Unable to have antispam working for incoming emails

Hi all,

I want to apply antispam checking on all emails going to our email server, which resides behind the Zyxel ZyWALL 310. The ZyWALL 310 redirects all SMTP trafic to our email server and the email works fine.

But I am not able to make the antispam to work. After following this manual: https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015556&lang=EN, with the exception that Mail Subject Keyword was replace by *test* and in CONFIGURATION > Security Policy > Policy Control I have changed the from WAN to LAN1:



I then send email from outside email server to our email server with the test subject, but no spam was detected.
Any idea's why, shouldn't the Spam filter mark the email as spam?

Kind regards,
Lukas

Accepted Solution

All Replies

  • USG_User
    USG_User Posts: 253  Master Member
    Normally, in my case in Germany, all emails will only be retrieved in encrypted form from ISP even if the email traffic is never end-to-end encrypted between sender and receiver. Please check your mail server behind the firewall how its retrieving the mails.
    For example, our mail server is using port 110 (for POP3) via "SSL encryption using STLS command".
    But this causes that the USG spam filter is not able to analyse any mail content or subject.
    With us the spamfilter is integrated in the mail server since it is finally decrypting the mails before putting them into users mailboxes. At the USG you could normally save this computing time.
  • WJS
    WJS Posts: 25  Freshman Member
    edited November 2021
    It could work on my lab, but it hit Mail Drop directly.even I set "Forward with TAG". Not sure isn't by design?

    I used " Blockrule : *sell*  , Subject: wanna sell ST" 

    Maybe You can create  the rule  sourc:User Subnet  ->  dst: email  service : (pop)  with the email-security policy.
    Then you should see the SPAM(Blocklist) TAG   (Assume all clean text).


  • Lukas
    Lukas Posts: 10
    Hi, thank you for all answers.

    The email traffic is not encrypted and I finally, I have come to conclusion, that the configuration is ok. The blockrule is not working and I did not manage to test it. But, I have received the log alert about malicious incoming email. So, at last, this looks like it is working. There are however two things I would like to ask regarding email antispam on ZyWALL 310:

    1. I have trial antispam license, but I did not find the licesne (Zyxel E-iCard) with antispam for ZyWALL / USG 310. Even with MyZyxel, I can order some bundle, but without antispam. Where can I buy this 1 year antispam license?

    2. Our email sever detects 4-8 incoming spam emails each day. But this antispam service on Zyxel 310 is detecting aprox. 1 incoming spam email per 3 days. According to your experience, Is it worth investing to this service?

    Kind regards,
    Lukas

Security Highlight