Unable to have antispam working for incoming emails

Lukas · November 2021

Hi all,

I want to apply antispam checking on all emails going to our email server, which resides behind the Zyxel ZyWALL 310. The ZyWALL 310 redirects all SMTP trafic to our email server and the email works fine.

But I am not able to make the antispam to work. After following this manual: https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015556&lang=EN, with the exception that Mail Subject Keyword was replace by *test* and in CONFIGURATION > Security Policy > Policy Control I have changed the from WAN to LAN1:

Image: https://us.v-cdn.net/6029482/uploads/editor/ev/0trctm39yacb.png

I then send email from outside email server to our email server with the test subject, but no spam was detected.
Any idea's why, shouldn't the Spam filter mark the email as spam?

Kind regards,

Lukas

USG_User · November 2021

Different USG services are already phased out or will phased out during next time. See following link:

https://support.zyxel.eu/hc/en-us/articles/4404066253458-USG-Series-License-Phase-Out-and-Free-IDP-Signature-Information

With our USG110 anti-spam license is still valid but not actively used (as already said above).

In past we tried to purchase a license bundle without anti-spam, but this was never offered. Nevertheless the bundle license was cheaper than bying single licenses for each UTM service. That's why we purchased the bundle including anti-spam.

To check which licenses are offered for your device, use the following link:

https://www.zyxel.com/License-Finder.shtml

USG_User · November 2021

Normally, in my case in Germany, all emails will only be retrieved in encrypted form from ISP even if the email traffic is never end-to-end encrypted between sender and receiver. Please check your mail server behind the firewall how its retrieving the mails.

For example, our mail server is using port 110 (for POP3) via "SSL encryption using STLS command".

But this causes that the USG spam filter is not able to analyse any mail content or subject.

With us the spamfilter is integrated in the mail server since it is finally decrypting the mails before putting them into users mailboxes. At the USG you could normally save this computing time.

WJS · November 2021

It could work on my lab, but it hit Mail Drop directly.even I set "Forward with TAG". Not sure isn't by design?

I used " Blockrule : *sell* , Subject: wanna sell ST"

Maybe You can create the rule sourc:User Subnet -> dst: email service : (pop) with the email-security policy.
Then you should see the SPAM(Blocklist) TAG (Assume all clean text).

jasailafan · November 2021

Is email traffic encrypted?
https://community.zyxel.com/en/discussion/2157/zywall-110-anti-spam

Lukas · November 2021

Hi, thank you for all answers.

The email traffic is not encrypted and I finally, I have come to conclusion, that the configuration is ok. The blockrule is not working and I did not manage to test it. But, I have received the log alert about malicious incoming email. So, at last, this looks like it is working. There are however two things I would like to ask regarding email antispam on ZyWALL 310:

1. I have trial antispam license, but I did not find the licesne (Zyxel E-iCard) with antispam for ZyWALL / USG 310. Even with MyZyxel, I can order some bundle, but without antispam. Where can I buy this 1 year antispam license?

2. Our email sever detects 4-8 incoming spam emails each day. But this antispam service on Zyxel 310 is detecting aprox. 1 incoming spam email per 3 days. According to your experience, Is it worth investing to this service?