Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Configuring Server-Based Antispam Filtering

Requirements

Before you begin, review how to configure the feature parameters for each UTM feature. See Server-Based Antispam Filtering Configuration Overview.

Overview

Server-based antispam filtering requires Internet connectivity with the spam block list (SBL) server. Domain Name Service (DNS) is required to access the SBL server.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

GUI Step-by-Step Procedure

1. Configure a profile and enable/disable the SBL server lookup. Select Configure>Security>UTM>Anti-Spam.
   1. In the Anti-Spam profiles configuration window, click Add to configure a profile for the SBL server, or click Edit to modify an existing item.
   2. In the Profile name box, enter a unique name for the antispam profile that you are creating.
   3. If you are using the default server, select Yes next to Default SBL server. If you are not using the default server, select No.

      Note: The SBL server is predefined on the device. The device comes preconfigured with the name and address of the SBL server. If you do not select Yes, you are disabling server-based spam filtering. You should disable it only if you are using only local lists or if you do not have a license for server-based spam filtering.

   4. In the Custom tag string box, enter a custom string for identifying a message as spam. By default, the devices uses ***SPAM***.
   5. From the antispam action list, select the action that the device should take when it detects spam. Options include Tag subject, Block email, and Tag header.
2. Configure a UTM policy for SMTP to which you attach the antispam profile.
   1. Select Configure>Security>Policy>UTM Policies.
   2. In the UTM policy configuration window, click Add.
   3. In the policy configuration window, select the Main tab.
   4. In the Policy name box, type a unique name for the UTM policy.
   5. In the Session per client limit box, type a session per client limit. Valid values range from 0 to 2000.
   6. From the Session per client over limit list, select the action that the device should take when the session per client limit for this UTM policy is exceeded. Options include Log and permit and Block.
   7. Select the Anti-Spam profiles tab in the pop-up window.
   8. From the SMTP profile list, select an antispam profile to attach to this UTM policy.
3. Attach the UTM policy to a security policy.
   1. Select Configure>Security>Policy>FW Policies.
   2. In the Security Policy window, click Add to configure a security policy with UTM or click Edit to modify an existing policy.
   3. In the Policy tab, type a name in the Policy Name box.
   4. Next to From Zone, select a zone from the list.
   5. Next to To Zone, select a zone from the list.
   6. Choose a source address.
   7. Choose a destination address.
   8. Choose an application by selecting junos-smtp (for antispam) in the Application Sets box and move it to the Matched box.
   9. Next to Policy Action, select one of the following: Permit, Deny, or Reject.

      Note: When you select Permit for Policy Action, several additional fields become available in the Applications Services tab, including UTM Policy.

   10. Select the Application Services tab.
   11. Next to UTM Policy, select the appropriate policy from the list. This attaches your UTM policy to the security policy.
   12. Click OK to check your configuration and save it as a candidate configuration.
   13. If the policy is saved successfully, you receive a confirmation, and you must click OK again. If the profile is not saved successfully, click Details in the pop-up window to discover why.

       Note: You must activate your new policy to apply it. In SRX Series devices the confirmation window that notifies you that the policy is saved successfully, disappears automatically.

   14. If you are done configuring the device, click Commit Options>Commit.

Step-by-Step Procedure

1. Create a profile.
   [edit security]user@host# set utm feature-profile anti-spam sbl profile sblprofile1
2. Enable or disable the default SBL server lookup.
   [edit security]user@host# set utm feature-profile anti-spam sbl profile sblprofile1 sbl-default-server

   Note: If you are using server-based antispam filtering, you should type sbl-default-server to enable the default SBL server. (The SBL server is predefined on the device. The device comes preconfigured with the name and address of the SBL server.) You should disable server-based antispam filtering using the no-sbl-default-server option only if you are using only local lists or if you do not have a license for server-based spam filtering.

3. Configure the action to be taken by the device when spam is detected (block, tag-header, or tag-subject).
   [edit security]user@host# set utm feature-profile anti-spam sbl profile sblprofile1sbl-default-server spam-action block
4. Configure a custom string for identifying a message as spam.
   [edit security]user@host# set utm feature-profile anti-spam sbl profile sblprofile1 sbl-default-server custom-tag-string ***spam***
5. Attach the spam feature profile to the UTM policy.
   [edit security]user@host# set utm utm-policy spampolicy1 anti-spam smtp-profile sblprofile1
6. Configure a security policy for UTM to which to attach the UTM policy.
   [edit]user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 match source-address anyuser@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 match destination-address any user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 match application junos-smtp user@host# set security policies from-zone trust to-zone untrust policy utmsecuritypolicy1 then permit application-services utm-policy spampolicy1

   Note: The device comes preconfigured with a default antispam policy. The policy is called junos-as-defaults. It contains the following configuration parameters: anti-spam { sbl { profile junos-as-defaults { sbl-default-server; spam-action block; custom-tag-string "***SPAM***"; }}}

Results

From configuration mode, confirm your configuration by entering the show security utm and show security policies commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform this task:

• Verifying Antispam Statistics

Verifying Antispam Statistics

Purpose

Verify the antispam statistics.

Action

From operational mode, enter the show security utm anti-spam status and show security utm anti-spam statistics commands.