ZyXEL Communications ZyWALL5UTM 4.0 15.1.4 Whitelist, 15.1.5 Blacklist, 15.1.6 SMTP and POP3

ZyWALL 5/35/70 Series User’s Guide

The anti-spam external database checks for spoofing of e-mail attributes (like the IP address) and uses statistical analysis to detect phishing.

Configure whitelist entries to identify legitimate e-mail. The whitelist entries have the ZyWALL classify any e-mail that is from a specified sender or uses a specified MIME (Multipurpose Internet Mail Extensions) header or MIME header value as being legitimate (see Section 15.1.7 on page 266 for more on MIME headers). The anti-spam feature checks an e-mail against the whitelist entries before doing any other anti-spam checking. If the e-mail matches a whitelist entry, the ZyWALL classifies the e-mail as legitimate and does not perform any more anti-spam checking on that individual e-mail. A properly configured whitelist helps keep important e-mail from being incorrectly classified as spam. The whitelist can also increases the ZyWALL’s anti-spam speed and efficiency by not having the ZyWALL perform the full anti-spam checking process on legitimate e-mail.

Configure blacklist entries to identify spam. The blacklist entries have the ZyWALL classify any e-mail that is from a specified sender or uses a specified MIME (Multipurpose Internet Mail Extensions) header or MIME header value as being spam. If an e-mail does not match any of the whitelist entries, the ZyWALL checks it against the blacklist entries. The ZyWALL classifies an e-mail that matches a blacklist entry as spam and immediately takes the action that you configured for dealing with spam. The ZyWALL does not perform any more anti- spam checking on that individual e-mail. A properly configured blacklist helps catch spam e- mail and increases the ZyWALL’s anti-spam speed and efficiency.

Simple Mail Transfer Protocol (SMTP) is the Internet’s message transport standard. It controls the sending of e-mail messages between servers. E-mail clients (also called e-mail applications) then use mail server protocols such as POP (Post Office Protocol) or IMAP (Internet Message Access Protocol) to retrieve e-mail. E-mail clients also generally use SMTP to send messages to a mail server. The older POP2 requires SMTP for sending messages while the newer POP3 can be used with or without it. This is why many e-mail applications require you to specify both the SMTP server and the POP or IMAP server (even though they may actually be the same server).

The ZyWALL’s anti-spam feature checks SMTP (TCP port 25) and POP3 (TCP port 110) e- mails. The anti-spam feature does not check (or act upon) e-mails that use other protocols (such as IMAP) or other port numbers.