SRX

 View Only
last person joined: 14 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  JNCIS-SEC - Understanding Anti-Spam Match Order

    Posted 12-31-2015 01:16

    Hi,

     

    I am preparing for the JNCIS-SEC Exam, and I am discovering the UTM features provided by JunOS.

     

    After some searchs on Google, I was not able to find an answer to the following usecase :

     

    The SRX is using the local whitelist and blacklist only (no-sbl-default-server applied on the utm antispam profile)

    If I want to do the following :

    - block the mail spam@domain.com (blacklist)

    - allow the domain domain.com (whitelist)

     

    Can this work ?

     

    According to Juniper documentation, the Order of Match is the following (from more preferred to less preferred) :

    1.IP Address of Sender

    2. Sender Domain Name

    3. Sender e-mail address

    - Domain name pattern matching uses longest suffix match

    - Once a match occurs, no more matching is processed

     

    Order of list checked (from more preffered to less preferred ) :

    1. Local Whitelist

    2. Local Blacklist

    3. SBL server

     

    From my understanding, the mail adress spam@domain.com should be matched by the whitelist which allows "domain.com", because Sender Domain Name is processed before the Sender e-mail address.

     

    Could someone help me understand this ?

     

    I only have a vSRX edition, so I am not able to test utm.

     


    #JNCIS-SEC
    #AntiSpam
    #UTM
    #SRX


  • 2.  RE: JNCIS-SEC - Understanding Anti-Spam Match Order
    Best Answer

    Posted 01-01-2016 10:35

    Your analysis is correct.

     

    Once the match on the white list occurs there is no further processing so the match on the black list will be ignored.



  • 3.  RE: JNCIS-SEC - Understanding Anti-Spam Match Order

    Posted 01-02-2016 15:08
    Spuluka thanks for your support.

    Regards,

    Grégory SAMOELA