Chapter 6 Monitor
ZyWALL ATP Series User’s Guide
168
6.32.2 The Email Security Status Screen
Click
Monitor > Security Statistics > Email Security
>
Status
to display the
Email Security Status
screen.
Spam Mails Detected by
IP Reputation
This is the number of emails that the Zyxel Device has determined to be spam by IP
Reputation. Spam or Unwanted Bulk Email is determined by the sender’s IP address.
Spam Mails Detected by
Mail Content
This is the number of emails that the Zyxel Device has determined to have malicious
contents.
Spam Mails Detected by
Phishing
This is the number of emails that the Zyxel Device has determined to be spam sent by
phishing websites.
Spam Mails Detected by
DNSBL
The Zyxel Device can check the sender and relay IP addresses in an email’s header
against DNS (Domain Name Service)-based spam Black Lists (DNSBLs). This is the
number of emails that had a sender or relay IP address in the header which matched
one of the DNSBLs that the Zyxel Device uses.
Spam Mails with Virus
Detected by Mail
Content
This is the number of emails that the Zyxel Device has determined to have malicious
contents and attached with virus.
Virus Mails
This is the number of emails that the Zyxel Device has determined to be attached with
virus.
Query Timeout
This is how many queries that were sent to the Zyxel Device’s configured list of DNSBL
domains or Mail Scan services and did not receive a response in time.
When mail session threshold is reached
Mail Sessions Forwarded
This is how many email sessions the Zyxel Device allowed because they exceeded the
maximum number of email sessions that the email security feature can check at a time.
You can see the Zyxel Device’s threshold of concurrent email sessions in the
Security > Status
screen.
Use the
Email Security > Summary
screen to set whether the Zyxel Device forwards or
drops sessions that exceed this threshold.
Mail Sessions Dropped
This is how many email sessions the Zyxel Device dropped because they exceeded the
maximum number of email sessions that the email security feature can check at a time.
You can see the Zyxel Device’s threshold of concurrent email sessions in the
Security > Status
screen.
Use the
Email Security > Summary
screen to set whether the Zyxel Device forwards or
drops sessions that exceed this threshold.
Statistics
Top Sender By
Use this field to list the top email or IP addresses from which the Zyxel Device has
detected the most spam.
Select
Sender IP
to list the source IP addresses from which the Zyxel Device has
detected the most spam.
Select
Sender Email Address
to list the top email addresses from which the Zyxel Device
has detected the most spam.
#
This field displays the entry’s rank in the list of the top entries.
Sender IP
This column displays when you display the entries by
Sender IP
. It shows the source IP
address of spam emails that the Zyxel Device has detected.
Sender Email Address
This column displays when you display the entries by
Sender Email Address
. This column
displays the email addresses from which the Zyxel Device has detected the most spam.
Occurrence
This field displays how many spam emails the Zyxel Device detected from the sender.
Table 63 Monitor > Security Statistics > Email Security > Summary (continued)
LABEL
DESCRIPTION