Tuesday, December 7, 2010

Screenos: Anti-Spam: Adding custom SBL

The anti-spam portion uses a Spam Block List (SBL) which is more commonly known as a Relay Block List (RBL). The SBL/RBL that Juniper offers is updated and maintained by Symantec and contains the Top 100 known spammers.

G1S1-> set anti-spam profile ns-profile
G1S1(anti-spam:ns-profile)-> unset sbl msgsecurity.juniper.net
G1S1(anti-spam:ns-profile)-> set sbl sbl.spamhaus.org input-type ip
G1S1(anti-spam:ns-profile)-> set sbl dnsbl.sorbs.net input-type ip
G1S1(anti-spam:ns-profile)-> set sbl bl.spamcop.net input-type ip
G1S1(anti-spam:ns-profile)-> set sbl msgsecurity.juniper.net input-type ip

G1S1(anti-spam:ns-profile)-> get sbl
  *SBL Blacklist Server:
G1S1(anti-spam:ns-profile)-> exit

View the Status:

G1S1-> get anti-spam

  profile: ns-profile
  *Whitelists (0):
  *Blacklist (1): baddomain.com;
  *Blacklist[ip range] (0):
  *SBL Blacklist Server:
  *Default setting:
    *Action: tag mail subject as ***SPAM***

DNS Server:
  Primary  :, Src Interface: Null
  Secondary:, Src Interface: Null
  Tertiary  :    , Src Interface: Null

  Total connections:    8
  Total greetings:      8
  Total emails:         8

  Total permit emails:  1
  Total deny actions:   0
  Total tag emails:     7

  errors:               8
  timeouts:             8

  Statistics start time: 12/07/2010 09:43:21

With it with string:

G1S1-> exec anti-spam testscan baddomain.com
AS: anti spam result: action Tag email subject, reason: Match local blacklist

With IP:

G1S1-> exec anti-spam testscan
Please wait for a few seconds.
If the result does not display, please check the debug buffer with the "get dbuf stream" command.
G1S1->  anti spam result: action Pass, reason: Timeout

View the config:

No comments: