Configuring Anti-Spam Based on the IP Address of the SMTP Server

Prerequisites

Context

You can configure the local whitelist, local blacklist, and RBL blacklist on the FW. If all of them are configured, they are matched in the following sequence:

• Local whitelist

  If a match is found in the local whitelist, the FW considers the email legitimate and forwards the email.

• Local blacklist

  If no match is found in the local whitelist, the FW continues to compare the source IP address with the local blacklist. If a match is found, the FW considers the email illegitimate and discards the email.

• RBL

  Huawei does not provide the RBL blacklist query service. A third-party organization provides the RBL blacklist, maintains the RBL in real time, and offers the query service through the RBL server.

  If no match is found, the email is permitted. If a match is found, the email is discarded. To speed up the spam detection, you can add the matches found in the RBL to the local blacklist.

• The local whitelist, local blacklist, and RBL blacklist take effect only after you configure the mail content filtering profile and reference it in the security policy.
• If all three lists are required, configure them before you configure the mail content filtering profile. Then reference the profile in the security policy to make the configuration take effect.

Configuring the Local Blacklist/Whitelist

1. Choose Object > Security Profiles > Email Filtering.
2. Click Anti-Spam.
3. Enable the Anti-Spam Function.
4. Configure the blacklist and whitelist. You can configure both the blacklist and whitelist or only one of them.
   • Enter the IP address and subnet mask of the SMTP Server to be whitelisted in WhiteList. If multiple IP addresses are entered, each IP address is in an individual line.
   • Enter the IP address and subnet mask of the SMTP Server to be blacklisted in BlackList. If multiple IP addresses are entered, each IP address is in an individual line.
5. Click Apply.
6. Click Email Content Filtering.
7. Click Add.
8. Set the name and description of the mail content filtering profile.

   Parameter	Description
   Name	Name of the mail content filtering profile. The name, which must be unique, is displayed in the parameter list of mail filtering during the configuration of security policies.
   Description	Description of the mail content filtering profile. The description must clearly indicate the function of the profile to make profiles easy to find and maintain. Example of the profile description: The mail filtering policies for the trust -> dmz interzone.

9. Enable the Anti-Spam.
10. Click OK.
11. Reference the profile on security policies. For details on how to configure security policies, see Configuring a Security Policy Using the Web UI.
12. Click Submit.

    The configuration does not take effect immediately after you create or modify the profile. You must click Submit on the upper right of the interface to apply the configuration. To save time, you can commit the configuration after all operations on the profile are complete.

Configuring the RBL Blacklist

The RBL blacklist helps filter out latest spams. Huawei does not provide the RBL blacklist query service. Before configuring the RBL blacklist, ensure that the DNS server for querying the RBL blacklist is available.

To ensure that the RBL query requests from the FW can be properly forwarded, you need to configure a security policy to permit the DNS traffic from the FW to the zone where the RBL server resides. The security policy should be configured as follows:

• Source zone: local
• Destination zone: zone where the RBL server resides
• Service: dns
• Action: permit

1. Choose Object > Security Profiles > Email Filtering.
2. Click Anti-Spam.
3. Enable the Anti-Spam Function.
4. Configure DNS Server.
   1. Enter the IP address of the DNS server in Primary DNS Server and specify the DNS server for RBL queries.
   2. Optional: Enter the IP address of the secondary DNS server in Secondary DNS Server. If the primary DNS server is unavailable, the secondary DNS server comes into service.
   

   As to the DNS server:

   • Ensure that the DNS server is not hijacked. Otherwise, legitimate email might be regarded as junk email. For how to check whether a DNS server is hijacked, see Certain Email Being Treated As Junk Email.

   • The DNS server must perform the query in recursive mode. For how to check whether the DNS performs the query in recursive mode, see Certain Email Being Treated As Junk Email.

5. Click Apply.
6. Configure the anti-spam profile, in which the remote RBL server is specified.
   

   Configuration files are mutually exclusive, and only one configuration file can be enabled at a time. The last set configuration file is automatically enabled. You can also manually enable or disable a configuration file.

   1. In the RBL Filtering Profile group box, click Add.
   2. Set the parameters of the RBL filtering profile.

      Parameter	Description
      Name	Name of the RBL filtering profile. The name must be unique.
      Description	Description of the RBL filtering profile.
      Server Query Set	The query set is the RBL service name. It is used to locate the RBL server. You can configure only one query set for a configuration file. For example, you can use sbl.spamhaus.org as the query set.
      Action	FWAn action that the FW takes after detecting a spam. Block: blocks mail transmission. Alert: Allows email through but generates alarms.
      Reply Code	Reply codes vary with RBL service providers. For details, contact the RBL service provider. When the reply code is configured, the FW identifies the mails matching the reply code as spam. If the returned message is not reply code, or the returned reply code is different from the reply code configured on the FW, the mail is permitted. If the reply code is not obtained, you can set it to Any. This indicates that if the RBL server returns reply code (such as 127.0.0.1), the mail is identified as spam. If no message returned or the returned message is not reply code, the mail is permitted. You can configure up to 16 reply codes in one RBL filtering profile.

   3. Click OK.

7. Click Email Content Filtering.
8. Click Add.
9. Set the name and description of the mail content filtering profile.

   Parameter	Description
   Name	Name of the mail content filtering profile. The name, which must be unique, is displayed in the parameter list of mail filtering during the configuration of security policies.
   Description	Description of the mail content filtering profile. The description must clearly indicate the function of the profile to make profiles easy to find and maintain. Example of the profile description: The mail filtering policies for the trust -> dmz interzone.

10. Enable the Anti-Spam.
11. Click OK.
12. Reference the profile on security policies. For details on how to configure security policies, see Configuring a Security Policy Using the Web UI.
13. Click Submit.

    The configuration does not take effect immediately after you create or modify the profile. You must click Submit on the upper right of the interface to apply the configuration. To save time, you can commit the configuration after all operations on the profile are complete.

Follow-up Procedure