Kaspersky Lab kaspersky mail gateway 5.5 Mode D'Emploi
Anti-virus protection and spam filtration
59
5.5.2. Protection from hacker attacks and
spam
To provide the highest level of security for your mail system, we recommend that
you modify the Kaspersky Mail Gateway configuration file to extend the anti-virus
functionality of the application. To protect your server from hacker attacks or, for
example, to prevent spam being relayed through your server, configure the
following options:
you modify the Kaspersky Mail Gateway configuration file to extend the anti-virus
functionality of the application. To protect your server from hacker attacks or, for
example, to prevent spam being relayed through your server, configure the
following options:
•
ConnectRule in the [smtpgw.access] section. The parameter defines
application behaviour during establishment of an SMTP session.
application behaviour during establishment of an SMTP session.
•
HeloRule in the [smtpgw.access] section. The parameter defines
application response to HELO/EHLO command received from a client.
application response to HELO/EHLO command received from a client.
•
MailfromRule in the [smtpgw.access] section. The parameter defines
application behaviour at an attempt to send a message from a source
(passed with MAIL FROM command) with a domain name, which does
not match the actual IP address or MX host corresponding to that domain.
application behaviour at an attempt to send a message from a source
(passed with MAIL FROM command) with a domain name, which does
not match the actual IP address or MX host corresponding to that domain.
•
RelayRule in the [smtpgw.access] section. The parameter defines the
rules for client access to gateway. Correct settings of that option are
essential for prevention of application use as a publicly open mail relay.
rules for client access to gateway. Correct settings of that option are
essential for prevention of application use as a publicly open mail relay.
You are also advised to enable restrictions for SMTP connections (see section
6.1.3 on p. 66).
Furthermore, application version 5.5 supports the technology of DNS black lists.
That technology allows blocking of mail receipt from unsafe servers registered in
the RBL database as servers sending spam. The list of DNS Black List services
is specified in the DNSBlackList parameter, [smtpgw.access] section of the
application configuration file.
6.1.3 on p. 66).
Furthermore, application version 5.5 supports the technology of DNS black lists.
That technology allows blocking of mail receipt from unsafe servers registered in
the RBL database as servers sending spam. The list of DNS Black List services
is specified in the DNSBlackList parameter, [smtpgw.access] section of the
application configuration file.
A detailed discussion of the syntax of these parameters is provided in
the description of the configuration file (see A.2 on p. 99).
the description of the configuration file (see A.2 on p. 99).
DNS black list service (RBL, real time black hole list) is a database
of IP addresses of mail servers performing unchecked mail delivery.
Various RBL services use different policies for generation of such lists.
Please examine carefully the policy of each service before you start
using it for mail filtration.
If a certain address is constantly being used for sending spam and
administration of the server used for spam distribution takes no steps to
prevent that, you can inform RBL about the spammer. The latter will be
added to the database and the record will allow automatic blocking of
mail receipt from that mail server.
of IP addresses of mail servers performing unchecked mail delivery.
Various RBL services use different policies for generation of such lists.
Please examine carefully the policy of each service before you start
using it for mail filtration.
If a certain address is constantly being used for sending spam and
administration of the server used for spam distribution takes no steps to
prevent that, you can inform RBL about the spammer. The latter will be
added to the database and the record will allow automatic blocking of
mail receipt from that mail server.