Unable to have antispam working for incoming emails

Options
Lukas
Lukas Posts: 13  Freshman Member
First Anniversary Friend Collector First Comment
Hi all,

I want to apply antispam checking on all emails going to our email server, which resides behind the Zyxel ZyWALL 310. The ZyWALL 310 redirects all SMTP trafic to our email server and the email works fine.

But I am not able to make the antispam to work. After following this manual: https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015556&lang=EN, with the exception that Mail Subject Keyword was replace by *test* and in CONFIGURATION > Security Policy > Policy Control I have changed the from WAN to LAN1:



I then send email from outside email server to our email server with the test subject, but no spam was detected.
Any idea's why, shouldn't the Spam filter mark the email as spam?

Kind regards,
Lukas

Accepted Solution

All Replies

  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Normally, in my case in Germany, all emails will only be retrieved in encrypted form from ISP even if the email traffic is never end-to-end encrypted between sender and receiver. Please check your mail server behind the firewall how its retrieving the mails.
    For example, our mail server is using port 110 (for POP3) via "SSL encryption using STLS command".
    But this causes that the USG spam filter is not able to analyse any mail content or subject.
    With us the spamfilter is integrated in the mail server since it is finally decrypting the mails before putting them into users mailboxes. At the USG you could normally save this computing time.
  • WJS
    WJS Posts: 132  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited November 2021
    Options
    It could work on my lab, but it hit Mail Drop directly.even I set "Forward with TAG". Not sure isn't by design?

    I used " Blockrule : *sell*  , Subject: wanna sell ST" 

    Maybe You can create  the rule  sourc:User Subnet  ->  dst: email  service : (pop)  with the email-security policy.
    Then you should see the SPAM(Blocklist) TAG   (Assume all clean text).


  • jasailafan
    jasailafan Posts: 191  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
  • Lukas
    Lukas Posts: 13  Freshman Member
    First Anniversary Friend Collector First Comment
    Options
    Hi, thank you for all answers.

    The email traffic is not encrypted and I finally, I have come to conclusion, that the configuration is ok. The blockrule is not working and I did not manage to test it. But, I have received the log alert about malicious incoming email. So, at last, this looks like it is working. There are however two things I would like to ask regarding email antispam on ZyWALL 310:

    1. I have trial antispam license, but I did not find the licesne (Zyxel E-iCard) with antispam for ZyWALL / USG 310. Even with MyZyxel, I can order some bundle, but without antispam. Where can I buy this 1 year antispam license?

    2. Our email sever detects 4-8 incoming spam emails each day. But this antispam service on Zyxel 310 is detecting aprox. 1 incoming spam email per 3 days. According to your experience, Is it worth investing to this service?

    Kind regards,
    Lukas
  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Different USG services are already phased out or will phased out during next time. See following link:


    With our USG110 anti-spam license is still valid but not actively used (as already said above).

    In past we tried to purchase a license bundle without anti-spam, but this was never offered. Nevertheless the bundle license was cheaper than bying single licenses for each UTM service. That's why we purchased the bundle including anti-spam.

    To check which licenses are offered for your device, use the following link:

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 764  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @BarbaraMorrigan,
    Greeting Forum,We are in the process of clarifying and fixing this issue.
    Thanks your patience.
    Kevin
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 764  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @BarbaraMorrigan,
    For Anti-Spam, Only SMTP can set "Drop".
    When hit blocklist, SMTP would Drop the mail, POP3 would forward with tag.
    Kevin

  • BarbaraMorrigan
    BarbaraMorrigan Posts: 2
    edited March 2022
    Options
    Additionally, you may do a more thorough search by name at a business leads database. By inputting the company name and email address at https://getprospect.com/b2b-contact-database , you may discover people's addresses by name and identify corporate and business owner email addresses in your B2B leads database. Additionally, phone numbers and physical addresses are accessible upon request. Please verify the email address you are about to enter before proceeding. Fraudulent emails are more likely to originate from addresses that have been in use for months, if not years.

Security Highlight