Configuring Mail Security Rules

You configure mail security rules at the security-policy mail-security level. For more details on the command structure, see Configuring Rules Using UPL.

To create a mail security rule, use the following command:

Admin@nodename# create security-policy mail-security <position> upl-rule

Mail security rule parameters:

Parameter

Description

PASS

WARNING

DENY("with error")

DENY

Action for the mail security rule:

  • PASS: pass the traffic unchanged.

  • WARNING: mark email messages with a special tag in the subject line or additional field.

  • DENY("with error"): block the email and report an error in mail delivery to the SMTP server (for SMTP(S) traffic) or the client (for POP3(S) traffic).

  • DENY: drop without error: block the mail without reporting that it has been blocked.

enabled

Enable/disable a rule:

  • enabled(yes) or enabled(true).

  • enabled(no) or enabled(false).

name

Name for the mail security rule.

Example: name("Mail security rule example").

desc

A description of the rule.

Example: desc("Mail security rule example configured in CLI").

rule_log

Logging information on mail security rule triggering. The available options are:

  • rule_log(no) or rule_log(false): disable logging. If rule_log is not specified, logging is disabled.

  • rule_log(yes) or rule_log(true): enable logging.

antispam_usergate

Checking email traffic with UserGate antispam check (configured for rules with Mark, Block with error or Block without error actions):

  • antispam_usergate(yes) or antispam_usergate(true): enable check.

  • antispam_usergate(no) or antispam_usergate(false): disable checking.

dnsbl

Antispam check using the DNSBL technology. Can be applied only to SMTP traffic in rules with Mark, Block with error or Block without error actions:

  • dnsbl(yes) or dnsbl(true): enable antispam checking.

  • dnsbl(no) or dnsbl(false): disable antispam checking.

When email traffic is checked using DNSBL, the IP address of the spam sender's SMTP server is blocked when the SMTP connection is created, thus helping to substantially decrease the load on other methods of checking email for spam and viruses.

mark_hdr

Header. Field where the mark tag should be inserted. Specify it for rules with Mark: mark_hdr(Subject).

mark

Text of the tag to mark the email; specified for rules with the Mark action, e.g. mark("Text for marking emails").

src.zone

Traffic source zone.

To specify a source zone, such as Trusted: src.zone = Trusted.

For more details about how to configure zones using CLI, see the Zones section.

src.ip

Add source IP address or domain lists.

To specify a list of IP addresses: src.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section.

To specify a source domain list: src.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section.

src.geoip

Source GeoIP. Specify a country code (for example, src.geoip = AE).

Click here for the list of ISO 3166-1 country codes.

Important! The maximum number of GeoIPs that can be specified is limited to 15.

user

Users and user groups for which the mail security rule applies (local or LDAP).

To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see the Configuring LDAP Connectors section).

Examples of adding users to a rule:

user = known user = "user" user = "testd.local\\user1" user = ("user", "testd.local\\user1")

dst.zone

Traffic destination zone, for example, dst.zone = Untrusted.

For more details about how to configure zones using CLI, see the Zones section.

dst.ip

Add lists of destination IP addresses or domains.

To specify a list of IP addresses: dst.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section.

To specify a destination domain list: dst.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section.

dst.geoip

To specify a destination GeoIP, it is necessary to specify a country code (for example, dst.geoip = AE).

Click here for the list of ISO 3166-1 country codes.

Important! The maximum number of GeoIPs that can be specified is limited to 15.

service

The email protocol (POP3 or SMTP), to which this rule will be applied.

To specify a single service: service = "service name". To specify multiple services: service = (service-name1, service-name2, ...).

envelope_from

Sender's email address (for SMTP protocol only). Email group should be specified in the following format: envelope_from = "Sender email group".

For more details about creating and configuring email groups, see Configuring Email Addresses.

envelop_to

Recipient's email address (for SMTP protocol only). Email group should be specified in the following format: envelope_to = "Receiver email group".

For more details about creating and configuring email groups, see Configuring Email Addresses.

To edit a mail security rule, use the following command:

Admin@nodename# set security-policy mail-security <position> upl-rule

To view parameters for all mail security rules that were created, use the following command:

Admin@nodename# show security-policy mail-security

To view parameters for a specific mail security rule, use the following command:

Admin@nodename# show security-policy mail-security <position>

Example of creating a mail security rule:

Admin@nodename# create security-policy mail-security 1 upl-rule WARNING \ ...src.zone = Untrusted \ ...service = (SMTP, POP3, SMTPS, POP3S) \ ...mark_hdr(Subject) \ ...mark("[SPAM]") \ ...antispam_usergate(yes) \ ...rule_log(yes) \ ...name("Test SMTP and POP3 filtering") \ ...desc("Test SMTP and POP3 filtering description") \ ...enabled(true) ... Admin@nodename# show security-policy mail-security 1 % ----------------- 1 ----------------- WARNING \ src.zone = Untrusted \ service = (SMTP, POP3, SMTPS, POP3S) \ rule_log(yes) \ desc("Test SMTP and POP3 filtering description") \ mark_hdr(Subject) \ mark("[SPAM]") \ antispam_usergate(yes) \ enabled(true) \ id("7d86d348-9619-4097-94d1-bad4f3e85554") \ name("Test SMTP and POP3 filtering")

To remove a mail security rule, use the following command:

Admin@nodename# delete security-policy mail-security <position>