Filter
Top Products
Chapter 33 Anti-Spam
ZyWALL USG 100/200 Series User’s Guide
560
matches a black list entry as spam and immediately takes the configured action for dealing
with spam. If an e-mail matches a blacklist entry, the ZyWALL does not perform any more
anti-spam checking on that individual e-mail. A properly configured black list helps catch
spam e-mail and increases the ZyWALL’s anti-spam speed and efficiency.
SMTP and POP3
Simple Mail Transfer Protocol (SMTP) is the Internet’s message transport standard. It controls
the sending of e-mail messages between servers. E-mail clients (also called e-mail
applications) then use mail server protocols such as POP (Post Office Protocol) or IMAP
(Internet Message Access Protocol) to retrieve e-mail. E-mail clients also generally use SMTP
to send messages to a mail server. The older POP2 requires SMTP for sending messages while
the newer POP3 can be used with or without it. This is why many e-mail applications require
you to specify both the SMTP server and the POP or IMAP server (even though they may
actually be the same server).
The ZyWALL’s anti-spam feature checks SMTP (TCP port 25) and POP3 (TCP port 110) e-
mails. The anti-spam feature does not check (or act upon) e-mails that use other protocols
(such as IMAP) or other port numbers.
E-mail Headers
Every email has a header and a body. The header is structured into fields and includes the
addresses of the recipient and sender, the subject, and other information about the e-mail and
its journey. The body is the actual message text and any attachments. You can have the
ZyWALL check for specific header fields with specific values.
E-mail programs usually only show you the To:, From:, Subject:, and Date: header fields but
there are others such as Received: and Content-Type:. To see all of an e-mail’s header, you
can select an e-mail in your e-mail program and look at its properties or details. For example,
in Microsoft’s Outlook Express, select a mail and click File > Properties > Details. This
displays the e-mail’s header. Click Message Source to see the source for the entire mail
including both the header and the body.
E-mail Header Buffer Size
The ZyWALL has a 5 K buffer for an individual e-mail header. If an e-mail’s header is longer
than 5 K, the ZyWALL only checks up to the first 5 K.
DNSBL
A DNS Blacklist (DNSBL) is a server that hosts a list of IP addresses known or suspected of
having sent or forwarded spam. A DNSBL is also known as a DNS spam blocking list. The
ZyWALL can check the routing addresses of e-mail against DNSBLs and classify an e-mail as
spam if it was sent or forwarded by a computer with an IP address in the DNSBL.
Here’s how the ZyWALL uses DNSBLs.