In the Mail security section, you can set up virus and spam scanning of the transit email traffic. The system supports the POP3(S) and SMTP(S) protocols. For proper operation of the email traffic protection, make sure you have the license for the corresponding module.
In most cases, you will need to protect the email traffic coming from the Internet to your internal mail servers as well as the mail traffic coming from your servers or user PCs.
To set up protection of the email traffic coming from the Internet to your internal mail servers, perform the following:
|
Name |
Description |
|---|---|
|
Step 1. Publish your mail server on the Internet |
Please refer to DNAT rules. It is recommended to create separate DNAT rules for SMTP and POP3, rather than combine them into one rule. |
|
Step 2. Enable support of the SMTP(S) and POP3(S) services in the zone connected to the Internet |
Please refer to Configuring zones. |
|
Step 3. Create the email protection rules |
Create the necessary email protection rules. For more details, please see below in this chapter. |
If you need to protect the mail traffic without publishing your mail server on the Internet, perform the following steps:
|
Name |
Description |
|---|---|
|
Step 1. Create the traffic protection rules |
Create the necessary email protection rules. For more details, please see below in this chapter. |
To set up the mail traffic filtering rules, click Add in the Security policies--> Mail security section and specify the following fields:
Important! Rules are applied from top to bottom in the same order as they are displayed in the console. The system always applies only the first rule for which all criteria are met. This means that the most specific rules must be in the upper part of the list, while the broader rules must be in the bottom. If you want to change the order of rules, use the Up/Down buttons.
Important! If no rules have been created, then mail traffic will not be protected.
Important! A rule is triggered only when all its criteria are met.
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables a rule |
|
Name |
Rule name |
|
Description |
Description of a rule |
|
Action |
Select an action that will to be applied to the mail traffic when all corresponding criteria are met:
|
|
Scanning |
Select an email traffic scanning method:
|
|
Header |
Field for placing the message tag |
|
Mark |
Text of the message tag |
|
Source |
A source zone and/or a list of source IP addresses for the traffic. |
|
Destination |
A destination zone and/or a list of destination IP addresses for the traffic. |
|
Users |
Users or groups of users to which the rule will be applied. |
|
Service |
Select an email protocol (POP3 or SMTP) to which the rule will be applied. |
|
Envelope from |
Email address of the sender as specified in the "Envelope from" field. Applicable to SMTP only. |
|
Envelope to |
Email address of the recipient as specified in the "Envelope to" field. Applicable to SMTP only. |
It is recommended that you use the following spam protection settings.
For SMTP(S):
-
The first rule in the list should be blocking by DNSBL. It is recommended that you leave the Envelop from/Envelop to fields blank. In this case, DNSBL will be proactively discarding connections from SMTP servers that are known as spam sources. When email addresses recipients are added to exclusions, the system will be forced to receive each message entirely for analysis, and therefore the overall sever workload will increase.
-
The second rule is marking messages using UserGate spam check. Here you can use any exclusions you want including Envelop from/Envelop to.
For POP3(S):
-
Action - Mark
-
Scanning - UserGate spam check