D-Link DFL-260 Product Manual - Page 258
Anti-Spam Filtering, The NetDefendOS Anti-Spam Implementation, DNSBL Databases
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 258 highlights
6.2.5. The SMTP ALG Chapter 6. Security Mechanisms • Dropping email which has a very high probability of being spam. • Letting through but flagging email that has a moderate probability of being spam. The NetDefendOS Anti-Spam Implementation SMTP functions as a protocol for sending emails between servers. NetDefendOS applies Spam filtering to emails as they pass through the NetDefend Firewall from an external remote SMTP server to a local SMTP server (from which local clients will later download their emails). Typically, the local, protected SMTP server will be set up on a DMZ network and there will usually be only one "hop" between the sending server and the local, receiving server. DNSBL Databases A number of trusted organizations maintain publicly available databases of the origin IP address of known spamming SMTP servers and these can be queried over the public Internet. These lists are known as DNS Black List (DNSBL) databases and the information is accessible using a standardized query method supported by NetDefendOS. The image below illustrates all the components involved: DNSBL Server Queries When the NetDefendOS Anto-Spam filtering function is configured, the IP address of the email's sending server is sent to one or more DNSBL servers to find out if any DNSBL servers think the email is from a spammer or not. NetDefendOS examines the IP packet headers to do this. The reply sent back by a server is either a not listed response or a listed response. In the latter case of being listed, the DSNBL server is indicating the email might be spam and it will usually also provide information known as a TXT record which is a textual explanation for the listing. Figure 6.5. Anti-Spam Filtering Creating a DNSBL Consesus The administrator can configure the NetDefendOS SMTP ALG to consult multiple DNSBL servers in order to form a consensus opinion on an email's origin address. For each new email, configured 258