Can you use the IP based Spam detection methods if your appliance is configured behind another SMTP gateway? This information applies to: Proventia Network Mail Security (1.6 and above) Lotus Protector for Mail Security (2.1 and above)
If the appliance sits behind another gateway it is unnecessary to use DNSBL and Dynamic Host Reputation on the SMTP level (it might cause the gateway that has already accepted the messages to get into trouble).
Therefore, it is necessary to use DNSBL on the policy level. Create an Analysis Module of the type Spam DNSBL Check and use this in the Spam detection rules.
Quarantine Spam rule with ‘Spam DNSBL’ enabled:
For the Dynamic Host Reputation, it is necessary to set the Rejected Host Handling to Tag (at ‘SMTP | Configuration | Receiving SMTP | Dynamic Host Reputation Filter’) and to create an Analysis Module that checks for the existence of this tag. Message Field Check > Field Name = 'X-MSHostReputation' > Expression = . > Match Mode = Literal String Search. This Analysis Module also has to be added to the Spam detection rules.
Rejected Host Handling for Dynamic Host Reputation:
Message Field Check for 'X-MSHostReputation':
Quarantine Spam rule with ‘Dynamic Host Reputation tag’ enabled:
To insure the appliance ignores the IP addresses of the gateway, it is necessary to add the IP addresses of all gateways as border IP addresses.
Mail Security > Policy > Advanced Parameters > new option > Name = host_reputation.border_ips > Value = String = A semicolon separated list of IP addresses.
Specify Border IPs:
If the above information does not resolve your issue, please contact IBM Security Systems Technical Support.
Lotus Protector for Mail Security
Proventia Network Mail Security