8.8. Mail security

In the Mail security section, you can set up virus and spam scanning of the transit email traffic. The system supports the POP3(S) and SMTP(S) protocols. For proper operation of the email traffic protection, make sure you have the license for the corresponding module.

In most cases, you will need to protect the email traffic coming from the Internet to your internal mail servers as well as the mail traffic coming from your servers or user PCs.

To set up protection of the email traffic coming from the Internet to your internal mail servers, perform the following:

Name

Description

Step 1. Publish your mail server on the Internet

Please refer to DNAT rules. It is recommended to create separate DNAT rules for SMTP and POP3, rather than combine them into one rule.

Step 2. Enable support of the SMTP(S) and POP3(S) services in the zone connected to the Internet

Please refer to Configuring zones.

Step 3. Create the email protection rules

Create the necessary email protection rules. For more details, please see below in this chapter.

If you need to protect the mail traffic without publishing your mail server on the Internet, perform the following steps:

Name

Description

Step 1. Create the traffic protection rules

Create the necessary email protection rules. For more details, please see below in this chapter.

To set up the mail traffic filtering rules, click Add in the Security policies--> Mail security section and specify the following fields:

Important! Rules are applied from top to bottom in the same order as they are displayed in the console. The system always applies only the first rule for which all criteria are met. This means that the most specific rules must be in the upper part of the list, while the broader rules must be in the bottom. If you want to change the order of rules, use the Up/Down buttons.

Important! If no rules have been created, then mail traffic will not be protected.

Important! A rule is triggered only when all its criteria are met.

Name

Description

Enabled

Enables or disables a rule

Name

Rule name

Description

Description of a rule

Action

Select an action that will to be applied to the mail traffic when all corresponding criteria are met:

  • Pass - skips the traffic without changing it

  • Mark - puts a special tag in the "subject" or an additional field of email messages

  • Drop with error - blocks a message and sends a notification about failed delivery attempt to the SMTP server (for the SMTP(S) traffic) or to the POP3 client (for the POP3(S) traffic)

  • Drop without error - drops a message without sending a notification

Scanning

Select an email traffic scanning method:

  • UserGate spam check - checks the email traffic for spam

  • Heuristic virus check - checks the email traffic using heuristic engine

  • DNSBL check (SMTP only) - performs spam protection based on the DNSBL technology. Applicable to the SMTP traffic only. When the email traffic is being scanned by DNSBL, the spammer's SMTP server is blocked by IP address even before a SMTP connection is established, thereby significantly reducing overall scanning workload.

Header

Field for placing the message tag

Mark

Text of the message tag

Source

A source zone and/or a list of source IP addresses for the traffic.

Destination

A destination zone and/or a list of destination IP addresses for the traffic.

Users

Users or groups of users to which the rule will be applied.

Service

Select an email protocol (POP3 or SMTP) to which the rule will be applied.

Envelope from

Email address of the sender as specified in the "Envelope from" field. Applicable to SMTP only.

Envelope to

Email address of the recipient as specified in the "Envelope to" field. Applicable to SMTP only.

It is recommended that you use the following spam protection settings.

For SMTP(S):

  • The first rule in the list should be blocking by DNSBL. It is recommended that you leave the Envelop from/Envelop to fields blank. In this case, DNSBL will be proactively discarding connections from SMTP servers that are known as spam sources. When email addresses recipients are added to exclusions, the system will be forced to receive each message entirely for analysis, and therefore the overall sever workload will increase.

  • The second rule is marking messages using UserGate spam check. Here you can use any exclusions you want including Envelop from/Envelop to.

For POP3(S):

  • Action - Mark

  • Scanning - UserGate spam check