Web: Example for Configuring Anti-Spam Based on MIME Header Groups

This section describe how to configure anti-spam based on MIME header groups on the assumption that the FW functions as a security gateway at a enterprise.

Networking Requirements

A company has an independent mail domain name and has a mail server deployed inside the company. To prevent the mail server in the DMZ from receiving a large number of spam and occupying too many network resources, the company requires that the spam whose subjects contain keyword advertisement be blocked. To achieve so, you can configure the anti-spam function based on MIME header groups, that is, configure an MIME header group whose field name is Subject and field value is advertisement, and set the action to block.

Figure 1 Networking of mail filtering based on MIME headers

Configuration Roadmap

Set the interface IP address and add the interface to a security zone.
Configure the MIME header group, whose field name is Subject and field value is advertisement, to filter out mails whose subjects contain advertisement.
Create a mail content filtering profile, reference the MIME header group, and configure the control action.
Configure the security policy between the dmz and the untrust zone, and reference the mail content filtering profile.

Procedure

Set the interface IP address and add the interface to a security zone.
1. Choose Network > Interface.
2. Click for GE0/0/1 and set the parameters as follows:
  
  Zone
  
  untrust
  
  IP Address
  
  1.1.1.1/24
3. Click OK.
4. Add GE0/0/2 to the dmz based on the preceding steps.
  
  Zone
  
  dmz
  
  IP Address
  
  10.2.0.1/24
Configure the MIME header group, whose field name is Subject and field value is advertisement, to filter out mails whose subjects contain advertisement.
1. Choose Object > MIME Header Group.
2. Click Add.
3. Configure the name and description of the MIME header group.
  
  Name
  
  mime_group
  
  Description
  
  Mail filtering based on mime header
4. In Rule, click Add. Set MIME header group rules.
  
  Name
  
  mime_rule
  
  Field Matching Mode
  
  Any
  
  Field
  
  Subject
  
  Value Matching Mode
  
  Any
  
  Value
  
  advertisement
5. Click OK.
Create a mail content filtering profile, reference the MIME header group, and configure the control action.
1. Choose Object > Security Profiles > Email Filtering.
2. Click Email Content Filtering.
3. Click Add.
4. Set the name and description of the mail content filtering profile.
  
  Name
  
  profile_mail_untrust_dmz
  
  Description
  
  Mail filtering policy applied between the untrust zone and the dmz.
5. Click the MIME Header Group tab.
6. Click Add.
7. Configure the MIME header group and action referenced in the mail content filtering profile.
  
  MIME Header Group
  
  mime_group
  
  Protocol
  
  Any
  
  Action
  
  Block

Zone	untrust
IP Address	1.1.1.1/24

Zone	dmz
IP Address	10.2.0.1/24

Name	mime_group
Description	Mail filtering based on mime header

Name	mime_rule
Field Matching Mode	Any
Field	Subject
Value Matching Mode	Any
Value	advertisement

Name	profile_mail_untrust_dmz
Description	Mail filtering policy applied between the untrust zone and the dmz.

MIME Header Group	mime_group
Protocol	Any
Action	Block

Configure the security policy between the dmz and the untrust zone, and reference the mail content filtering profile.

Choose Policy > Security Policy > Security Policy.

Click Add Security Policy and set the parameters of the security policy between the untrust zone and the dmz as follows:

Content Security
Name	policy_sec_untrust_dmz
Description	Security policy applied between the untrust zone and the dmz.
Source Zone	untrust
Destination Zone	dmz
Action	Permit
Email Filtering	profile_mail_untrust_dmz

Click OK.

Click Submit on the upper right of the page.

Verification

When the client sends a mail whose subject contains advertisement, the mail fails to be sent and the mail server does not receive the mail.

After the mail is blocked, choose Monitor > Logs > Mail Filtering Logs to view the mail filtering log. If the device does not have a hard disk or SD card, choose Monitor > Logs > Service Log List to view the mail filtering log.

Configuration Script

#                                                                               
sysname FW      
#                                                                               
interface GigabitEthernet0/0/1   
 undo shutdown
 ip address 1.1.1.1 255.255.255.0
#                                                                               
interface GigabitEthernet0/0/2   
 undo shutdown
 ip address 10.2.0.1 255.255.255.0
#                                                                               
firewall zone untrust
 set priority 5 
 add interface GigabitEthernet0/0/1
#                                                                               
firewall zone dmz
 set priority 50
 add interface GigabitEthernet0/0/2
#
mime-header-group name mime_group
 description Mail filtering based on mime header
 rule name mime_rule
  field-name any Subject
  field-body any advertisement
#
profile type mail-filter name profile_mail_untrust_dmz
 description Mail filtering policy applied between the untrust zone and the dmz
 mime-header-group name mime_group SMTP action block
 mime-header-group name mime_group POP3 action block
 mime-header-group name mime_group IMAP action block
#
security-policy
 rule name policy_sec_untrust_dmz
 description Security policy applied between the untrust zone and the dmz
  source-zone untrust
  destination-zone dmz
  profile mail-filter profile_mail_untrust_dmz
  action permit
#
return