How to activate and configure Anti-Spam (CASS 2.0) feature in SonicWall firewalls

09/28/2021 186 People found this article helpful 486,625 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

The Comprehensive Anti-Spam Service (CASS) feature provides a quick, efficient, and effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your existing SonicWall UTM Appliance.

Prerequisites for CASS 2.0 (See Anti-spam - How to activate and configure Anti-Spam feature in SonicWall UTM appliances for CASS v1.0)

The following deployment prerequisites are required to use the Comprehensive Anti-Spam Service feature:

 A licensed SonicWall UTM appliance running SonicOS 5.6.3.x or higher
 Anti-Spam License for the UTM
 One of the following Microsoft Windows Servers to install the Junk Store (Stores quarantined emails):

  Windows Server 2008 (64-bit)
  Windows SBS 2008 Server (64-bit)

Current Limitations for CASS 2.0

• CASS works only for SMTP traffic on port 25. Custom ports are not supported.
• CASS won't work if using a hosted mail server on the WAN side of the SonicWall and uses POP to receive emails
• The use of Transport-Level Security (TLS) between the MTA and your mail server is not supported.
• CASS in Layer 2 bridge, Transparent Mode, Routed Mode deployments and when a NAT device is in front of the UTM is not supported.

Key points for CASS from firewall perspective:

1. Only 1 mail server can be used.
2. Mail server must reside in the LAN.
3. CASS does not support redundant WAN connections.
4. CASS does not support high availability mode.
5. Inbound port 25 traffic cannot be bundled with any other services.

Key points for CASS from junkstore perspective:

1. Mail server must reside in the LAN.
2. Java should remain the same version.
3. Although possible, CASS should not be installed on an SBS server.
4. Although possible, CASS should not be installed on an exchange server.
5. SonicWall Directory Services / SSO for access should not be required.
6. Requiring valid certificates on the junkstore is not currently supported.

Installation points:
1. Server 2008 R2 should use 7.4.6
2. Server 2012 should use 7.6.1
3. Server 2016 can use 7.6.4
4. UAC should be disabled for the install to work. In 2012 and 2016 there is a registry setting that must be changed as well.

Deactivating User Access Control Windows Server 2012
Disable User Access Control with Group Policy Windows Server 2016

Resolution

Once you have registered Comprehensive Anti-Spam Service, activate it to start your UTM appliance-level protection from spam, phishing, and virus messages.

1. Navigate to the Anti-Spam menu item in the navigation bar. Then click on the Settings submenu.

2. Click Enable Anti-Spam Service to activate the Comprehensive Anti-Spam Service feature.
3. Next, Click the Junk Store Installer icon to install the junk store on your Exchange server.

Configuring Anti-Spam:

When Anti-Spam for SonicOS is activated, set your preferences. Once these are configured, your email will be filtered and sorted according to your configuration

Settings:

The Email Threat Category Settings section enables administrator to set default settings for users' messages. Choose default settings for messages that contain spam, phishing, and virus issues. Use the dropdown options to choose
how to to handle messages in each threat category. Your options are:

Filtering off: SonicWall SonicOS does not filter messages for this type of threat. All messages of this type are passed through to the recipient.

Tag With: The email is tagged with a term in the subject line, for example, [JUNK] or [Possible Junk?]. Selecting this option allows the user to have control of the email and can junk it if it is unwanted.

Store in Junk Box (default setting): The email message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. This option is the recommended setting but junk store must be installed
for this to work.

Reject Mail: The message is returned to sender with a message indicating that it was not deliverable.

Permanently Delete: The email message is permanently deleted. (CAUTION: If you select this option, your organization risks losing emails.)

User-defined Access Lists:

Designate which clients are allowed to connect to deliver email. You can also set clients to be automatically rejected.

Advanced options:

Advance options allow you to set the following:

Setting Description:

Allow/Reject delivery of unprocessed mails when SonicWall Anti-Spam Service is Unavailable: If the Anti-Spam service is not enabled or unavailable for some other reason, you can choose to let all unprocessed emails go through.
Spam messages will be delivered to users, as well as good email. If the setting is reject, no email will be delivered until the Anti-Spam Service is re-enabled.

Tag and Deliver/Reject/Delete emails when SonicWall Junk Store is unavailable: If the SonicWall Junk Store cannot accept spam messages, you can choose to delete them, reject them, or deliver them with cautionary subject lines
such as [Phishing] Please renew your account"

Probe Interval: Set the number of minutes between messages to the monitoring service.
Probe timeout: The time in seconds for the probe to wait for response from the target before flagging it as failure.
Success Count Threshold: Set the number of successes required to report a success to the monitoring service.
Failure Count Threshold: Set the number of failures required to report a failure to the monitoring service.
Server Public IP Address: The IP address of the server that is available for external connections (MX record).
Server Private IP Address: The IP address of the server for internal traffic (Mail server).
Inbound Email Port: The port your UTM has open to receive email from outside sources.
Junk Store Settings: Specify the server IP where the junk store application is running.
Enable Subsystem Detection: It should be enabled.

Installing the Junk Store:

The Junk Store quarantines messages for end-user analysis and provides statistics.

1. Log in to the server where you want to install the junk store (Must be a windows server), then open a browser and log in to the SonicWall Web management interface
2. On the Anti-Spam > Settings page, click the Junk Store Installer icon to install the Junk Store on your Exchange Server.

3. Your browser may warn you that the Web site is trying to load the SonicWall Email Security add-on. Click in the Information Bar and select Install ActiveX Control in the popup menu.
4. On the Security Warning screen, click Install to install the ActiveX Control.
5. On the Anti-Spam > Settings page, click the Junk Store Installer icon again. A progress bar is displayed on the page.
6. The installer launches when it is fully downloaded. Note that migrating data in the Junk Store may take a long time to complete.
7. Navigate to the Anti-Spam > Status page and verify that the SonicWall Junk Store is Operational. It typically takes about 15 minutes for the Junk Store to become operational.

Note: If the server has another application using Tomcat (Web server used by Junk Store), then junk store may not run. Please contact support for such issues.

Statistics:

Use this page to view the statistics on how many messages are being blocked by your Anti-Spam for SonicOS feature. The type of message blocked and the number are listed.

RBL Filter:

This option gets disabled once Anti-spam feature is enabled.

Junk Box View:

This will store all the junked emails. Administrator can unjunk or delete the emails.

Junk Box Settings:

The Junk Box Settings page allows the Administrator to set the length of time that messages are stored in the Junk Box before being deleted and the number of Junk Box messages to be displayed per page.

Junk Box Summary:

SonicWall SonicOS sends an email message to users listing all the messages that have been placed in their Junk Box. Users can unjunk items listed in the Junk Box Summary email by clicking links in the email.

To manage the Junk Box summary:

Step 1: Choose Frequency of Summaries from the drop-down box.
Step 2: Choose the dates and times to receive email notification.
Step 3: Choose whether to include in message summary All Junk Messages or Likely Junk Only (hide definite junk).
Step 4: Choose Language of summary emails from the drop-down list.
Step 5: Choose a plain or graphics rich summary.
Step 6: Set Single Click Viewing of messages to Full access.
Step 7: Select to send summary only to users in LDAP (Please ensure that LDAP is configured for this to work).
Step 8: Select Email from which summary will be sent. Message summary can come from the individual user or another email address which you enter here.

The options includes the following:

Select the name to be displayed in end user's email client for the summary emails.

Subject: Enter the subject line for the Junk Box Summary email.

URL for User View: This text box is filled in automatically based on your server configuration and is included in the Junk Box Summary email. Clicking on the email link will allow users to unjunk messages. The URL should be like
http://:10080

Step 9: Click the Apply Changes button.

User View Setup:

The User View Setup page allows the Administrator to select and configure which settings will be visible for Users.

Address Book: To allow users to see their own Address Book in the navigation toolbar, select the Address Books toolbar from the User View Setup section.

User Download Settings: Select the corresponding checkbox to Allow users to download the SonicWall Junk Button for Outlook or Allow users to download SonicWall Anti-Spam Desktop for Outlook and Outlook Express from the User View.

Quarantined Junk Mail Preview Settings: To allow users to preview their quarantined junk mail, select the Users can preview their own quarantined junk mail checkbox. Note that users determined as Administrators have access to preview all quarantined junk mail for the entire organization by default. To change this option, unselect the Administrators checkbox. After all necessary changes have been made, click the Apply Changes button. To clear the changes made and revert back to the default settings, click the Revert button.

Address Books:

The Address Books page allows the Administrator to determine the Allowed and Blocked lists for their organization.

The list is a combination of allowed and blocked senders from the organization's lists and lists provided by SonicWall.

Allowed Lists:To add a sender to the Corporate Allowed List, navigate to the Allowed tab, then click the Add button. A dialog box will display where you will need to select the list type between People,Companies, or Lists. After selecting one of these, you can then enter the email address(es) in the space provided. Click Add to finish. The email address(es) will be added to the list on the Allowed Address Books page.

Note: To delete a sender from the Corporate Allowed List, navigate to the Allowed tab, then select the checkbox next to the email address(es) you wish to delete. A success message appears confirming the delete.

Blocked Lists: To add a sender to the Corporate Blocked List, navigate to the Blocked tab, then click the Add button. A dialog box will display where you will need to select the list type between People and Companies. After selecting one of these, you can then enter the email address(es) in the space provided. Click Add to finish. The email address(es) will be added to the list on the Blocked Address Books page.

Note: To delete a sender from the Corporate Blocked List, navigate to the Blocked tab, then select the checkbox next to the email address(es) you wish to delete. A success message appears confirming the delete.

Search Field: A search field is available to quickly find Allowed and Blocked email addresses. You are able to access this field by navigating to either the Allowed tab or the Blocked tab. Also, you can filter the search between the Type of addresses (People, Companies, or Lists) by selecting the checkboxes below the search bar. Enter in the address you wish to search for, and then click the Go button to begin the search.

Manage Users:

The Users page allows the Administrator to add, remove, and manage all users, both on the Global and ones retrieved from the LDAP servers.

User View Setup:

Using Source: The Using Source field allows the administrator to select which server, or source, to view. A Global server will always be visible; if an LDAP server is added, this will also be available from the dropdown list. Select the server you wish to view, and then click the Go button.

Find All Users in Column: The Find all users in column field allows the administrator to quickly search for users by specifying the User Name or Primary Email. You can also filter the search by the values equal to, starting with, or containing.

Adding Users: To add a user to the Global or LDAP Server, click the Add button. Enter the Primary Address of the user, select which server the user belongs to from the Using Source dropdown menu, then enter any Aliases. Click Add to finish adding a user.

LDAP Configuration:

The LDAP Configuration screen allows the Administrator to configure various settings specific to the LDAP server.

Available LDAP Servers: This section will display any LDAP Servers that have been configured on the SonicWall appliance.

Adding an LDAP Server: In the Available LDAP Servers section, click the Add Server button. The Server Configuration section will expand and allow the Administrator to begin providing the following configurations for a new LDAP Server:

 Friendly Name A friendly name for the LDAP Server.
 Primary Server name or IP address The server name or the IP address of the LDAP Server.
 Port Number The port number of the LDAP Server. The default port number is 389.
 LDAP Server Type Choose from the dropdown list of servers: Active Directory, Lotus Domino, Exchange 5.5, Sun ONE iPlanet, or Other.
 LDAP Page Size The maximum page size on the LDAP Server to be queried.
 Requires SSL Selecting this enables the LDAP Server to require SSL.
 Allow LDAP Referrals Selecting this allows LDAP referrals.

From the Authentication Method section, you will need to configure the LDAP login method for users. Select either Anonymous bind or Login for the LDAP login method depending on your LDAP server configuration, and then specify the Login name and Password. You can also enable the Auto-fill LDAP Query fields when saving configuration option by selecting the checkbox. Click Save Changes to finish adding an LDAP Server.

Configuring an LDAP Server: From the list of available LDAP servers, click the Edit icon . The Server Configuration, LDAP Query Panel, and Add LDAP Mappings sections expand for you to edit. The Server Configuration section that expands upon clicking the Edit icon is the same section you configured when adding a new LDAP server.

LDAP Query Panel: If you selected the Auto-fill LDAP Query fields option in the Server Configuration section, the LDAP Query Panel will automatically fill with default values. If you did not select the aforementioned option, the following values will need to be specified in order to successfully allow users to login to their Junk Box:

 Directory Node to Begin Search Specify a full LDAP directory path that points towards a node containing the information for all groups in the directory.
 Filter Specify an LDAP filter to easily find and identify users and mailing lists on the server. In this example, (&(|(objectClass=group)(objectClass=person)(objectClass=publicFolder))(mail=*))
 User Login Name Attribute Specify the text attribute the user will use as their login name.' The generally accepted attribute for this field is sAMAccountName. Note that this field works in sync with the Filter field, and needs to agree in both fields if changed.
 Email Alias Attribute Specify the email address, EmployeeID, PhoneNumber, or other alias attributes that link a single user to his or her junk box. The single generally accepted attribute for this field is proxyAddresses. Note that any other attributes must be separated by a comma. In this example, proxyAddresses,legacyExchangeDN.

Conversion Rules: On certain LDAP servers, such as Lotus Domino, some valid email addresses do not appear in the LDAP. The Conversion Rules section changes the way the SonicWall Email Security appliance interprets certain email addresses, providing a way to map the email address to the LDAP Server.

Advanced:

The Advanced page allows the Administrator to download system or log files, as well as configure the log level.

Downloads:

The Downloads page allows the Administrator to download and install one of SonicWall's latest spam-blocking buttons on your desktop.

Related Articles

• CFS Category 100
• GVC 4.9.14 and above are not connecting - Phase 1 Proposal does not match
• Initial and Advanced Firewall Setup for high security environments

Categories

• Firewalls > TZ Series
• Firewalls > SonicWall SuperMassive 9000 Series
• Firewalls > SonicWall NSA Series
• Firewalls > NSa Series