You configure mail security rules at the security-policy mail-security level. For more details on the command structure, see Configuring Rules Using UPL.
To create a mail security rule, use the following command:
Admin@nodename# create security-policy mail-security <position> upl-rule
Mail security rule parameters:
|
Parameter |
Description |
|---|---|
|
PASS WARNING DENY("with error") DENY |
Action for the mail security rule:
|
|
enabled |
Enable/disable a rule:
|
|
name |
Name for the mail security rule. Example: name("Mail security rule example"). |
|
desc |
A description of the rule. Example: desc("Mail security rule example configured in CLI"). |
|
rule_log |
Logging information on mail security rule triggering. The available options are:
|
|
antispam_usergate |
Checking email traffic with UserGate antispam check (configured for rules with Mark, Block with error or Block without error actions):
|
|
dnsbl |
Antispam check using the DNSBL technology. Can be applied only to SMTP traffic in rules with Mark, Block with error or Block without error actions:
When email traffic is checked using DNSBL, the IP address of the spam sender's SMTP server is blocked when the SMTP connection is created, thus helping to substantially decrease the load on other methods of checking email for spam and viruses. |
|
mark_hdr |
Header. Field where the mark tag should be inserted. Specify it for rules with Mark: mark_hdr(Subject). |
|
mark |
Text of the tag to mark the email; specified for rules with the Mark action, e.g. mark("Text for marking emails"). |
|
src.zone |
Traffic source zone. To specify a source zone, such as Trusted: src.zone = Trusted. For more details about how to configure zones using CLI, see the Zones section. |
|
src.ip |
Add source IP address or domain lists. To specify a list of IP addresses: src.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section. To specify a source domain list: src.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section. |
|
src.geoip |
Source GeoIP. Specify a country code (for example, src.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! The maximum number of GeoIPs that can be specified is limited to 15. |
|
user |
Users and user groups for which the mail security rule applies (local or LDAP). To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see the Configuring LDAP Connectors section). Examples of adding users to a rule: user = known user = "user" user = "testd.local\\user1" user = ("user", "testd.local\\user1") |
|
dst.zone |
Traffic destination zone, for example, dst.zone = Untrusted. For more details about how to configure zones using CLI, see the Zones section. |
|
dst.ip |
Add lists of destination IP addresses or domains. To specify a list of IP addresses: dst.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section. To specify a destination domain list: dst.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section. |
|
dst.geoip |
To specify a destination GeoIP, it is necessary to specify a country code (for example, dst.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! The maximum number of GeoIPs that can be specified is limited to 15. |
|
service |
The email protocol (POP3 or SMTP), to which this rule will be applied. To specify a single service: service = "service name". To specify multiple services: service = (service-name1, service-name2, ...). |
|
envelope_from |
Sender's email address (for SMTP protocol only). Email group should be specified in the following format: envelope_from = "Sender email group". For more details about creating and configuring email groups, see Configuring Email Addresses. |
|
envelop_to |
Recipient's email address (for SMTP protocol only). Email group should be specified in the following format: envelope_to = "Receiver email group". For more details about creating and configuring email groups, see Configuring Email Addresses. |
To edit a mail security rule, use the following command:
Admin@nodename# set security-policy mail-security <position> upl-rule
To view parameters for all mail security rules that were created, use the following command:
Admin@nodename# show security-policy mail-security
To view parameters for a specific mail security rule, use the following command:
Admin@nodename# show security-policy mail-security <position>
Example of creating a mail security rule:
Admin@nodename# create security-policy mail-security 1 upl-rule WARNING \ ...src.zone = Untrusted \ ...service = (SMTP, POP3, SMTPS, POP3S) \ ...mark_hdr(Subject) \ ...mark("[SPAM]") \ ...antispam_usergate(yes) \ ...rule_log(yes) \ ...name("Test SMTP and POP3 filtering") \ ...desc("Test SMTP and POP3 filtering description") \ ...enabled(true) ... Admin@nodename# show security-policy mail-security 1 % ----------------- 1 ----------------- WARNING \ src.zone = Untrusted \ service = (SMTP, POP3, SMTPS, POP3S) \ rule_log(yes) \ desc("Test SMTP and POP3 filtering description") \ mark_hdr(Subject) \ mark("[SPAM]") \ antispam_usergate(yes) \ enabled(true) \ id("7d86d348-9619-4097-94d1-bad4f3e85554") \ name("Test SMTP and POP3 filtering")
To remove a mail security rule, use the following command:
Admin@nodename# delete security-policy mail-security <position>