CLI: Example for Configuring Anti-Spam Based on MIME Header Groups

This section describe how to configure anti-spam based on MIME header groups on the assumption that the FW functions as a security gateway at a enterprise.

Networking Requirements

A company has an independent mail domain name and has a mail server deployed inside the company. To prevent the mail server in the DMZ from receiving a large number of spam and occupying too many network resources, the company requires that the spam whose subjects contain keyword advertisement be blocked. To achieve so, you can configure the anti-spam function based on MIME header groups, that is, configure an MIME header group whose field name is Subject and field value is advertisement, and set the action to block.

Figure 1 Networking of mail filtering based on MIME headers

Configuration Roadmap

Set the interface IP address and add the interface to a security zone.
Configure the MIME header group, whose field name is Subject and field value is advertisement, to filter out mails whose subjects contain advertisement.
Create a mail content filtering profile, reference the MIME header group, and configure the control action.
Configure the security policy between the dmz and the untrust zone, and reference the mail content filtering profile.

Procedure

Set the interface IP address and add the interface to a security zone.

Set an IP address for GigabitEthernet 0/0/1 and assign the interface to the untrust zone.

<FW> system-view
[FW] interface GigabitEthernet 0/0/1
[FW-GigabitEthernet0/0/1] ip address 1.1.1.1 24
[FW-GigabitEthernet0/0/1] quit
[FW] firewall zone untrust
[FW-zone-untrust] add interface GigabitEthernet 0/0/1
[FW-zone-untrust] quit

Set an IP address for GigabitEthernet 0/0/2 and assign the interface to the dmz.

[FW] interface GigabitEthernet 0/0/2
[FW-GigabitEthernet0/0/2] ip address 10.2.0.1 24
[FW-GigabitEthernet0/0/2] quit
[FW] firewall zone dmz
[FW-zone-dmz] add interface GigabitEthernet 0/0/2
[FW-zone-dmz] quit

Configure the MIME header group, whose field name is Subject and field value is advertisement, to filter out mails whose subjects contain advertisement.

[FW] mime-header-group name mime_group
[FW-mime-header-group-mime_group] description Mail filtering based on mime header
[FW-mime-header-group-mime_group] rule name mime_rule
[FW-mime-header-group-mime_group-rule-mime_rule] field-name any Subject
[FW-mime-header-group-mime_group-rule-mime_rule] field-body any advertisement
[FW-mime-header-group-mime_group-rule-mime_rule] quit
[FW-mime-header-group-mime_group] quit

Create a mail content filtering profile, reference the MIME header group, and configure the control action.

[FW] profile type mail-filter name profile_mail_untrust_dmz
[FW-profile-mail-filter-profile_mail_untrust_dmz] description Mail filtering policy applied between the untrust zone and the dmz
[FW-profile-mail-filter-profile_mail_untrust_dmz] mime-header-group name mime_group smtp action block
[FW-profile-mail-filter-profile_mail_untrust_dmz] mime-header-group name mime_group pop3 action block
[FW-profile-mail-filter-profile_mail_untrust_dmz] mime-header-group name mime_group imap action block
[FW-profile-mail-filter-profile_mail_untrust_dmz] quit

Configure the security policy between the dmz and the untrust zone and reference the mail content filtering profile.

[FW] security-policy
[FW-policy-security] rule name policy_sec_untrust_dmz
[FW-policy-security-rule-policy_sec_untrust_dmz] description Security policy applied between the untrust zone and the dmz
[FW-policy-security-rule-policy_sec_untrust_dmz] source-zone untrust
[FW-policy-security-rule-policy_sec_untrust_dmz] destination-zone dmz
[FW-policy-security-rule-policy_sec_untrust_dmz] profile mail-filter profile_mail_untrust_dmz
[FW-policy-security-rule-policy_sec_untrust_dmz] action permit
[FW-policy-security-rule-policy_sec_untrust_dmz] quit
[FW-policy-security] quit

Commit the content security profiles.
```
[FW] engine configuration commit
```

Verification

When the client sends a mail whose subject contains advertisement, the mail fails to be sent and the mail server does not receive the mail.

After the mail is blocked, mail filtering log MAILFLT/4/MIMEFILTER is generated. You can learn the details about mail blocking from this log.

Configuration Scripts

#                                                                               
sysname FW      
#                                                                               
interface GigabitEthernet0/0/1   
 undo shutdown
 ip address 1.1.1.1 255.255.255.0
#                                                                               
interface GigabitEthernet0/0/2   
 undo shutdown
 ip address 10.2.0.1 255.255.255.0
#                                                                               
firewall zone untrust                                                             
 set priority 5 
 add interface GigabitEthernet0/0/1
#                                                                               
firewall zone dmz                                                           
 set priority 50
 add interface GigabitEthernet0/0/2
#
mime-header-group name mime_group
 description Mail filtering based on mime header
 rule name mime_rule
  field-name any Subject
  field-body any advertisement
#
profile type mail-filter name profile_mail_untrust_dmz
 description Mail filtering policy applied between the untrust zone and the dmz
 mime-header-group name mime_group SMTP action block
 mime-header-group name mime_group POP3 action block
 mime-header-group name mime_group IMAP action block
#
security-policy
 rule name policy_sec_untrust_dmz
 description Security policy applied between the untrust zone and the dmz
  source-zone untrust
  destination-zone dmz
  profile mail-filter profile_mail_untrust_dmz
  action permit
#
return