ZyXEL Communications unified security gateway User Manual
Chapter 32 Anti-Spam
ZyWALL USG 20/20W User’s Guide
536
Here is an example of an e-mail classified as legitimate based on DNSBL replies.
Figure 317 DNSBL Legitimate E-mail Detection Example
1
The ZyWALL receives an e-mail that was sent from IP address c.c.c.c and relayed
by an e-mail server at IP address d.d.d.d. The ZyWALL sends a separate query to
each of its DNSBL domains for IP address c.c.c.c. The ZyWALL sends another
separate query to each of its DNSBL domains for IP address d.d.d.d.
by an e-mail server at IP address d.d.d.d. The ZyWALL sends a separate query to
each of its DNSBL domains for IP address c.c.c.c. The ZyWALL sends another
separate query to each of its DNSBL domains for IP address d.d.d.d.
2
DNSBL B replies that IP address d.d.d.d does not match any entries in its list (not
spam).
spam).
3
DNSBL C replies that IP address c.c.c.c does not match any entries in its list (not
spam).
spam).
4
Now that the ZyWALL has received at least one non-spam reply for each of the e-
mail’s routing IP addresses, the ZyWALL immediately classifies the e-mail as
legitimate and forwards it. The ZyWALL does not wait for any more DNSBL replies.
mail’s routing IP addresses, the ZyWALL immediately classifies the e-mail as
legitimate and forwards it. The ZyWALL does not wait for any more DNSBL replies.
DNSBL A
DNSBL B
DNSBL C
IPs: c.c.c.c
d.d.d.d
d.d.d.d
1
c.c.
c.c N
ot s
pam
2
4
c.c
.c.
c?
d.d
.d.
d?
c.c.c
.c?
d.d
.d.d
?
c.c.c.c?
d.d.d.d?
d.d.d.d Not spam
3