Spam Filter

[How to run the NSM GUI under Mac OS X]

How to run the NSM GUI under Mac OS X
How to setup a route-based VPN on a NetScreen
How to make your PPTP VPN client work through a NetScreen/SSG
Setting up a dial-up VPN and NetScreen Remote
How the Global Zone Works (It's probably not what you think)
How to configure NetScreen/SSG devices to work with the built in Mac OS X VPN client
How to Configure Dial-up VPN with route-based tunnels, XAuth, and use IPSecuritas

[steve.whitelock]

I personally think that the spam filtering options on the juniper firewalls should have the ability to have a black list that searchs subject headings...

e.g. if you put "Viagra" in it would treat all mail through that policy with this subject as spam and drop, mark etc as so...

As it stands the blacklists are only for known email addresses and ip addresses, of course this is ok if all your spam comes from the same place, we all know in the real world this is not the case...

I am a little dissapointed at present with these features on my SSG140

[sfouant]

I know this isn't exactly what you are getting at... but technically you could do this by enabling DI and configuring a User-Defined Signature to search the 'smtp-header-subject' context within protocol SMTP.  It'd be a real pain to configure blacklists in this way however.

[sfouant]

Unfortunately yes...

set attack cs:spam smtp-header-subject .*viagra severity info
set attack cs:spam smtp-header-subject .*cialis severity info

You could use Regular Expressions to match various patterns however...

[sfouant]

Actually I put the commands incorrect above...

You'll actually need to name each custom signature differently, as in the following:

set attack cs:spam1 smtp-header-subject .*viagra severity info
set attack cs:spam2 smtp-header-subject .*cialis severity info
set attack group spam add spam1
set attack group spam add spam2

[sfouant]

so by doing this it would delete the messages

It depends on the action you've specified for the DI settings in the policy, you can do various things such as close the connection and send a reset, sever the connection without sending a reset, ignore (useful for logging), drop the packet, or take no action at all.  In your case you'll probably want to set it to drop the packet.

[gr33ndata]

I think Juniper have to enhance their AntiSpam thing, as the use of IP-Addresses Blacklist (RBL's) only is useless. They shall be able to do some Bayesian Analysis of the mails in order to Allow or Block them.

The main problem with RBL's is that it cannot stop the outgoing spam, which is really important for ISP's, as all the mails will be coming from the same address (their servers IP address).

[oldo]

Well, I wouldn't mind if they scrapped the Anti-Spam feature all together. We have only sold one single license, and after evaluating it myself I told our sales force to not even mention it to customers. They really need to come up with something that actually filters out spam to greater extent, and with accuracy.  Why buy a license for Anti-spam if you need a second device/software to do the job properly?

[sebastan_bach]

yeah even think juniper should really focus on getting the spam features . if they don;t have it in built they could just integrate it anti-spam vendors so we can integrate juniper firewalls with anti-spam vendors of our choice.

and they  should add support for pop3 currently i guess it only supports filtering using smtp .

regards

sebastan

•      Forum/Home
•      Store
•      Articles
•        Tech Articles
•        Industry News
•        Site News
•      Knowledgebase
•        JUNOS/Routing
•        NS/ISG/SSG/NSM
•        SSL VPN
•      Downloads

Please consider donating if we've saved you time or money. It helps pay for the bandwidth, equipment, and hosting charges to keep this site running

Submit Article/KB - Do not submit questions here.

[Today]

• SRX-210H port-mirroring s... by ociz [Today at 02:14:13 PM]
• configs out of sync by ciscler [Today at 01:11:30 PM]
• Monitoring user bandwidth... by x0rerror [Today at 12:30:20 PM]
• NSRP active/passive with ... by junreaper [Today at 08:41:52 AM]
• Ladies’ fashionable shoes... by fivefingers8 [Yesterday at 06:54:36 PM]
• Routing Traffic From Cust... by fivefingers8 [Yesterday at 06:52:49 PM]
• Load balancing on J-serie... by fivefingers8 [Yesterday at 06:49:46 PM]
• Juniper SSG or other bran... by whoppi [Yesterday at 11:23:49 AM]
• NS25 and NS Remote - Want... by mbrown [Yesterday at 10:38:14 AM]
• Netscreen SSG Policy base... by thisisnuts999 [Yesterday at 07:01:01 AM]

Members

• Total Members: 22068
• Latest: vu.luu@flysfo.com

Stats

• Total Posts: 39593
• Total Topics: 10459
• Online Today: 72
• Online Ever: 393
• (August 06, 2008, 07:40:57 AM)

Users Online

Users: 1
Guests: 28
Total: 29

eagq