Hi,
I am preparing for the JNCIS-SEC Exam, and I am discovering the UTM features provided by JunOS.
After some searchs on Google, I was not able to find an answer to the following usecase :
The SRX is using the local whitelist and blacklist only (no-sbl-default-server applied on the utm antispam profile)
If I want to do the following :
- block the mail spam@domain.com (blacklist)
- allow the domain domain.com (whitelist)
Can this work ?
According to Juniper documentation, the Order of Match is the following (from more preferred to less preferred) :
1.IP Address of Sender
2. Sender Domain Name
3. Sender e-mail address
- Domain name pattern matching uses longest suffix match
- Once a match occurs, no more matching is processed
Order of list checked (from more preffered to less preferred ) :
1. Local Whitelist
2. Local Blacklist
3. SBL server
From my understanding, the mail adress spam@domain.com should be matched by the whitelist which allows "domain.com", because Sender Domain Name is processed before the Sender e-mail address.
Could someone help me understand this ?
I only have a vSRX edition, so I am not able to test utm.
#JNCIS-SEC#AntiSpam#UTM#SRX