Technical Support

Need help?

 

How to configure the email proxy for both inbound and outbound spam and virus filtering on Panda GateDefender eSeries

Information applies to:

Products
Panda GateDefender Integra eSeries
Panda GateDefender Performa eSeries

This article explains how to configure the email proxy for both inbound and outbound spam and virus filtering on Panda GateDefender eSeries. Bear in mind that a misconfiguration in any of these environments can significantly diminish the spam detection in the network and hence, the importance of following all these steps carefully and thoroughly.

Additionally, bear also in mind that the steps here indicated only apply to the scenarios described. Should you have a different scenario, you will need to apply the corresponding changes to your appliance.

Network examples

Inbound
In order to filter email prior to arriving at the internal mail server, configure the appliance to receive all Internet email and filter it appropriately prior to handing it off the mail server.



Should you already have internal mail filtering to provide multiple layers of filtering and email security, use the appliance to add a second level of filtering.

Outbound
Additionally, configure the appliance to transparently scan and filter all outbound SMTP email.



This will ensure that all email from the mail server as well as any internal computer that may be sending email directly to the Internet are filtered appropriately before sending to the Internet.

Configuration steps

  1. Open the administration console.
  2. Activate Enable SMTP proxy by clicking the grey button (it will turn green).

  3. Configure the (1) outbound email filtering mode for each of the internal networks (GREEN, ORANGE, BLUE) to Transparent, as this will ensure all outbound SMTP traffic is scanned automatically with no client side changes required.
  4. Enable inbound email filtering (2) by selecting Active mode under the RED interface.
  5. In the Spam settings section, check the Filter mail for spam box and configure the default action to take for messages marked spam (1). By default, the option Move to quarantine location will be used.

  6. Provide a spam subject line (2) to be added to any marked spam emails. It is not recommended to alter the default spam identification levels (tag, mark, quarantine or notifications).
  7. Enable the Activate greylisting for spam box to provide an extra layer of spam protection.

    Note: Greylisting is a method used to reduce spam by automatically rejecting all unknown emails. If the email was legitimately, then the originating mail server will retry to send the email at which point it would be accepted. The theory is that any mass spam bot will not try to resend rejected email so only valid emails should get through.
  8. In the Virus settings section, activate Scan mail for virus.

  9. Configure the default action to take for messages marked as containing a virus. By default, Move to default quarantine location will be used.
    Additionally, an admin email can be provided to be copied for all virus notifications.
  10. Optionally, if needed or required, the blocking of certain file extensions can also be configured.

  11. Once all the configuration is complete, click Save and continue.
  12. In the Realtime Blacklist (RBL) section, enable the real-time blacklists for the eSeries appliance to use in checking for known blacklisted email servers. Panda GateDefender eSeries supports both IP and DNS-based RBLs.

  13. Once this is complete, click Save and continue.
  14. Optional: if Spam greylisting (Whitelists) is used, configure the greylisting whitelist for all known recipients, domains, and mail servers.


    This can help to reduce the inherent mail delivery delay associated with greylisting for known good mail sources.
  15. Next, setup all internal mail server domains that need to be filtered for incoming email by adding the domain and mail server IP address for that domain.
  16. Once this is complete, click Save and continue.
  17. Finally, in the Advanced tab, check and configure the advanced mail proxy settings (recommended and enabled by default). These include:
    • SMTP HELO name
    • Choose hard error limit
    • Reject invalid hostname
    • Verify recipient address
    • Choose maximum email content size
    • Spam preventions
  18. Click Save to apply the changes.

Warning
When using the SMTP proxy, do NOT add a DNAT (Port Forwarding) rule for SMTP to your mail server as this will force a bypass of the SMTP proxy and leave your internal mail server vulnerable to the Internet. See example below:

SMTP Proxy enabled and active on RED without Port Forwarding

SMTP Proxy enabled and active on RED with the Port Forwarding


Help nº- 20140703 41812 EN
ALWAYS ONLINE TO HELP YOU TWITTER FORUM
ALWAYS ONLINE TO HELP YOU TWITTER FORUM