SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

JNCIS-SEC - Understanding Anti-Spam Match Order

Jump to Best Answer
This thread has been viewed 1 times
  • 1.  JNCIS-SEC - Understanding Anti-Spam Match Order

    Posted 12-31-2015 01:16

    Hi,

     

    I am preparing for the JNCIS-SEC Exam, and I am discovering the UTM features provided by JunOS.

     

    After some searchs on Google, I was not able to find an answer to the following usecase :

     

    The SRX is using the local whitelist and blacklist only (no-sbl-default-server applied on the utm antispam profile)

    If I want to do the following :

    - block the mail spam@domain.com (blacklist)

    - allow the domain domain.com (whitelist)

     

    Can this work ?

     

    According to Juniper documentation, the Order of Match is the following (from more preferred to less preferred) :

    1.IP Address of Sender

    2. Sender Domain Name

    3. Sender e-mail address

    - Domain name pattern matching uses longest suffix match

    - Once a match occurs, no more matching is processed

     

    Order of list checked (from more preffered to less preferred ) :

    1. Local Whitelist

    2. Local Blacklist

    3. SBL server

     

    From my understanding, the mail adress spam@domain.com should be matched by the whitelist which allows "domain.com", because Sender Domain Name is processed before the Sender e-mail address.

     

    Could someone help me understand this ?

     

    I only have a vSRX edition, so I am not able to test utm.

     


    #JNCIS-SEC
    #AntiSpam
    #UTM
    #SRX


  • 2.  RE: JNCIS-SEC - Understanding Anti-Spam Match Order
    Best Answer

    Posted 01-01-2016 10:35

    Your analysis is correct.

     

    Once the match on the white list occurs there is no further processing so the match on the black list will be ignored.



  • 3.  RE: JNCIS-SEC - Understanding Anti-Spam Match Order

    Posted 01-02-2016 15:08
    Spuluka thanks for your support.

    Regards,

    Grégory SAMOELA