Cyberoam Anti Spam Implementation Guide Version 9 Document version 9402-1.0-18/10/2006 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USERS LICENSE The Appliance described in this document is furnished under the terms of Elitecores End User license agreement. Please read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Applianceand manual (with proof of payment) to the place of purchase for a full refund. LIMITED WARRANTY Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which theSoftwareisfurnishedwillbefreeofdefectsinmaterialsandworkmanshipundernormaluse;and(2)theSoftware substantiallyconformstoitspublishedspecificationsexceptfortheforegoing,thesoftwareisprovidedASIS.Thislimited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore anditssuppliersunderthiswarrantywillbe,at Elitecoreoritsservicecentersoption,repair,replacement,orrefundofthe software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrantthattheSoftwareiserrorfree,orthatthecustomerwillbeabletooperatethesoftwarewithoutproblemsor interruptions.ElitecoreherebydeclaresthattheantivirusandantispammodulesarepoweredbyKasperskyLabsandthe performance thereof is under warranty provided by Kaspersky Labs. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical componentswillbefreefrommaterialdefectsinworkmanshipandmaterialsforaperiodofOne(1)year.Elitecore'ssole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware. DISCLAIMER OF WARRANTY Exceptasspecifiedinthiswarranty,allexpressedorimpliedconditions,representations,andwarrantiesincluding,without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law.InnoeventwillElitecoreoritssupplierbeliableforanylostrevenue,profit,ordata,orforspecial,indirect,consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to usetheproductevenifElitecoreoritssuppliershavebeenadvisedofthepossibilityofsuchdamages.Intheeventshall Elitecoresor itssuppliersliabilitytothecustomer,whetherincontract,tort(includingnegligence)orotherwise,exceedthe price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose.InnoeventshallElitecoreoritssupplierbeliableforanyindirect,special, consequential,orincidentaldamages,including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of the possibility of such damages. RESTRICTED RIGHTS Copyright2000ElitecoreTechnologiesLtd.Allrightsreserved.Cyberoam,CyberoamlogoaretrademarkofElitecore TechnologiesLtd.InformationsuppliesbyElitecoreTechnologiesLtd.Isbelievedtobeaccurateandreliableatthetimeof printing,butElitecoreTechnologiesassumesnoresponsibilityforanyerrorsthatmayappearinthisdocuments.Elitecore Technologies reserves the right, without notice, to make changes in product design or specifications. Information is subject to change without notice CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad 380015, INDIA Phone: +91-79-26405600 Fax: +91-79-26407640 Web site: www.elitecore.com , www.cyberoam.com Cyberoam Anti Spam Implementation Guide 3 Cont ent s Guide Sets .......................................................................................................................................4 Technical Support............................................................................................................................5 Typographic Conventions................................................................................................................6 Overview..............................................................................................................................................7 Spam...................................................................................................................................................7 Cyberoam Gateway Anti Spam...........................................................................................................8 Enable Scanning.................................................................................................................................9 Spam Policy.........................................................................................................................................9 Types of Policies ..........................................................................................................................9 Detection of spam attributes ......................................................................................................10 Actions........................................................................................................................................10 Global policy..................................................................................................................................11 Default policy.................................................................................................................................11 Custom policy................................................................................................................................12 Create Custom Scan policy........................................................................................................12 Manage Custom Spam policy....................................................................................................13 Add Advanced Rules..................................................................................................................14 Change Advanced action rules Order........................................................................................18 Delete Custom Spam policy.......................................................................................................19 Address Groups.................................................................................................................................20 Create Address Groups.................................................................................................................20 Delete Address Groups..................................................................................................................21 Delete individual address from Group...........................................................................................22 Spam Rule.........................................................................................................................................23 Create Spam rule...........................................................................................................................23 Delete Spam Rule..........................................................................................................................24 Change Spam rule Order...............................................................................................................25 Local Domains...................................................................................................................................26 Add Domains .................................................................................................................................26 Delete Domains .............................................................................................................................26 General Configuration.......................................................................................................................27 Bypass Reporting..............................................................................................................................29 Cyberoam Anti Spam Implementation Guide 4 Gui de Set s GuideDescribes User Guide Console GuideConsole Management Windows Client GuideInstallation&configurationofCyberoamWindows Client Linux Client GuideInstallation&configurationofCyberoamLinux Client HTTP Client GuideInstallation&configurationofCyberoamHTTP Client Analytical Tool GuideUsing the Analytical tool for diagnosing and troubleshooting common problems LDAP Integration GuideConfiguration for integrating LDAP with Cyberoam for external authentication ADS Integration GuideConfiguration for integrating ADS with Cyberoam for external authentication PDC Integration GuideConfiguration for integrating PDC with Cyberoam for external authentication RADIUS Integration GuideConfiguration for integrating RADIUS with Cyberoam for external authentication High Availability Configuration Guide Configuration of High Availability (HA) Multi Link Manager User GuideConfiguration of Multiple Gateways, load balancing and failover VPN ManagementImplementing and managing VPN Cyberoam IDP Implementation Guide Configuring, implementing and managing Intrusion Detection and Prevention Cyberoam Anti VirusImplementation Guide Configuring and implementing anti virus solution Cyberoam Anti SpamImplementation Guide Configuring and implementing anti spam solution Cyberoam Anti Spam Implementation Guide 5 Tec hni c alSuppor tYou may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Corporate Office eLitecore Technologies Ltd. 904, Silicon Tower Off C.G. Road Ahmedabad 380015 Gujarat, India. Phone: +91-79-26405600 Fax: +91-79-26407640 Web site: www.elitecore.com Cyberoam contact: Technical support (Corporate Office):+91-79-26400707 Email: support@cyberoam.com Web site: www.cyberoam.com Visit www.cyberoam.com for the regional and latest contact information. Cyberoam Anti Spam Implementation Guide 6 Typogr aphi cConvent i ons Material in this manual is presented in text, screen displays, or command-line notation. ItemConventionExample ServerMachine where Cyberoam Software - Server componentis installed ClientMachine where Cyberoam Software - Client component is installed UserThe end user UsernameUsername uniquely identifies the user of the systemPart titlesBold and shaded font typefaces Repor tTopic titlesShaded font typefaces I nt r oduc t i on Subtitles Bold & Black typefacesNot at i on c onvent i onsNavigation linkBold typefaceGroup Management Groups Create it means, to open the required page click on Group management then on Groups and finally click Create tab Name of a particular parameter / field / command button text Lowercase italic typeEnter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked Cross references Hyperlink in different colorrefer to Customizing UserdatabaseClicking on the link will open the particular topic Notes & points to remember Bold typeface between the black borders Note PrerequisitesBold typefaces between the black borders Prerequisite Prerequisite details Cyberoam Anti Spam Implementation Guide 7 Over vi ewWelcome to Cyberoams Anti Spam User guide. Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the security needs of corporates, government organizations, and educational institutions.

Cyberoamsperfectblendofbest-of-breedsolutionsincludesUserbasedFirewall,Content filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN. CyberoamprovidesincreasedLANsecuritybyprovidingseparateportforconnectingtothe publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection. CyberoamAntiSpamasapartofunifiedsolutionalongwithAntiVirusandIDP(Intrusion Detection and Prevention), provides real time virus and spam scanning. AntiSpammoduleisanadd-onmodulewhichneedstobesubscribedbeforeuse.Referto Licensing section for details on registration. Spam Spam refers to electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited e-mail. Spamming is to indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages, especially commercial advertising in mass quantities. In other words, it is an inappropriate attempt touseamailinglist,orothernetworkedcommunicationsfacilityasabroadcastmediumby sending the same message to a large number of people who did not ask for it. In addition to being a nuisance, it also eats up a lot of network bandwidth. Because the Internet is a public network, little can be done to prevent spam, just as it is impossible to prevent junk mail. However, the use of software filters in e-mail programs can be used to remove most spam sent through e-mail to certain extent. With the number of computer users growing and the exchange of information via the Internet and emailincreasesinvolume,spamminghasbecomean almosteverydayoccurrence.Apartfrom network bandwidth, it also affects the employees productive as deletion of such mails is a huge task. Anti spam protection is therefore a priority for anyone who uses a computer. Cyberoam Anti Spam Implementation Guide 8

Cyber oam Gat eway Ant iSpam Cyberoam Gateway Anti Spam provides you with powerful tools for scanning and detecting spam in the e-mail traffic. Cyberoam Gateway Anti Spam inspects all incoming emails - SMTP, POP3 andIMAPtraffic-beforethemessagesaredeliveredtothereceiver'smailbox.Ifspamis detected,dependingonthepolicyandrulesset,emailsareprocessedanddeliveredtothe recipientunaltered,rejectandgenerateanotificationonthemessagerejection,addorchange subject or change the receiver. Cyberoam Gateway Anti Spam is fully compatible with all the mail systems and therefore can be easily integrated into the existing network. Cyberoam Anti Spam allows to: Scan email messages for spamming by protocols namely SMTP, POP3, IMAP Monitors mails received from Domain/IP address Detect spam mails using RBLs Accept/Reject messages based on message size and message header Customize protection of incoming and outgoing e-mail messages by defining scan policies Set different actions for SMTP, POP and IMAP spam mails Configure action for individual email address Notify receivers about spam messages Cyberoam Anti Spam Implementation Guide 9 Enabl e Sc anni ngEnableanti-spamscanningusingfirewallrules.Whileanti-spamsettingscanbeconfiguredfor system-wide use, they can also be implemented with specific settings on a per user basis. Refer to CyberoamUserGuide,Firewallsectionforcreatingfirewallrulesforenablingtheanti-spam scanning. You can enable anti spam scanning by creating firewall rule for: ZoneUser/User Group Host/Host Group By enabling scanning through firewall, you can customize levels of protection. For example, while trafficbetweenLANandWANmightneedstrictprotection,trafficbetweentrustedinternal addresses might need moderate protection.Hence you can enable/disable scanning for particular combination of source and destination IP address or domain. Spam Pol i cy As soon as you register Cyberoam Gateway Anti-spam module, default spam policy is applicable to all the incoming email traffic. Default spam policy is the general policy and not fit-for-all policy and hence might allow certain spam mails while block certain required mails also. Fine tuning the policiesmeansreducingthespamattacksandchancesofloosinganyimportantandrequired mails. Spampolicy defineswhatactionisto betakenifthemailisidentifiedasa spamandto which emailaddressthecopyofmailistobesend.Asnetworkscanningrulescontrolallthetraffic passing through the Cyberoam and decide whether to scan or bypass mail, policy will be applied to that traffic only that is filtered by network scanning rule. Types of Policies 1.Global Global policy is applicable to all the users. Cyberoam provides blank corporate policy which can be customized as per the requirement. 2.Default Defaultpolicyisapplicabletoalltheusersexceptforthoseusersforwhomthepersonal policy is defined. Default policy is applicable to all the users as soon as you register the Anti Spam module. 3.Custom/Personal Cyberoam allows defining custom policy as per the individual user requirement. Custom user policy is applicable to only that user for whom the policy is created. Scanning rules defines which scanning policy is to be applied to which recipient email address i.e. maps scanning policy to the email address. Cyberoam Anti Spam Implementation Guide 10 Detection of spam attributes Cyberoam uses content filtering and three RBLs - Real time Black hole Lists to check for the spam attributes: Message size Message header Premium RBL Reliable RBL Standard RBL RBLisalistofIPaddresseswhoseownersrefusetostoptheproliferationofspami.e.are responsible for spam or are hijacked for spam relay. Cyberoam will check each RBL for the connecting IP address. If the IP address matches to the one on the list then the specified action in policy is taken. Actions Accept Accepts and delivers the mail to the intended receiver. This action can be defined for both SMTP and POP/IMAP protocols. Reject Rejects the mail. This action sends the notification message to sender. This action can be defined only for SMTP protocol. Drop Drops the mail. This action does not send any notification message to sender. This action can be defined only for SMTP protocol. Change Recipient - Accepts the mail but delivers the mail to the specified receiver and not to the receiver for whom the mail was originally send. This action can be defined only for SMTP protocol only. PrefixSubjectAcceptsanddeliversthemailtotheintendedreceiverbutafterchangingthe subject of the mail. You can customize the subject in such a way that the receiver knows that the mail is a spam mail. This action can be defined for both SMTP and POP/IMAP protocols. Cyberoam Anti Spam Implementation Guide 11 Gl obalpol i c y Cyberoam provides the blank global policy which can be customized as per your requirement. By default, global policy applies to all the users. There is no need to apply the global policy to the users using rules. SelectAntiSpamSpamPolicyGlobalpolicytocustomizepolicy.RefertoAdd advanced rules for more details. Def aul tpol i c y Cyberoamprovidesablankdefaultpolicywhichcanbecustomizedasperyourrequirement. Default policy will be applied to those users only for whom custom/personal policy is not defined. SelectAntiSpamSpamPolicyDefaultpolicytocustomizepolicy.RefertoAdd advanced rules for more details. Cyberoam Anti Spam Implementation Guide 12 Cust om pol i c y Custom scan policy allows you to specify the spam filtering level security i.e. action severity based on your requirement.Create Custom Scan policy Select Anti SpamSpam policyCreate Custom policy to open the create page Screen - Create Custom Spam policy Screen ElementsDescription Spam Policy details NameSpecify policy name. Choose a name that best describes the policy Policy DescriptionSpecify full description of the policySendcopytoemail address Specify email addresses to which the mail copy is to be send. More than one address can be specified using commaFor example john@hotmail.com,,joe@yahoo.com This option can be applied for SMTP protocol only Create buttonCreates the policy.Cancel buttonCancels the current operationAdd buttonIfthepolicyissuccessfullycreated,createadvancedscanningrulesto specifywhatactionistobetakenonmailidentifiedasSPAMafter successful creation of the policy. Refer to Manage Custom Policy for more detail for defining actions. Table Create Custom Spam policy screen elements Cyberoam Anti Spam Implementation Guide 13 Manage Custom Spam policy Select Anti SpamSpam PolicyManage Custom policy to view the list of policies created. Click the policy to be modified. Screen Manage Custom Spam policy Screen ElementsDescription Spam Policy details NameDisplays policy namePolicy DescriptionDisplays full description of the policy, modify if requiredSendcopytoemail address Displaysemailaddressestowhichthemailcopywillbesend, modify if required. More than one address can be specified using comma For example john@hotmail.com,,joe@yahoo.com This option can be applied for SMTP protocol only.Update buttonUpdates and saves modifications done in any of the above fieldsCancel buttonCancels the current operationAdvanced Rules Advanced Rules Cyberoam Anti Spam Implementation Guide 14 Screen ElementsDescription Add buttonClicktodefinetheactiontobetakenonmailsifthematching condition is found.Refer Add Advanced Rules for details. Delete buttonAllows to delete the condition Select the condition to be deleted and click delete Create buttonSaves the action rule Cancel buttonCancels the current operationTable Manage Custom Spam policy screen elements Add Advanced Rules Select Anti SpamSpam PolicyManage Custom policy to view the list of policies created. Click the policy to which action rules are to be added. Cyberoam Anti Spam Implementation Guide 15 Conditions When Cyberoam Anti Spam identifies Mail as SPAM, Cyberoam accepts and delivers the mail totheintended receiverbutonly after addingaprefixSPAMto theoriginal subjectofthe mail.Original subject: This is a test Receiver will receive the mail with subject line as: SPAM: This is a test You can customize the subject in such a way that the receiver knows that the mail is a spam mail. To specify the contents to be prefixed to the existing subject line, select Prefix Subject as action. You can set different actions for SMTP and POP. WhenCyberoamAntiSpamidentifiesMailasPROBABLESPAM,Cyberoamacceptsand delivers the mail to the intended receiver but after adding a prefix PROBABLE SPAM to the original subject of the mail.Original subject: This is a test Receiver will receive the mail with subject line as: PROBABLE SPAM: This is a test You can customize the subject in such a way that the receiver knows that the mail is a spam mail. To specify the contents to be prefixed to the existing subject line, select Prefix Subject as action. You can set different actions for SMTP and POP. From Email Address/IP address Specified action will be taken if the mail sender email or IP address matches the specified email address or IP address. YoucansetactionforSMTP only. From Email Address/IP address Specified action will be taken if the mail sender email or IP address belongs to the specified email address or IP address group. You can set action for SMTP only. Cyberoam Anti Spam Implementation Guide 16 Message Size - Specified action will be taken if the mail size matches the specified size. You can set different actions for SMTP and POP. Message Header - Specified action will be taken if the message header contains the specified text. You can set different actions for SMTP and POP. You can scan message header for spam in: Subject Specified action will be taken if the header contains the matching subject From - Specified action will be taken if the header contains the matching text in the From address. To - Specified action will be taken if the header contains the matching text in the To address. X-Mailer X-Mailer identifies the software that created the message i.e. email client. HeadersectionofmessagecontainsX-Mailerinformation.Thisallowsyoutoscan and detect spam based on email client and specify action for a particular email client.For example, if you want to scan and reject messages created using Outlook Express then specify X-Mailer as Microsoft Outlook Express and action as Reject X-SpamTestMethodX-SpamTestMethoddisplaysthemethodnamewhichis used for spam identification.Anti spam solutions use various methods to detect spam and after scanning add the X Spam Test Method tag along with the method name in the mail header.This scanning method can be used only if Cyberoam receives the tagged mail which isalreadyscannedbysomeotherantispamsolutionandyouknowthemethod name. X-SpamTestCategories-X-SpamTestCategoriesdisplaysthecategoryname under which the mail is detected as SPAM.IfAntiSpam solutionusescontentfilteringmethodtodetect spamthenitadded X SpamTestCategoriestagalongwiththecategorynameunderwhichthemailis detected as spam in the mail header. This scanning method can be used only if Cyberoam receives the tagged mail which isalreadyscannedbysomeotherantispamsolutionandyouknowthecategory name. Others Specified action will be taken if the matching text is found in the header RBL - Specified action will be taken if the sender is listed in the specified RBL Group Actions Following actions can be taken on the mail identified as the SPAMRejectCyberoamwillrejectthemessageandsendtherejectionnotificationtothemail sender. This action can be applied to SMTP protocol only. Drop Cyberoam will reject the message but no notification will be send. This action can be applied to SMTP protocol only. Accept Cyberoam will accept and deliver the message to the intended receiver Change Recipient Cyberoam will accept the message but will not deliver to the receiver for whom the message was originally send. Message will be send to the specified receiver. This action can be applied to SMTP protocol only.Prefix Subject Cyberoam will accept and deliver the message to the intended receiver but only after changing the subject of the message. You can customize the subject in such a way Cyberoam Anti Spam Implementation Guide 17 that the receiver knows that the mail is a spam mail. Specify the contents to be prefixed to the existing subject line.For Example Contents to be prefixed to the original subject: Spam notification from Cyberoam Original subject: This is a test Receiver will receive the mail with subject line as: Spam notification from Cyberoam - This is a test Cyberoam Anti Spam Implementation Guide 18 Change Advanced action rules Order Advanced action rules are ordered by their priority. When the rules are applied, they are processed from the top downwards and the first suitable rule found is applied. Hence, while adding multiple rules, it is necessary to put strict rules before moderate and general rules. Select Anti SpamManage Custom policy to view the list of policies created. Click the policy whose action rule order is to be changed. Click the rule whose order is to be changed Click Move Up to move the selected rule one-step up Click Move Down to move the selected rule one-step down Click Update Order to save the order Cyberoam Anti Spam Implementation Guide 19 Delete Custom Spam policy Prerequisite Not assigned any Rule Select Anti SpamSpam policyManage Custom policy to view the list of policies created Screen Delete Custom Spam policy Screen ElementsDescription DelSelect policy for deletion Click Del to select More than one policy can also be selectedSelect AllSelect all the policies for deletion Click Select Allto select all the policies Delete buttonDeletes all the selected policy/policies Table Delete Custom Spam policy screen elements Note Default policy cannot be deleted. Cyberoam Anti Spam Implementation Guide 20 Addr ess Gr oups Scanning rule can be defined for individual or group ofEmail addressIP address RBL (Real time black hole List) Address group is the group of email addresses, IP addresses, or RBLs. Whenever the policy is applied to the address group, policy is applied to all the addresses included in the group. RBLisalistofIPaddresseswhoseownersrefusetostoptheproliferationofspami.e.are responsibleforspamorarehijackedforspamrelay.ThisIPaddressesmightalsobeusedfor spreading virus. Cyberoam will check each RBL for the connecting IP address. If the IP address matches to the one on the list then the specified action in policy is taken. Cr eat e Addr ess Gr oups Select Anti SpamConfigurationAddress Groups to open the Address group page. Click Create to open the create page. Screen Create Email Address Group Cyberoam Anti Spam Implementation Guide 21 Screen ElementsDescription Address Group details NameSpecify group name Can be any combination of A Z, a z, _, 0 - 9 GroupSpecify group type. You can create group of RBLs, IP address or Email address.

RBLisalistofIPaddresseswhoseownersrefusetostopthe proliferation ofspami.e.areresponsibleforspamorarehijacked for spam relay. Cyberoam will check each RBL for the connecting IP address. If the IP address matches to the one on the list then the specified action in policy is taken. DescriptionSpecify full description Allows maximum of 255 characters Can be any combination of A Z, a z, _, 0 - 9 Create buttonCreatesgroupanddependingonthegrouptypeallowsadding email address, IP addresses or RBL names Click AddType all the email addresses to be grouped specified by comma e.g. john@yahoo.com, joe@hotmail.com Cancel buttonCancels the current operationTable Create Email Address Group screen elements Del et e Addr ess Gr oups Select Anti SpamConfigurationAddress Groups to view the list of groups created Screen Delete Address Group Screen ElementsDescription DelSelect address group for deletion Click Del to select Cyberoam Anti Spam Implementation Guide 22 Morethanoneaddressgroupcanalsobe selectedSelect AllSelect all the address group for deletion Click Select Allto select all the address groups Delete buttonDeletes all the selected address groups Table Delete Address Group screen elements Del et e i ndi vi dualaddr ess f r om Gr oup Select Anti SpamConfigurationAddress Groups to view the list of groups created. Click the group from which the address is to be deleted Screen Delete Address from Group Screen ElementsDescription DeleteSelect address for deletion Click Delete to select More than one address can also be selectedSelect AllSelect all the address for deletion Click Select Allto select all the addressDelete buttonDeletes all the selected addressTable Delete Address from Group screen elements Cyberoam Anti Spam Implementation Guide 23 Spam Rul e Scanning rules defines which scanning policy is to be applied to which recipient email address i.e. map scanning policy with the email address. A rule allows to apply: single policy for a email address or group of addresses multiple policies for a particular email address or group of addresses Cr eat e Spam r ul e Prerequisite Policy created Address group created (if rule is for group) Select Anti SpamSpam Rules to open the create page Screen - Create Spam Rule Screen ElementsDescription Spam Rule Details Action ItemSelect whether the rule is for individual email address or group Specify email address or select the Address Group Cyberoam Anti Spam Implementation Guide 24 Screen ElementsDescription RecipientEmail Address Specify recipient email address If the rule is for the complete domain the specify as @domainname e.g. @cyberoam.com Address GroupSpecify address group Policy NameSpecify policy to be applied. Accordingtotheactionspecifiedinthepolicy,mailswillbe delivered as original or will be tagged and forwarded to the receiver. Add buttonCreates rule Cancel buttonCancels the current operation Table Create Spam Rule screen elements Del et e Spam Rul e Select Anti SpamSpam Rules to view the list of rules created. Screen - Delete Spam Rule Screen ElementsDescription DelSelect rule for deletion Click Del to select More than one rule can also be selectedSelect AllSelect all the rules for deletion Click Select Allto select all the rules Delete buttonDeletes all the selected rules Table Delete Spam Rule screen elements Cyberoam Anti Spam Implementation Guide 25 Change Spam r ul e Or der Rules are ordered by their priority. When the rules are applied, they are processed from the top downwardsandthefirstsuitablerulefoundisapplied.Hence,whileaddingmultiplerules,itis necessarytoputstrictrulesbeforemoderateandgeneralrules.Defaultpolicyordercannotbe changes. Select Anti SpamSpam Rules Click the rule whose order is to be changed Click Move Up to move the selected rule one-step up Click Move Down to move the selected rule one-step down Click Update to save the order Cyberoam Anti Spam Implementation Guide 26 Loc alDomai ns Cyberoam also allows bypassing RBL scanning of mails for certain domains. For this, you have to define the domains as the trusted domains. Add Domai nsSelect Anti SpamConfigurationLocal DomainsType Domain name or IP address Click Add Mails from the specified domains will not be scanned for RBLs. Del et e Domai nsSelect Anti SpamConfigurationLocal Domain to view the list of domains that will be bypassed from RBL scanning Screen ElementsDescription DelSelect domain for deletion Click Del to select More than one domain can also be selectedSelect AllSelect all the domains for deletion Click Select Allto select all the domains Delete buttonDeletes all the selected domains Cyberoam Anti Spam Implementation Guide 27 Gener alConf i gur at i on Select Anti SpamConfigurationGeneral Configuration to open the configuration page Screen ElementsDescription Anti Spam Engine information DisplaystheAntiSpamEngineandAntiSpamDefinitionsdata base version installed and being used. It also displays when it was last updated. Cyberoamdetectsspamusingtheantispamdefinitiondatabase which contains currently identified spam signatures/definitions. Itisextremelyimportanttoupdateyouranti-spamdefinition databaseperiodically.Bydefault,databaseupdatesare automatically downloaded and installed on your computer every 30 minutes. You can update database manually also. File size restriction SMTPMailsgreater than size Specify file size for scanning. The SMTP mails greater then the specified size will not be scanned. SMTPMailsgreater than size Specify maximum file size for delivery. TheSMTPmailsgreaterthenthespecifiedsizewillnotbe delivered. Cyberoam Anti Spam Implementation Guide 28 Screen ElementsDescription POP3/IMAPMails greater than size Specify file size for scanning. ThePOP/IMAPmailsgreaterthenthespecifiedsizewillnotbe scanned. Header to detect recipient for POP3/IMAP Click Add to specify header which should be used for detecting the recipients address. By default, Cyberoam uses Delivered-To and Received headers. Default headers cannot be deleted Cyberoam Anti Spam Implementation Guide 29 Bypass Repor t i ng By default, Cyberoam Anti Spam generates reports for all the Internal Domains and Email Ids. To bypassreportingofcertaindomainsandemailids,AdministratorhastocreateanExclusion domain list and email id list. All the domains and email ids included in the exclusion list will not be included in the Anti Spam reports. Todefinetheexclusionlist,selectReportsConfigureLocalDomainsorselect ReportsConfigureBypass Email Ids Refer to Reports Guide for the details.