View Only
last person joined: 14 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  JNCIS-SEC - Understanding Anti-Spam Match Order

    Posted 12-31-2015 01:16



    I am preparing for the JNCIS-SEC Exam, and I am discovering the UTM features provided by JunOS.


    After some searchs on Google, I was not able to find an answer to the following usecase :


    The SRX is using the local whitelist and blacklist only (no-sbl-default-server applied on the utm antispam profile)

    If I want to do the following :

    - block the mail (blacklist)

    - allow the domain (whitelist)


    Can this work ?


    According to Juniper documentation, the Order of Match is the following (from more preferred to less preferred) :

    1.IP Address of Sender

    2. Sender Domain Name

    3. Sender e-mail address

    - Domain name pattern matching uses longest suffix match

    - Once a match occurs, no more matching is processed


    Order of list checked (from more preffered to less preferred ) :

    1. Local Whitelist

    2. Local Blacklist

    3. SBL server


    From my understanding, the mail adress should be matched by the whitelist which allows "", because Sender Domain Name is processed before the Sender e-mail address.


    Could someone help me understand this ?


    I only have a vSRX edition, so I am not able to test utm.



  • 2.  RE: JNCIS-SEC - Understanding Anti-Spam Match Order
    Best Answer

    Posted 01-01-2016 10:35

    Your analysis is correct.


    Once the match on the white list occurs there is no further processing so the match on the black list will be ignored.

  • 3.  RE: JNCIS-SEC - Understanding Anti-Spam Match Order

    Posted 01-02-2016 15:08
    Spuluka thanks for your support.


    Grégory SAMOELA