Document Version 10.04.4.0028 - 08/10/2013: Cyberoam Anti Spam Implementation Guide

Cyberoam Anti Spam
Implementation Guide
Version 10
Cyberoam Anti Spam Implementation Guide

Version 7
Document Version 10.04.5.0007 - 30/11/2013

Document Version 10.04.4.0028 - 08/10/2013

Version 7
Version 7
Cyberoam Anti Spam Configuration Guide
Important Notice
Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but
is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any
products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document.
Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications.
Information is subject to change without notice.
USERS LICENSE
Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License
Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances.
You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html and the Warranty Policy for Cyberoam
UTM Appliances at http://kb.cyberoam.com.
RESTRICTED RIGHTS
Copyright 1999 - 2013 Cyberoam Technologies Pvt. Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Cyberoam Technologies Pvt. Ltd.
Corporate Headquarters
901, Silicon Tower, Off. C.G. Road,
Ahmedabad 380006, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.cyberoam.com
Contents
Preface ................................................................................................................................. 3
About this Guide ................................................................................................................. 4
Overview .............................................................................................................................. 6
Spam .................................................................................................................................... 7
Cyberoam Gateway Anti Spam .......................................................................................... 8
Configuration ..................................................................................................................................... 9
Configuration .................................................................................................................................... 9
Address Group ............................................................................................................................... 11
Email Archiver ................................................................................................................................ 14
Spam Rules ...................................................................................................................................... 16
Spam Rules ................................................................................................................................... 17
Quarantine ........................................................................................................................................ 23
Quarantine Digest Settings ............................................................................................................ 23
Quarantine Area ............................................................................................................................. 27
Trusted Domain ............................................................................................................................... 28
Preface
Cyberoam Unified Threat Management appliances offer identity-based comprehensive security to
organizations against blended threats - worms, viruses, malware, data loss, identity theft; threats
over applications viz. Instant Messengers; threats over secure protocols viz. HTTPS; and more.
They also offer wireless security (WLAN) and 3G wireless broadband and analog modem support
can be used as either Active or Backup WAN connection for business continuity.
Cyberoam integrates features like stateful inspection firewall, VPN, Gateway Anti-Virus and AntiSpyware, Gateway Anti-Spam, Intrusion Prevention System, Content & Application Filtering, Data
Leakage Prevention, IM Management and Control, Layer 7 visibility, Bandwidth Management,
Multiple Link Management, Comprehensive Reporting over a single platform.
Cyberoam has enhanced security by adding an 8th layer (User Identity) to the protocol stack.
Advanced inspection provides L8 user-identity and L7 application detail in classifying traffic,
enabling Administrators to apply access and bandwidth policies far beyond the controls that
traditional UTMs support. It thus offers security to organizations across layer 2 - layer 8, without
compromising productivity and connectivity.
Cyberoam UTM appliances accelerate unified security by enabling single-point control of all its
security features through a Web 2.0-based GUI. An extensible architecture and an IPv6 Ready
Gold logo provide Cyberoam the readiness to deliver on future security requirements.
Cyberoam provides increased LAN security by providing separate port for connecting to the
publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are
visible the external world and still have firewall protection.
Note
Default Web Admin Console username is admin and password is admin

Cyberoam recommends that you change the default password immediately after installation to
avoid unauthorized access.
About this Guide

This Guide provides information on how to configure Cyberoam Anti Spam solution and helps you
manage and customize Cyberoam to meet your organizations various requirements including
restriction of spam mails, creation of groups and archiving Emails to control web as well as
application access.
Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.
Item
Convention
Server
Machine where Cyberoam Software - Server component is

installed
Machine where Cyberoam Software - Client component is
installed
The end user
Username uniquely identifies the user of the system
Client
User
Username
Part titles
Topic titles
Example
Bold and
shaded font
typefaces
Shaded font
typefaces
Report
Introduction
Subtitles
Bold & Black

typefaces
Navigation link
Bold typeface
System Administration Appliance Access

it means, to open the required page click on System then on
Administration and finally click Appliance Access
Name of a
particular
parameter /
field / command
button text
Cross
references
Notes & points
to remember
Lowercase
italic type
Enter policy name, replace policy name with the specific

name of a policy
Or
Click Name to select where Name denotes command button
text which is to be clicked
refer to Customizing User database Clicking on the link will
open the particular topic
Prerequisites
Bold typefaces
between the
black borders
Hyperlink in
different color
Bold typeface
between the
black borders
Notation conventions
Note
Prerequisite
Prerequisite
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
901, Silicon Tower
Off C.G. Road
Ahmedabad 380006
Gujarat, India.
Phone: +91-79-66065606
Fax: +91-79-26407640
Cyberoam contact:
Technical support (Corporate Office): +91-79-26400707
Email: support@cyberoam.com
Visit www.cyberoam.com for the regional and latest contact information.
Overview
Welcome to Cyberoams Anti Spam User guide.
Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the
security needs of corporate, government organizations, and educational institutions.
Cyberoams perfect blend of best-of-breed solutions includes User based Firewall, Content
filtering, Anti Virus, Anti Spam, Intrusion Prevention System (IPS), and VPN(IPSec and SSL).
Cyberoam provides increased LAN security by providing separate port for connecting to the
publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are
visible to the external world and still have firewall protection.
Cyberoam Anti Spam as a part of unified solution along with Anti Virus and IPS (Intrusion
Prevention System) provides real time virus and spam scanning.
Anti Spam module is an add-on module which needs to be subscribed before use.
Note
All the screen shots in the Cyberoam User Guides have been taken from NG series of appliances. The
feature and functionalities however remains unchanged across all Cyberoam appliances.
Spam
Spam refers to electronic junk mail or junk newsgroup postings. Some people define spam even
more generally as any unsolicited Email.
Spamming is to indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages,
especially commercial advertising in mass quantities. In other words, it is an inappropriate attempt
to use a mailing list, or other networked communications facility as a broadcast medium by
sending the same message to a large number of people who did not ask for it.
In addition to being a nuisance, it also eats up a lot of network bandwidth. Because the Internet is
a public network, little can be done to prevent spam, just as it is impossible to prevent junk mail.
However, the use of software filters in Email programs can be used to remove most spam sent
through Email to certain extent.
With the number of computer users growing and the exchange of information via the Internet and
Email increases in volume, spamming has become an almost everyday occurrence. Apart from
network bandwidth, it also affects the employees productive as deletion of such mails is a huge
task. Anti spam protection is therefore a priority for anyone who uses a computer.
Cyberoam Gateway Anti

Spam
Cyberoam Gateway Anti Spam provides a powerful tool for scanning and detecting infection and
Spam in the mail traffic (SMTP, POP3, and IMAP) as well as web (HTTP) traffic that passes
through the appliance. Cyberoam Anti Spam as a part of unified solution along with Anti Virus and
IPS (Intrusion Prevention System), provides real time virus scanning that protects all network
nodes workstations, files servers, mail system from known and unknown attacks by worms and
viruses, Trojans, spyware, adware, spam, hackers and all other cyber threats.
Cyberoam detects spam mails based on:
RBL (Real time Blackhole List)
Mass distribution pattern using RPD (Recurrent Pattern Detection) technology for which
Gateway Anti Spam module subscription is required. RPD technology responsible for
proactively probing the Internet to gather information about massive spam outbreaks from the
time they are launched. This technology is used to identify recurrent patterns that characterize
massive spam outbreaks.
Cyberoam Gateway Anti Spam solution provides a powerful tool for scanning and detecting
infection and Spam in the mail traffic (SMTP, POP3, and IMAP) as well as web (HTTP) traffic that
passes through the appliance. It inspects all the inbound mails i.e., incoming Emails - SMTP,
POP3, and IMAP traffic - before the messages are delivered to the receiver's mail box and all
outbound mails i.e., outgoing Emails - SMTP traffic - sent by the user from an Email Client. Two
separate policies and firewall rules must be configured for inbound and outbound mail traffic. If
Spam is detected, depending on the policy and the rules set, action is taken on Email. On
detecting a Spam in incoming traffic, Emails are processed and delivered to the recipient
unaltered, reject and generate a notification on the message rejection, add or change subject or
change the receiver. If Spam is detected in an outgoing SMTP traffic, Emails are rejected and
generate a notification on the message rejection, dropped and a notification is generated or
changes the receiver. Integration into existing network is easy as it is fully compatible with all the
mail systems.
Note
Outbound Anti Spam is a subscription based module.
Cyberoam Anti Spam allows to:

Scan Email messages for spamming by protocols namely SMTP, POP3, IMAP
Monitor and proactively detect recurrent patterns in spam mails and combat multi-format text,
images, HTML etc. and multi-language threats
Monitor mails received from Domain/IP Address
Detect spam mails using RBLs. If Anti Spam module is not subscribed, Cyberoam will detect
spam mails based on RBL only and not on recurrent patterns in mails.
Accept/Reject messages based on message size and message header
Customize protection of incoming and outgoing Email messages by defining scan policies
Set different actions for SMTP, POP and IMAP spam mails
Configure action for individual Email Address
Notify receivers about spam messages
Configuration
Spam Rules
Quarantine
Trusted Domain
Configuration
Anti Spam Configuration allows configuring scanning rules for traffic SMTP, POP, and IMAP
defined on Address Groups or individual Emails Address or IP Address or RBLs. Administrator is
notified for critical events via system warnings and Email notifications. The administrator can
archive almost all the Emails coming into the organization and thereby keep a close watch over
data leakage.
Configuration
Address Group
Email Archiver
Configuration
Configure restrictions on mails from Anti Spam Configuration Configuration.
Screen Configure Parameters
Screen Elements
Description
Bypass Spam Check

For
SMTP
Authenticated
Connections
Click Bypass Spam check for SMTP Authenticated

Connections to bypass the Spam scanning of the
authenticated traffic.
If enabled, SMTP authenticated connections are bypassed
from RBL and RPD based Spam checking.
Verify
Senders
IP
By default, it is disabled.
Enable IP Reputation, if you want to verify the reputation of
Reputation
SMTP Mails Greater

Than Size
the sender IP Address. Cyberoam dynamically checks the

sender IP Address and denies SMTP connection if IP
Address is found to be responsible for sending spam mails
or malicious contents.
If both Bypass Spam check for SMTP authenticated
Connections and Verify Senders IP reputation are
enabled, for the authenticated connections, spam scanning
based on RBL and RPD will be given the precedence.
Specify maximum size (in KB) of the file to be scanned.
Files exceeding this size received through SMTP will not be
scanned.
By default, SMTP mails exceeding 1024 KB in size are not
scanned.
Specify 0 to increase default file size restriction for
scanning to 51200 KB i.e. files exceeding 51200 KB will not
be scanned if 0 is configured.
Note
For Cyberoam CR15i models:
Specify 0 for default size restriction of 1024 KB i.e. files
exceeding 1024 KB will not be scanned if 0 is configured.
SMTP Oversize Mail
Action
Specify the action to be taken on oversize files i.e. Accept,

Reject and Drop.
Accept all the oversize mails are forwarded to the
recipient without scanning.
Reject all the oversize mails are rejected and
notification is displayed to the user.
Drop all the oversize mails are dropped.
POP3 / IMAP Mails

Greater Than Size
Specify maximum size (in KB) of the file to be scanned.

Files exceeding this size received through POP / IMAP will
not be scanned and forwarded to the recipient without
scanning.
By default, POP3/IMAP mails exceeding 1024 KB in size
are not scanned.
Specify 0 to increase default file size restriction for
scanning to 10240 KB i.e. files exceeding 10240 KB will not
be scanned if 0 is configured.
Note
For Cyberoam CR15i models:
Specify 0 for default size restriction of 1024 KB i.e. files
exceeding 1024 KB will not be scanned if 0 is configured.
10
Header
To
Detect
Recipient or POP3 /
IMAP
Specify Header value to detect recipient for POP3 / IMAP.

Click Add icon
to add headers and Remove icon
to
delete the header which is used for detecting the recipients
address.
Table Configure Parameters screen elements
Address Group
Address Group is the group of Email Addresses, IP Addresses, or RBLs. An address can be
member of multiple groups. To make configuration simpler you can group addresses when
applying policy. Policy applied on the address group is applicable on all the group members.
To make it easier to add Anti Spam rules, create groups of Email Addresses or IP Addresses, or
RBLs and then add one Spam Rule to take action for all Address in the group. An Address can be
member of multiple groups i.e. Address can be included in multiple Address Group.
Scanning rule can be defined for individual or group of
Email Address or Domain
IP Address
RBL (Real time black hole List) (applicable only for the spam mails)
RBL is a list of IP Addresses whose owners refuse to stop the proliferation of spam i.e. are
responsible for spam or are hijacked for spam relay. This IP Addresses might also be used for
spreading virus.
Cyberoam will check each RBL for the connecting IP Address. If the IP Address matches to the
one on the list then the specified action in policy is taken.
To manage Address Groups, go to Anti Spam Configuration Address Group.
Add
View
Edit Click the Edit icon
in the Manage column against the Address Group to be modified.
Edit Address Group pop-up window is displayed which has the same parameter as the Add
Address Group window. Alternately, Click on the Address Group Name to open the Edit
Address Group window.
Delete Click the Delete icon
in the Manage column against an Address Group to be
deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the
Address Group. To delete multiple Address Groups, select them
and click the Delete button.
11
Manage Address Group

To manage Address Groups, go to Anti Spam Configuration Address Group.
Screen Manage Address Group
Screen Elements
Description
Add Button
Add a new Address Group.
Name
Name of the Address Group.
Type
Type of Group: RBL, IP Address, Email Address/Domain.
Description
Displays Address Group Description.
Import Icon
Click
Edit Icon
Delete Button
Edit the Address Group.

Delete the Address Group.
to import the Address Groups.
Alternately, click the Delete icon against the address group

to be deleted.
Table Manage Address Group screen elements
Import Email Address into an existing Address Group

Instead of adding addresses again in Cyberoam, if you already have address detail in a file, you
can upload file. If the file has multiple addresses then each address must be on the new line. File
with comma-separated address will give error at the uploading.
Click the Import Button to import CSV or text file. Select the complete path of information file.
12
Address Group Parameters

To add or edit an Address Group, go to Anti Spam Configuration Address Group.
Click Add Button to add a new group or Edit Icon to modify the details.
Screen Add Address Group
Screen Elements
Description
Name
Group Type
Specify a name to identify the Group.

Select the Group Type.
Available Options:
RBL RBL is a list of IP Addresses whose owners
refuse to stop the proliferation of spam i.e. are
responsible for spam or are hijacked for spam relay.
Cyberoam will check each RBL for the connecting IP
Address. If the IP Address matches to the one on the
list then the specified action in policy is taken.
Specify Domain Name to be added as RBLs to the
Address Group.
IP Address Specify IP Addresses or Network
address that you want to group.
Email Address / Domain Specify Email Address or
Domain Name to be added to the Address Group.
On selecting Email Address/Domain select the type
of Address Group from the available options:
13
Available Options:
Import Select to browse and import a CSV file or a text
file to add the Email Address/Domain to address group.
Manual Select to manually
Address/Domain to address group.
Description
add
Use Add button to add value to the list and

value to the list.
Provide description for Address Group.
Table Add Address Group screen elements
the
Email
to delete
Email Archiver
If you want Administrator or any other person in the organization to know about incoming mails into
the organization, you can specify Email Address to which you want to forward the copy of such
mails.
By using Email Archiver, the administrator can archive almost all the Emails coming into the
organization and thereby keep a close watch over data leakage. Emails of a specific recipient or a
group of recipients can be archived using Email Archiver. Create multiple archivers to send a copy
of Emails to more than one administrator.
Cyberoam can archive all Emails intended for a single or multiple recipients and can be forwarded
to the single administrator or multiple administrators from Anti Spam Configuration
Email Archiver. You can:
Add
View
in the Manage column against the Rule to be modified. Edit Email
Archiver window is displayed that has the same parameters as the Add Email Archiver window.
in the Manage column against Email Archiver to be deleted.
A dialog box is displayed asking you to confirm the deletion. Click OK to delete the Email
Archiver. To delete multiple Email Archivers, select them
Search Click the Search icon
in the Recipient column to search for specific recipients.
Address can be searched on the following criteria: is, is not, contains, does not contain. A popup window is displayed that has filter conditions for search. Click OK to get the search results
and Clear button to clear the results.
Screen Search Recipient
Search Criteria
Search Results
is
All the Recipients that exactly match with the string
14
specified in the criteria.

For example, if the search string is Test, only recipients
with the name exactly matching Test are displayed.
is not
All the Recipients that do not match with the string

For example, if the search string is Test, all recipients
except with the name exactly matching Test are
displayed.
contains
All the Recipients that contain the string specified in the

criteria.
For example, if the search string is Test, all the
recipients containing the string Test are displayed.
does
contain
not
All the Recipients that do not contain the string specified

in the criteria.
recipients not containing the string Test are displayed.
Table Search Recipient screen elements
Manage Email Archives
Screen Manage Email Archives
Screen Elements
Description
Add Button
Name
Recipient
Add a new Email Archive.

Email Archiver name.
Email Address of the recipient whose emails are archived.
Send Copy To
Email Address to which the Email copy is sent.
Edit Icon
Delete Button
This option can be applied to SMTP protocol only.

Edit the Email Archiver.
Delete the Email Archiver.
15
Alternately, click the Delete icon against the Email

Archiver to be deleted.
Table Manage Email Archivers screen elements
Add Email Archiver

To add or edit Email Archiver, go to Anti Spam > Configuration > Email Archiver.
Click the Add button to add an Email Archiver. To update the details, click on the Email Archiver or
Edit icon
in the Manage column against the Archivers you want to modify.
Screen Add Email Archiver
Screen Elements
Description
Name
Recipient
Specify a name for the Email Archiver.

Select Email Address of the recipient whose Emails are to
be archived.
Send Copy Of Email To
You can also add a new Email Address or domain from

the Email Archiver page itself.
Specify Email Address to which the Email copy is to be
sent.
This option can be applied to SMTP protocol only.

Table Add Email Archiver screen elements
Spam Rules
As soon as you subscribe Cyberoam Gateway Anti Spam, Spam Rules can be configured for
particular sender and recipients.
Spam Rule defines what action is to be taken if the mail is identified as a spam and to which Email
16
Address the copy of mail is to be sent. These rules can be applied directly to Email Addresses now
and thus, traffic can be directly scanned for Spam mails.
To reduce the risk of losing the legitimate messages, spam quarantine repository - a storage
location, provides administrators a way to automatically quarantine and remediate messages that
are identified as spam.
This will help in managing spam and probable spam quarantined mails and you can take
appropriate actions on such mails.
Detection of Spam attributes
Cyberoam uses content filtering and three RBLs - Real time Blackhole Lists to check for the
spam attributes in SMTP as well as POP3 / IMAP mails:
Premium
Standard
RBL is a list of IP Addresses whose owners refuse to stop the proliferation of spam i.e. are
responsible for spam or are hijacked for Spam Relay.
Cyberoam will check each RBL for the connecting IP Address. If the IP Address matches to the
one on the list then the specified action in policy is taken.
Spam Rules
Spam Rules
To manage Spam Rules, go to Anti Spam Spam Rules Spam Rules. You can:
Add
View
in the Manage column against the Spam Rule to be modified. Edit
Spam Rule window is displayed that has the same parameters as the Add Spam Rule window.
in the Sender and Recipient columns to search for specific
senders and recipients. Address can be searched on the following criteria: is, is not, contains,
does not contain. A pop-up window is displayed that has filter conditions for search. Click OK to
get the search results and Clear button to clear the results.
Screen Search Sender/Receiver

Search Criteria
Search Results
is
All the Senders or Recipients that exactly match with
17
the string specified in the criteria.

For example, if the search string is Test, only
senders/recipients with the name exactly matching
Test are displayed.
is not
All the Senders or Recipients that do not match with the

string specified in the criteria.
For example, if the search string is Test, all
senders/recipients except with the name exactly
matching Test are displayed.
contains
All the Senders or Recipients that contain the string

senders/recipients containing the string Test are
displayed.
does
contain
not
All the Senders or Recipients that do not contain the

senders/recipients not containing the string Test are
displayed.
Table Search Sender/Receiver screen elements

in the Manage column against a Spam Rule to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the Spam Rule.
To delete multiple Spam Rules, select them
Manage Spam Rules

To manage Spam Rules, go to Anti Spam Spam Rules Spam Rules.
Screen Manage Spam Rules
Screen Elements
Description
Add button
Name
Sender
Recipient
Add a new Spam Rule.

Displays name of the Spam Rule.
Sender Email ID.
Recipient Email ID.
18
Rules
Action
SMTP
POP3/IMAP
Edit Icon
Delete Button
Conditional Rule for restricting spam mails.

Conditions applied for the SMTP mails.
Conditions applied for the POP3 mails.
Edit the Spam Rule.
Delete the Spam Rule.
Alternately, click the Delete icon against the Spam Rule to
be deleted.
Table Manage Spam Rules screen elements
Spam Rule Parameters

To add or edit a Spam Rule, go to Anti Spam > Spam Rules > Spam Rules. Click the
Add button to add a Spam Rule. To update the rules, click on the Spam Rule or Edit icon
Manage column against the rule to be modified.
in the
Note
On subscribing Outbound Spam, parameter Anti Spam Module Has Identified Mail As is renamed as
Inbound Anti Spam Module Has Identified Mail As is displayed.
Screen Add Spam Rule
Screen Elements
Description
19
Name
Specify a name for Anti Spam Rule.
Recipient Email
Select Recipient Email Address. You can also add a list of

Email Address using Add Email Address link.
Sender Email
Select Sender Email Address. You can also add a list of

Email Address using Add Email Address link.
IF Conditions
Anti Spam / Inbound
Anti Spam Module Has
Identified Mail As
(Parameter
Inbound
Anti Spam Module Has
Identified Mail As is
displayed on Outbound
Spam subscription)
All the Email messages that are received by the users

those are in a network protected by Appliance are referred
as Inbound.
On configuring Appliance Inbound Spam, all the
messages received by the users are scanned for spam
and Email virus outbreak by the Appliance.
Specified action will be taken if the Anti Spam module has
identified the Inbound Email to be one of the following:
Spam
Probable Spam
Virus Outbreak
Probable Virus Outbreak
You can set different actions for SMTP and POP mails.
20
Outbound Anti Spam

Module Has Identified
Mail
As
(Option
available
only
on
subscription)
Messages that are sent by the user from network

protected by the Appliance to a remote user on other mail
system are referred as Outbound.
On configuring Appliance Outbound Spam, all the
messages sent by the users are scanned before being
delivered to other users on internet for spam and Email
virus outbreak.
Specified action will be taken if the Anti Spam module has
identified the Outbound Email to be one of the following:
Spam
Probable Spam
Virus Outbreak
Probable Virus Outbreak
Note
Outbound Spam is a subscription module.

You can set different actions only for SMTP.
This feature is not available in Cyberoam Models CRi

series, CRwi series, CR15iNG, CR15wiNG, CR25ia,
CR500i-8P.
From
IP
Belongs To
Address
Specified action will be taken if the mail sender IP Address

matches the specified IP Address.
Sender
IP
Address
Blacklisted by RBL
Specified action will be taken if the sender is listed in the

specified RBL Group.
Message Size Is
Specified action will be taken if the mail size matches the

specified size.
Select Message Header
Specified action will be taken if the message header

contains the specified text.
You can scan message header for spam in:
Subject Specified action will be taken if the header
contains the matching subject.
From Specified action will be taken if the header
contains the matching text in the From address.
To Specified action will be taken if the header contains
the matching text in the To address.
Others Specified action will be taken if the matching text
is found in the headers
21
Select None when you want to create a rule between

specific sender and recipient without any conditions. You
can set actions for SMTP and POP3/IMAP mails only on
the basis of sender and recipient.
None
Then
SMTP Action
Select the Action to be taken for SMTP traffic.

Available Options:
POP3/IMAP Action (Only for

Inbound Spam)
Reject
Drop
Accept (only for Inbound Spam)
Change Recipient
Prefix Subject (only for Inbound Spam)
Select the Action to be taken for POP3 / IMAP traffic.

Available Options:
Accept
Prefix Subject
Table Add Spam Rule screen elements

Following actions can be taken on the mail identified as the SPAM, Probable SPAM, VIRUS
OUTBREAK or Probable VIRUS OUTBREAK.
Protocol
SMTP
Action
Reject
Meaning
Mail is rejected and rejection notification is sent to
the mail sender.
SMTP
Drop
Mail is rejected but rejection notification is not

sent to the mail sender.
SMTP, POP3
Accept
Mail is accepted and delivered to the intended

receiver.
SMTP
Change
Recipient
Mail is accepted but is not delivered to the

receiver for whom the message was originally
sent.
Mail is sent to the receiver specified in the spam
policy.
22
SMTP, POP3
Prefix Subject
Mail is accepted and delivered to the intended

receiver but after tagging the subject line.
Tagging content is specified in spam policy.
You can customize subject tagging in such a way
that the receiver knows that the mail is a spam
mail.
For Example
Contents to be prefixed to the original subject:
Spam notification from Cyberoam
Original subject: This is a test
SMTP
Quarantine
Receiver will receive mail with subject line as:

Spam notification from Cyberoam - This is a test
Mail is quarantined and can be viewed or
downloaded from the Quarantine Area.
Table Manage Actions screen elements
Quarantine
Quarantine Digest is an Email and contains a list of quarantined messages filtered by Cyberoam
and held in the user Quarantine Area. If configured, Cyberoam mails the Quarantine Digest as per
the configured frequency to the user. Digest provides a link to User My Account from where user
can access his quarantined messages and take the required action.
Quarantine Digest Settings
Quarantine Area
Note
Entire Quarantine menu is not available for Cyberoam CR15i models.
Quarantine Digest Settings

Digest service can be configured globally for all the users or for individual users.
User receives Quarantine Digest as per the configured frequency.
The Quarantine Digest provides following information for each quarantined message:
Date and time: Date and time when message was received
Sender: Email Address of the sender
Recipient: Email Address of the receiver
Subject: Subject of the message
23
To manage Spam Digest, go to Anti Spam Quarantine Spam Digest Settings.

You can:
Configure
Change Users Quarantine Digest Settings
Manage Users Quarantine Digest Settings
Configure Quarantine Digest
Screen Spam Digest Settings
Screen Elements
Description
Quarantine Digest Settings (Spam Digest Settings will be applicable only after you
subscribe for "Gateway Anti Spam" module.)
Enable
Digest
Quarantine
Email Frequency
From Email Address
Enable Quarantine Digest to configure digest service for all

the users.
Specify the Quarantine Digest mail frequency.
Digest can be mailed every hour, every day at configured
time or every week on the configured day and time.
Specify Email Address from which the mail should be sent.
Digest mail will be sent from the configured mail address.
Display Name
Specify mail sender name. Digest mail will be sent with the
configured name.
Send Test Email
Click Send Test Email button and provide Email Address

to which the message is to be sent for Email Address
verification i.e. Email Address is valid or not.
24
Reference My Account
IP
Select Interface/Port IP from the Reference MyAccount

IP dropdown list.
User My Account link in Digest mail will point to this IP
Address. User can click the link to access his quarantined
messages and take the required action. The users not
falling under the specified Interface will have to access the
quarantined mail directly from their MyAccount.
Enable Allow User To Override Digest Settings, if you
want each user to override the digest setting i.e. user can
disable the digest service so that they do not receive the
Quarantine Digest.
Allow Override
Change
Quarantine
Settings
Users
Digest
Click Change Users Quarantine Digest Settings button to

change the digest setting of the individual users. It allows
selecting group and updating the Quarantine Digest
Setting of group members.
Table Quarantine Digest screen elements
Change Users Quarantine Digest Settings

Click Change Users Quarantine Digest Settings button to change the digest settings of the
individual users. It opens a new page which allows you to search groups and users for updating
the Quarantine Digest Settings of group members.
You can individually search for user and user groups.

Select the checkbox
against the user to enable the Quarantine Digest. If enabled, configured
Quarantine Digest Settings are applicable for the user.
Screen Change Users Spam Digest Settings
Manage Users Quarantine Digest Settings

Screen Elements
Description
User Name
Displays username.
Name
Displays a name for the User.
25
Group
Displays Group name.
Email
Displays Email Address.
Edit Icon
Edit Quarantine Digest.

To save the modifications done for Email Address, click
Save icon
and to cancel the modifications done click
Cancel icon
.
Table Manage Change Users Spam Digest
You can individually search for user and user groups.

in the Username and Current Group columns to search for
specific users and groups. Users and Groups can be searched on the following criteria: is, is
not, contains, does not contain. A pop-up window is displayed that has filter conditions for
search. Click OK to get the search results and Clear button to clear the results.
Screen Search Username
Screen Search Group
Search Criteria
Search Results
is
All the Users or Groups that exactly match with the

is not
contains
For example, if the search string is Test, only

users/groups with the name exactly matching Test
are displayed.
All the Users or Groups that do not match with the
For example, if the search string is Test, all
users/groups except with the name exactly matching
Test are displayed.
All the Users or Groups that contain the string
26
does not contain

users/groups containing the string Test are
displayed.
All the Users or Groups that do not contain the string

users/groups not containing the string Test are
displayed.
Table Search Username/Group screen elements
Select the checkbox
against the user to enable the Spam Digest. If enabled, configured Spam
Digest Settings are applicable for the user.
Quarantine Area
Under Quarantine Area, Quarantined Mails can be searched based on sender Email Address,
receiver Email Address, and subject.
Use Filter Result section to search for mails from the list of Quarantined Mails. To view and
release the Quarantined Mails go to, Anti Spam > Quarantine > Quarantine Area.
Cyberoam reserves 5GB for Quarantine Area. Once the quarantine repository is full, older Emails
are purged.
Manage Quarantined Mails
Screen Manage Quarantine Mails

Screen Elements
Filter Result
Start Date
Description
Select the starting date from Calendar by clicking on
Calendar
icon
End Date
Select the ending date from Calendar by clicking on

Calendar
icon
Sender
Specify a name for the Sender.
Receiver
Specify a name for the Receiver.
Filter
Click Filter to search mails from the list of Quarantined
27
Mails.
Clear
Click Clear to reset the details of Filter Result.
Subject
Specify a Subject.
Sender
Displays the Sender of the Mail.
Recipient
Displays the Recipient of the Mail.
Subject
Displays the Mail Subject.
Time Stamp
Timestamp when the mail was received.
Release Icon
Click on the Release Icon to move the mails from

Quarantine Area to recipients inbox.
Table Manage Quarantine Mails screen elements
Release Quarantined Mails

Either Administrator or user himself can release the Quarantined Mails. Administrator can release
the Quarantined Spam Mails from Quarantine Area while user can release from his My Account.
Released Quarantined Mails are delivered to the intended recipients inbox.
Administrator can access Quarantine Area from Anti Spam Quarantine Quarantine
Area, while user can logon to My Account and access Quarantine Area from Quarantine
Mails Spam Quarantine Emails.
If Quarantine Digest is configured, user will be mailed Digest everyday which consists of all the
Quarantined Mails.
Trusted Domain
Cyberoam also allows bypassing RBL scanning of mails from the certain domains. For this, you
have to define the domains as the trusted domains.
To manage local domains, go to Anti Spam > Trusted Domain > Trusted Domain. You
can:
Add Specify the Domain name and click the Add Button. Mails from the specified domains will
not be scanned.
in the Manage column against a Domain to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the Domain. To
delete multiple domains, select them
28
Screen Add/Remove Trusted Domain
View the list of Trusted Domains

Screen Element
Description
Add Button
Add a new Trusted Domain.
Domain Name
Displays a name for the Trusted Domain.
Delete Button
Delete the Trusted Domain.
29

Document Version 10.04.4.0028 - 08/10/2013: Cyberoam Anti Spam Implementation Guide

Uploaded by

Copyright:

Available Formats

Document Version 10.04.4.0028 - 08/10/2013: Cyberoam Anti Spam Implementation Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Document Version 10.04.4.0028 - 08/10/2013: Cyberoam Anti Spam Implementation Guide

Uploaded by

Copyright:

Available Formats

Cyberoam Anti Spam

Cyberoam Anti Spam Implementation Guide

Document Version 10.04.5.0007 - 30/11/2013