Using Anti-Spam and Mail
Introduction to Anti-Spam and Mail Security
The relentless and unprecedented growth in unwanted email now poses an unexpected security threat to the network. As the amount of resources (disk space, network bandwidth, CPU) devoted to handling unsolicited emails increases from year to year, employees waste more and more time sorting through unsolicited bulk email commonly known as spam. Anti-Spam Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection. Synonym: Anti-Spam & Email Security. Acronyms: AS, ASPAM. and Mail provides network administrators with an easy and central way to eliminate most of the spam reaching their networks.
Feature |
Explanation |
---|---|
Content based Anti-Spam |
The core of the Anti-Spam functionality is the content based classification engine. |
IP Reputation Anti-Spam |
Using an IP reputation service, most of the incoming spam is blocked at connect time. |
Block List Anti-Spam |
Block specific senders based on IP address or sender's address. |
Mail Anti-Virus |
Scan and filter mail for malware. |
Zero Hour Malware Protection |
Filter mail using rapid response signatures. |
IPS |
Intrusion prevention system for mail protection. |
Mail Security Overview
-
Select gateways that enforce Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV. checking
-
Select gateways that enforce Anti-Spam protection
-
Enable automatic updates
-
View settings and logs
Anti-Spam
The Anti-Spam functionality employs unique licensed technology. Unlike many Anti-Spam applications that rely on searching for keywords and a lexical analysis of the content of an email message, Check Point Anti-Spam identifies spam by analyzing known and emerging distribution patterns. By avoiding a search for key words and phrases that might classify a legitimate email as spam and instead focusing on other message characteristics, this solution offers a high spam detection rate with a low number of false positives.
To preserve personal privacy and business confidentiality, only select characteristics are extracted from the message envelope, headers, and body (no reference to actual content or attachments are included). Hashed values of these message characteristics are sent to a Detection Center for pattern analysis. The Detection Center identifies spam outbreaks in any language, message format, or encoding type. Responses are returned to the enterprise gateway within 300 milliseconds.
Once identified, the network of spam generating machines is blacklisted. If the network changes its behavior, it is removed from the black list.
Adaptive Continuous Download
To prevent delays, Adaptive Continuous Download starts delivering the email to the recipient while Anti-Spam scanning is still in progress. If the email is designated as Spam, it is flagged as spam before it is completely transferred to the recipient. Both the SMTP and POP3 protocols support Adaptive Continuous Download for the entire email message.
Configuring Anti-Spam
Configuring a Content Anti-Spam Policy
Step |
Instructions |
---|---|
1 |
In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Manage & Settings > Blades > Anti-Spam & Mail > and click Configure in SmartDashboard. SmartDashboard Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the Anti-Spam & Mail tab. |
2 |
On the Overview page, under Content based Anti-Spam, click Settings. |
3 |
Use the slider to select an Anti-Spam policy protection level. |
4 |
Select flagging options. |
5 |
In the Security Gateway Engine settings section, set a maximum data size to scan. |
6 |
Select Tracking Options for Spam, Suspected Spam, or Non Spam. Tracking options include
|
7 |
Click Save, and then close SmartDashboard. |
8 |
In SmartConsole, install the Access Control policy. |
Configuring an IP Reputation Policy
This window enables IP reputation, an Anti-Spam mechanism that checks the IP address of the message sender (contained in the opening SYN packet) against a dynamic database of suspect IP addresses. If, according to the IP reputation service, the originating network has a reputation for sending spam, then the spam session is blocked at connect time. This way, the IP reputation feature creates a list of trusted email sources.
Step |
Instructions |
---|---|
1 |
In SmartConsole, select Manage & Settings > Blades > Anti-Spam & Mail > and click Configure in SmartDashboard. SmartDashboard opens and shows the Anti-Spam & Mail tab. |
2 |
On the Overview page, under IP Reputation Anti-Spam, click Settings. |
3 |
Use the slider to select an IP Reputation Policy
|
4 |
Select tracking options for Spam, Suspected Spam, or Non spam. Tracking options include
|
5 |
Click Save, and then close SmartDashboard. |
6 |
In SmartConsole, install the Access Control policy. |
Configuring a Block List
You can configure a list of email sources to block according to the sender's name, domain name, or IP address.
Step |
Instructions |
---|---|
1 |
In SmartConsole, select Manage & Settings > Blades > Anti-Spam & Mail > and click Configure in SmartDashboard. SmartDashboard opens and shows the Anti-Spam & Mail tab. |
2 |
On the Overview page, under Block List Anti-Spam, click Settings. |
3 |
Use the slider to select a Block Policy:
|
4 |
In the Blocked senders\domains section, click Add and enter the name of a sender or domain to be rejected. |
5 |
In the Blocked IPs section, click Add and enter an IP address that should be blocked. |
6 |
From the drop-down list in the Tracking section, select a tracking option for blocked mail or non-spam. |
7 |
Click Save, and then close SmartDashboard. |
8 |
In SmartConsole, install the Access Control policy. |
Configuring Anti-Spam SMTP
SMTP traffic can be scanned according to direction or IP addresses.
Step |
Instructions |
---|---|
1 |
In SmartConsole, select Manage & Settings > Blades > Anti-Spam & Mail > and click Configure in SmartDashboard. SmartDashboard opens and shows the Anti-Spam & Mail tab. |
2 |
From the navigation tree, click Advanced > SMTP. |
3 |
Make sure that Scan SMTP traffic with Anti-Spam engine for Anti-Spam, IP reputation and Block list protection is selected. |
4 |
Select to scan SMTP traffic By Mail Direction or By IPs.
|
5 |
Select Activate Continuous Download to avoid client time-outs when large files are scanned. (See Adaptive Continuous Download for further information). |
6 |
Click Save, and then close SmartDashboard. |
7 |
In SmartConsole, install the Access Control policy. |
Configuring Anti-Spam POP3
Step |
Instructions |
---|---|
1 |
In SmartConsole, select Manage & Settings > Blades > Anti-Spam & Mail > and click Configure in SmartDashboard. SmartDashboard opens and shows the Anti-Spam & Mail tab. |
2 |
From the navigation tree, click Advanced > POP3. |
3 |
Make sure that Scan POP3 traffic with Anti-Spam engine for Anti-Spam, IP reputation and Block list protection is selected. |
4 |
Select to scan POP3 traffic By Mail Direction or By IPs. |
5 |
If you selected scan By IPs, click Add Rule to configure rules for IP addresses to scan. |
6 |
If you selected scan By Mail Direction, select a scanning direction for:
|
7 |
Select Activate Continuous Download to avoid client time-outs when large files are scanned. (See Adaptive Continuous Download for further information). |
8 |
Click Save, and then close SmartDashboard. |
9 |
In SmartConsole, install the Access Control policy. |
Configuring Network Exceptions
An Anti-Spam policy can be enforced on all email traffic or only on traffic that was not deliberately excluded from the policy.
Step |
Instructions |
---|---|
1 |
In SmartConsole, select Manage & Settings > Blades > Anti-Spam & Mail > and click Configure in SmartDashboard. SmartDashboard opens and shows the Anti-Spam & Mail tab. |
2 |
From the navigation tree click Advanced > Network Exceptions. |
3 |
Select Enforce the Anti-Spam policy on all traffic except for traffic between the following sources and destinations. |
4 |
Click Add. The Network Exception window opens. |
5 |
For Source and Destination, select Any, or select Specific and one gateway from each list. |
6 |
Click OK. |
7 |
Click Save, and then close SmartDashboard. |
|
In SmartConsole, install the Access Control policy. |
Configuring an Allow List
You can configure a list of allowed email sources according to the sender's name and name, or according to the IP address.
Step |
Instructions |
---|---|
1 |
In SmartConsole, select Manage & Settings > Blades > Anti-Spam & Mail > and click Configure in SmartDashboard. SmartDashboard opens and shows the Anti-Spam & Mail tab. |
2 |
From the navigation tree click Advanced > Allow List. |
3 |
In the Allowed Senders / Domains section, click Add and enter the name of a sender or domain to be allowed. |
4 |
In the Allowed IPs section, click Add and enter an allowed IP address. |
5 |
From the drop-down list in the Tracking section, select a tracking option. |
6 |
Click Save, and then close SmartDashboard. |
7 |
In SmartConsole, install the Access Control policy. |
Selecting a Customized Server
You can select an alternative Detection Center for Anti-Spam analysis.
Step |
Instructions |
---|---|
1 |
In SmartConsole, select Manage & Settings > Blades > Anti-Spam & Mail > and click Configure in SmartDashboard. SmartDashboard opens and shows the Anti-Spam & Mail tab. |
2 |
From the navigation tree click Advanced > Customized Server. |
3 |
Select Use Customized Server. |
4 |
From the drop-down list, select a server. |
5 |
Click Save, and then close SmartDashboard. |
6 |
In SmartConsole, install the Access Control policy. |
Bridge Mode and Anti-Spam
If an UTM-1 appliance is configured to run in bridge mode Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology., Anti-Spam is supported providing that:
-
The bridge interface has an IP address
-
The bridge interface has a default gateway
Configuring a Disclaimer
You can create your own custom disclaimer notice.
Step |
Instructions |
---|---|
1 |
In SmartConsole, select Manage & Settings > Blades > Anti-Spam & Mail > and click Configure in SmartDashboard. SmartDashboard opens and shows the Anti-Spam & Mail tab. |
2 |
From the navigation tree, select Advanced > Disclaimer. |
3 |
Select Add disclaimer to email scanned by Anti-Virus and Anti-Spam engines. |
4 |
In the text box, type your disclaimer notice. |
5 |
Click Save, and then close SmartDashboard. |
6 |
In SmartConsole, install the Access Control policy. |
Anti-Spam Logging and Monitoring
Anti-Spam logging and monitoring options are available in the Logs & Monitor view in SmartConsole.
Logs derived from Anti-Spam scanning are sent to Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., and show in the Logs & Monitor > Logs view. In the Logs & Monitor view, you can see detailed views and reports of the Anti-Spam activity, customize these views and reports, or generate new ones (see Threat Analysis in the Logs & Monitor View).