Professional Documents
Culture Documents
Configuration Guide
Version 9
IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without
warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore
assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make
changes in product design or specifications. Information is subject to change without notice.
USERS LICENSE
The Appliance described in this document is furnished under the terms of Elitecores End User license agreement. Please
read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the
terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Appliance
and manual (with proof of payment) to the place of purchase for a full refund.
LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which
the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software
substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited
warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore
and its suppliers under this warranty will be, at Elitecore or its service centers option, repair, replacement, or refund of the
software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore
warrant that the Software is error free, or that the customer will be able to operate the software without problems or
interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and by
Commtouch respectively and the performance thereof is under warranty provided by Kaspersky Labs and by Commtouch. It is
specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not
occasionally erroneously report a virus in a title not infected by that virus.
Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical
components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole
obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware
need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any
part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all
material respects to the defective Hardware.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without
limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of
dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential,
incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to
use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall
Elitecores or its suppliers liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the
price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including,
without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or
its suppliers have been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 1999-2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore
Technologies Ltd.
CORPORATE HEADQUARTERS
Elitecore Technologies Ltd.
904 Silicon Tower,
Off. C.G. Road,
Ahmedabad 380015, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com , www.cyberoam.com
Contents
Technical Support ............................................................................................................................ 4
Typographic Conventions ................................................................................................................ 5
Overview.............................................................................................................................................. 6
Spam ................................................................................................................................................... 6
Cyberoam Gateway Anti Spam ........................................................................................................... 7
Configuration ....................................................................................................................................... 7
Spam Policy......................................................................................................................................... 8
Types of Policies .......................................................................................................................... 8
Detection of spam attributes ........................................................................................................ 8
Actions.......................................................................................................................................... 9
Global policy .................................................................................................................................. 10
Default policy ................................................................................................................................. 11
Custom policy ................................................................................................................................ 12
Create Custom Scan policy........................................................................................................ 12
Manage Custom Spam policy .................................................................................................... 13
Add Advanced Rules.................................................................................................................. 14
Change Advanced action rules Order ........................................................................................17
Delete Custom Spam policy....................................................................................................... 18
Address Groups................................................................................................................................. 19
Create Address Groups ................................................................................................................. 19
Delete Address Groups.................................................................................................................. 20
Delete individual address from Group ........................................................................................... 21
Spam Rule......................................................................................................................................... 22
Create Spam rule........................................................................................................................... 22
Delete Spam Rule.......................................................................................................................... 23
Change Spam rule Order............................................................................................................... 24
Local Domains................................................................................................................................... 25
Add Domains ................................................................................................................................. 25
Delete Domains ............................................................................................................................. 25
Enable Scanning ............................................................................................................................... 26
General Configuration ....................................................................................................................... 27
Bypass Reporting .............................................................................................................................. 29
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
eLitecore Technologies Ltd.
904, Silicon Tower
Off C.G. Road
Ahmedabad 380015
Gujarat, India.
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com
Cyberoam contact:
Technical support (Corporate Office): +91-79-26400707
Email: support@cyberoam.com
Web site: www.cyberoam.com
Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.
Item
Convention
Server
Client
User
Username
Part titles
Topic titles
Example
Bold and
shaded font
typefaces
Shaded font
typefaces
Report
Introduction
Subtitles
Navigation link
Bold typeface
Name of a
particular
parameter /
field / command
button text
Cross
references
Lowercase
italic type
Bold typeface
between the
black borders
Bold typefaces
between the
black borders
Prerequisites
Hyperlink in
different color
Notation conventions
Note
Prerequisite
Prerequisite details
Overview
Welcome to Cyberoams Anti Spam User guide.
Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the
security needs of corporates, government organizations, and educational institutions.
Cyberoams perfect blend of best-of-breed solutions includes User based Firewall, Content
filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.
Cyberoam provides increased LAN security by providing separate port for connecting to the
publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are
visible the external world and still have firewall protection.
Cyberoam Anti Spam as a part of unified solution along with Anti Virus and IDP (Intrusion
Detection and Prevention), provides real time virus and spam scanning.
Anti Spam module is an add-on module which needs to be subscribed before use.
Spam
Spam refers to electronic junk mail or junk newsgroup postings. Some people define spam even
more generally as any unsolicited e-mail.
Spamming is to indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages,
especially commercial advertising in mass quantities. In other words, it is an inappropriate attempt
to use a mailing list, or other networked communications facility as a broadcast medium by
sending the same message to a large number of people who did not ask for it.
In addition to being a nuisance, it also eats up a lot of network bandwidth. Because the Internet is
a public network, little can be done to prevent spam, just as it is impossible to prevent junk mail.
However, the use of software filters in e-mail programs can be used to remove most spam sent
through e-mail to certain extent.
With the number of computer users growing and the exchange of information via the Internet and
email increases in volume, spamming has become an almost everyday occurrence. Apart from
network bandwidth, it also affects the employees productive as deletion of such mails is a huge
task. Anti spam protection is therefore a priority for anyone who uses a computer.
Configuration
Configuration task for implementing spam solution:
1.
2.
3.
Create Spam policy. Optionally use global or default policy provided by Cyberoam
Create Spam rule for the policy created in step 1 i.e. create spam rule and attach policy to the
rule
Enable scanning from firewall rule
Spam Policy
As soon as you register Cyberoam Gateway Anti-spam module, default spam policy is applicable
to all the incoming email traffic. Default spam policy is the general policy and not fit-for-all policy
and hence might allow certain spam mails while block certain required mails also. Fine tuning the
policies means reducing the spam attacks and chances of loosing any important and required
mails.
Spam policy defines what action is to be taken if the mail is identified as a spam and to which
email address the copy of mail is to be send. As network scanning rules control all the traffic
passing through the Cyberoam and decide whether to scan or bypass mail, policy will be applied to
that traffic only that is filtered by network scanning rule.
To reduce the risk of losing the legitimate messages, Spam quarantine repository - a storage
location, provides administrators a way to automatically quarantine messages that are identified as
spam.
This will help in managing spam and probable spam quarantined mails and can take appropriate
actions on such mails.
Types of Policies
1.
Global
Global policy is applicable to all the mail recipients i.e. Email address and Email address
groups. Cyberoam provides blank corporate policy which can be customized as per the
requirement.
2.
Default
Default policy is applicable to all the recipients i.e. Email address and Email address group
except for those for whom the custom policy is defined. Default policy is applicable to all the
recipients as soon as you register the Anti Spam module.
3.
Custom/Personal
Cyberoam allows defining custom policy for specific individual recipient or address group and
is applicable to only to those specific individual recipient or address group and not all the
recipients.
Scanning rules defines which scanning policy is to be applied to which recipient email address i.e.
maps scanning policy to the email address.
RBL is a list of IP addresses whose owners refuse to stop the proliferation of spam i.e. are
responsible for spam or are hijacked for spam relay.
Cyberoam will check each RBL for the connecting IP address. If the IP address matches to the
one on the list then the specified action in policy is taken.
Actions
Accept Accepts and delivers the mail to the intended receiver. This action can be defined for
both SMTP and POP/IMAP protocols.
Reject Rejects the mail. This action sends the notification message to sender. This action can
be defined only for SMTP protocol.
Drop Drops the mail. This action does not send any notification message to sender. This action
can be defined only for SMTP protocol.
Change Recipient - Accepts the mail but delivers the mail to the specified receiver and not to the
receiver for whom the mail was originally send. This action can be defined only for SMTP protocol
only.
Prefix Subject Accepts and delivers the mail to the intended receiver but after changing the
subject of the mail. You can customize the subject in such a way that the receiver knows that the
mail is a spam mail. This action can be defined for both SMTP and POP/IMAP protocols.
Global policy
Cyberoam provides the blank global policy which can be customized as per your requirement. By
default, global policy applies to all the users. There is no need to apply the global policy to the
users using rules.
Select Anti Spam Spam Policy Global policy to customize policy. Refer to Add
advanced rules for more details.
10
Default policy
As soon as you subscribe Cyberoam Gateway Anti Spam, default spam policy is applicable to the
all incoming email traffic. Default spam policy is the general policy and not fit-for-all policy and
hence might allow certain spam mails while block certain required mails also.
Default policy can be customized as per your requirement. Default policy will be applied to those
users only for whom custom/personal policy is not defined.
As per your requirements, Cyberoam allows you to define multiple policies instead of single global
policy. Fine tuning the policies means reducing the spam attacks and chances of loosing any
important and required mails.
Select Anti Spam Spam Policy Default policy to customize policy. Refer to Add
advanced rules for more details.
11
Custom policy
Custom scan policy allows you to specify the spam filtering level security i.e. action severity based
on your requirement.
Screen Elements
Description
Policy Description
Create button
Cancel button
Add button
12
Screen Elements
Description
Policy Description
Update button
Cancel button
Advanced Rules
Add button
13
Conditions
When Cyberoam Anti Spam identifies Mail as SPAM, Cyberoam accepts and delivers the mail
to the intended receiver but only after adding a prefix SPAM to the original subject of the
mail.
Original subject: This is a test
Receiver will receive the mail with subject line as: SPAM: This is a test
You can customize the subject in such a way that the receiver knows that the mail is
a spam mail. To specify the contents to be prefixed to the existing subject line, select
Prefix Subject as action.
You can set different actions for SMTP and POP.
When Cyberoam Anti Spam identifies Mail as PROBABLE SPAM, Cyberoam accepts and
delivers the mail to the intended receiver but after adding a prefix PROBABLE SPAM to the
original subject of the mail.
14
15
Others Specified action will be taken if the matching text is found in the header
RBL - Specified action will be taken if the sender is listed in the specified RBL Group. You
can set different actions for SMTP and POP mails.
Actions
Following actions can be taken on the mail identified as the SPAM, Probable SPAM, VIRUS
OUTBREAK or Probable VIRUS OUTBREAK
Protocol
SMTP
Action
Reject
SMTP
Drop
SMTP,
POP3
SMTP
Accept
Meaning
Mail is rejected and rejection notification is send to the mail
sender
Mail is rejected but rejection notification is not send to the
mail sender
Mail is accepted and delivered to the intended receiver
Change
Recipient
Prefix Subject
SMTP,
POP3
SMTP
Quarantine
16
17
Screen Elements
Description
Del
Select All
Delete button
Note
Default policy cannot be deleted.
18
Address Groups
Scanning rule can be defined for individual or group of
Email address
IP address
RBL (Real time black hole List)
Address group is the group of email addresses, IP addresses, or RBLs. Whenever the policy is
applied to the address group, policy is applied to all the addresses included in the group.
RBL is a list of IP addresses whose owners refuse to stop the proliferation of spam i.e. are
responsible for spam or are hijacked for spam relay. This IP addresses might also be used for
spreading virus.
Cyberoam will check each RBL for the connecting IP address. If the IP address matches to the
one on the list then the specified action in policy is taken.
19
Screen Elements
Description
Description
Create button
Click Add
Type all the email addresses to be grouped specified by comma
e.g. john@yahoo.com, joe@hotmail.com
Cancels the current operation
Cancel button
Screen Elements
Description
Del
Select All
Delete button
20
Screen Elements
Description
Delete
Select All
Delete button
21
Spam Rule
Scanning rules defines which scanning policy is to be applied to which recipient email address i.e.
map scanning policy with the email address.
A rule allows to apply:
single policy for a email address or group of addresses
multiple policies for a particular email address or group of addresses
Screen Elements
Spam Rule Details
Action Item
Description
Select whether the rule is for individual email address or group
Specify email address or select the Address Group
22
Screen Elements
Description
Recipient
Address
Address Group
Policy Name
Add button
Cancel button
Screen Elements
Description
Del
Select All
Delete button
23
24
Local Domains
Cyberoam also allows bypassing RBL scanning of mails for certain domains. To bypass RBL
scanning of certain domains, define such domains as trusted domains
Add Domains
Select Anti Spam Configuration Local Domains
Type Domain name or IP address
Click Add
Mails from the specified domains will not be scanned for RBLs.
Delete Domains
Select Anti Spam Configuration Local Domain to view the list of domains that will
be bypassed from RBL scanning
Screen Elements
Description
Del
Select All
Delete button
25
Enable Scanning
Enable anti-spam scanning using firewall rules. While anti-spam settings can be configured for
system-wide use, they can also be implemented with specific settings on a per user basis. Refer to
Cyberoam User Guide, Firewall section for creating firewall rules for enabling the anti-spam
scanning.
You can enable anti spam scanning by creating firewall rule for:
Zone
User/User Group
Host/Host Group
By enabling scanning through firewall, you can customize levels of protection. For example, while
traffic between LAN and WAN might need strict protection, traffic between trusted internal
addresses might need moderate protection. Hence you can enable/disable scanning for particular
combination of source and destination IP address or domain.
26
General Configuration
Select Anti Spam Configuration General Configuration to open the configuration
page
If Anti spam module is not subscribed, configuration page will display the message that
module is not subscribed and Cyberoam will not detect spam mails.
27
Screen Elements
Description
POP3/IMAP
Mails
greater than size
Enforce Anti
policies
for
Authenticated
Connections
Spam
SMTP
Quarantine Area
Total Utilization ( Anti
Virus + Anti Spam )
28
Screen Elements
Description
Click Add to specify header which should be used for detecting the
recipients address.
By default, Cyberoam uses Delivered-To and Received headers.
Default headers cannot be deleted
Bypass Reporting
By default, Cyberoam Anti Spam generates reports for all the Internal Domains and Email Ids. To
bypass reporting of certain domains and email ids, Administrator has to create an Exclusion
domain list and email id list. All the domains and email ids included in the exclusion list will not be
included in the Anti Spam reports.
To define the exclusion list, select Reports Configure Local Domains or select
Reports Configure Bypass Email Ids
29