The Proxy Menu - Panda Security

Report
The Proxy Menu
1
The Proxy Menu
HTTP Proxy
The GD eSeries appliance provides a full web proxy and content filtering system to
monitor and block inappropriate and/or malicious web traffic. The system also includes
the ability to filter web traffic for malware that may be found in web content.
A large number of profile-based rules can be defined, based in user authentication
(NTLM, LDAP, Services Directory), time of day/day of week, browser type, MIME type, &
more.
2
The Proxy Menu
HTTP Proxy Architecture
GD eSeries uses different applications to
provide comprehensive web security:
• SQUID: Web Proxy
– Caching
– Authentication (Windows AD
(NTLM), LDAP, RADIUS, Local)
• Commtouch: Web filtering
– URL Categories Filter
– Custom whitelists/blacklists
• AV: Panda Antimalware Protection
3
The Proxy Menu
HTTP Proxy - Transparent Mode
This mode will automatically intercept any web traffic using the firewall and send
that traffic through the web proxy & filtering system.
From the perspective of the internal users, using the HTTP proxy in transparent mode
means the user never knows the proxy is there and thus traffic is handled seamlessly from
their viewpoint.
4
The Proxy Menu
HTTP Proxy - Transparent Mode
5
The Proxy Menu
HTTP Proxy - Non-Transparent Mode
This mode requires the client browser to be made aware of the proxy either through
(a) manual proxy configuration or (b) using the proxy pac file issued through GD eSeries
DHCP which requires client browser to have “auto-detect” proxy settings.
From the perspective of the internal users, using the HTTP proxy in non-transparent
mode means the client (i.e. browser) must know about the proxy and be configured to use
it, so the traffic is broken down between a) clients & the proxy itself and b) the proxy &
the destination server.
6
The Proxy Menu
Non-Transparent Proxy: Important notice
There is a mechanism in place to allow a “typical” client to use the proxy in nontransparent mode without (necessarily) making any changes on the client browser. This
involves the use of the proxy PAC file which is distributed to the client using GD eSeries
DHCP. This PAC file is nothing more than a set of directions used to direct the client
browser on how to find and use the proxy.
• Requirements:
1) Clients must receive their DHCP from the GD eSeries server1
2) Clients must have their browser configured to automatically detect proxy settings,
which is default for most browsers.
1
You could also configure a separate another internal DHCP server to provide the proxy PAC file
information – located at HTTP://<GatedefenderIP>/proxy.pac.
7
The Proxy Menu
HTTP Proxy - Ports & SSL ports
Configuration options for the ports the clients are allowed to use when browsing:
Allowed Ports (from client): The TCP destination ports to which the proxy server will
accept connections when using HTTP. One port or one port range per line are accepted,
comments are allowed and start with a “#”.
Allowed SSL Ports (from client): The TCP destination ports to which the proxy server will
accept connections when using HTTPS. One port or port range per line are accepted,
comments are allowed and start with a #, ending at the end of the line
8
The Proxy Menu
HTTP Proxy - Logging
Open Log Settings and choose what to log:
HTTP proxy logging: Log all the URLs being accessed through the proxy. This is a master switch, hence
the other options are enabled and can be configured only if logging is enabled, which is not by default
(note: consider that the more content is logged, the more disk space on the GD eSeries is needed).
Query term logging: Log the parameters in the URL (such as ?id=123)
Useragent logging: Log the useragent identification sent by each browser.
Content filtering logging: Log when the content of web pages is filtered.
Firewall logging (transparent proxies only): Outgoing web access instances are logged, i.e., those
directed through the RED interface to the Internet. This options only works for transparent proxies. 9
The Proxy Menu
HTTP Transparent Proxy - Bypass
In this panel transparent proxy exceptions can be defined, i.e., which sources
(i.e., clients) and destinations (i.e., remote servers) should be ignored by the
proxy, even if it is enabled in that zone.
Bypass transparent proxy from SUBNET/IP/MAC: The sources that should not be subject to the
transparent proxy.
Bypass transparent proxy to SUBNET/IP: The destinations that are not subject to the transparent
proxy.
10
The Proxy Menu
HTTP Proxy - Cache management
Configuration options for the space taken on disk by the cache and the size of the
objects stored.
Cache size on harddisk (MB): The amount in megabytes that the proxy should allocate for caching
web sites on the hard disk.
Cache size within memory (MB): The amount in megabytes of memory that the proxy should allocate
for caching web sites in the system memory.
Maximum object size (KB): The upper size limit in megabytes of a single object that should be cached.
Minimum object size (KB): The lower size limit in megabytes of a single object that should be cached.
Enable offline mode: When this option is enabled (i.e., the checkbox is ticked), the proxy will never try
to update cached objects from the upstream web server - clients can then browse cached, static
websites even after the uplink went down.
Clear cache: When this button is clicked, the cache of the proxy is erased.
Do not cache these destinations: Domains for which resources should never be cached.
11
The Proxy Menu
HTTP Proxy - Upstream proxy
If there is another proxy server in the LAN, it can be contacted before actually
requesting the original resource. This panel contains configuration options for the
connection between the GateDefender and the upstream proxy.
Upstream proxy: Tick this checkbox to enable an upstream proxy and show more options. When
enabled, before retrieving a remote web page that is not already in its cache, the GateDefender proxy
contacts the upstream proxy it to ask for that page.
Upstream server: The hostname or IP address of the upstream server.
Upstream port: The port on which the proxy is listening on the upstream server.
Upstream username/password: If authentication for the upstream proxy is required, specify the
credentials here
Client username forwarding/Client IP forwarding: Forward the username/client IP address to the
upstream proxy.
12
The Proxy Menu
Web Proxy System
Using the web proxy system is similar to building firewall rules, except you’re
actually creating “web access” rules. The functioning is similar: each rule is processed
until a successful match is found or until it reaches no match and the request is denied.
For this reason it is a best practice to build rules from most specific to the least specific
(i.e. generic) scope.
13
The Proxy Menu
Access policy
Access policies are applied to every client that is connecting through the proxy,
regardless of its authentication. An access policy rule allows or denies access depending on
several parameters e.g. traffic source or destination, client used (useragent), content
downloaded (mimetype, antimalware scanning, URL filtering).
A list of pre-defined rules is displayed on the page. Any rule can specify if the web
access is blocked or allowed, and a filter type can be associated to an allow rule. To add a
new rule, simply click on “Create a rule”.
A form will open, in which to configure all the parameters of the rule:
Source Type: The sources of the traffic to which this rule applies. It can be <ANY>, a zone, a list of
networks, IP addresses or MAC addresses.
Destination Type: The traffic destinations to which this rule will be applied. This can be either <ANY>,
a zone, or a list of networks, IP addresses, or domains.
Authentication: The type of authentication to apply to the clients. It can be disabled, in which case no
authentication is required, group based or user based. One or more users or groups – to which to
apply the policy – can then be selected from the list that will show up.
14
The Proxy Menu
Access policy
Time restriction: Decide whether
the rule is effective on specific days
and/or a time period. By default a rule
is always active, but its validity can be
limited to either an interval or to some
days of the week.
Useragents: The allowed clients
and browsers, as identified by their
useragent identification
string.
Access policy: Select whether the
rule should allow or deny the web
access from the drop-down menu . If
set to Deny, the mimetypes list option
is activated.
15
The Proxy Menu
Access policy
Mimetypes: A list of the MIME types of incoming files that should be blocked, one per line. MIME
types can only be blocked (i.e., blacklisted) but not allowed (i.e., whitelisted), therefore this option is
only available for Deny access policies. It can be used to block any files not corresponding to the
company policy (e.g., multimedia files).
Filter profile: This drop-down menu, available when the Access policy has been set to Allow access,
allows to select what type of check should the rule perform. Available options are: none for no check
and virus detection only to scan only for viruses. Moreover, if any content filter profile has been
created, it can be applied to the rule.
Policy status: Whether a rule is enabled or disabled. Disabled rules will not be applied, the default is
to enable the rule.
Position: The place where the new rule should be inserted.
16
The Proxy Menu
Authentication
The GD eSeries proxy supports four different authentication types: Local Authentication (NCSA),
LDAP (v2, v3, Novell eDirectory, AD), Windows Active Directory (NTLM) and RADIUS. The NCSA type
stores the user details locally in the GD eSeries, whereas the other methods rely on an external server:
In those cases it is mandatory to provide all the necessary information to access that server.
The common items that can be configured in this panel are:
Authentication realm: The text shown in the authentication dialog and used when joining an Active
Directory Domain. When Windows Active Directory is used for authentication, the FQDN of the
Domain Controller should be used.
Number of Authentication Children: The maximum number of authentication processes that can run
simultaneously.
Authentication cache TTL (in minutes): The time in minutes during which the authentication data
should be cached, before being deleted.
Number of different IPs per user: The maximum number of IP addresses from which a user can
connect to the proxy simultaneously.
User/IP cache TTL (in minutes): The time in minutes an IP address is associated with the logged in
user.
Once the common configuration settings are done, and depending on the authentication type chosen,
it is possible to configure the specific settings for the selected auth method.
17
The Proxy Menu
Transparency & Authentication
If you wish to use authentication (AD, LDAP, eDirectory, etc.) within the web proxy,
then you CANNOT use the proxy in transparent mode.
The reason for this is that when using the proxy in transparent mode the client
browser is unaware that the proxy actually exists, so the it will not send any
authentication parameters. The solution is then to use a proxy that is actually advertised
to the client browser, which means you must use it in non-transparent mode.
18
The Proxy Menu
AD join
This section is used to enter the credentials required to join Active Directory, an
operation that is only possible if in the Authentication tab the option Windows Active
Directory (NTLM) has been selected. The password is not shown by default, but it is
displayed when the Show checkbox is ticked.
19
The Proxy Menu
 HTTPS Proxy
GD eSeries can block HTTPS traffic for those sites contained in any selected content
filtering profile (e.g both HTTP://www.facebook.com and HTTPs://www.facebook.com)
When the HTTPS proxy is enabled, an “intermediate” certificate is needed for the
client browsers to connect via HTTPS to GateDefender, which then can deliver the request,
retrieve the remote resource, control it, and then send it to the client. You can generate
and download the certificate from this section.
20
The Proxy Menu
How to configure
a transparent HTTP Proxy
21
The Proxy Menu
HTTP Proxy – Transparent Example
A transparent web proxy is one that requires no client-side changes to operate
effectively (all traffic is transparently redirected). The primary purpose of the web proxy is
to allow a simple method to filter web traffic to comply with security and business
policies.
The first step is to enable the web proxy by clicking the gray button (which will turn blue
when enabled).
22
The Proxy Menu
HTTP Proxy – Transparent Example
Since we want to have all web access (allowed and blocked) logged for review
purposes, we will enable the appropriate logging options. Click Save and then Apply the
changes to proceed.
23
The Proxy Menu
HTTP Proxy – Transparent Example
Configure the Web Filter adding a new Profile:
In this example, a Profile named “Default” is going to be created. Antivirus scan is
turned on (this is a default setting) and the URL Filtering to be blocked will only be SubCategories in the Security Category. You can also add custom white or blacklists
24
(Blacklist:www.facebook.com) to this profile as well.
The Proxy Menu
HTTP Proxy – Transparent Example
Configure the Access Policy by adding a new Access Policy:
In the example above, an Access Policy was created for the Green zone (entire
network) that is using the web filtering profile (default).
25
The Proxy Menu
HTTP Proxy – Transparent Example
You can test your configuration by browsing the Internet from the Green network
and testing different websites.
26
The Proxy Menu
How to Configure a non-transparent
HTTP Proxy using NTLM authentication
27
The Proxy Menu
HTTP Proxy – Non-Transparent with NTLM Authentication Example
The use of Active Directory (NTLM) based authentication is the only way to achieve a
“single sign-on" solution where users do not have to authenticate in the browser. In other
words, when a user logs into their machine they are also authenticated for the web proxy
automatically.
28
The Proxy Menu
HTTP Proxy – Non-Transparent with NTLM Authentication Example
Kerberos is the network authentication protocol used in Active Directory. It has strict
time requirements, which means the clocks of the involved hosts must be synchronized.
The best practice is to have the Domain Controller(s) (PDC/BDC) as the NTP server(s) for
GD. This can be set under Services.
Enter the NTLM information as outlined above. If you have a Backup Domain
Controller this can also be added, but is not required.
29
The Proxy Menu
HTTP Proxy – Non-Transparent with NTLM Authentication Example
Click on join domain and you will see the screen below. Enter the an admin user name
and password (permission to perform domain joins is required).
Once that is done, click Join ADS and you should see a success message.
30
The Proxy Menu
HTTP Proxy – Non-Transparent with NTLM Authentication Example
Add a new Web Filter Profile.
31
The Proxy Menu
HTTP Proxy – Non-Transparent with NTLM Authentication Example
Add a new Access Policy with group-based authentication (Microsoft AD group
gd_filter_high) and using the the web filter profile previously created.
32
The Proxy Menu
HTTP Proxy – Non-Transparent with NTLM Authentication Example
The easiest solution is to use the web proxy with authentication in a semitransparent fashion is to have the appliance also handle DHCP for those networks you wish
to provide the web proxy.
Using this method, all of the necessary DHCP parameters are automatically
configured and deployed to client workstations so they detect and use the proxy
automatically – assuming the above configuration for Internet Explorer is set. The
"Automatically detect settings" must be enabled (it is by default) in order for the IE
browser to automatically find the proxy without any further manual configuration.
33
The Proxy Menu
HTTP Proxy – Non-Transparent with NTLM Authentication Example
You can test your configuration by browsing the Internet from the Green network and
testing different websites.
34
The Proxy Menu
 Email Proxies
The GD eSeries appliance provides a complete email proxy and filtering system for
both SMTP and POP3 traffic.
The system can filter and quarantine email traffic for malware/phishing/spam, and
additionally support other email features including the ability to perform greylisting, realtime blacklist (RBL) support, blocking by file types & more.
35
The Proxy Menu
 SMTP Proxy Architecture
GD eSeries uses different applications to
provide comprehensive email security to both
inbound and outbound email traffic:
– Postfix: Mail Transfer Agent (MTA)
• Receive/send SMTP (smptd)
• Basic email security checks
– Amavis: Broker agent for MTA & filtering
engines
• Translates email into streams for spam
and AV filtering
– SPAM Filtering:
• Commtouch (enabled by default).
• SpamAssassin
– Panda Anti-malware engine.
36
The Proxy Menu
SMTP Proxy - Bi-Directional SMTP
The GD eSeries SMTP proxy works in both inbound and outbound directions which
means you can:
(1) scan inbound SMTP – from the Internet to your internal (protected) mail
server(s) and
(2) scan outbound SMTP – from your mail servers or from clients configured to
use their own email server.
Warning: When configuring inbound SMTP filtering, you cannot have any port forwarding
(DNAT) rules for TCP port 25 as these will cause the SMTP proxy to be bypassed completely.
37
The Proxy Menu
SMTP Proxy - SMTP Inbound
38
The Proxy Menu
SMTP Proxy - SMTP Outbound
39
The Proxy Menu
SMTP Proxy – Antivirus settings
Scan mail for virus:
Enable filtering of emails for viruses and
to reveal the additional virus filter options.
Choose virus handling: There are three
Available actions that can be carried out
on e-mails that have been detected:
Move to default quarantine location: any e-mail
containing virus will be moved to the default
location manageable from Services-Mail Quarantine.
Send to quarantine email address: e-mails containing virus are forwarded to a custom e-mail
address that can be specified in the “virus quarantine email address” textbox that will appear upon
selecting this option.
Pass to recipient (regardless of bad contents): e-mail containing virus will be delivered normally.
Email used for virus notifications (virus admin): the e-mail address that will receive a notification for
each processed e-mail containing virus.
40
The Proxy Menu
SMTP Proxy - File settings
Block files by extension: Activate the extensions-based filtering on files and reveal the
additional options.
Choose handling of blocked files: There are three available actions that can be carried
out on e-mails that have blocked (They are the same as in the previous Spam Settings
and Virus Settings boxes):
• move to default quarantine location: mails containing blocked files will be moved to the
default location manageable from Services-Mail quarantine
• send to quarantine email address: mails containing blocked files are forwarded to a custom email address that can be specified in the “email used for blocked file notifications” textbox that
will appear upon selecting this option.
• pass to recipient (regardless of bad contents): mails containing blocked files will be delivered
normally
Choose filetypes to block (by extension): The file extensions to be blocked.
Email used for blocked file notifications (file admin): The e-mail address that will receive
a notification for each processed e-mail containing blocked attachments.
Block files with double extension: Enable the blocking of any file with a double
41
extension.
The Proxy Menu
SMTP Proxy - Spam Filtering
Spam subject: A prefix applied to the subject of
all emails marked as spam.
Email used for spam notifications (spam admin):
The e-mail address that will receive a notification
for each processed spam email.
Spam tag level: If the spam score is greater than
This number, the X-Spam-Status and X-Spam-Level
headers are added to the e-mail.
Spam mark level: If the spam score is greater
than this number, the Spam subject prefix and
the X-Spam-Flag header are added to the e-mail.
Spam quarantine level: Any e-mail that exceeds this spam score will be moved to the quarantine
location.
Send notification only below level: Send notification e-mails only if the spam score is below this
number.
Spam filtering: Enable spam greylisting and show the next option.
Delay for greylisting (sec): The greylisting delay in seconds can be a value between 30 and 3600.
Activate support for Japanese emails: Tick this checkbox to activate support for Japanese character
sets in e-mails, for more accurate detection of Japanese spam.
42
The Proxy Menu
SMTP Proxy - Black & Whitelists
Whitelist sender: All the e-mails sent from these addresses or domains will be accepted
Blacklist sender: All the
e-mails sent from these
addresses or domains will be
rejected.
Whitelist recipient: All the
e-mails sent to these
addresses or domains will be
accepted.
Blacklist recipient :All the
e-mails sent to these
addresses or domains will be
rejected.
Whitelist client : All the e-mails
sent from these IP addresses
or hosts will be accepted.
Blacklist client : All the e-mails
sent from these IP addresses
or hosts will be Rejected.
43
The Proxy Menu
SMTP Proxy - Realtime Blacklist (RBL)
A method often used to block spam is the use of RBLs. These lists are created,
managed, and updated by different organizations with the purpose to identify as quickly
as possible new SMTP servers used to send spam and block them. If a domain or sender
IP address appears in one of the blacklists, e-mails coming from it will be immediately
rejected without further notice.
The use of RBL saves bandwidth, since the messages will not be accepted and then
handled like any other email traffic, but rather dismissed as soon as the sender’s IP
address or domain is found in any blacklist.
44
The Proxy Menu
SMTP Proxy - Greylisting
Greylisting is a spam reduction technique that leverages the fact that most spam
senders do not use servers that conform to normal email standards, inasmuch as they do
not re-send bounced emails.
All that greylisting does is to immediately reject all unknown emails for a set time
period relying on the idea that the only legitamente senders will resend. There are
multiple benefits to this technique, but it can immediately reduce the processing load on
the GD eSeries by not having the device process known spam emails. Of course this does
not erradicate all spam, but it useful when combined with all the other spam detection
tools available in GD eSeries.
Warning: Using greylisting will cause all legitimate email to be delayed by (at least) the
time period defined on the GD eSeries and possibly even more so depending on the re-try
policy of the sending MTA -- so do not use in situations where there is high sensitivity to
receiving email.
45
The Proxy Menu
SMTP Proxy - Mail routing
This option allows to send a BCC of an e-mail to a given email address and is applied
to all the e-mails sent either to a specific recipient or from a specific sender address.
The list shows the direction, the address and the BCC address, if any. To add a new
mail route, click on the “Add a Mail Route” button. In the form that opens the following
options can be configured:
Direction: Select from the drop-down menu whether the mail route should be defined for a sender
or recipient of the e-mail.
Mail address: Depending on the direction chosen, this will be the e-mail address of the recipient or
sender to which the route should be applied.
BCC address: The e-mail address which are the recipient of the copy of the e-mails.
46
The Proxy Menu
SMTP Proxy - Advanced
In the first panel a smarthost can be activated and configured. One common use case is: if the
SMTP server has a dynamic IP address, for example when using an ISDN or an ADSL dialup Internet
connection, there can be some troubles sending e-mails to other mail servers, since that IP address
might have been blacklisted in some RBL and therefore the remote mail server might refuse the emails. Use a Smarthost to solve it!
IMAP Server for SMTP authentication: contains configuration options for the IMAP server that
should be used for authentication when sending e-mails. These settings are especially important for
SMTP incoming connections that are opened from the RED (WAN) zone.
Mail server settings: In this panel, additional parameters of the SMTP server can be defined.
Spam prevention: Finally, in this last panel additional parameters for the spam filter can be defined,
47
by ticking one or more of the four checkboxes.
The Proxy Menu
SMTP Proxy - Anti-Spam
Enable spamassassin shortcircuit: skips Spamassassin scan whenever Commtouch marks a message
as spam.
Ignore IPs/Networks: Here IPs and networks which should not be checked by commtouch can be
defined.
In the SPAM tag level section the following options can be configured:
CONFIRMED: Every email recognized as spam will have this tag level value (between -10 and 10, default 10).
BULK: Every message identified as bulk mail will have this tag level value (between -10 and 10, default 7).
SUSPECTED: Every email suspected to contain spam will have this tag level value (between -10 and 10, default 2).
UNKNOWN Emails classified as unknown will have this tag level value (between -10 and 10, default 0).
NONSPAM Non-spam mails will have this tag level value (between -10 and 10, default -10).
48
The Proxy Menu
SMTP Proxy
Different Scenarios
49
The Proxy Menu
SMTP Proxy - Scenario I
GD eSeries in Gateway Mode with Internal Mail Server
• We will configure the GREEN zone to Transparent mode and RED Zone to Inactive.
50
The Proxy Menu
SMTP Proxy - Scenario I
GD eSeries in Gateway Mode with Internal Mail Server
• In order to teach the GD eSeries where to deliver smtp traffic add the existing email domain(s) and
mail server IP address(es).
• Configure the rest of the protection options available.
• No SmartHost configuration needed for this scenario.
51
The Proxy Menu
SMTP Proxy - Scenario I
GD eSeries in Gateway Mode with Internal Mail Server
• It is advisable to configure the advanced SMTP HELO name mail server setting with the same server
name as the one in the public DNS MX or A record.
52
The Proxy Menu
SMTP Proxy - Scenario II
GD eSeries in Gateway Mode with External Mail Server
• We´ll configure RED Zone to Inactive as you will be probably receiving POP3 mail (enable POP3
Proxy) and set the GREEN interface to Active mode.
53
The Proxy Menu
SMTP Proxy - Scenario II
GD eSeries in Gateway Mode with External Mail Server
• Configure a Smarthost in the GD eSeries with a generic account to authenticate all Outgoing mail to
your external mail server.
• Possible issue: Some ISPs only allow sending mail using the same account as the sender
54
The Proxy Menu
SMTP Proxy - Scenario II
GD eSeries in Gateway Mode with External Mail Server
• Lastly you will have to configure the mail clients to use the GD eSeries as their Outgoing mail
server (SMTP). This will only be necessary if it is mandatory to scan outbound mail.
55
The Proxy Menu
SMTP Proxy - Scenario III
GD eSeries in Router Mode with Internal Mail Server
• Your Internet router device must deliver all SMTP traffic to the Red interface (in cases in which the
GD eSeries does not have your public IP(s) directly, create a port forwarding rule in your ISP router
to forward SMTP to port 25 of your RED zone Interface).
• We will configure RED Zone to Active and other eixsting zones to Transparent mode.
56
The Proxy Menu
SMTP Proxy - Scenario III
GD eSeries in Router Mode with Internal Mail Server
• In order to teach the GD eSeries where to deliver smtp traffic add the existing email domain(s) and
mail server IP address(es).
• Configure the rest of the protection options available.
• No SmartHost configuration needed for this scenario.
57
The Proxy Menu
SMTP Proxy - Scenario III
GD eSeries in Router Mode with Internal Mail Server
• It is advisable to configure the advanced SMTP HELO name mail server setting with the same server
name as the one in the public DNS MX or A record.
58
The Proxy Menu
SMTP Proxy - Scenario IV
GD eSeries in Router Mode with External Mail Server
• We´ll configure RED Zone to Inactive as you will be probably receiving POP3 mail (enable POP3
Proxy) and set the GREEN interface to Active mode.
59
The Proxy Menu
SMTP Proxy - Scenario IV
GD eSeries in Router Mode with External Mail Server
• Configure a Smarthost on the GD eSeries with a generic account to authenticate all outgoing mail
to your external mailserver.
• Possible issue: Some ISPs only allow sending mail using the same account as the sender.
60
The Proxy Menu
SMTP Proxy - Scenario IV
GD eSeries in Router Mode with External Mail Server
• Lastly you will have to configure the mail clients to use the GD eSeries as their Outgoing mail
server (SMTP). This will only be necessary if it is mandatory to scan outbound mail.
61
The Proxy Menu
POP3 Proxy (Inbound Only)
62
The Proxy Menu
POP3 Proxy
Enabled: Enable the POP3 e-mail scanner
per zone.
Virus scanner: Activate the virus scanner.
Spam filter: Enable email spam filtering.
Firewall logs outgoing connections: Let all the pop3 fetch outgoing connections be logged by the
firewall.
Spam subject tag: The prefix that will be added to the subject of emails recognised as spam.
Required hits: The number of hits required for a message to be considered as spam.
Activate support for Japanese emails: Tick this checkbox to activate support for Japanese character
sets in e-mails, for more accurate detection of Japanese spam.
Enable message digest spam detection (pyzor): To detect spam using pyzor (in short: spam e-mails
are converted to a unique digest message that can be used to identify further analogous spam emails).
White list: A list of e-mail addresses or whole domains, specified using wildcards, e.g.,
[email protected], one address per line. Emails from these addresses and domains will never be
checked for spam.
Black list: A list of e-mail addresses or whole domains, specified using wildcards, e.g.,
[email protected], one address per line. Emails from these addresses and domains will always be
marked as spam.
63

similar documents