ZyXEL ZyWALL ATP700 User Guide - Page 625
Email Security Technical Reference
View all ZyXEL ZyWALL ATP700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 625 highlights
Chapter 31 Email Security Table 242 Configuration > Security Service > Email Security > Black/White List > Black/White List > Add LABEL DESCRIPTION Field Value Keyword This field displays when you select the Mail Header type. Type the value part of an email header (the part that comes after the colon). Use up to 63 ASCII characters. For example, if you want the entry to check the "Received:" header for a specific mail server's domain, enter the mail server's domain here. OK Cancel See Section 31.4.2 on page 625 for more details. Click OK to save your changes. Click Cancel to exit this screen without saving your changes. 31.4.2 Regular Expressions in Black or White List Entries The following applies for a black or white list entry based on an email subject, email address, or email header value. • Use a question mark (?) to let a single character vary. For example, use "a?c" (without the quotation marks) to specify abc, acc and so on. • You can also use a wildcard (*). For example, if you configure *def.com, any email address that ends in def.com matches. So "mail.def.com" matches. • The wildcard can be anywhere in the text string and you can use more than one wildcard. You cannot use two wildcards side by side, there must be other characters between them. • The Zyxel Device checks the first header with the name you specified in the entry. So if the email has more than one "Received" header, the Zyxel Device checks the first one. 31.5 Email Security Technical Reference Here is more detailed email security information. DNSBL • The Zyxel Device checks only public sender and relay IP addresses, it does not check private IP addresses. • The Zyxel Device sends a separate query (DNS lookup) for each sender or relay IP address in the email's header to each of the Zyxel Device's DNSBL domains at the same time. • The DNSBL servers send replies as to whether or not each IP address matches an entry in their list. Each IP address has a separate reply. • As long as the replies are indicating the IP addresses do not match entries on the DNSBL lists, the Zyxel Device waits until it receives at least one reply for each IP address. • If the Zyxel Device receives a DNSBL reply that one of the IP addresses is in the DNSBL list, the Zyxel Device immediately classifies the email as spam and takes the email security policy's configured action for spam. The Zyxel Device does not wait for any more DNSBL replies. • If the Zyxel Device receives at least one non-spam reply for each of an email's routing IP addresses, the Zyxel Device immediately classifies the email as legitimate and forwards it. • Any further DNSBL replies that come after the Zyxel Device classifies an email as spam or legitimate have no effect. ZyWALL ATP Series User's Guide 625