| Home Prev |  cOS Core 14.00.15 Administration Guide
|
Next |
|---|
The term Spam refers to the sending of unsolicted emails to end-users, sometimes carrying malevolent links and/or attachments. cOS Core provides the ability to recognize the IPs or networks known for such activity, drop the connection and blacklist the associated IPs so future connection attempts are dropped as well.
Spam protection is set up with the following steps:
Enable the single Spam Protection object which is predefined in the cOS Core configuration.
Specify the interface or interfaces that are to be protected.
When enabled, the spam protection subsystem functions as follows:
When a connection is initiated on any of the listed interfaces, the source IP is looked up in the blacklist. If it is blacklisted, the connection is dropped.
If not blacklisted, the source IP is looked up in the IP reputation database. If the IP is categorized as being a spam IP and has a reputation score of 10 or less, the connection is silently dropped and the IP is added to the blacklist so that any future connections from that IP will be dropped.
The IP reputation lookup mechanism is discussed further in Section 7.2, IP Reputation.
Generated Log Messages
Like similar threat prevention objects, the Spam Protection object only generates a log event message when it triggers and an IP is added to the blacklist. A typical message will have the following form:BLACKLIST prio=2 id=04600006 rev=4 event=host_blacklisted reason="Spam Protection" proto=all srcnet=203.0.113.7 dstnet=0.0.0.0/0 port=all
Example 7.7. Enabling Spam Protection
This example enables spam protection on the wan interface.
Command-Line Interface
Device:/> set SpamProtection EnableSpamBlacklist=Yes
Interfaces=wanInControl
Follow similar steps to those used for the Web Interface below.
Web Interface
