Unable to have antispam working for incoming emails

Lukas
Lukas Posts: 13  Freshman Member
First Comment Friend Collector First Anniversary
Hi all,

I want to apply antispam checking on all emails going to our email server, which resides behind the Zyxel ZyWALL 310. The ZyWALL 310 redirects all SMTP trafic to our email server and the email works fine.

But I am not able to make the antispam to work. After following this manual: https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015556&lang=EN, with the exception that Mail Subject Keyword was replace by *test* and in CONFIGURATION > Security Policy > Policy Control I have changed the from WAN to LAN1:



I then send email from outside email server to our email server with the test subject, but no spam was detected.
Any idea's why, shouldn't the Spam filter mark the email as spam?

Kind regards,
Lukas

Accepted Solution

All Replies

  • USG_User
    USG_User Posts: 374  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Normally, in my case in Germany, all emails will only be retrieved in encrypted form from ISP even if the email traffic is never end-to-end encrypted between sender and receiver. Please check your mail server behind the firewall how its retrieving the mails.
    For example, our mail server is using port 110 (for POP3) via "SSL encryption using STLS command".
    But this causes that the USG spam filter is not able to analyse any mail content or subject.
    With us the spamfilter is integrated in the mail server since it is finally decrypting the mails before putting them into users mailboxes. At the USG you could normally save this computing time.
  • WJS
    WJS Posts: 156  Master Member
    5 Answers First Comment Friend Collector Third Anniversary
    edited November 2021
    It could work on my lab, but it hit Mail Drop directly.even I set "Forward with TAG". Not sure isn't by design?

    I used " Blockrule : *sell*  , Subject: wanna sell ST" 

    Maybe You can create  the rule  sourc:User Subnet  ->  dst: email  service : (pop)  with the email-security policy.
    Then you should see the SPAM(Blocklist) TAG   (Assume all clean text).


  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
  • Lukas
    Lukas Posts: 13  Freshman Member
    First Comment Friend Collector First Anniversary
    Hi, thank you for all answers.

    The email traffic is not encrypted and I finally, I have come to conclusion, that the configuration is ok. The blockrule is not working and I did not manage to test it. But, I have received the log alert about malicious incoming email. So, at last, this looks like it is working. There are however two things I would like to ask regarding email antispam on ZyWALL 310:

    1. I have trial antispam license, but I did not find the licesne (Zyxel E-iCard) with antispam for ZyWALL / USG 310. Even with MyZyxel, I can order some bundle, but without antispam. Where can I buy this 1 year antispam license?

    2. Our email sever detects 4-8 incoming spam emails each day. But this antispam service on Zyxel 310 is detecting aprox. 1 incoming spam email per 3 days. According to your experience, Is it worth investing to this service?

    Kind regards,
    Lukas
  • USG_User
    USG_User Posts: 374  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Answer ✓
    Different USG services are already phased out or will phased out during next time. See following link:


    With our USG110 anti-spam license is still valid but not actively used (as already said above).

    In past we tried to purchase a license bundle without anti-spam, but this was never offered. Nevertheless the bundle license was cheaper than bying single licenses for each UTM service. That's why we purchased the bundle including anti-spam.

    To check which licenses are offered for your device, use the following link:

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @BarbaraMorrigan,
    Greeting Forum,We are in the process of clarifying and fixing this issue.
    Thanks your patience.
    Kevin
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @BarbaraMorrigan,
    For Anti-Spam, Only SMTP can set "Drop".
    When hit blocklist, SMTP would Drop the mail, POP3 would forward with tag.
    Kevin

Security Highlight