CLOUD SOLUTIONS

Best practices

Using Bitdefender GravityZone Antispoofing

This section describes how to use Bitdefender GravityZone Antispoofing

provides full visibility into organizations' overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender's Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization.

When from various reasons your GravityZone instance is working improperly (failed updates, dysfunctional interface, corrupted files, errors, etc.), you can restore the GravityZone database from a backup copy.

Overview

Use this filter to prevent spammers from spoofing the sender's email address and making the email appear as being sent by someone trusted. You can specify the IP addresses authorized to send email for your email domains and, if needed, for other known email domains. If an email appears to be from a listed domain, but the sender's IP address does not match one of the specijavascript:void(0)fied IP addresses, the email is rejected. Do not use this filter if you are using a smart host, a hosted email filtering service or gateway email filtering solution in front of your Exchange servers.

Best practices
  • It is recommended to use this filter only on Exchange Servers that are directly facing the Internet. For example, if you have both Edge Transport and Hub Transport servers, configure this filter only on the Edge servers.

  • Add to your domains list all internal IP addresses allowed to send email over unauthenticated SMTP connections. These might include automated notification systems, network equipment such as printers, etc.

  • In an Exchange setup using Database Availability Groups, also add to your domains list the IP addresses of all your Hub Transport and Mailbox servers.

  • Use caution if you want to configure authorized IP addresses for specific external email domains that are not under your management. If you do not manage to keep the IP address list up-to-date, email messages from those domains will be rejected. If you are using an MX backup, you must add to all external email domains configured the IP addresses from which MX backup forwards email messages to your primary mail server.

Configuration

To configure antispoofing filtering, follow the steps described below:

  1. Log in to GravityZone Control Center.

  2. Go to the Policies section and select an existing policy or add a new one.

  3. Go to Exchange Protection > General.

  4. Select the Domain IP Check (Antispoofing) check box to enable the filter.

  5. Click the Add button at the upper side of the table. The configuration window appears.

  6. Enter the email domain in the corresponding field.

  7. Provide the range of authorized IP addresses to be used with the previously specified domain, using the CIDR format (IP/Network mask).

  8. Click the Add button at the right side of the table. The IP addresses are added to the table.

  9. To delete an IP range from the list, click the corresponding Delete button at the right side of the table.

  10. Click Save. The domain is added to the filter.

To delete an email domain from the filter, select it in the Antispoofing table and click the Delete button at the upper side of the table.

Overview

Use this filter to prevent spammers from spoofing the sender's email address and making the email appear as being sent by someone trusted. You can specify the IP addresses authorized to send email for your email domains and, if needed, for other known email domains. If an email appears to be from a listed domain, but the sender's IP address does not match one of the specijavascript:void(0)fied IP addresses, the email is rejected. Do not use this filter if you are using a smart host, a hosted email filtering service or gateway email filtering solution in front of your Exchange servers.

Best practices
  • It is recommended to use this filter only on Exchange Servers that are directly facing the Internet. For example, if you have both Edge Transport and Hub Transport servers, configure this filter only on the Edge servers.

  • Add to your domains list all internal IP addresses allowed to send email over unauthenticated SMTP connections. These might include automated notification systems, network equipment such as printers, etc.

  • In an Exchange setup using Database Availability Groups, also add to your domains list the IP addresses of all your Hub Transport and Mailbox servers.

  • Use caution if you want to configure authorized IP addresses for specific external email domains that are not under your management. If you do not manage to keep the IP address list up-to-date, email messages from those domains will be rejected. If you are using an MX backup, you must add to all external email domains configured the IP addresses from which MX backup forwards email messages to your primary mail server.

Configuration

To configure antispoofing filtering, follow the steps described below:

  1. Log in to GravityZone Control Center.

  2. Go to the Policies section and select an existing policy or add a new one.

  3. Go to Exchange Protection > General.

  4. Select the Domain IP Check (Antispoofing) check box to enable the filter.

  5. Click the Add button at the upper side of the table. The configuration window appears.

  6. Enter the email domain in the corresponding field.

  7. Provide the range of authorized IP addresses to be used with the previously specified domain, using the CIDR format (IP/Network mask).

  8. Click the Add button at the right side of the table. The IP addresses are added to the table.

  9. To delete an IP range from the list, click the corresponding Delete button at the right side of the table.

  10. Click Save. The domain is added to the filter.

To delete an email domain from the filter, select it in the Antispoofing table and click the Delete button at the upper side of the table.