Using IP-based Spam Detection Methods When Appliance is Behind Another SMTP Gateway

Technote (FAQ)


Question

Can you use the IP based Spam detection methods if your appliance is configured behind another SMTP gateway? This information applies to: Proventia Network Mail Security (1.6 and above) Lotus Protector for Mail Security (2.1 and above)

Answer

If the appliance sits behind another gateway it is unnecessary to use DNSBL and Dynamic Host Reputation on the SMTP level (it might cause the gateway that has already accepted the messages to get into trouble).

Therefore, it is necessary to use DNSBL on the policy level. Create an Analysis Module of the type Spam DNSBL Check and use this in the Spam detection rules.

Policy Object:

Quarantine Spam rule with ‘Spam DNSBL’ enabled:

For the Dynamic Host Reputation, it is necessary to set the Rejected Host Handling to Tag (at ‘SMTP | Configuration | Receiving SMTP | Dynamic Host Reputation Filter’) and to create an Analysis Module that checks for the existence of this tag. Message Field Check > Field Name = 'X-MSHostReputation' > Expression = . > Match Mode = Literal String Search. This Analysis Module also has to be added to the Spam detection rules.

Rejected Host Handling for Dynamic Host Reputation:

Message Field Check for 'X-MSHostReputation':

Quarantine Spam rule with ‘Dynamic Host Reputation tag’ enabled:

To insure the appliance ignores the IP addresses of the gateway, it is necessary to add the IP addresses of all gateways as border IP addresses.
Mail Security > Policy > Advanced Parameters > new option > Name = host_reputation.border_ips > Value = String = A semicolon separated list of IP addresses.

Specify Border IPs:


If the above information does not resolve your issue, please contact IBM Security Systems Technical Support.


    Historical Number

    5135

    Product Alias/Synonym

    Lotus Protector for Mail Security
    Proventia Network Mail Security

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Lotus Protector for Mail Security

Software version:

1.8, 2.4, 2.5, 2.5.0.2, 2.5.1, 2.6, 2.8

Operating system(s):

Firmware

Reference #:

1436650

Modified date:

2011-12-07

Translate my page

Machine Translation

Content navigation