CLOUD SOLUTIONS

Configuration

Blocking emails from spoofed senders in GravityZone

This section explains how to block emails from spoofed senders in GravityZone.

The Antispoofing filter in GravityZone prevents spammers from spoofing the sender's email address and making the email appear as being sent by someone trusted.

You can specify the IP addresses authorized to send email for your email domains and, if needed, for other known email domains. If an email appears to be from a listed domain, but the sender's IP address does not match one of the specified IP addresses, Bitdefender rejects the email.

To block emails from spoofed senders in GravityZone, follow the steps bellow:

  1. In the policy settings, go to the Exchange Protection > General > Settings and make sure you have Domain IP Check (Antispoofing) selected and the company domain added together with IP addresses authorized to send emails for that domain.

    16250_1.png
  2. Check if the sender email address of the spam message was previously added in the whitelist (Exchange Protection > Antispam > Whitelist) because even after configuring the rule for Domain IP check correctly, the authenticated samples will pass this rule (Domain IP check does not work for authenticated emails).

  3. Enable the option Check authenticated connections for the Antispam module so that the authenticated emails to be scanned (Exchange Protection > Antispam > Default rule > Check authenticated connections).

    16250_2.png

Configuring the Exchange RBL filter

This section provides steps on how to configure the Exchange RBL Filter in GravityZone.

Bitdefender GravityZone provides full visibility into organizations' overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender's Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization.

Overview

The RBL Filter uses the DNSBL protocol and RBL servers to filter spam based on mail server's reputation as spam sender.

The filter checks the sender IP from the email headers against the configured RBL servers, one at a time. If the sender IP is listed by an RBL server, a spam score equal to the RBL server’s assigned confidence level is added to the email.

  • If the spam score is 100 or higher, the email is automatically classified as spam, without further processing.

  • If the spam score is less than 100 after all RBL checks have been performed, it is finally compared against an internal threshold set by the aggressivity setting.

  • If the score exceeds the threshold, the email is automatically classified as spam, without further processing.

Configuring the RBL filter

In order to configure the RBL Filter you need to perform the following actions:

  1. Open the policy that is currently running on the Exchange Server > Exchange Protection > Antispam.

    9953_1.png
  2. Select the Antispam filtering check box.

  3. Click the Settings button, from the upper-middle part of the screen.

    9953_2.png
  4. In the Antispam Filtering Settings window, add the RBL servers that you want to use and an associated confidence level. Consider the following best practices:

    • Assign a confidence level of 100 to RBL servers with a high reputation or which you fully trust (e.g. have a low rate of false positives). If a sender’s IP is listed by one such server, the email is automatically detected as spam.

    • If you are not sure how reliable some RBL servers are, you can try a multi-match approach – that is, configure the confidence level so as to detect an email as spam only if the sender IP is listed by at least two RBL servers. To this purpose, you should assign a confidence level of 50.

      zen.spamhaus.org <> 80
      cbl.abuseat.org <> 75
      bl.spamcop.net <> 50
      dnsbl.sorbs.net <> 50

      For details on additional RBL servers, check this Wikipedia page.

      9953_3.png

      Important

      The above example is for demonstration purposes only.

  5. Save.