anti spam implementation guide

8/6/2019 Anti Spam Implementation Guide

1/30

Cyberoam Anti SpamImplementation Guide Version 9

Document version 95021-1.0-20/08/2007


2/30

IMPORTANTNOTICEElitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented withoutwarranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecoreassumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to makechanges in product design or specifications. Information is subject to change without notice.

USERSLICENSEThe Appliance described in this document is furnished under the terms of Elitecores End User license agreement. Pleaseread these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by theterms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Applianceand manual (with proof of payment) to the place of purchase for a full refund.

LIMITEDWARRANTYSoftware: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on whichthe Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Softwaresubstantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limitedwarranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecoreand its suppliers under this warranty will be, at Elitecore or its service centers option, repair, replacement, or refund of thesoftware if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecorewarrant that the Software is error free, or that the customer will be able to operate the software without problems orinterruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and theperformance thereof is under warranty provided by Kaspersky Labs. It is specified that Kaspersky Lab does not warrant that the

Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infectedby that virus.Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electricalcomponents will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's soleobligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardwareneed not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or anypart thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in allmaterial respects to the defective Hardware.

DISCLAIMEROFWARRANTYExcept as specified in this warranty, all expressed or implied conditions, representations, and warranties including, withoutlimitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course ofdealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law.In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential,incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability touse the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall

Elitecores or its suppliers liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed theprice paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose.In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including,without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore orits suppliers have been advised of the possibility of such damages.

RESTRICTEDRIGHTSCopyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of ElitecoreTechnologies Ltd. Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time ofprinting, but Elitecore Technologies assumes no responsibility for any errors that may appear in this documents. ElitecoreTechnologies reserves the right, without notice, to make changes in product design or specifications. Information is subject tochange without notice

CORPORATEHEADQUARTERSElitecore Technologies Ltd.904 Silicon Tower,Off. C.G. Road,Ahmedabad 380015, INDIAPhone: +91-79-26405600Fax: +91-79-26407640Web site: www.elitecore.com ,www.cyberoam.com
http://www.elitecore.com/http://www.elitecore.com/http://www.cyberoam.com/http://www.cyberoam.com/http://www.cyberoam.com/http://www.elitecore.com/


3/30

Cyberoam Anti Spam Implementation Guide

3

Conten ts

Technical Support ............................................................................................................ 4Typographic Conventions................................................................................................. 5

Overview ................................................................................................................ 6Spam ...................................................................................................................... 6Cyberoam Gateway Anti Spam ............................................................................ 7Configuration......................................................................................................... 7Spam Policy........................................................................................................... 8

Global policy................................................................................................................... 10Default policy.................................................................................................................. 10Custom policy................................................................................................................. 11

Address Groups.................................................................................................. 19Create Address Groups.................................................................................................. 19Delete Address Groups .................................................................................................. 20Delete individual address from Group ............................................................................ 21

Spam Rule............................................................................................................ 22Create Spam rule ........................................................................................................... 22Delete Spam Rule .......................................................................................................... 23Change Spam rule Order ............................................................................................... 24

Local Domains..................................................................................................... 25Add Domains.................................................................................................................. 25Delete Domains.............................................................................................................. 25

Enable Scanning ................................................................................................. 27General Configuration ........................................................................................ 28Bypass Reporting................................................................................................ 30


4/30


4

Technic a l Support

You may direct all questions, comments, or requests concerning the software you purchased, yourregistration status, or similar issues to Customer care/service department at the following address:

Corporate Office

eLitecore Technologies Ltd.

904, Silicon Tower

Off C.G. Road

Ahmedabad 380015

Gujarat, India.

Phone: +91-79-66065606

Fax: +91-79-26407640

Web site: www.elitecore.com

Cyberoam contact:

Technical support (Corporate Office): +91-79-26400707

Email: [email protected]

Web site: www.cyberoam.com

Visit www.cyberoam.comfor the regional and latest contact information.
http://www.elitecore.com/http://www.elitecore.com/mailto:[email protected]:[email protected]://www.cyberoam.com/http://www.cyberoam.com/http://www.cyberoam.com/http://www.cyberoam.com/http://www.cyberoam.com/http://www.cyberoam.com/mailto:[email protected]://www.elitecore.com/


5/30


5

Typographic Convent ions

Material in this manual is presented in text, screen displays, or command-line notation.

Item Convention Example

Server Machine where Cyberoam Software - Server component isinstalled

Client Machine where Cyberoam Software - Client component isinstalled

User The end user

Username Username uniquely identifies the user of the system

Part titles Bold andshaded fonttypefaces Report

Topic titles Shaded fonttypefaces

In t roduc t ion

Subtitles Bold & Blacktypefaces Nota t ion c onvent ions

Navigation link Bold typeface Group Management Groups Create

it means, to open the required page click on Groupmanagement then on Groups and finally click Create tab

Name of aparticularparameter /field / commandbutton text

Lowercaseitalic type

Enter policy name, replace policy name with the specificname of a policyOrClick Name to select where Name denotes command buttontext which is to be clicked

Crossreferences

Hyperlink indifferent color

refer to Customizing User database Clicking on the link willopen the particular topic

Notes & points

to remember

Bold typeface

between theblack borders

Note

Prerequisites Bold typefacesbetween theblack borders

PrerequisitePrerequisite details


6/30


6

Overview

Welcome to Cyberoams Anti Spam User guide.

Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet thesecurity needs of corporates, government organizations, and educational institutions.

Cyberoams perfect blend of best-of-breed solutions includes User based Firewall, Contentfiltering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.

Cyberoam provides increased LAN security by providing separate port for connecting to thepublicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which arevisible the external world and still have firewall protection.

Cyberoam Anti Spam as a part of unified solution along with Anti Virus and IDP (IntrusionDetection and Prevention), provides real time virus and spam scanning.

Anti Spam module is an add-on module which needs to be subscribed before use. Refer toLicensing section for details on registration.

Spam

Spam refers to electronic junk mail or junk newsgroup postings. Some people define spam evenmore generally as any unsolicited e-mail.

Spamming is to indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages,especially commercial advertising in mass quantities. In other words, it is an inappropriate attemptto use a mailing list, or other networked communications facility as a broadcast medium bysending the same message to a large number of people who did not ask for it.

In addition to being a nuisance, it also eats up a lot of network bandwidth. Because the Internet isa public network, little can be done to prevent spam, just as it is impossible to prevent junk mail.However, the use of software filters in e-mail programs can be used to remove most spam sentthrough e-mail to certain extent.

With the number of computer users growing and the exchange of information via the Internet andemail increases in volume, spamming has become an almost everyday occurrence. Apart fromnetwork bandwidth, it also affects the employees productive as deletion of such mails is a hugetask. Anti spam protection is therefore a priority for anyone who uses a computer.


7/30


7

Cyberoam Gatew ay Ant i Spam

Cyberoam Gateway Anti Spam provides you with powerful tools for scanning and detecting spam

in the e-mail traffic. Cyberoam Gateway Anti Spam inspects all incoming emails - SMTP, POP3and IMAP traffic - before the messages are delivered to the receiver's mail box. If spam isdetected, depending on the policy and rules set, emails are processed and delivered to therecipient unaltered, reject and generate a notification on the message rejection, add or changesubject or change the receiver.

Cyberoam Gateway Anti Spam is fully compatible with all the mail systems and therefore can beeasily integrated into the existing network.

Cyberoam Anti Spam allows to:

Scan email messages for spamming by protocols namely SMTP, POP3, IMAP

Monitor and proactively detect recurrent patterns in spam mails and combat multi-format text, images, HTML etc. and multi-language threats

Monitors mails received from Domain/IP address

Detect spam mails using RBLs

Accept/Reject messages based on message size and message header

Customize protection of incoming and outgoing e-mail messages by defining scan policies

Set different actions for SMTP, POP and IMAP spam mails

Configure action for individual email address

Notify receivers about spam messages

Conf igurat ion

Configuration task for implementing spam solution:

1. Create Spam policy. Optionally use global or default policy provided by Cyberoam2. Create Spam rule for the policy created in step 1 i.e. create spam rule and attach policy to the

rule3. Enable scanning from firewall rule


8/30


8

Spam Pol ic y

As soon as you subscribe for Cyberoam Gateway Anti-spam module, default spam policy is

applicable to all the incoming email traffic. Default spam policy is the general policy and not fit-for-all policy and hence might allow certain spam mails while block certain required mails also. Finetuning the policies means reducing the spam attacks and chances of loosing any important andrequired mails.

Spam policy defines what action is to be taken if the mail is identified as a spam and to whichemail address the copy of mail is to be send. As network scanning rules control all the trafficpassing through the Cyberoam and decide whether to scan or bypass mail, policy will be applied tothat traffic only that is filtered by network scanning rule.

Types of Policies

1. Global

Global policy is applicable to all the users. Cyberoam provides blank corporate policy whichcan be customized as per the requirement.

2. Default

Default policy is applicable to all the users except for those users for whom the personalpolicy is defined. Default policy is applicable to all the users as soon as you register the AntiSpam module.

3. Custom/Personal

Cyberoam allows defining custom policy as per the individual user requirement. Custom userpolicy is applicable to only that user for whom the policy is created.

Scanning rules defines which scanning policy is to be applied to which recipient email address i.e.maps scanning policy to the email address.

Detection of spam attributes

Cyberoam uses content filtering and three RBLs - Real time Black hole Lists to check for thespam attributes:

Message size

Message header

Premium RBL

Reliable RBL

Standard RBL

RBL is a list of IP addresses whose owners refuse to stop the proliferation of spam i.e. areresponsible for spam or are hijacked for spam relay.

Cyberoam will check each RBL for the connecting IP address. If the IP address matches to theone on the list then the specified action in policy is taken.


9/30


9

Actions

Accept Accepts and delivers the mail to the intended receiver. This action can be defined forboth SMTP and POP/IMAP protocols.

Reject Rejects the mail. This action sends the notification message to sender. This action canbe defined only for SMTP protocol.

Drop Drops the mail. This action does not send any notification message to sender. This actioncan be defined only for SMTP protocol.

Change Recipient - Accepts the mail but delivers the mail to the specified receiver and not to thereceiver for whom the mail was originally send. This action can be defined only for SMTP protocolonly.

Prefix Subject Accepts and delivers the mail to the intended receiver but after changing thesubject of the mail. You can customize the subject in such a way that the receiver knows that themail is a spam mail. This action can be defined for both SMTP and POP/IMAP protocols.


10/30


10

Global po l ic y

Cyberoam provides the blank global policy which can be customized as per your requirement. Bydefault, global policy applies to all the users. There is no need to apply the global policy to the

users using rules.

Select Anti Spam Spam Policy Global policy to customize policy. Refer to Addadvanced rules for more details.

Defaul t po l ic y

Cyberoam provides a blank default policy which can be customized as per your requirement.Default policy will be applied to those users only for whom custom/personal policy is not defined.

Select Anti Spam Spam Policy Default policy to customize policy. Refer to Addadvanced rules for more details.


11/30


11

Custom po l icy

Custom scan policy allows you to specify the spam filtering level security i.e. action severity basedon your requirement.

Create Custom Scan policy

Select Anti Spam Spam policy Create Custom po licy to open the create page

Screen - Create Custom Spam policy

Screen Elements Description

Spam Policy details

Name Specify policy name. Choose a name that best describes the policy

Policy Description Specify full description of the policy

Send copy to emailaddress

Specify email addresses to which the mail copy is to be send.

More than one address can be specified separated by commaFor [email protected],,[email protected]

This option can be applied for SMTP protocol only

Create button Creates the policy.

Cancel button Cancels the current operation

Add button If the policy is successfully created, create advanced scanning rules tospecify what action is to be taken on mail identified as SPAM aftersuccessful creation of the policy. Refer to Manage Custom Policy for moredetail for defining actions.

Table Create Custom Spam policy screen elements


12/30


12

Manage Custom Spam policy

Select Anti Spam Spam Policy Manage Custom policy to view the list of policiescreated. Click the policy to be modified.

Screen Manage Custom Spam policy


Spam Policy details

Name Displays policy name

Policy Description Displays full description of the policy, modify if required

Send copy to email

address

Displays email addresses to which the mail copy will be send,

modify if required.

More than one address can be specified separated by comma

For [email protected],,[email protected]

This option can be applied for SMTP protocol only.

Update button Updates and saves modifications done in any of the above fields


Advanced Rules

Advanced Rules


13/30


13


Add button Click to define the action to be taken on mails if the matchingcondition is found.Refer Add Advanced Rules for details.

Delete button Allows to delete the condition

Select the condition to be deleted and click delete

Create button Saves the action rule


Table Manage Custom Spam policy screen elements

Add Advanced Rules

Select Anti Spam Spam Policy Manage Custom policy to view the list of policiescreated. Click the policy to which action rules are to be added.


14/30


14

Conditions

When Cyberoam Anti Spam identifies Mail as SPAM, Cyberoam accepts and delivers the mailto the intended receiver but only after adding a prefix SPAM to the original subject of themail.

Original subject: This is a test

Receiver will receive the mail with subject line as: SPAM: This is a test

You can customize the subject in such a way that the receiver knows that the mail isa spam mail. To specify the contents to be prefixed to the existing subject line, selectPrefix Subject as action.

You can set different actions for SMTP and POP.

When Cyberoam Anti Spam identifies Mail as PROBABLE SPAM, Cyberoam accepts anddelivers the mail to the intended receiver but after adding a prefix PROBABLE SPAM to theoriginal subject of the mail.


Receiver will receive the mail with subject line as: PROBABLE SPAM: This is a test

You can customize the subject in such a way that the receiver knows that the mail isa spam mail. To specify the contents to be prefixed to the existing subject line, selectPrefix Subject as action.

You can set different actions for SMTP and POP.

When Cyberoam Anti Spam identifies Mail as VIRUS OUTBREAK, Cyberoam accepts anddelivers the mail to the intended receiver but only after adding a prefix SPAM to the originalsubject of the mail.




15/30


15

You can customize the subject in such a way that the receiver knows that the mail is aspam mail. To specify the contents to be prefixed to the existing subject line, selectPrefix Subject as action.

You can set different actions for SMTP and POP mails.

When Cyberoam Anti Spam identifies Mail as PROBABLE VIRUS OUTBREAK, Cyberoamaccepts and delivers the mail to the intended receiver but only after adding a prefix SPAM tothe original subject of the mail.



You can customize the subject in such a way that the receiver knows that the mail is aspam mail. To specify the contents to be prefixed to the existing subject line, selectPrefix Subject as action.

You can set different actions for SMTP and POP mails.

From Email Address/IP address Specified action will be taken if the mail sender email or IPaddress matches the specified email address or IP address. You can set action for SMTPonly.

From Email Address/IP address Specified action will be taken if the mail sender email or IPaddress belongs to the specified email address or IP address group. You can set action forSMTP only.

Message Size - Specified action will be taken if the mail size matches the specified size. Youcan set different actions for SMTP and POP.

Message Header - Specified action will be taken if the message header contains the specifiedtext. You can set different actions for SMTP and POP.

You can scan message header for spam in:

Subject Specified action will be taken if the header contains the matching subject

From - Specified action will be taken if the header contains the matching text in theFrom address.

To - Specified action will be taken if the header contains the matching text in the Toaddress.

Others Specified action will be taken if the matching text is found in the header

RBL - Specified action will be taken if the sender is listed in the specified RBL Group

Actions

Following actions can be taken on the mail identified as the SPAM

Reject Cyberoam will reject the message and send the rejection notification to the mailsender. This action can be applied to SMTP protocol only.

Drop Cyberoam will reject the message but no notification will be send. This action can beapplied to SMTP protocol only.

Accept Cyberoam will accept and deliver the message to the intended receiver

Change Recipient Cyberoam will accept the message but will not deliver to the receiver forwhom the message was originally send. Message will be send to the specified receiver. This

action can be applied to SMTP protocol only.


16/30


16

Prefix Subject Cyberoam will accept and deliver the message to the intended receiver butonly after changing the subject of the message. You can customize the subject in such a waythat the receiver knows that the mail is a spam mail. Specify the contents to be prefixed to theexisting subject line.

For Example

Contents to be prefixed to the original subject: Spam notification from Cyberoam


Receiver will receive the mail with subject line as: Spam notification from Cyberoam - This isa test


17/30


17

Change Advanced action rules Order

Advanced action rules are ordered by their priority. When the rules are applied, they are processedfrom the top downwards and the first suitable rule found is applied. Hence, while adding multiple

rules, it is necessary to put strict rules before moderate and general rules.

Select Anti Spam Manage Custom policy to view the list of policies created. Click thepolicy whose action rule order is to be changed.

Click the rule whose order is to be changed

Click Move Up to move the selected rule one-step up

Click Move Down to move the selected rule one-step down

Click Update Order to save the order


18/30


18

Delete Custom Spam policy

Prerequisite Not assigned any Rule

Select Anti Spam Spam policy Manage Custom policy to view the list of policiescreated

Screen Delete Custom Spam policy


Del Select policy for deletion

Click Delto select

More than one policy can also be selected

Select All Select all the policies for deletion

Click Select All to select all the policies

Delete button Deletes all the selected policy/policies

Table Delete Custom Spam policy screen elements

NoteDefault policy cannot be deleted.


19/30


19

Address Groups

Scanning rule can be defined for individual or group of

Email address

IP address

RBL (Real time black hole List)

Address group is the group of email addresses, IP addresses, or RBLs. Whenever the policy isapplied to the address group, policy is applied to all the addresses included in the group.

RBL is a list of IP addresses whose owners refuse to stop the proliferation of spam i.e. areresponsible for spam or are hijacked for spam relay. This IP addresses might also be used forspreading virus.

Cyberoam will check each RBL for the connecting IP address. If the IP address matches to the

one on the list then the specified action in policy is taken.

Creat e Address Groups

Select Anti Spam Configuration Address Groups to open the Address group page.Click Create to open the create page.

Screen Create Email Address Group


20/30


20


Address Group details

Name Specify group name

Group Specify group type. You can create group of RBLs, IP address orEmail address.

RBL is a list of IP addresses whose owners refuse to stop theproliferation of spam i.e. are responsible for spam or are hijackedfor spam relay.

Cyberoam will check each RBL for the connecting IP address. If theIP address matches to the one on the list then the specified actionin policy is taken.

Description Specify full description

Create button Creates group and depending on the group type allows adding

email address, IP addresses or RBL names

Click AddType all the email addresses to be grouped specified by commae.g.

[email protected], [email protected]


Table Create Email Address Group screen elements

Delet e Address Groups

Select Anti Spam Configuration Address Groups to view the list of groups created

Screen Delete Address Group


Del Select address group for deletion

Click Delto select

More than one address group can also beselected

Select All Select all the address group for deletion


21/30


21

Click Select All to select all the address groups

Delete button Deletes all the selected address groups

Table Delete Address Group screen elements

Delete ind iv idual address f rom Group

Select Anti Spam Configuration Address Groups to view the list of groups created.Click the group from which the address is to be deleted

Screen Delete Address from Group


Delete Select address for deletion

Click Deleteto select

More than one address can also be selected

Select All Select all the address for deletion

Click Select All to select all the addressDelete button Deletes all the selected address

Table Delete Address from Group screen elements


22/30


22

Spam Rule

Scanning rules defines which scanning policy is to be applied to which recipient email address i.e.map scanning policy with the email address.

A rule allows to apply:

single policy for a email address or group of addresses

multiple policies for a particular email address or group of addresses

Create Spam ru le

Prerequisite Policy created

Address group created (if rule is for group)

Select Anti Spam Spam Rules to open the create page

Screen - Create Spam Rule


Spam Rule Details

Action Item Select whether the rule is for individual email address or groupSpecify email address or select the Address Group

Recipient EmailAddress

Specify recipient email address

If the rule is for the complete domain the specify as @domainnamee.g. @cyberoam.com


23/30


23


Address Group Specify address group

Policy Name Specify policy to be applied.

According to the action specified in the policy, mails will bedelivered as original or will be tagged and forwarded to the receiver.

Add button Creates rule


Table Create Spam Rule screen elements

Delete Spam Rule

Select Anti Spam Spam Rules to view the list of rules created.

Screen - Delete Spam Rule


Del Select rule for deletion

Click Delto select

More than one rule can also be selected

Select All Select all the rules for deletion

Click Select All to select all the rulesDelete button Deletes all the selected rules

Table Delete Spam Rule screen elements


24/30


24

Change Spam rule Order

Rules are ordered by their priority. When the rules are applied, they are processed from the top

downwards and the first suitable rule found is applied. Hence, while adding multiple rules, it isnecessary to put strict rules before moderate and general rules. Default policy order cannot bechanges.

Screen Change Spam rule order

Select Anti Spam Spam RulesClick the rule whose order is to be changed

Click Move Up to move the selected rule one-step up

Click Move Down to move the selected rule one-step down

Click Update to save the order


25/30


25

Local Domains

Cyberoam also allows bypassing RBL scanning of mails for certain domains. For this, you have to

define the domains as the trusted domains.

Add Domains

Select Anti Spam Configuration Local DomainsType Domain name or IP address

Click Add

Screen Add Domains

Mails from the specified domains will not be scanned for RBLs.

Delet e Domains

Select Anti Spam Configuration Local Domain to view the list of domains that willbe bypassed from RBL scanning

Screen Delete Domains


Del Select domain for deletion

Click Delto select

More than one domain can also be selected

Select All Select all the domains for deletion

Click Select All to select all the domains


26/30


26

Delete button Deletes all the selected domains

Table Delete Domains screen elements


27/30


27

Enable Scanning

Enable anti-spam scanning from firewall rules. While anti-spam settings can be configured for

system-wide use, they can also be implemented with specific settings on a per user basis. Refer toCyberoam User Guide, Firewall section for creating firewall rules for enabling the anti-spamscanning.

You can enable anti spam scanning by creating firewall rule for:

Zone

User/User Group

Host/Host Group

By enabling scanning through firewall, you can customize levels of protection. For example, whiletraffic between LAN and WAN might need strict protection, traffic between trusted internal

addresses might need moderate protection. Hence you can enable/disable scanning for particularcombination of source and destination IP address or domain.


28/30


28

General Conf igurat ion

Select Anti Spam Configuration General Configuration to open the configurationpage

Screen General Configuration


Anti Spam Engine information

Anti Spam Engine Information displays Anti Spam Engine statusand Cyberoam Anti Spam Center connectivity status

Anti Spam Engine status

- Anti Spam server is down

- Anti Spam server is up

Cyberoam Anti Spam Center connectivity status

- Cyberoam is not connected and will not be able to detect spammails

- Cyberoam is connected with Cyberoam Anti Spam Centersserver

Cyberoam Anti spam definition database contains currentlyidentified spam signatures/definitions which are used for identifyingspam mails. By default, database updates are automaticallydownloaded and installed on your computer every 30 minutes.

File size restriction


29/30


29


SMTP Mails greaterthan size

Specify maximum size (in KB) of the file to be scanned. Filesexceeding this size received through SMTP will not be scanned.Also specify the action to be taken on oversize files. If Acceptaction is specified, all the oversize mails will be forwarded to the

recipient without scanning.

By default, files exceeding 50 MB will not be scanned.

POP3/IMAP Mailsgreater than size

Specify maximum size (in KB) of the file to be scanned. Filesexceeding this size received through POP/IMAP will not be scannedand forwarded to the recipient without scanning.

By default, files exceeding 10 MB will not be scanned.

Enforce Anti Spampolicies for SMTPAuthenticatedConnections

Enable Enforce Anti Spam policies for SMTP AuthenticatedConnections if anti spam policy is to be implemented for the SMTPauthenticated traffic also. By default, spam policies are notapplicable to the SMTP authenticated traffic

Header to detect recipient for POP3/IMAPClick Add to specify header which should be used for detecting therecipients address.

By default, Cyberoam uses Delivered-To and Received headers.

Default headers cannot be deleted

Table General Configuration screen elements


30/30


Bypass Repor t ing

By default, Cyberoam Anti Spam generates reports for all the Internal Domains and Email Ids. To

bypass reporting of certain domains and email ids, Administrator has to create an Exclusiondomain list and email id list. All the domains and email ids included in the exclusion list will not beincluded in the Anti Spam reports.

To define the exclusion list, select Reports Configure Local Domains or selectReports Configure Bypass Email Ids

anti spam implementation guide

Documents