Home | Articles | About | Contact | Forum |
Saturday, December 21, 2024



Lunarpages.com Web Hosting

Mailing List

E-mail:
By Joining the mailing list you will be notified of site updates.


Show Your Support For
This Site By Donating:











Audience: Network Admins
Last Updated: 7/30/2015 2:14:14 AM
**All times are EST**





Juniper SRX anti-spam filtering config

By Erik Rodriguez

Tags: Juniper SRX anti-spam, JunOS spam filtering, SRX spam blocking, Juniper UTM spam filter

This article provides information on enabling the UTM Anti-spam feature for the SRX firewalls.

Problem

You would like to add the UTM anti-spam protection on your SRX firewall.

Procedure

Here is how you configure the anti-spam feature on the SRX provided you have a valid or trial anti_spam_key_sbl license. Here you can see that I have 30-day (trial) license installed:
root@srx1# run show system license 
License usage: 
                                 Licenses     Licenses    Licenses    Expiry
  Feature name                       used    installed      needed 
  anti_spam_key_sbl                     1            1           0    2015-08-19 20:00:00 EDT
  dynamic-vpn                           0            2           0    permanent
  ax411-wlan-ap                         1            2           0    permanent
  logical-system                        0            1           0    permanent
  
The following configuration will enable the spam-block-list (sbl) from sophos labs. It will check all incoming SMTP connections against the continually updating list. If detected, it will simply block the connection and no messages will be accepted. In addition, messages accepted will also be scanned against certain signatures to further identify SPAM content. You have the ability to tag the message subject or block it. By tagging, a custom prefix of your choice will be appended to the message subject.
First we need to enable the utm anti-spam feature. The items in red are user-specific:

set security utm feature-profile anti-spam sbl profile local-profile sbl-default-server
set security utm feature-profile anti-spam sbl profile local-profile spam-action tag-subject
set security utm feature-profile anti-spam sbl profile local-profile custom-tag-string **SPAM**
set security utm utm-policy spam-block anti-spam smtp-profile local-profile

The commands above will enable the UTM anti-spam and check the sbl list located at msgsecurity.juniper.net. Notice the spam-block policy that will be referenced by the security policy.
Next, we need to apply the UTM spam-block policy to the security policy which allows SMTP traffic to the actual mail server. Here you can see my security policy pointing to an Exchange server. The commands in green add the UTM policy:
root@srx1# show security policies from-zone untrust to-zone trust policy EX25   
match {
    source-address any;
    destination-address EX;
    application junos-smtp;
}
then {
    permit {
        application-services {
            utm-policy spam-block;
        }
    }
}
Here is the command line reference:

set security policies from-zone untrust to-zone trust policy EX25 match source-address any
set security policies from-zone untrust to-zone trust policy EX25 match destination-address EX
set security policies from-zone untrust to-zone trust policy EX25 match application junos-smtp
set security policies from-zone untrust to-zone trust policy EX25 then permit application-services utm-policy spam-block

Last, check the following status and statistics to verify correct operation:
root@srx1# run show security utm anti-spam status    
SBL Whitelist Server:
SBL Blacklist Server:
    msgsecurity.juniper.net

DNS Server:
    Primary  :          8.8.8.8, Src Interface: ge-0/0/0
    Secondary:          4.2.2.2, Src Interface: ge-0/0/1
    Ternary  :          0.0.0.0, Src Interface: fe-0/0/2
Notice the SBL server address. Here is interesting look at that UTM working:
root@srx1# run show security utm anti-spam statistics 
 UTM Anti Spam statistics: 

Total connections:     16224 
Denied connections:    11314
Total greetings:       4832
Denied greetings:      0
Total e-mail scanned:  5155
White list hit:        0
Black list hit:        0
Spam total:            26
Spam tagged:           26
Spam dropped:          0
DNS errors:            0
Timeout errors:        0
Return errors:         0
Invalid parameter errors: 0

Statistics start time: 07/22/2015 02:20:11
Statistics for the last 10 days (permitted emails / spams):
day 1: 329/0
day 2: 1076/0
day 3: 459/0
day 4: 303/0
day 5: 232/0
day 6: 658/0
day 7: 737/0
day 8: 829/0
Notice that 26 email messages had their subjects apended with **SPAM** while 11,314 connections were blocked because they were found on the SBL. The number of "spams" per day will only increment if you are tagging. If you are blocking, the then "Denied connections" will increment but not both at the same time.

Conclusion

While this isn't the "best" method of anti-spam, it does a decent job of keeping most of the crap out of your inbox. In addition, this method is generally cheaper than cloud-filtering services as there are no per-mailbox limits.



Contact Us

If you found this information useful, click the +1 button



Your E-mail:


Subject:


Type verification image:
verification image, type it in the box

Message:


NOTE: this form DOES NOT e-mail this article, it sends feedback to the author.


TCP vs. UDP
Juniper SRX anti-spam filtering config
Windows Server 2008 Clustering Configuration
Windows 2008 R2 Network Load Balancing (NLB)
Extreme Networks: Downloading new software image
Juniper SRX save config to USB drive
Juniper SRX logout sessions
Extreme Networks Syslog Configuration
Command line drive mapping
Neoscale vs. Decru
Data Security vs. Data Protection
Juniper SRX Cluster Configuration
HOWTO - Create VLAN on Extreme Switch
Using a Non-local Colocation Facility
Linux Server Administration
IT Chop Shops
Flow Viewers: SFLOW, NetFLOW, and JFLOW
Exchange 2007 Back Pressure
IPtables open port for specific IP
Politics in IT Departments
HOWTO - Block Dropbox
Cisco IOS Cheat Sheet
Subnet Cheat Sheet
Design a DMZ Network
How DNS works
Firewall Configuration
Juniper SSG Firewalls
Server Management
Configuring VLANs
Runlevels in Linux
Server Clustering
SONET Networks
The Red Hat Network
Server Colocation
Complicated Linux Servers
Dark Fiber
Data Center Network Design
Firewall Types
Colocation Bandwidth






Copyright © 2002-2016 Skullbox.Net All Rights Reserved.
A division of Orlando Tech Works, LLC
By using this site you agree to its Terms and Conditions.
Contact Erik Rodriguez