zone untrust policy utmsecuritypolicy2 match source-address any set security policies from-zone trust to-zone untrust policy utmsecuritypolicy2 match destination-address any set security policies from-zone trust to-zone untrust policy utmsecuritypolicy2 match application junos-smtp set security policies from-zone trust to-zone untrust policy utmsecuritypolicy2 then permit application-services utm-policy spampolicy2

J-Web Quick Configuration

Step-by-Step Procedure

To configure local list antispam filtering:

  1. Create local whitelist and blacklist custom objects by configuring a URL pattern list.

    1. Select Configure>Security>UTM>Custom Objects.
    2. In the UTM custom objects configuration window, select the URL Pattern List tab.
    3. Click Add to create URL pattern lists.
    4. Next to URL Pattern Name, type a unique name.

      Note: If you are creating a whitelist, it is helpful to indicate this in the list name. The same applies to a blacklist. The name you enter here becomes available in the Address Whitelist and Address Blacklist fields when you are configuring your antispam profiles.

    5. Next to URL Pattern Value, type the URL pattern for whitelist or blacklist antispam filtering.

      When entering the URL pattern, note the following wildcard character support:

      • The \*\.[]\?* wildcard characters are supported.
      • You must precede all wildcard URLs with http://.
      • You can use the asterisk * wildcard character only if it is at the beginning of the URL and is followed by a period.
      • You can use the question mark ? wildcard character only at the end of the URL.
      • The following wildcard syntax is supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??.
      • The following wildcard syntax is not supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.

    Note: Because you use URL pattern lists to create custom URL category lists, you must configure URL pattern list custom objects before you configure a custom URL category list.

  2. Configure a custom URL category list custom object.
    1. Select Configure>Security>UTM>Custom Objects.
    2. In the UTM custom objects configuration window, select the URL Category List tab.
    3. Click Add to create URL category lists.
    4. Next to URL Category Name, type a unique name. This name appears in the Address Whitelist list when you configure antispam global options.
    5. In the Available Values box, select a URL Pattern List name from the list for bypassing scanning and move it to the Selected Values box.
  3. Configure antispam filtering to use the whitelist and blacklist custom objects.
    1. Select Configure>Security>UTM>Global options.
    2. In the right pane, select the Anti-Spam tab.
    3. Under Anti-Spam, select an Address Whitelist and/or an Address Blacklist from the list for local lists for spam filtering. (These lists are configured as custom objects.)
    4. Click OK.
    5. If the configuration item is saved successfully, you receive a confirmation, and you must click OK again. If it is not saved successfully, click Details in the pop-up window to discover why.
    6. In the left pane under Security, select the Anti-Spam tab.
    7. Click Add to configure an anti-spam profile. The profile configuration pop-up window appears.
    8. In the Profile name box, enter a unique name.
    9. If you are using the default server, select Yes beside Default SBL server. If you are not using the default server, select No.

      Note: If you select No, you are disabling server-based spam filtering. You disable it only if you are using local lists or if you do not have a license for server-based spam filtering.

    10. In the Custom tag string box, type a custom string for identifying a message as spam. By default, the device uses ***SPAM***.
    11. In the Actions list, select the action that the device should take when it detects spam. Options include Tag subject, Block email, and Tag header.
  4. Configure a UTM policy for SMTP, and attach the antispam profile to this UTM policy.
    1. Select Configure>Security>Policy>UTM Policies.
    2. In the UTM policy configuration window, click Add to configure a UTM policy. The policy configuration pop-up window appears.
    3. Select the Main tab.
    4. In the Policy name box, type a unique name.
    5. In the Session per client limit box, type a session per client limit. Valid values range from 0 through 20000.
    6. From the Session per client over limit list, select the action that the device should take when the session per client limit for this UTM policy is exceeded. Options include Log and permit and Block.
    7. Select the Anti-Spam profiles tab.
    8. From the SMTP profile list, select the antispam profile that you are attaching to this UTM policy.
  5. Attach the UTM policy to a security policy.
    1. Select Configure>Security>Policy>FW Policies.
    2. In the Security Policy window, click Add to configure a security policy with UTM. The policy configuration pop-up window appears.
    3. In the Policy tab, type a name in the Policy Name box.
    4. Next to From Zone, select a zone from the list.
    5. Next to To Zone, select a zone from the list.
    6. Choose a source address.
    7. Choose a destination address.
    8. Choose an application by selecting junos-smtp (for antispam) in the Application Sets box and move it to the Matched box.
    9. Next to Policy Action, select one of the following: Permit, Deny, or Reject.

      Note: When you select Permit for policy action, several additional fields become available in the Applications Services tab, including UTM Policy.

    10. Select the Application Services tab.
    11. Next to UTM Policy, select the appropriate policy from the list. This attaches your UTM policy to the security policy.
    12. Click OK to check your configuration and save it as a candidate configuration.
    13. If the policy is saved successfully, you receive a confirmation, and you must click OK again. If the profile is not saved successfully, click Details in the pop-up window to discover why.

      Note: You must activate your new policy to apply it.

    14. If you are done configuring the device, click Commit Options>Commit.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure local list antispam filtering:

  1. Configure the local list spam blocking by first creating your global local spam lists.
    [edit security]user@host# set utm custom-objects url-pattern as-black value [150.61.8.134]user@host# set utm custom-objects url-pattern as-white value [150.1.2.3]
  2. Configure a custom URL category list custom object, using the URL pattern list that you created.
    [edit security]user@host# set utm custom-objects custom-url-category whitecusturl1 value as-white
  3. Configure the local list antispam feature profile by first attaching your custom-object blacklist or whitelist or both.
    [edit security]user@host# set utm feature-profile anti-spam address-whitelist whitecusturl1

    Note: When both the whitelist and the blacklist are in use, the whitelist is checked first. If there is no match, then the blacklist is checked.

  4. Configure a profile for your local list spam blocking.
    [edit security]user@host# set utm feature-profile anti-spam sbl profile localprofile1

    Note: Although you are not using the sbl for local list spam blocking, you configure your profile from within that command similar to the server-based spam blocking procedure.

  5. Configure the action to be taken by the device when spam is detected (block, tag-header, tag-subject).
    [edit security]user@host# set utm feature-profile anti-spam sbl profile localprofile1 spam-action block
  6. Configure a custom string for identifying a message as spam.
    [edit security]user@host# set utm feature-profile anti-spam sbl profile localprofile1 custom-tag-string ***spam***
  7. Configure a UTM policy for SMTP to which you attach the antispam feature profile.
    [edit security]user@host# set utm utm-policy spampolicy2
  8. Attach the spam feature profile to the UTM policy.
    [edit security]user@host# set utm utm-policy spampolicy2 anti-spam smtp-profile localprofile1
  9. Configure a security policy for UTM, and attach the UTM policy to the security policy.
    [edit]user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy2 match source-address anyuser@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy2 match destination-address anyuser@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy2 match application junos-smtpuser@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy2 then permit application-services utm-policy spampolicy2

Results

From configuration mode, confirm your configuration by entering the show security utm and show security policies commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

[edit]user@host# show security utmcustom-objects {anti-spam {url-pattern patternwhite;address-whitelist whitecusturl1;sbl {profile localprofile1 {spam-action block;custom-tag-string ***spam***;}}}utm-policy spampolicy2 {anti-spam {smtp-profile localprofile1;}}
[edit]user@host# show security policiesfrom-zone trust to-zone untrust {policy utmsecuritypolicy2 {match {source-address any;destination-address any;application junos-smtp;}then {permit {application-services {utm-policy spampolicy2;}}}}}

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform this task:

Verifying Antispam Statistics

Purpose

Verify the anitspam statistics.

Action

From operational mode, enter the show security utm anti-spam status and show security utm anti-spam statistics commands.

The following information appears:

SBL Whitelist Server:SBL Blacklist Server:server.juniper.netDNS Server: Primary : 1.2.3.4, Src Interface: ge-0/0/0Secondary: 2.3.4.5, Src Interface: ge-0/0/1Ternary : 0.0.0.0, Src Interface: fe-0/0/2
Total connections: #Denied connections: #Total greetings: #Denied greetings: #Total e-mail scanned: #Spam total: #Spam tagged: #Spam dropped: #DNS errors: #Timeout errors: #Return errors: #Invalid parameter errors: #Statistics start time:Statistics for the last 10 days.

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.