Question/Issue:
You want to know what the antispam features of Symantec firewalls are.

Cause:
Documentation/configuration.


Solution:
The following information details each of the antispam features of the Symantec firewalls and is taken directly from the firewall Configuration Guide.

• Soft Recipient Limit:
  This entry is typically set to the total number of users behind the firewall. No more than this many recipients will be handled on a single message. The remainder are told to retry. This does not impact the SMTP protocol, but this limit makes it more difficult for the spammer.
• Hard Recipient Limit:
  If this limit is reached, the whole message is denied. This limit should be set higher than the soft limit and higher than the number of receivers of an average legitimate message.
• Hide Internal Domain:
  If this entry is filled in, the source domain of mail messages is shielded from outside users. Received lines which match the hide domain are replaced by <hidden>. Suppression is performed for a single block of received header lines.
• Recipient Domains:
  Entering domains into this field means that all recipients of messages must be in the domains that match one of the recipient domains that appear here. The null domain is considered a match. Use the Add Domain button to access a dialog that allows you to enter domains. Use the Remove Domain button to remove a domain from the Recipient Domains list.
• Check Sender Domain:
  Enabling this feature forces the originator's address to be validated by checking the format and ensuring the domain name is fully qualified. It also checks whether an MX record exists for the domain name in DNS. Email from recipients who fail the DNS-registration test is rejected.
• Reject Source Routes:
  Enabling this feature causes the SMTP proxy to refuse all email to addresses specified using source-routing syntax. If you do not specify recipient domains and you do not select this check box, you are allowing all mail through with no conditions and opening the server to being used as a spam relay site. If you have specified recipient domains, enabling this feature is not necessary in most cases.
• Reject "telnet" Clients:
  Enable this feature to automatically disconnect all connections which appear to be regular users using a telnet client. Using this feature is discouraged unless absolutely necessary.
• Perform Loose Recipient Checks:
  Enable this feature to loosen character-set validation for SMTP recipients. This enables the use of the "%" character in the mail-recipient syntax as well as the use of the "!" character. If this feature is not enabled, email to recipient addresses with the above characters is rejected.
• Perform Loose Sender Checks:
  Enable this feature to loosen the character-set validation for SMTP senders. This enables the use of the "%" character in the mail-sender syntax as well as the use of the "!" character. If this feature is not enabled, email sent with the above characters is rejected.
• Realtime Blackhole List:
  This is a subsciption-based service, unrelated to Symantec Corporation, provided by Mail Abuse Prevention System LLC. For additional information, use the following URL to visit the Web site at:
  
  http://mail-abuse.org/
  
  This feature allows the administrators to designate the server information specified by the subscription service they have chosen.
  
  
  
  
  
  
  

Document ID: 2002060308412154
Last Modified: 09/16/2003
Date Created: 06/03/2002
Operating System(s): Windows NT 4.0, Solaris 2.6, Solaris 2.7, Solaris 8, Windows 2000, Appliance
Product(s): Symantec Enterprise Firewall 6.5, Symantec Enterprise Firewall 7.x, Symantec Gateway Security Appliance 1.0, Symantec VelociRaptor 1.1, Symantec VelociRaptor 1.5
Release(s): Symantec Enterprise Firewall 6.5.2, Symantec Enterprise Firewall 7.0, Symantec Gateway Security Appliance 1.0, Symantec VelociRaptor 1.1, Symantec VelociRaptor 1.5