Command-Line Interface
A. Create an SMTP ALG object:
gw-world:/> add ALG ALG_SMTP smtp_inbound_alg
VerifySenderEmail=Yes
FileListType=Block
File=exe,msi
VerifyContentMimetype=Yes
Antivirus=Protect
DNSBL=Yes
DNSBlackLists={zen.spamhaus.org;5},{dnsbl.dronebl.org;3}
Also in this ALG, blacklist all mails sent from the example.com domain:
gw-world:/> cc ALG ALG_SMTP smtp_inbound_alg
gw-world:/smtp_inbound_alg> add ALG_SMTP_Email
Action=Blacklist
Type=Sender
Email=*@example.com
gw-world:/smtp_inbound_alg> cc
gw-world:/>
B. Create a new Service object for inbound SMTP traffic:
gw-world:/> add Service ServiceTCPUDP smtp_inbound_service
Type=TCP
DestinationPorts=25
SYNRelay=Yes
ALG=smtp_inbound_alg
C. Create an IP Rule for email traffic from the Internet:
i. Create a SAT IP rule to translate the server address:
gw-world:/> add IPRule Action=SAT
Service=smtp_inbound_service
SourceInterface=wan
SourceNetwork=all_nets
DestinationInterface=core
DestinationNetwork=wan_ip
SATTranslate=DestinationIP
SATTranslateToIP=mail_server_ip
Name=smtp_inbound_sat
ii. Create a matching ALLOW IP rule to permit the translated traffic:
gw-world:/> add IPRule Action=Allow
Service=smtp_inbound_service
SourceInterface=wan
SourceNetwork=all_nets
DestinationInterface=core
DestinationNetwork=wan_ip
Name=smtp_inbound_allow
Web Interface
Chapter 6: Security Mechanisms
454
To Next Page
Loading...
