1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 116
Page 576 / 944 Scroll up to view Page 571 - 575
Chapter 34 Anti-Spam
ZyWALL USG 50 User’s Guide
576
34.6
The DNSBL Screen
Click
Configuration > Anti-X
>
Anti-Spam > DNSBL
to display the anti-spam
DNSBL
screen. Use this screen to configure the ZyWALL to check the sender and
relay IP addresses in e-mail headers against DNS (Domain Name Service)-based
spam Black Lists (DNSBLs).
Figure 330
Configuration > Anti-X > Anti-Spam > DNSBL
Type
This field displays whether the entry is based on the e-mail’s subject,
source or relay IP address, source e-mail address, or a header.
Content
This field displays the subject content, source or relay IP address,
source e-mail address, or header value for which the entry checks.
OK
Click
OK
to save your changes.
Cancel
Click
Cancel
to exit this screen without saving your changes.
Table 168
Configuration > Anti-X > Anti-Spam > Black/White List > White List
LABEL
DESCRIPTION
Page 577 / 944
Chapter 34 Anti-Spam
ZyWALL USG 50 User’s Guide
577
The following table describes the labels in this screen.
Table 169
Configuration > Anti-X > Anti-Spam > DNSBL
LABEL
DESCRIPTION
Show Advance
Settings / Hide
Advance Settings
Click this button to display a greater or lesser number of configuration
fields.
Enable DNS Black
List (DNSBL)
Checking
Select this to have the ZyWALL check the sender and relay IP
addresses in e-mail headers against the DNSBL servers maintained by
the DNSBL domains listed in the ZyWALL.
DNSBL Spam Tag
Enter a message or label (up to 15 ASCII characters) to add to the
beginning of the mail subject of e-mails that have a sender or relay IP
address in the header that matches a black list maintained by one of
the DNSBL domains listed in the ZyWALL.
This tag is only added if the anti-spam policy is configured to forward
spam mail with a spam tag.
Max. IPs
Checking Per Mail
Set the maximum number of sender and relay server IP addresses in
the mail header to check against the DNSBL domain servers.
IP Selection Per
Mail
Select
first N IPs
to have the ZyWALL start checking from the first IP
address in the mail header. This is the IP of the sender or the first
server that forwarded the mail.
Select
last N IPs
to have the ZyWALL start checking from the last IP
address in the mail header. This is the IP of the last server that
forwarded the mail.
Query Timeout
Setting
SMTP
Select how the ZyWALL is to handle SMTP mail (mail going to an e-
mail server) if the queries to the DNSBL domains time out.
Select
drop
to discard SMTP mail.
Select
forward
to allow SMTP mail to go through.
Select
forward with tag
to add a DNSBL timeout tag to the mail
subject of an SMTP mail and send it.
POP3
Select how the ZyWALL is to handle POP3 mail (mail coming to an e-
mail client) if the queries to the DNSBL domains time out.
Select
forward
to allow POP3 mail to go through.
Select
forward with tag
to add a DNSBL timeout tag to the mail
subject of an POP3 mail and send it.
Timeout Value
Set how long the ZyWALL waits for a reply from the DNSBL domains
listed below. If there is no reply before this time period expires, the
ZyWALL takes the action defined in the relevant
Actions when
Query Timeout
field.
Timeout Tag
Enter a message or label (up to 15 ASCII characters) to add to the
mail subject of e-mails that the ZyWALL forwards if queries to the
DNSBL domains time out.
DNSBL Domain
List
Add
Click this to create a new entry.
Page 578 / 944
Chapter 34 Anti-Spam
ZyWALL USG 50 User’s Guide
578
34.7
Anti-Spam Technical Reference
Here is more detailed anti-spam information.
DNSBL
The ZyWALL checks only public sender and relay IP addresses, it does not check
private IP addresses.
The ZyWALL sends a separate query (DNS lookup) for each sender or relay IP
address in the e-mail’s header to each of the ZyWALL’s DNSBL domains at the
same time.
The DNSBL servers send replies as to whether or not each IP address matches
an entry in their list. Each IP address has a separate reply.
As long as the replies are indicating the IP addresses do not match entries on
the DNSBL lists, the ZyWALL waits until it receives at least one reply for each IP
address.
If the ZyWALL receives a DNSBL reply that one of the IP addresses is in the
DNSBL list, the ZyWALL immediately classifies the e-mail as spam and takes the
anti-spam policy’s configured action for spam. The ZyWALL does not wait for
any more DNSBL replies.
If the ZyWALL receives at least one non-spam reply for each of an e-mail’s
routing IP addresses, the ZyWALL immediately classifies the e-mail as
legitimate and forwards it.
Any further DNSBL replies that come after the ZyWALL classifies an e-mail as
spam or legitimate have no effect.
The ZyWALL records DNSBL responses for IP addresses in a cache for up to 72
hours. The ZyWALL checks an e-mail’s sender and relay IP addresses against
the cache first and only sends DNSBL queries for IP addresses that are not in
the cache.
Edit
Select an entry and click this to be able to modify it.
Remove
Select an entry and click this to delete it.
Activate
To turn on an entry, select it and click
Activate
.
Inactivate
To turn off an entry, select it and click
Inactivate
.
Status
The activate (light bulb) icon is lit when the entry is active and
dimmed when the entry is inactive.
#
This is the entry’s index number in the list.
DNSBL Domain
This is the name of a domain that maintains DNSBL servers. Enter the
domain that is maintaining a DNSBL.
Apply
Click
Apply
to save your changes back to the ZyWALL.
Reset
Click
Reset
to return the screen to its last-saved settings.
Table 169
Configuration > Anti-X > Anti-Spam > DNSBL (continued)
LABEL
DESCRIPTION
Page 579 / 944
Chapter 34 Anti-Spam
ZyWALL USG 50 User’s Guide
579
Here is an example of an e-mail classified as spam based on DNSBL replies.
Figure 331
DNSBL Spam Detection Example
1
The ZyWALL receives an e-mail that was sent from IP address a.a.a.a and relayed
by an e-mail server at IP address b.b.b.b. The ZyWALL sends a separate query to
each of its DNSBL domains for IP address a.a.a.a. The ZyWALL sends another
separate query to each of its DNSBL domains for IP address b.b.b.b.
2
DNSBL A replies that IP address a.a.a.a does not match any entries in its list (not
spam).
3
DNSBL C replies that IP address b.b.b.b matches an entry in its list.
4
The ZyWALL immediately classifies the e-mail as spam and takes the action for
spam that you defined in the anti-spam policy. In this example it was an SMTP
mail and the defined action was to drop the mail. The ZyWALL does not wait for
any more DNSBL replies.
DNSBL A
DNSBL B
DNSBL C
IPs: a.a.a.a
b.b.b.b
1
2
a.a.a.a Not spam
3
4
a.a.a.a?
b.b.b.b?
a.a.a.a?
b.b.b.b?
a.a.a.a?
b.b.b.b?
b.b.b.b Spam
Page 580 / 944
Chapter 34 Anti-Spam
ZyWALL USG 50 User’s Guide
580
Here is an example of an e-mail classified as legitimate based on DNSBL replies.
Figure 332
DNSBL Legitimate E-mail Detection Example
1
The ZyWALL receives an e-mail that was sent from IP address c.c.c.c and relayed
by an e-mail server at IP address d.d.d.d. The ZyWALL sends a separate query to
each of its DNSBL domains for IP address c.c.c.c. The ZyWALL sends another
separate query to each of its DNSBL domains for IP address d.d.d.d.
2
DNSBL B replies that IP address d.d.d.d does not match any entries in its list (not
spam).
3
DNSBL C replies that IP address c.c.c.c does not match any entries in its list (not
spam).
4
Now that the ZyWALL has received at least one non-spam reply for each of the e-
mail’s routing IP addresses, the ZyWALL immediately classifies the e-mail as
legitimate and forwards it. The ZyWALL does not wait for any more DNSBL replies.
DNSBL A
DNSBL B
DNSBL C
IPs: c.c.c.c
d.d.d.d
1
c.c.c.c Not spam
2
4
c.c.c.c?
d.d.d.d?
c.c.c.c?
d.d.d.d?
c.c.c.c?
d.d.d.d?
d.d.d.d Not spam
3

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top