Chapter 32 Email Security
ZyWALL ATP Series User’s Guide
557
SMTP and POP3
Simple Mail Transfer Protocol (SMTP) is the Internet’s message transport standard. It controls the sending
of email messages between servers. Email clients (also called email applications) then use mail server
protocols such as POP (Post Office Protocol) or IMAP (Internet Message Access Protocol) to retrieve
email. Email clients also generally use SMTP to send messages to a mail server. The older POP2 requires
SMTP for sending messages while the newer POP3 can be used with or without it. This is why many email
applications require you to specify both the SMTP server and the POP or IMAP server (even though they
may actually be the same server).
The Zyxel Device’s email security feature checks SMTP (TCP port 25) and POP3 (TCP port 110) emails by
default. You can also specify custom SMTP and POP3 ports for the Zyxel Device to check.
Email Headers
Every email has a header and a body. The header is structured into fields and includes the addresses of
the recipient and sender, the subject, and other information about the email and its journey. The body is
the actual message text and any attachments. You can have the Zyxel Device check for specific
header fields with specific values.
Email programs usually only show you the To:, From:, Subject:, and Date: header fields but there are
others such as Received: and Content-Type:. To see all of an email’s header, you can select an email in
your email program and look at its properties or details. For example, in Microsoft’s Outlook Express,
select a mail and click
File > Properties > Details
. This displays the email’s header. Click
Message Source
to see the source for the entire mail including both the header and the body.
Email Header Buffer Size
The Zyxel Device has a 5 K buffer for an individual email header. If an email’s header is longer than 5 K,
the Zyxel Device only checks up to the first 5 K.
DNSBL
A DNS Black List (DNSBL) is a server that hosts a list of IP addresses known or suspected of having sent or
forwarded spam. A DNSBL is also known as a DNS spam blocking list. The Zyxel Device can check the
routing addresses of email against DNSBLs and classify an email as spam if it was sent or forwarded by a
computer with an IP address in the DNSBL.
Finding Out More
See
for more background information on email security.
32.2 Before You Begin
• Before using the email security features (IP Reputation, Mail Content Analysis and Virus Outbreak
Detection) you must activate your email security Service license.
• Configure your zones before you configure email security.