Start the year on the right foot

Renew your protection now with this limited-time offer

-50%Renew my protection

*Home users only

Get 50% discount!

Discover the plan that suits you best!

-50%See offer

Get 50% discount!

Discover the plan that suits you best!

This Christmas will be different

but we want to continue helping you protect your loved ones

-50%Renew my protection*

*Home users only

This Christmas will be different

but we want to continue helping you protect your loved ones

-50%View offer

Get 50% discount! Discover the plan that suits you best!

See offer

Get 50% discount! Discover the plan that suits you best!

See offer

Get 40% discount! Discover the plan that suits you best!

See offer

Renew and get 50% off*

Only available for 48 hours!

::

*For home users only

Renew at a discount
::

Renew and get 50% off*

Renew
*Home users only

*For home users only Renew and get 50% off*

::
Renew

Special offer: Renew and get 50% off**

Only available for 48 hours!

::

*For home users only

Renew at a discount

*For home users only Special offer: Renew and get 50% off*

::04
Renew

Are you a WatchGuard Partner or customer and need help with Panda products?

Welcome to Support!

Get 50% discount! Discover the plan that suits you best!

Click here!

Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Technical Support

Need help?

 

How to configure the email proxy for both inbound and outbound spam and virus filtering on Panda GateDefender eSeries

Information applies to:

Products
Panda GateDefender Integra eSeries
Panda GateDefender Performa eSeries

This article explains how to configure the email proxy for both inbound and outbound spam and virus filtering on Panda GateDefender eSeries. Bear in mind that a misconfiguration in any of these environments can significantly diminish the spam detection in the network and hence, the importance of following all these steps carefully and thoroughly.

Additionally, bear also in mind that the steps here indicated only apply to the scenarios described. Should you have a different scenario, you will need to apply the corresponding changes to your appliance.

Network examples

Inbound
In order to filter email prior to arriving at the internal mail server, configure the appliance to receive all Internet email and filter it appropriately prior to handing it off the mail server.



Should you already have internal mail filtering to provide multiple layers of filtering and email security, use the appliance to add a second level of filtering.

Outbound
Additionally, configure the appliance to transparently scan and filter all outbound SMTP email.



This will ensure that all email from the mail server as well as any internal computer that may be sending email directly to the Internet are filtered appropriately before sending to the Internet.

Configuration steps

  1. Open the administration console.
  2. Activate Enable SMTP proxy by clicking the grey button (it will turn green).

  3. Configure the (1) outbound email filtering mode for each of the internal networks (GREEN, ORANGE, BLUE) to Transparent, as this will ensure all outbound SMTP traffic is scanned automatically with no client side changes required.
  4. Enable inbound email filtering (2) by selecting Active mode under the RED interface.
  5. In the Spam settings section, check the Filter mail for spam box and configure the default action to take for messages marked spam (1). By default, the option Move to quarantine location will be used.

  6. Provide a spam subject line (2) to be added to any marked spam emails. It is not recommended to alter the default spam identification levels (tag, mark, quarantine or notifications).
  7. Enable the Activate greylisting for spam box to provide an extra layer of spam protection.

    Note: Greylisting is a method used to reduce spam by automatically rejecting all unknown emails. If the email was legitimately, then the originating mail server will retry to send the email at which point it would be accepted. The theory is that any mass spam bot will not try to resend rejected email so only valid emails should get through.
  8. In the Virus settings section, activate Scan mail for virus.

  9. Configure the default action to take for messages marked as containing a virus. By default, Move to default quarantine location will be used.
    Additionally, an admin email can be provided to be copied for all virus notifications.
  10. Optionally, if needed or required, the blocking of certain file extensions can also be configured.

  11. Once all the configuration is complete, click Save and continue.
  12. In the Realtime Blacklist (RBL) section, enable the real-time blacklists for the eSeries appliance to use in checking for known blacklisted email servers. Panda GateDefender eSeries supports both IP and DNS-based RBLs.

  13. Once this is complete, click Save and continue.
  14. Optional: if Spam greylisting (Whitelists) is used, configure the greylisting whitelist for all known recipients, domains, and mail servers.


    This can help to reduce the inherent mail delivery delay associated with greylisting for known good mail sources.
  15. Next, setup all internal mail server domains that need to be filtered for incoming email by adding the domain and mail server IP address for that domain.
  16. Once this is complete, click Save and continue.
  17. Finally, in the Advanced tab, check and configure the advanced mail proxy settings (recommended and enabled by default). These include:
    • SMTP HELO name
    • Choose hard error limit
    • Reject invalid hostname
    • Verify recipient address
    • Choose maximum email content size
    • Spam preventions
  18. Click Save to apply the changes.

Warning
When using the SMTP proxy, do NOT add a DNAT (Port Forwarding) rule for SMTP to your mail server as this will force a bypass of the SMTP proxy and leave your internal mail server vulnerable to the Internet. See example below:

SMTP Proxy enabled and active on RED without Port Forwarding

SMTP Proxy enabled and active on RED with the Port Forwarding


Help nº- 20140703 41812 EN

Have you resolved your query with this article?

yes no

Thanks for your answer


Why didn't you find it helpful?


The instructions are too complex.
The instructions are too long.
The instructions don't work.
I'd rather have a video.
Other reasons.




Talk to a technician!

 

Business hours: Mondays-Fridays 9:00 to 18:00 CET

Outside business hours, please use the online form.





ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT
ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT