en-US
search-icon

SonicOS 6.2 Admin Guide

Anti-Spam
* 
NOTE: Anti-Spam is not supported on the SuperMassive 9800.

About Anti-Spam

* 
NOTE: Anti-Spam is a separate, licensed feature that provides a quick, efficient, and effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your existing firewall.
* 
NOTE: Anti-Spam is not supported on the SuperMassive 9800.

Anti-Spam Overview

* 
NOTE: Anti-Spam is not supported on the SuperMassive 9000 series.
Topics:  

What is Anti-Spam?

The Anti-Spam feature provides a quick, efficient, and effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your existing firewall.

In a typical Anti-Spam configuration, you choose to add Anti-Spam capabilities by selecting it in the SonicOS interface and licensing it. The firewall then uses the same advanced spam-filtering technology as the SonicWall Email Security products to reduce the amount of junk email delivered to users.

There are two primary ways inbound messages are analyzed by the Anti-Spam feature:

Advanced IP Reputation Management
Cloud-based Advanced Content Management

IP Address Reputation uses the GRID Network to identify the IP addresses of known spammers, and reject any mail from those senders without even allowing a connection. GRID Network Sender IP Reputation Management checks the IP address of incoming connecting requests against a series of lists and statistics to ensure that the connection has a probability of delivering valuable email. The lists are compiled using the collaborative intelligence of the SonicWall GRID Network. Known spammers are prevented from connecting to the firewall, and their junk email payloads never consume system resources on the targeted systems.

Email that does not come from known spammers is analyzed based on “GRIDprints” generated by SonicWall’s research laboratories and are based on data from millions of business endpoints, hundreds of millions of messages, and billions of reputation votes from the users of the GRID Network. Our Grid Network uses data from multiple SonicWall solutions to create a collaborative intelligence network that defends against the worldwide threat landscape. GRIDprints uniquely identify messages without exposing data contained in the email message.

The Anti-Spam service determines that an email fits only one of the following threats: Spam, Likely Spam, Phishing, Likely Phishing, Virus, or Likely Virus. It uses the following precedence order when evaluating threats in email messages:

 
Phishing
Virus
Spam
Likely Phishing
Likely Virus
Likely Spam

For example, if a message is both a virus and spam, the message is categorized as a virus as virus is higher in precedence than spam.

If the Anti-Spam service determines that the message is not any of the above threats, it is judged as good email and is delivered to the destination server.

Benefits

Adding anti-spam protection to your firewall increases the efficiency of your system as a whole by filtering and rejecting junk messages before users see them in their inboxes.

Reduced amount of bandwidth and resources consumed by junk email in your network
Reduced number of incoming messages sent to the mail server
Reduced threat to the organization, because users cannot accidentally infect their computers by clicking on virus spam
Better protection for users from phishing attacks

How Does the Anti-Spam Service Work?

This section describes the Anti-Spam feature, including the SonicWall GRID Network, and how it interacts with SonicOS as a whole. The two points of significant connection with SonicOS are Address and Service Objects. You use the address and service objects to configure the Anti-Spam feature to function smoothly with SonicOS. For example, use the Anti-Spam Service Object to configure NAT policies to archive inbound email as well as sending it through a filter.

The Comprehensive Anti-Spam Service analyzes messages’ headers and contents and uses collaborative GRID printing to block spam email.

Topics:  

GRID Network

The GRID Connection Management with Sender IP Reputation feature is used by SonicWall Email Security and by the Anti-Spam service in SonicOS. GRID Network Sender IP Reputation is the reputation a particular IP address has with members of the SonicWall GRID Network. When this feature is enabled, email is not accepted from IP addresses with a bad reputation. When SonicOS does not accept a connection from a known bad IP address, mail from that IP address never reaches the email server.

GRID Network Sender IP Reputation checks the IP address of incoming connection requests against a series of lists and statistics to ensure that the connection has a probability of delivering valuable email. The lists are compiled using the collaborative intelligence of the SonicWall GRID Network. Known spammers are prevented from connecting to the firewall, and their junk email payloads never consume system resources on the targeted systems.

Topics:  
Benefits
As much as 80 percent of junk email is blocked at the connection level, before the email is ever accepted into your network. Fewer resources are required to maintain your level of spam protection.
Your bandwidth is not wasted on receiving junk email on your servers, only to analyze and delete it.
A global network watches for spammers and helps legitimate users restore their IP reputations if needed.
GRID Connection Management with Sender IP Reputation and Connection Management Precedence Order

When a request is sent to your first-touch firewall, the Anti-Spam service evaluates the ‘reputation’ of the requestor. The reputation is compiled from white lists of known-good senders, block lists of known spammers, and denial-of-service thresholds.

If IP Reputation is enabled, the source IP address is checked in this order:

 

Evaluation order

Evaluation

Description

Allow-list

If an IP address is on this list, it is allowed to pass messages through Connection Management. The messages are analyzed by your firewall as usual.

Block-list

This IP address is banned from connecting to the firewall.

Reputation-list

If the IP address is not in the previous lists, the firewall checks with the GRID Network to see if this IP address has a bad reputation.

Defer-list

Connections from this IP address are deferred. A set interval must pass before the connection is allowed.

DoS

If the IP address is not on the previous lists, the firewall checks to see if the IP address has crossed the Denial of Service threshold. If it has, the appliance uses the existing DoS settings to take action.

Only if the IP address passes all of these tests does the firewall allow that server to make a connection and transfer mail. If the IP address does not pass the tests, there is a message from SonicOS to the requesting server indicating that there is no SMTP server. The connection request is not accepted.

Address and Service Objects

The Anti-Spam feature of SonicOS supports Address and Service Objects to manage a customer’s email server(s). These objects are used by the Anti-Spam Service for its NAT and Access Rule policies. Automatically-created rules are not editable and will be deleted if the Anti-Spam Service is disabled.

When enabled, the Anti-Spam service creates NAT policies and Access Rules to control and redirect email traffic. The policies and rules are visible in the Network > NAT Policies and Firewall Rules pages, but are not editable. These automatically-created policies are only available when the Anti-Spam service is enabled.

When the Anti-Spam service is licensed and activated, the Anti-Spam > Settings page shows a single checkbox to enable Anti-Spam. Selecting the checkbox invokes the Destination Mail Server Policy Wizard if there is no existing custom access rule and NAT policy for an already-deployed scenario. When you set up generated policies, the Anti-Spam service must know where the emails are routed behind the firewall. Specifically it needs the destination mail server IP address and its zone assignment. The Destination Mail Server Policy Wizard is launched if this data cannot be found.

You need the following information for the wizard:

Destination Mail Server Public IP Address – The IP address to which external MTAs (message transfer agents) connect by SMTP.
Destination Mail Server Private IP Address – The internal IP address of the Exchange or SMTP server (behind the firewall).
Zone Assignment – The zone to which the Exchange server is assigned.
Inbound Email Port – The TCP service port number to which emails will be sent, also known as the inbound SMTP port.

Policies and Address Objects created by the wizard are editable and persist even if the Anti-Spam service is disabled.

Topics:  
Objects Created When the Anti-Spam Service Is Enabled

This section provides an example of the type of rules and objects generated automatically as Firewall Access Rules, NAT Policies and Service Objects. These objects are not editable and will be removed if the Anti-Spam service is disabled.

The Firewall > Access Rules page shows the generated rules used for Anti-Spam.

The rows outlined in red are the access rules generated when Anti-Spam is activated. The row outlined in green is the default rule that Anti-Spam creates if there are no existing mail server policies.

You could also create the following access rules:

WAN to WAN rule for incoming email (SMTP) from any source to all the WAN IP addresses
WAN to LAN rule for processed email from Email Security Service to all the WAN IP address using the Anti-Spam service port (default:10025)

The Anti-Spam Service Object is created in the Network > Services page.

This Service Object is referenced by the generated NAT policies.

The rows outlined in red are the policies generated when Anti-Spam is activated. The row outlined in green is the default policy that Anti-Spam creates if there are no existing mail server policies.

Objects Created by the Wizard

Objects created from an administrator’s interaction with the wizard can be edited and stay in the system even if the Anti-Spam service is disabled.

The following considerations apply to the auto-generation of policies:

A system Address Group Object called the Public Mail Server Address Group is created as a default for the original destination for generated policies. This group contains the Address Object, Destination Mail Server Public IP, which takes the IP address value provided during the wizard.
If a SonicWall device already has existing policies for SMTP, the following procedures occur:
If the existing policy’s original destination is a host-type Address Object, then the generated policies use the Public Mail Server Address Group object as their original destination.
If the existing policy’s original destination is a non-host-type Address Object, the generated policies use this non-host type Address Object as their original destination.
If there is more than one public IP address for SMTP, you can manually add Address Objects to the Public Mail Server Address Group.
Policy and Object Changes

In the diag.html page, the Reset GRID Name Cache button can be used to clear all the entries in the GRID name cache.

The Delete Policies and Objects button can be used to remove Anti-Spam Address and Service Objects and policies that are not deleted when the service is turned off. When this button is clicked, SonicOS attempts to remove all the automatically generated objects and policies. This operation is only allowed when the Anti-Spam service is off.

The other diag.html page options relating to Anti-Spam are:

Disable SYN Flood Protection for Anti-Spam related connections – SYN Flood protection by default is turned on for SMTP (25) and Anti-Spam service (10025) ports. This disables the protection.
Use GRID IP reputation check only – When selected, this overrides the probing result and simulates the Anti-Spam service being unavailable (admin down). When an email is sent, it still goes through both the SYN FLOOD check and GRID IP check, but other email scanning is not performed.

Purchasing an Anti-Spam License

The following deployment prerequisites are required to use the Anti-Spam feature:

A licensed SonicWall network security appliance
Anti-Spam License for the appliance
One of the following Microsoft Windows Servers:
Windows Server 2012 R2 (64-bit)
Windows Server 2012 (64-bit)
Windows SBS 2008 R2 Server (64-bit)
SBS 2008 (64-bit)

Purchasing an Anti-Spam license for the firewall can be done directly through mySonicWall.com or through your reseller.

* 
NOTE: Your SonicWall network security appliance must be registered with mySonicWall.com before use.
To purchase an Anti-Spam license:
1
Open a Web browser on the computer you use to manage your SonicWall appliance.
2
Enter http://www.mySonicWall.com in the location or address field.
3
Enter your mySonicWall.com account user name and password in the appropriate fields.
4
Click the submit button.
5
Navigate to My Products in the left-hand navigation bar.

6
Select the appliance to which you wish to add Anti-Spam capability.
7
Register for an Anti-Spam license.
8
Login to your appliance’s web management interface.
9
Navigate to the System > Licenses page from the navigation bar.mySonicWall.com.

10
In the Manage Security Services Online section, click the link to activate or renew your license. Alternately, enter your key or keyset in the Manual Upgrade section.
11
Enter your mySonicWall.com login information.

Viewing Anti-Spam Status

* 
NOTE: Anti-Spam > Status does not apply to the SuperMassive 9800.

Anti-Spam > Status

View the state of your licensing and monitoring on the Anti-Spam > Status page. You also can perform checks on domains and IP address to ensure they are valid.

Topics:  

Anti-Spam Service Status

The Anti-Spam Service Status section lists this information about the Anti-Spam feature:

Anti-Spam Service Expiration Date
License Node Count
Junk Store Version – If the Junk Store is not installed and enabled, the version is 0.0.0.0.

Monitoring Status

The Monitoring Status section shows the status and statistics of the monitored Anti-Spam services:

Monitored Services – Lists the services:
SonicWall15 Anti-Spam Service
SonicWall Junk Store
Destination Mail Server
* 
TIP: By mousing over a monitored service, a pop-up displays the server address.

Current Status – Shows the current status of each service. Mousing over the small triangle icon in the heading displays a pop-up description of the statuses:

Operational (green) – The monitored service is up and running.
Unavailable (red) – The monitored service is detected as down. Check connections to the remote system.
Unknown (red) – Probing of the monitored services has just started and its status is not known at the moment. If it is a local service, ensure it is installed.
Statistics – contains a Statistics icon for each service. When moused over, the icon displays a pop-up description of the statistics collected about the service:

Successes – Number of successful probes.
Failures – Number of unsuccessful probes.
Success Rate – The percentage of total probes that were successful.

Email Stream Diagnostics Capture

The Email Stream Diagnostics Capture section captures SMTP-related traffic passing through the firewall and provides application data-formatted report of the captured data.

* 
NOTE: The report only contains inbound traffic.

The status of the trace is displayed:

Trace status:
Active
Off
Buffer size
Buffer is % full
MB of buffer lost
To create an application-formatted report on the SMTP-related traffic passing through your firewall:
1
Click the Start Trace button.
2
Stop the capture at any time by clicking the Stop Trace button.
3
Click Download Data to download the report to as packet-hd.html file. A warning message displays.

4
Click OK. The Open packet-dh.html dialog displays.

5
Select to:
Open the file in your browser by selecting a browser in the Open with (default) drop-down menu.
Save the file selecting Save File.
6
Click OK. If you opened the file, it is downloaded to your browser:

To clear the statistics:
1
Click the Clear Capture button.

MX Record Lookup and Banner Check

In the MX Record Lookup and Banner Check section, you can perform:

An MX Record lookup for a given domain name.
A connection check to the resulting host server or supplied IP address to retrieve the SMTP banner.

Your DNS servers are displayed by default in the DNS Server 1/2/3 fields; they cannot be changed. The SMTP port is displayed in the SMTP Port field.

When you enter a domain name or IP address, the Comprehensive Anti-Spam Service attempts to connect to that server and retrieve the SMTP banner. This feature allows you to verify that an email sender is not spoofing an address to appear more legitimate.

To look up the MX record of an emailer or domain:
1
Enter the domain name or IP address in the Lookup name or IP field.
2
Click Go. The results are displayed.

The results include the domain name or IP address that you entered, the DNS server from your list that was used, the resolved email server domain name and/or IP address, and the banner received from the domain server or a message that the connection was refused. The contents of the banner depends on the server you are looking up.

GRID IP Check

The GRID IP Check section allows you to perform a SonicWall GRID Network IP reputation check on a given host IP address. For more information on GRID networks, refer to the GRID Network.

To perform a GRID IP reputation check:
1
Enter an IP address in the Host IP Address field.
2
Click Go. The results are displayed.

 

Enabling and Activating Anti-Spam

* 
NOTE: Anti-Spam > Settings does not apply to the SuperMassive 9800.

Anti-Spam > Settings

The Anti-Spam > Settings page allows you to activate the Anti-Spam feature, configure email threat categories, modify access lists, and set advanced options.

Topics:  

Activating Anti-Spam

After you have registered Anti-Spam, activate it to start your appliance-level protection from spam, phishing, and virus messages.

To activate Anti-Spam:
1
Navigate to the Anti-Spam > Settings page.

2
Click Enable Anti-Spam Service to activate the Anti-Spam feature. A message displays describing the effects of enabling the Anti-Spam Service and requesting agreement to proceed.

3
To proceed, click the Proceed button. Another message about the mail server to be used displays.

4
Click the Next button. A dialog requesting information about the server displays. The dialog’s settings are populated with information taken from the system.

5
Optionally, change the information.
6
Click Next. A message displays explaining what is created during the installation.
7
Click Confirm.

When the Anti-Spam application is installed, you can:

Download and install the Junk Box; see Installing the Junk Store
Configure the email threat categories; see Configuring Email Threat Categories.

Installing the Junk Store

Anti-Spam can create a Junk Store on your Microsoft Exchange Server. The Junk Store quarantines messages for end-user analysis and provides statistics. Log in to your Exchange system, then open a browser to log in to the management interface, and install the Junk Store.

* 
NOTE: While SonicWall supports non-Exchange SMTP servers, such as Sendmail and Lotus Domino, it is not required to install the Junk Store on one of these servers. Similar to the SonicWall Email Security product, the CASS 2.0 feature allows you to install the Junk Store on a stand-alone server.

To fully utilize the newest functionality available with CASS 2.0, SonicWall recommends installing Junk Store on a stand-alone server.

To install the Junk Store:
1
Log in to your Exchange system.
2
Open a web browser.
* 
IMPORTANT: To download and install the SonicWall Junk Store application, you need the following on the system where you will install the Junk Store application:
Internet Explorer 6 or above
Microsoft Exchange Server
Email Downloader ActiveX component for IE
3
Log in to the SonicOS interface.
4
Navigate to the Anti-Spam > Settings page.
5
Go to the SonicWall Junk Store Installer section.

6
Click the Junk Store Installer icon to install the junk store on your Windows server.
* 
NOTE: The first time the Junk Store application is installed, it takes about 5 - 15 minutes for the Junk Store to be operational.
7
If your browser warns you that the Web site is trying to load the SonicWall Email Security add-on:
a
Click in the Information Bar.
b
Select Install ActiveX Control in the pop-up menu. The Security Warning Screen displays.
8
Click Install to install the ActiveX Control.
9
On the Anti-Spam > Settings page, click the Junk Store Installer icon again. A progress bar is displayed on the page.
10
The installer launches when it is fully downloaded.
* 
NOTE: Migrating data to the Junk Store may take a long time to complete.
11
Navigate to the Anti-Spam > Status page and verify that the SonicWall Junk Store is Operational.

Configuring Email Threat Categories

When Anti-Spam is activated, set your preferences. After these are configured, your email is filtered and sorted according to your configuration.

To set default settings for users’ messages:
1
On the Anti-Spam > Settings page, scroll to the Email Threat Categories section.

2
Choose default settings for messages that contain or may contain spam, phishing, and virus issues; see Email Threat Category Settings: Options for options available in the drop-down menus:
Likely Spam (default: Store in Junk Box)
Definite Spam (default: Permanently Delete)
Likely Phishing (default: Tag with [LIKELY_PHISHING])
Definite Phishing (default: Store in Junk Box)
Likely Virus (default: Store in Junk Box)
Definite Virus (default: Permanently Delete)
 

Email Threat Category Settings: Options

Category

Action

Filtering off

Anti-Spam does not scan and filter any email for this threat category, so all the email messages are delivered to the recipients.

Tag With [TAG]

The email is tagged with a term in the subject line:

[LIKELY_SPAM]
[SPAM]
[LIKELY_PHISHING]
[PHISHING]
[LIKELY_VIRUS]
[VIRUS]

Selecting this option allows the user to have control of the email and can junk it if it is unwanted.

Store in Junk Box

The email message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions.

Permanently Delete

The email message is permanently deleted.

CAUTION: If you select this option, your organization risks losing wanted email.

If you are using more than one domain, choose the Multiple Domains option and contact SonicWall or your SonicWall reseller for more information.

Configuring Access Lists

The two lists in the User-defined Access Lists section allow you to manage static allow and reject lists by designating which clients are allowed or denied connection to deliver email.

* 
NOTE: Entry settings in these lists take precedence over GRID IP reputation check results.
To configure the lists:
1
On the Anti-Spam > Settings page, scroll to the User-defined Access Lists section.

2
Click the Edit icon for the list, Allow Client List or Reject Client List, you want to configure. The Allow/Reject Client List dialog displays.

3
Select items from the left column you want to add to the Allow List.
4
Click the Right Arrow button.

To remove items from the Allow List:

a
Select the item(s) from the Allow List.
b
Click the Left Arrow button.
5
When finished, click the OK button.
To add a host to the lists:
1
Scroll to the User-defined Access Lists section.
2
Click the Add Host icon. The Add Host to Allow/Reject List dialog displays.

3
Enter a name for the host in the Name field.
4
Select the type of host from the Type drop-down menu. The following setting(s) change, depending on the host type selected.
5
If you selected:
Host (default) – enter the IP address in the IP Address field.
Range – enter the starting and ending IP addresses in the Starting IP Address and Ending IP Address fields.

FQDN – enter the FQDN hostname in the FQDN Hostname field.

6
Click OK.

Configuring Advanced Options

* 
NOTE: The Advanced Options section is usually not displayed. To display this section, click the Expand button. To hide this section, click the Expand button.

In the Advanced Options section, you can set the email options described in Anti-Spam > Settings: Advanced Options:.

Anti-Spam > Settings: Advanced Options

Setting type

Setting

Description

Anti-Spam Advanced Settings

Allow/Reject delivery of unprocessed mails when SonicWall Anti-Spam Service is unavailable

If the Anti-Spam service is not enabled or unavailable for some other reason, you can choose to let all unprocessed emails go through or to reject all unprocessed emails. Spam messages are delivered to users as well as good email.

Choose from the drop-down menu:

Allow (default)
Reject

 

Tag and Deliver/Delete Emails when SonicWall Junk Store is unavailable

If Junk Store cannot accept spam messages, you can choose to delete them or deliver them with cautionary subject lines such as [Phishing] Please renew your account.

Choose from the drop-down menu:

Tag & Deliver (default)
Delete

Monitoring Service Probes

Probe Interval (minutes)

Set the timer frequency, in minutes, for probing Email Security components in the WAN and LAN networks. The minimum time is 1 minute, the maximum is 60 minutes, and the default is 5 minutes.

 

Probe Timeout (seconds)

Set the time, in seconds, for the probe to wait for response from the target before flagging as failure. The minimum time is 30 seconds, the maximum is 300 seconds, and the default is 30 seconds.

 

Success Count Threshold

Set the number of consecutive successful responses before declaring the entity as operational. The minimum number is 1 response, the maximum is 10 responses, and the default is 1 response.

 

Failure Count Threshold

Set the number of consecutive successful responses before declaring the entity as unreachable. The minimum number is 1 response, the maximum is 10 responses, and the default is 3 response.

Destination Mail Server Settings

Server Public IP Address

The IP address of the server that is available for external connections. MTAs use this WAN IP address for SMTP connection. This number is populated by the address you specified when activating and installing Anti-Spam and Junk Store. You can change the address.

 

Server Private IP Address

The IP address of the server for internal traffic. This is the internal mail server IP address behind the appliance. This number is populated automatically by the address you specified when activating and installing Anti-Spam and Junk Store. You can change the address.

 

Inbound Email Port

The TCP service port your appliance has open to receive inbound emails. The minimum is 0, the maximum is 65535, and the default is function generated.

Junk Store Settings

Use Destination Mail Server Private Address as Junk Store Address

If the Junk Store is on the destination mail server, select the checkbox. The address is populated automatically by the address you specified when activating and installing Anti-Spam and Junk Store. You can change the address. This checkbox is selected by default, and the Junk Store IP Address field is dimmed.

To change the address:

1
Uncheck the checkbox. The Junk Store IP Address field becomes available.
2
Enter the Junk Store IP address of where the server is located.

Others

Enable Email Subsystem Detection

Enables discover of available email system resources in the network. This checkbox is selected by default.

 

Viewing Anti-Spam Statistics

* 
NOTE: Anti-Spam > Statistics does not apply to the SuperMassive 9800.

Anti-Spam > Statistics

View the statistics for your Anti-Spam feature on the Anti-Spam > Statistics page:

Total Number of Messages Processed – The total number of messages processed since the Anti-Spam feature was enabled.
Total Number of Junk Messages – The total number of junk messages processed since the Anti-Spam feature was enabled.
Recorded Since – The date and time when the Anti-Spam feature was enabled.
Threats – Lists the types of service and threats and the total number of each type of service provided and threat blocked:
 
TCP Cookie SYN Flood validation
Likely Spam
Static Host Reject List
Definite Spam
SonicWall GRID Reputation Service
Likely Phishing

 

Definite Phishing

 

Likely Virus

 

Definite Virus

Configuring the RBL Filter

* 
NOTE: Anti-Spam > RBL Filter does not apply to the SuperMassive 9800.

Anti-Spam > RBL Filter

* 
NOTE: The Anti-Spam service is an advanced superset of the standard SonicOS RBL Filtering. When Anti-Spam is enabled, therefore, RBL Filtering is disabled automatically and a message displays with that information and a link to the Anti-Spam > Settings page.

If Anti-Spam is not enabled, you can configure the settings on the RBL Filter page. All Anti-Spam and Junk Box pages, are unavailable, however.

Topics:  

About RBL Lists

SMTP Real-Time Black List (RBL) is a mechanism for publishing the IP addresses of SMTP servers from which or through which spammers operate. There are a number of organizations that compile this information both for free: http://www.spamhaus.org, and for profit: https://ers.trendmicro.com/.

* 
NOTE: SMTP RBL is an aggressive, spam-filtering technique that can be prone to false-positives because it is based on lists compiled from reported spam activity. The SonicOS implementation of SMTP RBL filtering provides a number of fine-tuning mechanisms to help ensure filtering accuracy.

RBL list providers publish their lists using DNS. Blacklisted IP addresses appear in the database of the list provider's DNS domain using inverted IP notation of the SMTP server in question as a prefix to the domain name. A response code from 127.0.0.2 to 127.0.0.11 indicates some type of undesirability:

For example, if an SMTP server with IP address 1.2.3.4 has been blacklisted by RBL list provider sbl‑xbl.spamhaus.org, then a DNS query to 4.3.2.1.sbl-xbl.spamhaus.org provides a 127.0.0.4 response, indicating that the server is a known source of spam, and the connection is dropped.

* 
NOTE: Most spam today is known to be sent from hijacked or zombie machines running a thin SMTP server implementation.Unlike legitimate SMTP servers, these zombie machines rarely attempt to retry failed delivery attempts. After the delivery attempt is blocked by RBL filter, no subsequent delivery attempts for that same piece of spam is made.

SonicOS Response to a Blacklist Query

The DNS responses are collected and cached. If any of the queries result in a blacklisted response, the server is filtered. Responses are cached using TTL values, and non-blacklisted responses are assigned a cache TTL of 2 hours. If the cache fills up, then cache entries are discarded in a FIFO (first-in-first-out) fashion.

The IP address check uses the cache to determine if a connection should be dropped. Initially, IP addresses are not in the cache, and a DNS request must be made. In this case, the IP address is assumed innocent until proven guilty, and the check results in the allowing of the connection. A DNS request is made and results are cached in a separate task. When subsequent packets from this IP address are checked, if the IP address is blacklisted, the connection is dropped.

Enabling the RBL Filter

When Real-time Black List blocking is enabled, inbound connections from hosts on the WAN, or outbound connections to hosts on the WAN, are checked against each enabled RBL service with a DNS request to the DNS servers configured under RBL DNS Servers.

To enable the Real-time Black List filter:
1
Navigate to Anti-Spam > RBL Filter.
2
Select the Enable Real-time Black List Blocking checkbox.
3
Select the DNS Servers from the RBL DNS Servers drop-down menu:
Inherit Settings from WAN Zone (default) — The DNS server(s) IP address(es) are displayed, but dimmed in the DNS Server 1/2/3 fields.
Specify DNS Servers Manually — The DNS Server 1/2/3 fields become available.
a)
Enter one or more DNS server IP addresses in the DNS Server 1/2/3 fields.
4
Click Accept.

Managing RBL Services

You can add additional RBL services in the Real-time Black List Services section.

The Real-time Black List Services section displays information about and actions for the available RBL services:

RBL Service – The name of the RBL service. Two are provided by SonicWall, but you can add others:
sbl-xbl.spamhaus.org – Spamhaus Project, which provides real-time anti-spam protection for Internet networks
dnsbl.sorbs.net – SORBS (Spam and Open Relay Blocking System), which provides access to its DNS-based Black List (DNSBL) database
Response Codes – Mouse over the Comment icon to display a list of response codes. For information about response codes, see About RBL Lists.
Enable – Select the checkbox to enable the RBL service. The checkboxes for the two provided services are selected by default.

To disable an RBL service, unselect its checkbox. This does not delete the entry from the table, so you can enable the service in the future.

Configure – Displays icons for various actions:
Edit icon – Displays the Edit RBL Domain dialog. See Editing an RBL Service.
Statistics icon – Displays information about connections blocked:

To clear these statistics, click the Clear STatistics button.

Delete icon – Deletes the RBL service entry. See Deleting an RBL Service.
Topics:  

Clearing Statistics

You can clear statistics kept for the Black List services.

To clear statistics:
1
Select a service by clicking its checkbox. To clear the statistics of all services, select the checkbox in the header next to RBL Service. The Clear Statistics button becomes active.
2
Click the Clear Statistics button.

Adding an RBL Service

To add an RBL service:
1
On the Anti-Spam > RBL Filter page, scroll to the Real-Time Black List Services section.
2
Click the Add button. The Add RBL Domain dialog displays.

3
Specify the domain name of the RBL service to be queried in the RBL Domain field.
4
Enable the service for use by selecting the Enable RBL Domain checkbox.
5
Specify the expected response codes by selecting their checkboxes. Most RBL services list the responses they provide on their Web site, although selecting Block All Responses is generally acceptable.
* 
TIP: Selecting the Block All Responses checkbox selects the checkboxes for all the blocked responses. Deselecting the Block All Responses checkbox deselects the checkboxes of all the blocked responses.
6
Click OK. The RBL service is added to the Real-Time Black List Services table.

Editing an RBL Service

To edit an RBL Service:
1
On the Anti-Spam > RBL Filter page, scroll to the Real-Time Black List Services section.
2
Click the Add… button. The Add RBL Domain dialog displays.

3
Optionally, edit the domain name of the RBL service to be queried in the RBL Domain field.
* 
TIP: You can enable or disable an RBL service by selecting/deselecting its Enable checkbox in the Real-time Black List Services table.
4
Optionally, enable or disable the service for use by selecting/deselecting the Enable RBL Domain checkbox.
5
Optionally, select or deselect the expected response codes by selecting their checkboxes.
* 
TIP: Selecting the Block All Responses checkbox selects the checkboxes for all the blocked responses. Deselecting the Block All Responses checkbox deselects the checkboxes of all the blocked responses.
6
Click OK.

Deleting an RBL Service

You can delete RBL services as follows:

To delete one RBL service:
a
Click the Delete icon for the service in the Real-time Black List Services table. A warning message displays:

b
Click OK. The entry is deleted from the Real-Time Black List Services table.
To delete one or more RBL services:
a
Select the checkbox of one or more services in the Real-time Black List Services table. The Delete button becomes active.
a
Click the Delete button. A warning message displays:

b
Click OK. The entry is deleted from the Real-Time Black List Services table.

User-Defined SMTP Server Lists

* 
NOTE: You can modify, but not delete, the RBL User White List or the RBL User Black List.

The User Defined SMTP Server Lists section allows for Address Objects to be used to construct a white-list (explicit allow: RBL User White List) or black-list (explicit deny: RBL User Black List) of SMTP servers. Entries in these lists bypass the RBL querying procedure.

To ensure that you always receive SMTP connections from a partner site's SMTP server:
1
On the Anti-Spam > RBL Filter page, scroll to the User-Defined SMTP Server Lists section.

2
Create an Address Object for the server you want to add:
a
Click the Add… button. The Add Address Object dialog displays.

b
Enter a friendly name for the server in the Name field.
c
From the Zone Assignment drop-down menu, select the server’s zone.
d
From the Type drop-down menu, select the type of host from the Type drop-down menu. The following setting(s) change, depending on the host type selected.
e
If you selected:
Host (default) – Enter the IP address in the IP Address field.
Range – Enter the starting and ending IP addresses in the Starting IP Address and Ending IP Address fields.

Network – Enter the:

Network in the Network field.
Netmask in the Netmask field.
MAC:

Enter the MAC address in the MAC Address field.
If the host is a multi-homed hose, select the Multi-homed host checkbox. Otherwise, deselect the checkbox. This checkbox is selected by default.
FQDN – Enter the FQDN hostname in the FQDN Hostname field.

f
Click OK.
3
Click the Edit icon in the Configure column of the RBL User White List. The Edit Address Object Group dialog displays.

4
Select the address objects to be added from the left column. Multiple address objects can be selected at one time.
5
Click the Right Arrow button.

To delete an address object from the group, select the address object and click the Left Arrow button.

6
Click OK. The table is updated, and that server is always allowed to make SMTP exchanges.

Testing the Real-time Black List

The System > Diagnostics page also provides a Real-time Black List Lookup feature that allows for SMTP IP addresses (or RBL services or DNS servers) to be specifically tested. For information about this feature, see Real-Time Black List Lookup.

For a list of known spam sources to use in testing, refer to: http://www.spamhaus.org/sbl/latest/.

Specifying Relay Domains

* 
NOTE: Anti-Spam > Relay Domains does not apply to the SuperMassive 9800.

Anti-Spam > Relay Domains

The Anti-Spam > Relay Domains page allows you to list domains authorized for relaying email by CASS. Restricting domains that can relay emails avoids open-relay issues.

Topics:  

About Open Relay

An open relay is a SMTP server configured in such a way that it allows a third party to relay (send/receive email messages) that are neither from nor for local users. Such servers, therefore, are usually targets for spammers.

When CASS is configured as an open relay, the mail is relayed even if the mail is not destined to the recipient domain. When CASS is not configured as an open relay, it relays the emails that have one of the listed recipient domains; for domains not listed, the mails are rejected. Listing allowed relay domains avoid unnecessary relaying of emails even when mails are not destined to the user.

Listing Allowed Relay Domains

You can list all domains used for relay.

To list an authorized relay domain:
1
Navigate to the Settings section of Anti-Spam > Relay Domains.

2
Select whether to restrict relay domains:
Any source IP address is allowed to connect to this path – Allows any domain to relay messages. Go to Step 4.
* 
CAUTION: Selecting this option may make a CASS open relay. Even if the mail is not destined to the recipient’s domain, the mail is relayed, which could result in spamming
Any source IP address is allowed to connect to this path, but relaying is allowed only for emails sent to one of these domains – Allows only listed domains to relay messages.
3
Enter the domain(s) allowed to relay messages in the field. Separate domains with a carriage return (<CR>).
4
Click Apply Changes.

 

Managing the Junk Summary

* 
NOTE: Anti-Spam > Junk Box Summary does not apply to the SuperMassive 9800.

Anti-Spam > Junk Box Summary

The Junk Store sends an email message to users listing all the messages placed in their Junk Summary. The Anti-Spam > Junk Box Summary page allows you to set up the Junk Summary for users.

To configure the types of messages that are logged, there is a link to the Anti-Spam > Advanced page.

The Anti-Spam > Junk Box Summary page allows you to set these options:

Frequency Settings – Set the frequency and time Junk Box summaries are sent to you.
Message Settings – Configure what is included in the summary, the language, and whether the summary contains graphics.
Miscellaneous Settings – Set options such as single-click viewing of messages and authentication.
Other Settings – Set options such as sender of summary, email subject, and URL for users.
Topics:  

Managing the Junk Summary

To manage the junk summary:
1
In the Frequency Settings section of the Anti-Spam > Junk Box Summary page, select how often summaries are sent to you from the Frequency of Summaries drop-down menu.

Minimum frequency is 14 Days, maximum is 1 Hour, the default is 1 Day. To prevent summaries from being sent to you, select Never.

2
Select from the Time of day to send summary options to customize the time your users receive email notifications.
* 
NOTE: Individual users can override this setting.
Any time of day (default)
Within an hour of – select a time of day from the drop-down menu; the default is 12 AM
3
If you selected 7 Days or 14 Days from the Frequency of summaries drop-down menu, the Day of week to send summary options become available. To customize the date your users receive email notifications select either:
* 
NOTE: Individual users can override this setting.
Any day of the week (default)
Send summary on – select a day of the week from the drop-down menu; the default is Monday
4
Optionally, from the Time Zone drop-down menu, select the Greenwich Mean Time (GMT) to be used in determining the frequency.
5
In the Message Settings section, select what to include in the message summary from the Summaries include options:
All Junk Messages (default)
Likely Junk Only (hide definite junk)
6
Optionally, select a language for the emails from the Language of summary emails drop-down menu.
7
For Send plain summary (no graphics), select whether the summary does not contain graphics by clicking the Plain summary checkbox. By default, graphics are included in the summary.
a
To see an example for either version, click the appropriate link:
view plain example

view graphic example

b
Close the window.
8
In the Miscellaneous Settings section, choose how email junkbox summary notifications are viewed from the Enable “single click” view of messages options:
Off
View messages only (user can preview messages without having to type their username/passwords.) (default)
Full access (clicking any link in a Junk Box Summary grants full access to the particular user’s settings)
9
To allow your users to authenticate to unjunk email messages, select the Enable Authentication to Unjunk checkbox. This option is not selected by default.
10
To limit junk box summaries notifications to users in LDAP, select the Only send Junk Box Summary emails to users in LDAP checkbox.
11
To enable authentication of non-LDAP users, click the To enable authentication of non ldap users Click here link. The Anti-Spam > Users page displays; for more information about managing users, see Managing Users.
12
In the Other Settings section, choose how the summary is to be sent by selecting an option from Email address from which summary is sent:
Send summary from recipient’s own email address (default)
Send summary from this email address
a)
Enter an email address in the field
13
In the Name from which summary is sent field, enter the name to be displayed in the user’s email for the summary emails. The default name is Admin Junk Summary.
14
In the Email subject field, enter the subject line for the Junk Box Summary email. The default is Summary of junk emails blocked.
15
The URL for user view field is filled in automatically based on your server configuration. It is the basis for all the links in the Junk Box Summary email. If this setting is configured, each user Junk Box Summary emails listing that user’s received email threats are sent.

Junk Box Summary emails contain URLs to:

View quarantined emails.
Unjunk quarantined emails; users unjunk items in the Junk Box summary email by clicking links in the email.
Log in to the Junk Box.
* 
IMPORTANT: If you change this URL, to ensure connectivity, test the link if you make any changes by clicking the Test Connectivity button. If the test fails, ensure the URL is correct.
16
Click the Apply Changes button.

Reverting to Defaults

You can revert all custom settings to default settings at any time.

To revert to default settings:
1
Click the Revert button.

 

Configuring the Junk Box View

* 
NOTE: Anti-Spam > Junk Box does not apply to the SuperMassive 9800.

Anti-Spam > Junk Box

On the Anti-Spam > Junk Box page, you can view, search, and manage all email messages that are currently in the Junk Store on the Exchange or SMTP server.

* 
NOTE: This functionality is only available if the Junk Store is installed.

Topics:  

About the Junk Box Tabs

The Anti-Spam > Junk Box page contains two tabs:

Inbound, which lists only inbound messages
Outbound, which lists only outbound messages
* 
NOTE: If you cannot view the Outbound tab, you must upgrade your Junk Store license. If you click on the Question Mark icon, this message is displayed:

The function and display of the two tabs are the same. Each tab contains two sections:

Simple/Advanced Search Mode
Messages Found

You can collapse or expand either section by clicking its Expand/Collapse icon.

In the Simple Search Mode section are two links to other pages:

To change the duration junk mail is held before deletion, click the link at the end of Items in the Junk Box will be deleted after at the top of the section.
To display the Anti-Spam > Settings page, click the Settings button at the bottom of the section.

Information Displayed in the Messages Found Table

The Messages Found table displays this information about the quarantined messages:

 

Information about quarantined messages

This column

Contains or indicates

Checkbox icon

Checkbox for each item in the table. Clicking the Checkbox icon in the heading selects all items in the table.

To

Recipient’s email address.

Threat

Type of threat the email poses; for more information about threat categories, see Email Threat Category Settings: Options in Configuring Email Threat Categories.

Paperclip icon

Email has attachments.

Subject

Subject line of the email.

From

Sender’s email address.

Received

Date the email was sent.

Use the buttons at the top and bottom of the Messages Found table to perform the following Junk Store management tasks (see Message Table Buttons) on the Anti-Spam > Junk Box page:

 

Message Table Buttons

Button
Function

Delete

Permanently delete the selected message(s) from the Junk Store; to delete all messages click the checkbox in the table heading

Unjunk

Remove the selected message(s) from the Junk Store and deliver them to the user(s) to whom they are addressed. The delivery time and date are set by the Exchange server when each message is delivered to the user mailbox.

Send Copy To

Keep the selected message(s) in the Junk Store and send a copy of it (them) to a user.

Searching the Messages

You can perform two types of searches on messages found in the Junk Store:

Performing a Simple Search

To search the Junk Store:
1
On the Anti-Spam > Junk Box View page, select either the Inbound tab or the Outbound tab.

2
Type the text for which to search into the Search for field.

Surround sentence fragments with quotation marks (“). Boolean operators (AND, OR, NOT) can be used.

3
Select the desired email field in which to search from the in drop-down menu:
Subject (default)
From
To
Unique Message ID
4
From the on drop-down menu, select a date to search:
---Show all--- (default)
Today
A particular date; the number of dates vary, depending on the length of time junk messages are held
5
Click the Search button to perform the search.

The results are displayed in the Messages Found section of the page, and a message is displayed at the top. If the search is successful, the message contains the word, Success!, and the entire message is highlighted in green. If a search is not successful, it contains the word, Warning!, and the entire message is highlighted in yellow.

6
To return the Messages Found table to its original state:
a
Delete the data from the Search for field.
b
Click Search.

Performing an Advanced Search

1
On the Anti-Spam > Junk Box View page, select either the Inbound tab or the Outbound tab.

* 
NOTE: To change the settings, click the link in the Items in the Junk Box will be deleted after nn days to display the Anti-Spam > Settings page.
2
Click the Advanced View button. The Simple Search Mode expands to become the Advanced Search Mode section.

3
In the Query Parameters section, enter your search criteria in one or more of the Query Parameter fields:
 

Parameter

Query criteria

To

Recipient’s email address.

From

Sender’s email address.

Separate multiple email addresses or domain names with a comma. Boolean operators OR and NOT are supported

Subject

Subject of the email.

Enclose sentence fragments with quotation marks (“). Boolean operators AND, OR, and NOT are supported.

Unique Message ID

Unique message ID.

Separate multiple entries with a comma.

Start Date

First date to search.

Enter dates in either format:

MM/DD/YYYY
MM/DD/YYYY hh:mm (Hour values should be between 0 and 23 [24-hour clock])

End Date

Last date to search.

Enter dates in either format:

MM/DD/YYYY
MM/DD/YYYY hh:mm (Hour values should be between 0 and 23 [24-hour clock])
4
In the Threats section, specify the threat categories to search for. By default all categories are selected.

Deselect any category you do not want to include in the search by clicking its checkbox. To deselect all categories, click the Check None button. All the categories become unchecked, the Check All button becomes active, and the Check None button becomes dimmed.

Only messages belonging to one of the Email Threat Categories set to Store in Junk Box on the Anti-Spam > Settings page are included in the Junk Store. All categories, however, are listed on this page, whether any messages of that type are stored in the Junk Store.

* 
NOTE: To change these settings, click the Settings button; the Anti-Spam > Junk Box Settings page displays.
5
Click the Search button to perform the search.

The results are displayed in the Messages Found section of the page, and a message is displayed at the top. If the search is successful, the message contains the word, Success!, and the entire message is highlighted in green. If a search is not successful, it contains the word, Warning!, and the entire message is highlighted in yellow.

6
To return to the Simple View, click the Simple View button.
7
To return the Messages Found table to its original state:
a
Delete the data from the Search for field.
b
Click Search.

Managing Messages in the Junk Store

* 
TIP: If you are not searching the Junk Store, click the Collapse icon for the Simple/Advanced Search Mode section.

You can delete, unjunk, or send a copy of Junk Store messages.

To manage the Junk Store:
1
On the Anti-Spam > Junk Box page, scroll to the Messages Found table.

2
Select the checkbox for the message(s) that you want to manage.
* 
TIP: To select all messages, select the checkbox in the table header. All checkboxes are selected.
3
Perform the management task(s):
To permanently delete the selected messages from the Junk Store, click the Delete button.
* 
NOTE: Messages are deleted automatically after 30 days.

The selected messages are deleted immediately — there is no confirmation dialog before the deletion. If the deletion is successful, a green notification is displayed at the top of the page. If the deletion fails, the notification is red.

To remove the selected messages from the Junk Store for delivery to the recipients, click the Unjunk button.

The selected messages are unjunked and sent immediately — there is no confirmation dialog before the action. If the action is successful, a green notification is displayed at the top of the page. If the action fails, the notification is red.

To send a copy of the selected messages to a user, click the Send Copy To button. The Send Copy To dialog displays.

a)
Do one of the following:
Select the Send a copy to original recipient checkbox.
Type the email address into the Recipient email address field.
b)
Click the Send button.

The selected message is sent immediately — there is no confirmation dialog before the action. If the action is successful, a green notification is displayed at the top of the page. If the action fails, the notification is red.

 

Configuring Junk Box Settings

* 
NOTE: Anti-Spam > Junk Box Settings does not apply to the SuperMassive 9800.

Anti-Spam > Junk Box Settings

The Anti-Spam > Junk Box Settings page allows you to set the:

Length of time that messages are stored in the Junk Box before being deleted.
Number of Junk Box messages to be displayed per page.
Action performed when a user unjunks a message.

To perform message management:
1
In the Message Management section, select the number of days to retain junk mails before deleting them from the Number of days to store in Junk Box before deleting drop-down menu. The minimum is 1 Day, the maximum is 180 Days, and the default is 15 Days.
2
Select the number of rows of messages to display in the Messages Found section on the Inbound tab of the Anti-Spam > Junk Box View page from the Number of Junk Box messages to display per page drop-down menu. The minimum is 10 Rows, the maximum is 400 Rows, and the default is 400 Rows.
3
Select whether an unjunked sender is added to the recipient’s Allowed List from When a user unjunks a message; neither option is selected by default:
Automatically add the sender to the recipient’s Allowed List
Do not add the sender to the recipient’s Allowed List
4
Click Apply Changes.
To revert to default settings:
1
Click the Reset to Defaults button.

 

Configuring User-Visible Settings

* 
NOTE: Anti-Spam > User View Setup does not apply to the SuperMassive 9800.

Anti-Spam > User View Setup

The Anti-Spam > User View Setup page allows you to select and configure which settings are visible for users.

Topics:  

Configuring User View Setup

* 
NOTE: Selected options appear in a user’s navigation toolbar.
To configure what the user sees:
1
In the User View Setup section, to allow users to see their own Address Book (people, companies, and lists) in the navigation toolbar, select the Address Books checkbox. This option is selected by default.
2
To allow Helpdesk to view users’ email problems, select the Allow audit view to Helpdesk users checkbox. This option is not selected by default.
3
In the User download settings section, to allow Outlook users to download the Junk Button, select the Allow Users to download SonicWall Junk Button for Outlook checkbox. This option is selected by default.
4
To allow Outlook and Outlook Express users to download the Anti-Spam Desktop, select the Allow users to download SonicWall Anti-Spam Desktop for Outlook and Outlook Express checkbox. This option is selected by default.
5
To allow Outlook users to download the Secure Mail plugin, select the Allow users to download SonicWall Secure Mail Outlook plugin checkbox. This option is selected by default.
6
In the Quarantined junk mail preview settings section, to allow users to preview their quarantined junk mail, select the Users can preview their own quarantined junk mail checkbox. This option is selected by default.
7
To allow Administrators to preview all quarantined junk mail for the entire organization, select the Administrators checkbox. This option is selected by default.
* 
NOTE: Administrators have access to preview all quarantined junk mail for the entire organization by default. To change this option, unselect the Administrators checkbox.
8
After all necessary changes have been made, click the Apply Changes button.

Reverting to Default Settings

You can change all settings back to factory defaults at any time.

To clear any changes made at any time and revert to the default settings:
1
Click the Revert button.

 

Configuring Corporate Allowed and Blocked Lists

* 
NOTE: Anti-Spam > Address Books does not apply to the SuperMassive 9800.

Anti-Spam > Address Books

The Anti-Spam > Address Books page allows you to configure the Allowed and Blocked lists for your organization. The lists are a combination of allowed and blocked senders from the organization’s lists and lists provided by the firewall.

* 
NOTE: The Blocked tab only filters addresses by people, IPs, and companies, while the Allowed tab filters addresses by people, companies, IPs, and lists.

If your lists are long, you can use a search function to display only desired table entries.

Topics:  

About the Tabs

The two tabs, Allowed and Blocked, are identical except the search categories for both pages are People, Companies, and IPs while the Allowed page also has Lists.

Topics:  

Allowed Lists

The Allowed tab enables you to permit people, companies, IP addresses, or lists to send mail to your organization. You can import address books to the Allowed list and export the Corporate Address Book to an Excel spreadsheet or text file.

Blocked Lists

* 
NOTE: Senders added on the Corporate Blocked List by an Administrator are blocked automatically for all users and can only be deleted by an Administrator.

The Blocked tab allows you to restrict people, companies, and IP addresses from sending mail to your organization. You can import address books to the Blocked list and export the Corporate Address Book to an Excel spreadsheet or text file.

Adding Items to the Allowed or Blocked List

To add an item to the Corporate Allowed/Blocked List:
1
Navigate to the appropriate tab on Anti-Spam > Address Books.

2
Click the Add button. The Add Items Allowed List dialog displays.

3
Select the type of list user from the Select list type drop-down menu:
People
Companies
Lists (available only for the Allowed tab)
IPs
4
Enter the address(es)/domain(s) in the field. Depending on the list type selected, the field name changes:
PeopleEnter IP Addresses separated by a carriage return
CompaniesEnter the domains separated by a carriage return
ListsEnter the mailing lists separated by a carriage return
IPsEnter IP Addresses separated by a carriage return
5
Click Add to finish. The address(es)/domain(s) are added to the List on the Allowed/Blocked tab.

Deleting Items from the Allowed or Blocked List

To delete a sender from the Corporate Allowed/Blocked List:
1
Click the appropriate tab.
2
Select the checkbox next to the email address(es) you wish to delete. The Delete button becomes active.
3
Click the Delete button. A success message appears confirming the deletion.
* 
TIP: To delete all entries, click the checkbox in the table header.

Importing Address Book Entries

You can import entries from one or more address books.

To import address book entries:
1
Click the appropriate tab.
2
Click the Import button. The Import AddressBook dialog displays.

3
Click the Browse button. The Windows File Upload dialog displays.
4
Select the file to upload. It must be in this format:

<TAB>D/L/E/I<TAB>A/B<TAB>Address List<CR>

where

D/L/E/I – Domain/List/Email/IP Address

A/B – Allowed/Blocked

Address List – Address book entries separated by commas

and email addresses, domains, IP addresses, and lists are separated with a carriage return.

For example:

<TAB>E<TAB>A<TAB>email1@company.com,email2@company.com<CR>

<TAB>L<TAB>B<TAB>list1@company.com,list2@company.com<CR>

5
Click Open.
6
Click Import.

Exporting Address Book Entries

You can export entries to an Excel spreadsheet or text file.

To export address book entries:
1
On the appropriate tab, click the Export button. The Windows Opening filename dialog displays.
2
Select either:
Open with Microsoft Excel (default)
Save file
3
Click OK.

Searching the Allowed and Blocked Lists

A search field is available to quickly find Allowed and Blocked entries in the Allowed and Blocked tables. You can access this field from either the Allowed tab or the Blocked tab.

To search the Allowed or Blocked lists:
1
Click the appropriate tab.
2
Go to the Search section.

3
Enter an address or domain in the Search field. Enter multiple entries separated by a comma.
4
Optionally, you can filter the search between the Type of addresses (People, Companies, IPs, or Lists [Allowed list only]) by selecting the checkboxes below the search bar; by default, all are selected.
5
Click the Go button to begin the search. The results are shown in the List table.
To clear the search field:
1
Click the Reset button.

 

Managing Users

Anti-Spam > Users

The Anti-Spam > Users page allows you to add, remove, and manage all users, on both the Global and LDAP servers. For more information regarding LDAP configuration, refer to Configuring the LDAP Server.

The User table displays this information:

 

Column

Description

User Name

User’s user name, which may not be part of the primary email address.

Primary Email

Email address of the user.

Message Management

Displays whether the user adheres to the settings on the Anti-Spam > Junk Box Summary page or has modified them:

Default – All administer’s settings are used
Custom – User has changed one or more settings

User Rights

Is always User as user rights cannot be modified in CASS.

Source

Displays the user’s server name.

Topics:  

Updating the User Table

To update the list of users in the User Table:
1
Navigate to the Users section of Anti-Spam > Users.

2
Click the Refresh Users & Groups button.

Enabling Non-LDAP User Authentication

Authentication for non-LDAP users must be enabled.

To enable authentication for non-LDAP users:
1
Scroll to the User View Setup section of Anti-Spam > Users.

2
Select the Enable authentication for non ldap users checkbox. A cautionary message displays.

3
Click OK.

Viewing Users

The User Table displays all the users who can log in. You can filter the users to only those you want to see at the moment by:

Selecting a source (server); see Selecting a Server’s Users to View
Specifying a particular user; see Finding a User

Selecting the Type of User to View

You can see all users, just LDAP users, or just non-LDAP users.

To select the type of user to display:
1
Scroll to the Find All users in column section of Anti-Spam > Users.

2
Select which type of user:
Only LDAP – Select the Show LDAP entries checkbox; this is the default if your system has only LDAP users.
Only non-LDAP – Select the Show non-LDAP entries checkbox; this is the default if your system has only non-LDAP users.
Both LDAP and non-LDAP – Select both checkboxes; this is the default if your system has both types of users.

Selecting a Server’s Users to View

You can limit the User table to display only those users from a particular server.

To select a source (server):
1
Go to the filter section of User View Setup.

2
From the Using Source drop-down menu, select which server, or source, to view:
GLOBAL (default) – A Global server is always available
LDAP server name – If one or more LDAP servers have been added, all server names are listed.
3
Click the Go button.

Finding a User

You can restrict the view to just one user.

To find a user:
1
Go to the filter section of the User View Setup section of Anti-Spam > Users.

2
From the Find all users in column drop-down menus and field, enter the selection criteria:
a
From the first drop-down menu, select:
User Name
Primary Email
b
Filter the search by these conditions from the second drop-down menu:
equal to (fast) (default)
starting with (medium)
containing (slow)
c
Enter the user’s information in the field.
3
Click GO. The User table displays only those emails that meet the specified criteria, and a message displays at the top of the page.

To restore the User table display:
1
Remove the search criterion from the Find all users in column field.
2
Click Go.

Adding Users

You can add users to the list of users who can log in:

By importing them; see Importing Users to the User Table
* 
NOTE: It is recommended that you add all employees to the list of users who can log in. Corporate mailing list addresses and aliases (such as info@example.com) should also be added to ensure that junk mail sent to those aliases can be filtered. There is no harm if extra addresses that do not receive email appear here as a result of too broad an LDAP query.

Adding Users Manually to the User Table

To add a user to the Global or LDAP Server:
1
Click the Add button above the User Table. The Add User dialog displays.

2
Enter the primary address of the user in the Primary Address field.
3
If the user is an LDAP user, enter the user’s password in the Password and Confirm User fields.
4
Select which server the user belongs to from the Using Source drop-down menu.
5
Optionally, enter any Alias(es) of the user in the Aliases field. Separate each entry with a carriage return (<CR>).
6
Click Add to finish adding a user.

Importing Users to the User Table

To import a list of users from a file:
1
Click the Import button above the User Table. The Import Users dialog displays.

2
Select how the imported file is to be treated by selecting an Import Mode:
append – Adds the users to the end of the file containing the list of approved users.
overwrite – Replaces the existing users with the imported users.
3
Specify the server to be used as a source:
GLOBAL
LDAP server name
4
Click the Browse button. The Windows File Upload dialog displays.
5
Select the file to upload. It must be in this format, with a tab <TAB> delimiter between the primary address and the alias and a carriage return <CR> delimiter to separate entries:

primary_email1@company.com<TAB>primary_email1@company.com<CR>

For example:

primary_email1@company.com<TAB>primary_email@company.com<CR>

primary_email1@company.com<TAB>alias1@company.com<CR>

primary_email1@company.com<TAB>alias2@company.com<CR>

If the user already exists in LDAP, the entries would be:

primary_email2@company.com<TAB>alias1@company.com<CR>

primary_email2@company.com<TAB>alias2@company.com<CR>

6
Click Open.
7
Click Import.

Signing In as a User

You can sign in to a user’s account to see their Email Security Anti-Spam > Junk Box.

To sign in as a user:
1
Navigate to the User table of Anti-Spam > Users.
2
Select the checkbox of the user you want to sign in as. The Sign in as User button becomes active.
3
Click the Sign in as User button. A separate window displays the Email Security Anti-Spam > Junk Box page for that user.
4
To return to the SonicOS Anti-Spam > Users page, click the Logout icon on the Email Security page.

 

Configuring the LDAP Server

Anti-Spam > LDAP Configuration

The Anti-Spam > LDAP Configuration page allows you to configure various settings specific to LDAP servers.

* 
NOTE: All panels can be displayed or hidden by clicking the Expand/Collapse icon.
Topics:  

Available LDAP Servers

This section displays information about any LDAP Servers configured on the firewall:

Friendly Name – Displays the friendly name of the server. Clicking the link displays the Server Configuration, LDAP Query Panel, and Add LDAP Mappings sections.
Server Name:Port – Displays the IP address and port of the server.
Type – Displays the type of server, such as Active Directory or OpenLDAP.
Login Method
Account Information – Displays
Configure – Contains Edit and Delete icons.

Adding an LDAP Server

Configure a new LDAP server to enable per-user access and management.

* 
IMPORTANT: Anti-Spam uses your existing Active Directory or LDAP server to authenticate end users as they log in to their personal Junk Boxes. The Anti-Spam > LDAP Configuration page must be correctly filled out to return the complete list of users who are allowed to log in to their Junk Box. If a user does not appear in this list, their email is filtered, but they can not log in to their personal junk box.

Correctly filling out the LDAP configuration requires completing the Server Configuration panel, LDAP Query Panel, and the Add LDAP Mappings panel.

To add an LDAP server:
1
In the Available LDAP Servers section, click the Add Server button. The Server Configuration section expands:

2
Optionally, in the Settings section, enable the Show Enhanced LDAP Mappings fields checkbox. When this option is enabled, fields for a secondary server display in red in the LDAP server configuration section.

3
To have the fields in the LDAP Query Panel completed automatically, ensure the Auto-fill LDAP Query fields when saving configuration checkbox is selected. This option is selected by default.
4
In the LDAP server configuration section, configure the new LDAP server’s settings:
* 
TIP: The primary and secondary names and IP addresses can be up to 200 alphanumeric characters including a hyphen (-) and period (.), but no spaces. Examples:

192.168.4.100

host-name123.com

Friendly Name—Enter a friendly name for the LDAP server. The default name is ldapservern, where n is a sequential number.
Primary Server name or IP address—The server name or IP address of the LDAP Server.
Port Number—The port number of the LDAP Server. The default port number is 389.
Secondary Server name or IP address—The server name or IP address of the secondary LDAP Server.
* 
NOTE: The Secondary Server name or IP address and Port number options, in red, display only if you selected Show Enhanced LDAP Mapping fields in the Settings section.
Port Number—The port number of the secondary LDAP Server. The default port number is 389.
LDAP Server Type—Select from the drop-down menu:
Active Directory
Lotus Domino
Exchange 5.5
Sun ONE iPlanet
Other
LDAP Page Size—Enter the maximum page size to be queried on the LDAP Server. The default is 100.
* 
CAUTION: Many LDAP servers, including Active Directory, have a setting that specifies the maximum page size to be queried. If the LDAP Page Size setting exceeds that maximum page size, performance problems may occur on both the LDAP server and on . In the rare circumstances that this needs to be adjusted, consult SonicWall Technical Support.
Requires SSL—To have the LDAP Server require SSL, select this checkbox. This option is not selected by default.
Allow LDAP Referrals—Select this option if you have multiple LDAP servers, each of which may have different information. When LDAP referral is enabled, one LDAP server can delegate parts of a login request for information to other LDAP servers that have more information. This delegation is called a referral and occurs when an administrator or user logs in. A referred login request can be very slow, taking 20 seconds or more. This setting is not selected by default.
* 
NOTE: To speed log ins for administrators and users, disable this option if you have:
Only one LDAP server.
Two or more LDAP servers that all share the same information.
* 
TIP: It is safe to disable referrals and then test whether any users are blocked from logging in. No data or settings are lost.
5
From the Authentication Method section, configure the LDAP login method for users:
Anonymous bind (default) – Many LDAP servers are configured to provide the list of users to anyone who asks. This is called Anonymous Bind.
* 
TIP: Select this option first, then test it; see Step 8.
Login – If the Anonymous bind option failed, select this option. You then need to provide a username and password to get LDAP to return the list of users.
6
If you selected:
Anonymous bind, go to Step 8.
Login, go to Step 7.
7
Specify the Login name and Password.

Login name is the credential used to allow a user access to the LDAP resource. Each type of LDAP server has a format for a log in name. Use the format appropriate for your server.

* 
TIP: To see examples of the different formats, click the Question Mark icon by the Login name field.
8
To test the settings you just configured, click the Test LDAP Login button. The Test Results message displays:

9
Click Save Changes to finish adding an LDAP Server. The LDAP Query Panel and Add LDAP Mappings panel display.

Configuring LDAP Queries

* 
TIP: If you selected the Auto-fill LDAP Query when saving configuration option in the Settings section, the LDAP Query Panel fills with default values automatically.

To successfully allow users to login to their Junk Box:
* 
TIP: To examine your LDAP tree in its entirety to get a comprehensive look at your LDAP structure and its various attributes and object classes, run the free program, Softerra LDAP Browser 2.5, available at:

http://www.ldapbrowser.com/download/index.php

On a Windows PC, download the program. When it is running, to determine the best query for your network, browse to a user on the network and examine their attributes.

1
In the LDAP Query Panel, go to the Query Information for LDAP Users section.
* 
TIP: If you did not specify Auto-fill LDAP Query fields when saving configuration in the Settings section, you can click the Auto-fill User Fields button to do so.
2
To use the optional Groups functionality, in the Directory Node to Begin Search field, specify a full LDAP directory path that points towards a node (directory inside LDAP) containing the information for all groups in the directory. This path narrows the search for LDAP groups to a reasonable size.

The information contained in LDAP is organized into a directory tree much like an ordinary file system. Each directory is specified as a name=value pair, where:

name is commonly:
 

DC (domain component)

OU (organizational unit)

DN (distinguished name)

O (organization)

value is commonly one segment of a fully specified hostname (for example, the word companyxyz in sales.companyxyz.com).

To specify a particular node in LDAP you use a comma-separated list. To specify multiple nodes to search in, use the ampersand (&) character between full paths.

For example, if the hostname of a particular machine inside companyxyz was computer27.sales.companyxyz.com, the LDAP path might be:

DC=computer27,DC=sales,DC=companyxyz,DC=com

* 
TIP: To see examples for the various directory types, click the Question Mark icon next to the Directory Node to Begin Search field
3
Enter an LDAP filter in the standard LDAP filter syntax in the Filter field.

Anti-Spam must be instructed on how to find and identify users and mailing lists. By specifically stating the Object Class and mail attribute in the Filter field, non-primary email accounts (such as printers and computers) are not included during an LDAP query. Focusing on primary user accounts speeds up the query.

The Filter field contains an example syntax:

(&(|(objectClass=group)(objectClass=person)(objectClass=publicFolder))
(mail=*))

All LDAP filters are grouped in parenthesis, and the filter itself has a pair of parentheses surrounding the whole string. The very next character from the left is an ampersand (&). The LDAP filter syntax is prefix notation, which means this filter only returns the logical AND of three sub-filters, each grouped in parentheses. Other operators include a pipe (|) for OR and an exclamation point (!) for NOT.

* 
TIP: To see examples for the various directory types, click the Question Mark icon next to the Filter field
4
Specify the text attribute a user uses fora login name in the User Login Name Attribute field. The generally accepted attribute for this field is sAMAccountName, which is the default. This attribute should work for Microsoft Windows, as well as all other environments.
* 
IMPORTANT: This field works in conjunction and needs to agree with the Filter field. If you change sAMAccountName, you must change it in both the Filter field and the User Login Name Attribute field.
* 
TIP: To see examples for the various directory types, click the Question Mark icon next to the User Login Name Attribute field
5
Specify the email address, employee ID, phone number, or other alias attributes that link a single user to his or her junk box in the Email Alias Attribute field.

At many companies, an end user has multiple email accounts that all map to one true email account. For example, JohnS@example.com and John.Smith@example.com might both be valid email addresses for John Smith's InBox. Anti-Spam supports this by allowing an end user to have one junk email box that groups all email from their various email addresses.

The generally accepted single attribute for this field is proxyAddresses. All other attributes must be separated by a comma. For example:

proxyAddresses,legacyExchangeDN
proxyAddresses,EmployeeID,PhoneNumber
* 
TIP: In Microsoft Windows environments, the single attribute, proxyAddresses, is often sufficient.

To see examples for the various directory types, click the Question Mark icon next to the Email Alias Attribute field

6
Optionally, test to see if your settings work, click Test User Query button under the Query Information for LDAP Users section.
7
Save the changes by clicking Save Changes under the Query Information for LDAP Users section.
8
Go to the Query Information for LDAP Groups section.
* 
TIP: If you did not specify Auto-fill LDAP Query fields when saving configuration in the Settings section, you can click the Auto-fill Group Fields button to do so.
9
To use the optional Groups functionality, in the Directory Node to Begin Search field, specify a full LDAP directory path that points towards a node (directory inside LDAP) containing the information for all groups in the directory. This narrows the search for LDAP groups to a reasonable size. For further information about this setting, see Step 2.
10
To instruct Anti-Spam on how to find and identify users and mailing lists, enter an LDAP filter in the standard LDAP filter syntax in the Filter field. The field contains an example syntax. For further information about this setting, see Step 3.
11
Specify the attribute of the group that corresponds to Group names in the Group name attribute field
12
A common way to specify a group is a mailing list. In the mailing list entry in LDAP, there is one particular field that specifies the members of the list. Enter that information in the Group members attribute field.
13
In some LDAP configurations, there is an attribute, inside each user's entry in LDAP, that lists the groups or mailing lists of which this user is a member. Specify that attribute in the User membership attribute field.
14
Optionally, test to see if your settings work, click the Test User Query button under the Query Information for LDAP Groups section.
15
Save the changes by clicking Save Changes under the Query Information for LDAP Groups section.

Adding LDAP Mappings

If you are using a Microsoft Windows environment, you need to specify the NetBIOS domain name in the Add LDAP Mappings panel.

* 
NOTE: The NetBIOS domain name is sometimes called the pre-Windows 2000 domain name.
To add LDAP mapping:
1
Determine your domain name(s).
a
Login to your domain controller.
b
Navigate to Start > All Programs > Administrative Tools > Active Directory Domains and Trusts.
c
Highlight your domain from the Active Directory Domains and Trusts dialog.
d
Click Action.
e
Click Properties. The domain name(s) appear on the domain’s Properties dialog on the General tab.
f
Record the domain name(s).
2
Navigate to the Add LDAP Mappings panel of Anti-Spam > LDAP Configuration.

3
Add the NetBIOS domain name(s) to the Domains field. Add a maximum of 200 alphanumeric characters. Separate multiple domains with a comma. Hyphens (-) and periods (.) are allowed.
4
Click Save Changes.
5
On certain LDAP servers, such as Lotus Domino, some valid email addresses do not appear in the LDAP. The Conversion Rules section changes the way the SonicWall Email Security appliance interprets certain email addresses to provide a way to map the email address to the LDAP Server.

If you:

Have one of these servers, go to Step 6.
Do not have one of these servers, you have finished configuring LDAP.
6
To map these addresses, click on the View Rules button. The LDAP Mapping dialog displays.

7
Select the LDAP Server you are using from the drop-down menu.
8
Click Go.
9
Optionally, add a mapping:
a
From the IF/THEN drop-down menus and fields, select:
domain is—Adds additional mappings from one domain to another; in the field, specify a domain to be mapped
replace with—Replaces the domain with the one specified

Example: IF domain is engr.corp.com THEN replace with corp.com, then email addressed to anybody@engr.corp.com is sent to anybody@corp.com

also add—Adds the second domain to the list of valid domains

Example: IF domain is corp.com THEN also add engr.corp.com, then if corp.com is found in the list of valid LDAP domains, engr.corp.com is added to the list

left side character is—Adds character substitution mappings; in the field, specify a character to be substituted
replace with—Replaces any character specified to the left of the at sign (@) in the email address with the new character

Example: IF left side character is _ THEN replace with -, then email addressed to Jane_Doe@corp.com is sent to Jane-Doe@corp.com

also add—Adds a second email address to the list of valid email addresses

Example: If left side character is _ THEN also add -, then email addressed to either Jane_Doe@corp.com or Jane-Doe@corp.com is a valid email address

b
Click the Add Mapping button to finish adding the conversion rules.
* 
NOTE: To delete a mapping, click the Delete button for that mapping.

Configuring Global LDAP Settings

Global LDAP settings apply universally across all LDAP server configurations.

To configure global settings:
1
Navigate to the Global Configurations panel in Anti-Spam > LDAP Configuration.

2
In the Domain Aliases section, enter one or more aliases for one or more servers for a maximum of 200 alphanumeric characters for each server. Separate multiple aliases with a comma. Hyphens (-), underscores (_), but not spaces, are allowed.

End users must authenticate using an alias configured here. For Active Directory servers, the pseudo-domains are the LDAP friendly names paired with the NetBIOS domain name. Any aliases are available for authentication in the drop-down menu on the logon screen if that option is selected in the Settings section.

3
To allow the end user to see a list of domains and aliases when logging on, in the Settings section, select Show a list of domains to end users for authentication. This setting is selected by default.
4
Specify the number of minutes between refreshes of the list of users on the system in the Usermap Frequency field.

This setting applies to the list of aliases and lists of members of groups. In most cases, increase this setting only to lower the load on the LDAP server. Depending on your other settings, fetching the user list once every 24 hours (1440 minutes) is acceptable and results in less load on the LDAP server.

* 
NOTE: Usermap frequency does not affect a user's ability to log on, which is a real-time reflection of the LDAP directory
5
Click Save Changes.

Editing an LDAP Server Configuration

Editing an LDAP server configuration requires the same settings as adding a server.

To configure an LDAP server:
1
From the list of available LDAP servers, click the Edit icon. These sections expand for editing:
Server Configuration – see Adding an LDAP Server
LDAP Query Panel – see Configuring LDAP Queries
Add LDAP Mappings – see Adding LDAP Mappings

Deleting an LDAP Server

To delete an LDAP server:
1
Click the Delete icon for the server to be deleted. A warning message appears:

2
Click OK. A success message appears at the top of the Anti-Spam > LDAP Configuration page.

 

Configuring Anti-Spam Logging

* 
NOTE: Anti-Spam > Advanced does not apply to the SuperMassive 9800.

Anti-Spam > Advanced

The Anti-Spam > Advanced page allows you to download log and system configuration files from your server as well as configure the log level.

Topics:  

Downloading System/Log Files

* 
NOTE: Some log file names, such as those found in the commonlogs directory, contain a two-digit number such as 12.log. The "12" indicates that the log is for the 12th day of the most recent month. Some log file names end with a digit, such as MlfThumbUpdate_2.log. The "2" indicates that this is an older log. The current log is MlfThumbUpdate.log. The next most recent log is MlfThumbUpdate_0.log, followed by MlfThumbUpdate_1.log, and so forth.

Most log data is in Greenwich Mean Time (GMT), not in the local time of the server the logs come from. This applies to the names of the log files as well.

To download log or system configuration files from your SonicWall Email Security server:
1
Navigate to the Download System/Log Files section of Anti-Spam > Advanced.

2
Select the type of file to download from the Type of file drop-down menu. The Choose specific files list becomes populated with that type of file.

3
From the Choose specific files list, select one or more specific items. To select multiple files, hold down the Shift key or Ctrl key while selecting the files. The Download and Email To… buttons become active.
* 
NOTE: The selected files are combined into a zip file.
4
Click either:
Download button to download the file(s) to your local hard drive.
Email To... button to email the file(s). the Send To dialog displays.

a)
Enter the sender’s email address in the Send files from this email address field. The default is postmaster.
b)
Enter the recipient’s email address in the Recipient email address field.
c)
Click the Send button.
* 
NOTE: Emailing very large files and directories can be problematic depending on the limitations of your email system.

Selecting the Amount and Level of Log Information

You can select the level and amount of system report information to be stored in your logs in the Other Settings section.

To configure the level and amount of log information:
1
Navigate to the Other Settings section of Anti-Spam > Advanced.

2
Click the Manage button. The Set Log Level dialog displays.

3
Select the default log level from the Default Log Level drop-down menu; levels are listed from lowest to highest:
* 
NOTE: The higher the default log level, the more events are recorded. For example, the info level also records trace and debug levels.
trace – lowest level
debug
info – default
warn
error
fatal – highest level

All logs adhere to the default level set here unless specifically overridden.

4
To make changes to the logs in the Overrides section, deselect the Adhere to default level checkbox. All drop-down menus for all service categories become active.
5
To change the log level for specific services and subservices. from the Select Log Level drop-down menu for the service/subservice to be changed, select the desired log level. The levels are the same as for those in Step 3, plus the adhere option.
* 
NOTE: The default log level for all service and subservice categories is adhere, that is, the log level set by the Default Log Level drop-down menu is used.
6
Optionally, select the number of log files to retain. By default, Junk Box keeps 3 log files for these services:
 
SMTP
Thumbprint Updater
Resources Monitor
Replicator
Services Monitor
Web UI

When a fourth log file is generated, the oldest log file is discarded, the second oldest becomes the oldest, and the third oldest becomes the second oldest.

a
You can increase the number of logs kept for a service by selecting a number from the Count drop-down menu for that service:
 
3
6
8
10
5
7
9

 

A lower number of logs saves disk space, but older data may not be available. A larger number of logs retains more data, but takes more disk space.

7
Optionally, select a size for the service logs (see Step 6) from the Size drop-down menus. The default size of each log is 10 Mb.

You can increase the size of he logs, in 10 MB increments, from 10 Mb (default) to 100 Mb. A smaller log size saves disk space, but larger logs contain more data.

* 
IMPORTANT: Changing the size of a log requires restarting the Tomcat server.
8
Click the Apply Changes button to save any changes made.
To return the logging level to default value:
1
Click the Reset to Defaults button.

 

Downloading Anti-Spam Desktop Buttons

* 
NOTE: Anti-Spam > Downloads does not apply to the SuperMassive 9800.

Anti-Spam > Downloads

The Anti-Spam > Downloads page allows you to download and install one of SonicWall’s latest spam-blocking buttons on your desktop.

By clicking on a link, you can download these buttons to your desktop:

Junk and Unjunk buttons to teach Email Security what you want and don’t want easily and quickly; select one:
Anti-Spam Desktop for Outlook (32-bit) and Outlook Express (trial version) on Windows (32-bit)
Anti-Spam Desktop for Outlook (32-bit) and Outlook Express (trial version) on Windows (64-bit)
Anti-Spam Desktop for Outlook (64-bit) and Outlook Express (trial version) on Windows (64-bit)
Junk button to teach Email Security what you want easily and quickly; select one:
Junk Button for Outlook (32-bit)
Junk Button for Outlook (64-bit)