Sie sind auf Seite 1von 29

Cyberoam Anti Spam

Configuration Guide

Version 9

Document version 95466-1.0-25/06/2008

IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without
warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore
assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make
changes in product design or specifications. Information is subject to change without notice.

USERS LICENSE
The Appliance described in this document is furnished under the terms of Elitecores End User license agreement. Please
read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the
terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Appliance
and manual (with proof of payment) to the place of purchase for a full refund.

LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which
the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software
substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited
warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore
and its suppliers under this warranty will be, at Elitecore or its service centers option, repair, replacement, or refund of the
software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore
warrant that the Software is error free, or that the customer will be able to operate the software without problems or
interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and by
Commtouch respectively and the performance thereof is under warranty provided by Kaspersky Labs and by Commtouch. It is
specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not
occasionally erroneously report a virus in a title not infected by that virus.
Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical
components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole
obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware
need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any
part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all
material respects to the defective Hardware.

DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without
limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of
dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential,
incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to
use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall
Elitecores or its suppliers liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the
price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including,
without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or
its suppliers have been advised of the possibility of such damages.

RESTRICTED RIGHTS
Copyright 1999-2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore
Technologies Ltd.

CORPORATE HEADQUARTERS
Elitecore Technologies Ltd.
904 Silicon Tower,
Off. C.G. Road,
Ahmedabad 380015, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com , www.cyberoam.com

Cyberoam Anti Spam Configuration Guide

Contents
Technical Support ............................................................................................................................ 4
Typographic Conventions ................................................................................................................ 5
Overview.............................................................................................................................................. 6
Spam ................................................................................................................................................... 6
Cyberoam Gateway Anti Spam ........................................................................................................... 7
Configuration ....................................................................................................................................... 7
Spam Policy......................................................................................................................................... 8
Types of Policies .......................................................................................................................... 8
Detection of spam attributes ........................................................................................................ 8
Actions.......................................................................................................................................... 9
Global policy .................................................................................................................................. 10
Default policy ................................................................................................................................. 11
Custom policy ................................................................................................................................ 12
Create Custom Scan policy........................................................................................................ 12
Manage Custom Spam policy .................................................................................................... 13
Add Advanced Rules.................................................................................................................. 14
Change Advanced action rules Order ........................................................................................17
Delete Custom Spam policy....................................................................................................... 18
Address Groups................................................................................................................................. 19
Create Address Groups ................................................................................................................. 19
Delete Address Groups.................................................................................................................. 20
Delete individual address from Group ........................................................................................... 21
Spam Rule......................................................................................................................................... 22
Create Spam rule........................................................................................................................... 22
Delete Spam Rule.......................................................................................................................... 23
Change Spam rule Order............................................................................................................... 24
Local Domains................................................................................................................................... 25
Add Domains ................................................................................................................................. 25
Delete Domains ............................................................................................................................. 25
Enable Scanning ............................................................................................................................... 26
General Configuration ....................................................................................................................... 27
Bypass Reporting .............................................................................................................................. 29

Cyberoam Anti Spam Configuration Guide

Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
eLitecore Technologies Ltd.
904, Silicon Tower
Off C.G. Road
Ahmedabad 380015
Gujarat, India.
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com
Cyberoam contact:
Technical support (Corporate Office): +91-79-26400707
Email: support@cyberoam.com
Web site: www.cyberoam.com

Visit www.cyberoam.com for the regional and latest contact information.

Cyberoam Anti Spam Configuration Guide

Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.

Item

Convention

Server

Machine where Cyberoam Software - Server component is


installed
Machine where Cyberoam Software - Client component is
installed
The end user
Username uniquely identifies the user of the system

Client
User
Username
Part titles

Topic titles

Example

Bold and
shaded font
typefaces

Shaded font
typefaces

Report
Introduction

Subtitles

Bold & Black


typefaces

Navigation link

Bold typeface

Group Management Groups Create


it means, to open the required page click on Group
management then on Groups and finally click Create tab

Name of a
particular
parameter /
field / command
button text
Cross
references

Lowercase
italic type

Enter policy name, replace policy name with the specific


name of a policy
Or
Click Name to select where Name denotes command button
text which is to be clicked
refer to Customizing User database Clicking on the link will
open the particular topic

Notes & points


to remember

Bold typeface
between the
black borders
Bold typefaces
between the
black borders

Prerequisites

Hyperlink in
different color

Notation conventions

Note
Prerequisite
Prerequisite details

Cyberoam Anti Spam Configuration Guide

Overview
Welcome to Cyberoams Anti Spam User guide.
Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the
security needs of corporates, government organizations, and educational institutions.
Cyberoams perfect blend of best-of-breed solutions includes User based Firewall, Content
filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.
Cyberoam provides increased LAN security by providing separate port for connecting to the
publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are
visible the external world and still have firewall protection.
Cyberoam Anti Spam as a part of unified solution along with Anti Virus and IDP (Intrusion
Detection and Prevention), provides real time virus and spam scanning.
Anti Spam module is an add-on module which needs to be subscribed before use.

Spam
Spam refers to electronic junk mail or junk newsgroup postings. Some people define spam even
more generally as any unsolicited e-mail.
Spamming is to indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages,
especially commercial advertising in mass quantities. In other words, it is an inappropriate attempt
to use a mailing list, or other networked communications facility as a broadcast medium by
sending the same message to a large number of people who did not ask for it.
In addition to being a nuisance, it also eats up a lot of network bandwidth. Because the Internet is
a public network, little can be done to prevent spam, just as it is impossible to prevent junk mail.
However, the use of software filters in e-mail programs can be used to remove most spam sent
through e-mail to certain extent.
With the number of computer users growing and the exchange of information via the Internet and
email increases in volume, spamming has become an almost everyday occurrence. Apart from
network bandwidth, it also affects the employees productive as deletion of such mails is a huge
task. Anti spam protection is therefore a priority for anyone who uses a computer.

Cyberoam Anti Spam Configuration Guide

Cyberoam Gateway Anti Spam


Cyberoam Anti Spam as a part of unified solution along with Anti Virus and IDP (Intrusion
Detection and Prevention), provides real time virus scanning that protects all network nodes
workstations, files servers, mail system from known and unknown attacks by worms and viruses,
Trojans, spyware, adware, spam, hackers and all other cyber threats.
Cyberoam Gateway Anti Spam provides you with powerful tools for scanning and detecting spam
in the e-mail traffic. Cyberoam Gateway Anti Spam inspects all incoming emails - SMTP, POP3
and IMAP traffic - before the messages are delivered to the receiver's mail box. If spam is
detected, depending on the policy and rules set, emails are processed and delivered to the
recipient unaltered, reject and generate a notification on the message rejection, add or change
subject or change the receiver.
Cyberoam Gateway Anti Spam is fully compatible with all the mail systems and therefore can be
easily integrated into the existing network.
Cyberoam Anti Spam allows to:
Scan email messages for spamming by protocols namely SMTP, POP3, IMAP
Monitors and proactively detect recurrent patterns in spam mails and combat multi-format
text, images, HTML etc. and multi-language threats
Monitors mails received from Domain/IP address
Detect spam mails using RBLs
Accept/Reject messages based on message size and message header
Customize protection of incoming and outgoing e-mail messages by defining scan policies
Set different actions for SMTP, POP and IMAP spam mails
Quarantine SMTP mails
Configure action for individual email address
Notify receivers about spam messages

Configuration
Configuration task for implementing spam solution:
1.
2.
3.

Create Spam policy. Optionally use global or default policy provided by Cyberoam
Create Spam rule for the policy created in step 1 i.e. create spam rule and attach policy to the
rule
Enable scanning from firewall rule

Cyberoam Anti Spam Configuration Guide

Spam Policy
As soon as you register Cyberoam Gateway Anti-spam module, default spam policy is applicable
to all the incoming email traffic. Default spam policy is the general policy and not fit-for-all policy
and hence might allow certain spam mails while block certain required mails also. Fine tuning the
policies means reducing the spam attacks and chances of loosing any important and required
mails.
Spam policy defines what action is to be taken if the mail is identified as a spam and to which
email address the copy of mail is to be send. As network scanning rules control all the traffic
passing through the Cyberoam and decide whether to scan or bypass mail, policy will be applied to
that traffic only that is filtered by network scanning rule.
To reduce the risk of losing the legitimate messages, Spam quarantine repository - a storage
location, provides administrators a way to automatically quarantine messages that are identified as
spam.
This will help in managing spam and probable spam quarantined mails and can take appropriate
actions on such mails.

Types of Policies
1.

Global
Global policy is applicable to all the mail recipients i.e. Email address and Email address
groups. Cyberoam provides blank corporate policy which can be customized as per the
requirement.

2.

Default
Default policy is applicable to all the recipients i.e. Email address and Email address group
except for those for whom the custom policy is defined. Default policy is applicable to all the
recipients as soon as you register the Anti Spam module.

3.

Custom/Personal
Cyberoam allows defining custom policy for specific individual recipient or address group and
is applicable to only to those specific individual recipient or address group and not all the
recipients.

Scanning rules defines which scanning policy is to be applied to which recipient email address i.e.
maps scanning policy to the email address.

Detection of spam attributes


Cyberoam uses content filtering and three RBLs - Real time Black hole Lists to check for the
spam attributes as well as POP3/IMAP mails:
Message size
Message header
Premium RBL
Reliable RBL
Standard RBL

Cyberoam Anti Spam Configuration Guide

RBL is a list of IP addresses whose owners refuse to stop the proliferation of spam i.e. are
responsible for spam or are hijacked for spam relay.
Cyberoam will check each RBL for the connecting IP address. If the IP address matches to the
one on the list then the specified action in policy is taken.

Actions
Accept Accepts and delivers the mail to the intended receiver. This action can be defined for
both SMTP and POP/IMAP protocols.
Reject Rejects the mail. This action sends the notification message to sender. This action can
be defined only for SMTP protocol.
Drop Drops the mail. This action does not send any notification message to sender. This action
can be defined only for SMTP protocol.
Change Recipient - Accepts the mail but delivers the mail to the specified receiver and not to the
receiver for whom the mail was originally send. This action can be defined only for SMTP protocol
only.
Prefix Subject Accepts and delivers the mail to the intended receiver but after changing the
subject of the mail. You can customize the subject in such a way that the receiver knows that the
mail is a spam mail. This action can be defined for both SMTP and POP/IMAP protocols.

Cyberoam Anti Spam Configuration Guide

Global policy
Cyberoam provides the blank global policy which can be customized as per your requirement. By
default, global policy applies to all the users. There is no need to apply the global policy to the
users using rules.
Select Anti Spam Spam Policy Global policy to customize policy. Refer to Add
advanced rules for more details.

10

Cyberoam Anti Spam Configuration Guide

Default policy
As soon as you subscribe Cyberoam Gateway Anti Spam, default spam policy is applicable to the
all incoming email traffic. Default spam policy is the general policy and not fit-for-all policy and
hence might allow certain spam mails while block certain required mails also.
Default policy can be customized as per your requirement. Default policy will be applied to those
users only for whom custom/personal policy is not defined.
As per your requirements, Cyberoam allows you to define multiple policies instead of single global
policy. Fine tuning the policies means reducing the spam attacks and chances of loosing any
important and required mails.
Select Anti Spam Spam Policy Default policy to customize policy. Refer to Add
advanced rules for more details.

11

Cyberoam Anti Spam Configuration Guide

Custom policy
Custom scan policy allows you to specify the spam filtering level security i.e. action severity based
on your requirement.

Create Custom Scan policy


Select Anti Spam Spam policy Create Custom policy to open the create page

Screen - Create Custom Spam policy

Screen Elements

Description

Spam Policy details


Name
Specify policy name. Choose a name that best describes the policy
Send copy to email Specify email addresses to which the mail copy is to be send.
address
If Cyberoam detects the spam mail then it sends the spam notification to
the mail receiver. Cyberoam will forward such a mail to the receiver only if
configured in the Spam policy.
But in case you want Administrator or any other person in the organization
to know about spam and receive this spam mail then specify all the emails
address to whom you want to forward the copy of such mails.
More than one address can be specified using comma
For example
john@hotmail.com,,joe@yahoo.com

Policy Description
Create button
Cancel button
Add button

This option can be applied for SMTP protocol only


Specify full description of the policy
Creates the policy
Cancels the current operation
If the policy is successfully created, create advanced scanning rules to
specify what action is to be taken on mail identified as SPAM after
successful creation of the policy. Refer to Manage Custom Policy for more
detail for defining actions.
Table Create Custom Spam policy screen elements

12

Cyberoam Anti Spam Configuration Guide

Manage Custom Spam policy


Select Anti Spam Spam Policy Manage Custom policy to view the list of policies
created. Click the policy to be modified.

Screen Manage Custom Spam policy

Screen Elements

Description

Spam Policy details


Name
Send copy to email
address

Displays policy name


Displays email addresses to which the mail copy will be send,
modify if required.
More than one address can be specified using comma
For example
john@hotmail.com,,joe@yahoo.com

Policy Description
Update button
Cancel button
Advanced Rules
Add button

This option can be applied for SMTP protocol only.


Displays full description of the policy, modify if required
Updates and saves modifications done in any of the above fields
Cancels the current operation
Click to define the action to be taken on mails if the matching
condition is found.
Refer Add Advanced Rules for details.
Table Manage Custom Spam policy screen elements

13

Cyberoam Anti Spam Configuration Guide

Add Advanced Rules


Select Anti Spam Spam Policy Manage Custom policy to view the list of policies
created. Click the policy to which action rules are to be added.

Conditions
When Cyberoam Anti Spam identifies Mail as SPAM, Cyberoam accepts and delivers the mail
to the intended receiver but only after adding a prefix SPAM to the original subject of the
mail.
Original subject: This is a test
Receiver will receive the mail with subject line as: SPAM: This is a test
You can customize the subject in such a way that the receiver knows that the mail is
a spam mail. To specify the contents to be prefixed to the existing subject line, select
Prefix Subject as action.
You can set different actions for SMTP and POP.
When Cyberoam Anti Spam identifies Mail as PROBABLE SPAM, Cyberoam accepts and
delivers the mail to the intended receiver but after adding a prefix PROBABLE SPAM to the
original subject of the mail.

14

Cyberoam Anti Spam Configuration Guide


Original subject: This is a test
Receiver will receive the mail with subject line as: PROBABLE SPAM: This is a test
You can customize the subject in such a way that the receiver knows that the mail is
a spam mail. To specify the contents to be prefixed to the existing subject line, select
Prefix Subject as action.
You can set different actions for SMTP and POP.
When Cyberoam Anti Spam identifies Mail as VIRUS OUTBREAK, Cyberoam accepts and
delivers the mail to the intended receiver but only after adding a prefix SPAM to the original
subject of the mail.
Original subject: This is a test
Receiver will receive the mail with subject line as: SPAM: This is a test
You can customize the subject in such a way that the receiver knows that the mail is a
spam mail. To specify the contents to be prefixed to the existing subject line, select
Prefix Subject as action.
You can set different actions for SMTP and POP mails
When Cyberoam Anti Spam identifies Mail as PROBABLE VIRUS OUTBREAK, Cyberoam
accepts and delivers the mail to the intended receiver but only after adding a prefix SPAM to
the original subject of the mail.
Original subject: This is a test
Receiver will receive the mail with subject line as: SPAM: This is a test
You can customize the subject in such a way that the receiver knows that the mail is a
spam mail. To specify the contents to be prefixed to the existing subject line, select
Prefix Subject as action.
You can set different actions for SMTP and POP mails.
From Email Address/Domain/IP address Specified action will be taken if the mail sender
email or IP address matches the specified email address, domain or IP address. You can set
action for SMTP only.
From Email Address/IP address Specified action will be taken if the mail sender email or IP
address belongs to the specified email address or IP address group. You can set action for
SMTP only.
Message Size - Specified action will be taken if the mail size matches the specified size. You
can set different actions for SMTP and POP.
Message Header - Specified action will be taken if the message header contains the specified
text. You can set different actions for SMTP and POP.
You can scan message header for spam in:
Subject Specified action will be taken if the header contains the matching subject
From - Specified action will be taken if the header contains the matching text in the From
address.
To - Specified action will be taken if the header contains the matching text in the To
address.

15

Cyberoam Anti Spam Configuration Guide

Others Specified action will be taken if the matching text is found in the header
RBL - Specified action will be taken if the sender is listed in the specified RBL Group. You
can set different actions for SMTP and POP mails.
Actions
Following actions can be taken on the mail identified as the SPAM, Probable SPAM, VIRUS
OUTBREAK or Probable VIRUS OUTBREAK
Protocol
SMTP

Action
Reject

SMTP

Drop

SMTP,
POP3
SMTP

Accept

Meaning
Mail is rejected and rejection notification is send to the mail
sender
Mail is rejected but rejection notification is not send to the
mail sender
Mail is accepted and delivered to the intended receiver

Change
Recipient

Mail is accepted but is not delivered to the receiver for whom


the message was originally send.

Prefix Subject

Mail is send to the receiver specified in the spam policy


Mail is accepted and delivered to the intended receiver but
after tagging the subject line.

SMTP,
POP3

Tagging content is specified in spam policy.


You can customize subject tagging in such a way that the
receiver knows that the mail is a spam mail.
For Example
Contents to be prefixed to the original subject: Spam
notification from Cyberoam
Original subject: This is a test

SMTP

Quarantine

Receiver will receive mail with subject line as: Spam


notification from Cyberoam - This is a test
Mail is quarantined and can be viewed or downloaded from
the quarantine area.

16

Cyberoam Anti Spam Configuration Guide

Change Advanced action rules Order


Advanced action rules are ordered by their priority. When the rules are applied, they are processed
from the top downwards and the first suitable rule found is applied. Hence, while adding multiple
rules, it is necessary to put strict rules before moderate and general rules.
Select Anti Spam Manage Custom policy to view the list of policies created. Click the
policy whose action rule order is to be changed.

Click the rule whose order is to be changed


Click Move Up to move the selected rule one-step up
Click Move Down to move the selected rule one-step down
Click Update Order to save the order

17

Cyberoam Anti Spam Configuration Guide

Delete Custom Spam policy


Prerequisite

Not assigned any Rule


Select Anti Spam Spam policy Manage Custom policy to view the list of policies
created

Screen Delete Custom Spam policy

Screen Elements

Description

Del

Select policy for deletion


Click Del to select

Select All

More than one policy can also be selected


Select all the policies for deletion

Delete button

Click Select All to select all the policies


Deletes all the selected policy/policies

Table Delete Custom Spam policy screen elements

Note
Default policy cannot be deleted.

18

Cyberoam Anti Spam Configuration Guide

Address Groups
Scanning rule can be defined for individual or group of
Email address
IP address
RBL (Real time black hole List)
Address group is the group of email addresses, IP addresses, or RBLs. Whenever the policy is
applied to the address group, policy is applied to all the addresses included in the group.
RBL is a list of IP addresses whose owners refuse to stop the proliferation of spam i.e. are
responsible for spam or are hijacked for spam relay. This IP addresses might also be used for
spreading virus.
Cyberoam will check each RBL for the connecting IP address. If the IP address matches to the
one on the list then the specified action in policy is taken.

Create Address Groups


Select Anti Spam Configuration Address Groups to open the Address group page.
Click Create to open the create page.

Screen Create Email Address Group

19

Cyberoam Anti Spam Configuration Guide

Screen Elements

Description

Address Group details


Name
Specify group name
Group
Specify group type. You can create group of RBLs, IP address or
Email address.
RBL is a list of IP addresses whose owners refuse to stop the
proliferation of spam i.e. are responsible for spam or are hijacked
for spam relay.
Cyberoam will check each RBL for the connecting IP address. If the
IP address matches to the one on the list then the specified action
in policy is taken.
Specify full description
Creates group and depending on the group type allows adding
email address, IP addresses or RBL names

Description
Create button

Click Add
Type all the email addresses to be grouped specified by comma
e.g. john@yahoo.com, joe@hotmail.com
Cancels the current operation

Cancel button

Table Create Email Address Group screen elements

Delete Address Groups


Select Anti Spam Configuration Address Groups to view the list of groups created

Screen Delete Address Group

Screen Elements

Description

Del

Select address group for deletion


Click Del to select

Select All

More than one address group can also be


selected
Select all the address group for deletion

Delete button

Click Select All to select all the address groups


Deletes all the selected address groups

Table Delete Address Group screen elements

20

Cyberoam Anti Spam Configuration Guide

Delete individual address from Group


Select Anti Spam Configuration Address Groups to view the list of groups created.
Click the group from which the address is to be deleted

Screen Delete Address from Group

Screen Elements

Description

Delete

Select address for deletion


Click Delete to select

Select All

More than one address can also be selected


Select all the address for deletion

Delete button

Click Select All to select all the address


Deletes all the selected address

Table Delete Address from Group screen elements

21

Cyberoam Anti Spam Configuration Guide

Spam Rule
Scanning rules defines which scanning policy is to be applied to which recipient email address i.e.
map scanning policy with the email address.
A rule allows to apply:
single policy for a email address or group of addresses
multiple policies for a particular email address or group of addresses

Create Spam rule


Prerequisite
Policy created
Address group created (if rule is for group)
Select Anti Spam Spam Rules to open the create page

Screen - Create Spam Rule

Screen Elements
Spam Rule Details
Action Item

Description
Select whether the rule is for individual email address or group
Specify email address or select the Address Group

22

Cyberoam Anti Spam Configuration Guide

Screen Elements

Description

Recipient
Address

Specify recipient email address

Email

Address Group
Policy Name

If the rule is for the complete domain the specify as @domainname


e.g. @cyberoam.com
Specify address group
Specify policy to be applied.

Add button
Cancel button

According to the action specified in the policy, mails will be


delivered as original or will be tagged and forwarded to the receiver.
Creates rule
Cancels the current operation
Table Create Spam Rule screen elements

Delete Spam Rule


Select Anti Spam Spam Rules to view the list of rules created.

Screen - Delete Spam Rule

Screen Elements

Description

Del

Select rule for deletion


Click Del to select

Select All

More than one rule can also be selected


Select all the rules for deletion

Delete button

Click Select All to select all the rules


Deletes all the selected rules
Table Delete Spam Rule screen elements

23

Cyberoam Anti Spam Configuration Guide

Change Spam rule Order


Rules are ordered by their priority. When the rules are applied, they are processed from the top
downwards and the first suitable rule found is applied. Hence, while adding multiple rules, it is
necessary to put strict rules before moderate and general rules. Default policy order cannot be
changes.

Select Anti Spam Spam Rules


Click the rule whose order is to be changed
Click Move Up to move the selected rule one-step up
Click Move Down to move the selected rule one-step down
Click Update to save the order

24

Cyberoam Anti Spam Configuration Guide

Local Domains
Cyberoam also allows bypassing RBL scanning of mails for certain domains. To bypass RBL
scanning of certain domains, define such domains as trusted domains

Add Domains
Select Anti Spam Configuration Local Domains
Type Domain name or IP address
Click Add

Mails from the specified domains will not be scanned for RBLs.

Delete Domains
Select Anti Spam Configuration Local Domain to view the list of domains that will
be bypassed from RBL scanning

Screen Elements

Description

Del

Select domain for deletion


Click Del to select

Select All

More than one domain can also be selected


Select all the domains for deletion

Delete button

Click Select All to select all the domains


Deletes all the selected domains

25

Cyberoam Anti Spam Configuration Guide

Enable Scanning
Enable anti-spam scanning using firewall rules. While anti-spam settings can be configured for
system-wide use, they can also be implemented with specific settings on a per user basis. Refer to
Cyberoam User Guide, Firewall section for creating firewall rules for enabling the anti-spam
scanning.
You can enable anti spam scanning by creating firewall rule for:
Zone
User/User Group
Host/Host Group
By enabling scanning through firewall, you can customize levels of protection. For example, while
traffic between LAN and WAN might need strict protection, traffic between trusted internal
addresses might need moderate protection. Hence you can enable/disable scanning for particular
combination of source and destination IP address or domain.

26

Cyberoam Anti Spam Configuration Guide

General Configuration
Select Anti Spam Configuration General Configuration to open the configuration
page
If Anti spam module is not subscribed, configuration page will display the message that
module is not subscribed and Cyberoam will not detect spam mails.

27

Cyberoam Anti Spam Configuration Guide

Screen Elements

Description

Anti Spam Engine information


Anti
Spam
Engine Anti Spam Engine status
Information
- Anti Spam server is down
- Anti Spam server is up
Cyberoam Anti Spam Center connectivity status
- Cyberoam is not connected and will not be able to detect
spam mails
- Cyberoam is connected with Cyberoam Anti Spam Centers
server
Cyberoam Anti spam definition database contains currently
identified spam signatures/definitions which are used for identifying
spam mails. By default, database updates are automatically
downloaded and installed on your computer every 30 minutes.
File size restriction
SMTP Mails greater
than size

Over Sized Mail Action

Specify maximum file size (in KB) for scanning.


Files exceeding this size received through SMTP will not be
scanned.
Specify the action to be taken on oversize files.
Available option
Accept - All the oversize mails will be forwarded to the recipient
without scanning
Reject All the oversized mails are rejected and notification
message is send to the mail sender.
Drop All the oversized mails are dropped.

POP3/IMAP
Mails
greater than size

Enforce Anti
policies
for
Authenticated
Connections

Spam
SMTP

Quarantine Area
Total Utilization ( Anti
Virus + Anti Spam )

By default, files exceeding 50 MB will not be scanned.


Specify maximum size (in KB) of the file to be scanned. Files
exceeding this size received through POP/IMAP will not be scanned
and forwarded to the recipient without scanning.
By default, files exceeding 10 MB will not be scanned.
Enable if anti spam policy is to be implemented for the SMTP
authenticated traffic also.
By default, spam policies are not applicable to the SMTP
authenticated traffic.
Displays percentage of quarantined spam and virus infected
messages.

Click to search or download any quarantined mail. Quarantined


mails can be searched based on sender email address, receiver
email address, and subject.
Header to detect recipient for POP3/IMAP

28

Cyberoam Anti Spam Configuration Guide

Screen Elements

Description
Click Add to specify header which should be used for detecting the
recipients address.
By default, Cyberoam uses Delivered-To and Received headers.
Default headers cannot be deleted

Bypass Reporting
By default, Cyberoam Anti Spam generates reports for all the Internal Domains and Email Ids. To
bypass reporting of certain domains and email ids, Administrator has to create an Exclusion
domain list and email id list. All the domains and email ids included in the exclusion list will not be
included in the Anti Spam reports.
To define the exclusion list, select Reports Configure Local Domains or select
Reports Configure Bypass Email Ids

29