Sonicwall SONICOS 5.8 Anti-Spam Service Manual

Chapter 1: Comprehensive Anti-Spam Service 2.0

Document Scope

This document describes how to implement and manage the Comprehensive Anti-Spam
Service 2.0.

This document contains the following sections:

• “What is Comprehensive Anti-Spam Service?” section on page 1

• “CASS 2.0 Features” section on page 2

• “Setting Up Comprehensive Anti-Spam Service” section on page 13

What is Comprehensive Anti-Spam Service?

The Comprehensive Anti-Spam Service (CASS) feature provides a quick, efficient, and
effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your existing
SonicWALL UTM Appliance.

In a typical configuration of Comprehensive Anti-Spam Service, the administrator chooses to
add Anti-Spam capabilities by selecting it in the SonicOS interface and licensing it. The
SonicWALL UTM Appliance then uses the same advanced spam-filtering technology as
SonicWALL Email Security products to reduce the amount of junk email the organization
delivers to users.

There are two primary ways inbound messages are analyzed by the Anti-Spam feature—
Advanced IP Reputation Management and Cloud-base Message Analysis. IP Address
Reputation uses the GRID Network to identify the IP addresses of known spammers, and reject
any mail from those senders without even allowing a connection. GRID Network Sender IP
Reputation Management checks the IP address of incoming connecting requests against a
series of lists and statistics to ensure that the connection has a probability of delivering valuable
email. The lists are compiled using the collaborative intelligence of the SonicWALL GRID
Network. Known spammers are prevented from connecting to the SonicWALL UTM server, and
their junk email payloads never consume system resources on the targeted systems.

Email that does not come from known spammers is analyzed based on “GRIDprints” generated
by SonicWALL’s research laboratories and are based on data from millions of business
endpoints, hundreds of millions of messages, and billions of reputation votes from the users of
the GRID Network. Our Grid Network uses data from multiple SonicWALL solutions to create a
collaborative intelligence network that defends against the worldwide threat landscape.
GRIDprints uniquely identify messages without exposing data contained in the email message.

SonicWALL Comprehensive Anti-Spam Service 2.0

1

Comprehensive Anti-Spam Service determines that an email fits only one of the following
threats: Spam, Likely Spam, Phishing, Likely Phishing, Virus, or Likely Virus, and categorizes
the message based on the highest threat it is classified as. If SonicWALL Email Security
determines that the message is not any of the above threats, it is judged as good email and is
delivered to the destination server.

CASS 2.0 Features

After upgrading your firmware to SonicOS 5.6.3 or SonicOS 5.8.0, adding CASS 2.0 protection
to your SonicWALL UTM Appliance increases the efficiency of your system as a whole by
providing you the ability to configure user view settings and filter junk messages before users
see it in their inboxes. The following enhancements are now available with CASS 2.0:

• Junk Box Settings

• User View Setup

• Address Books

• Manage Users

• LDAP Configuration

• Advanced

CASS 2.0 Features

• Downloads

Junk Box Settings

The Junk Box Settings page allows the Administrator to set the length of time that messages
are stored in the Junk Box before being deleted and the number of Junk Box messages to be
displayed per page.

SonicWALL Comprehensive Anti-Spam Service 2.0

2

User View Setup

The User View Setup page allows the Administrator to select and configure which settings will
be visible for Users.

CASS 2.0 Features

Address Book

To allow users to see their own Address Book in the navigation toolbar, select the Address
Books toolbar from the User View Setup section.

User Download Settings

Select the corresponding checkbox to Allow users to download the SonicWALL Junk
Button for Outlook or Allow users to download SonicWALL Anti-Spam Desktop for
Outlook and Outlook Express from the User View.

SonicWALL Comprehensive Anti-Spam Service 2.0

3

Address Books

CASS 2.0 Features

Quarantined Junk Mail Preview Settings

To allow users to preview their quarantined junk mail, select the Users can preview their own
quarantined junk mail checkbox.

Note that users determined as Administrators have access to preview all quarantined junk mail
for the entire organization by default. To change this option, unselect the Administrators
checkbox.

After all necessary changes have been made, click the Apply Changes button. To clear the
changes made and revert back to the default settings, click the Revert button.

The Address Books page allows the Administrator to determine the Allowed and Blocked lists
for their organization. The list is a combination of allowed and blocked senders from the
organization’s lists and lists provided by SonicWALL.

SonicWALL Comprehensive Anti-Spam Service 2.0

4

CASS 2.0 Features

Allowed Lists

To add a sender to the Corporate Allowed List, navigate to the Allowed tab, then click the Add
button. A dialog box will display where you will need to select the list type between People,
Companies, or Lists. After selecting one of these, you can then enter the email address(es) in
the space provided. Click Add to finish. The email address(es) will be added to the list on the
Allowed Address Books page.

To delete a sender from the Corporate Allowed List, navigate to the Allowed tab, then select the
checkbox next to the email address(es) you wish to delete. A success message appears
confirming the delete.

SonicWALL Comprehensive Anti-Spam Service 2.0

5

CASS 2.0 Features

Blocked Lists

To add a sender to the Corporate Blocked List, navigate to the Blocked tab, then click the Add
button. A dialog box will display where you will need to select the list type between People and
Companies. After selecting one of these, you can then enter the email address(es) in the space
provided. Click Add to finish. The email address(es) will be added to the list on the Blocked
Address Books page.

Note Senders added on the Corporate Blocked List by the Administrator will automatically be

blocked for all users and can only be deleted by the Administrator.

To delete a sender from the Corporate Blocked List, navigate to the Blocked tab, then select
the checkbox next to the email address(es) you wish to delete. A success message appears
confirming the delete.

Search Field

A search field is available to quickly find Allowed and Blocked email addresses. You are able
to access this field by navigating to either the Allowed tab or the Blocked tab. Also, you can
filter the search between the Type of addresses (People, Companies, or Lists) by selecting the
checkboxes below the search bar. Enter in the address you wish to search for, and then click
the Go button to begin the search.

Note The Blocked tab only filters addresses by People and Companies, while the Allowed tab

filters addresses by People, Companies, and Lists.

SonicWALL Comprehensive Anti-Spam Service 2.0

6

Manage Users

CASS 2.0 Features

The Users page allows the Administrator to add, remove, and manage all users, both on the
Global and LDAP servers. For more information regarding LDAP Configuration, refer to “LDAP

Configuration” section on page 8.

User View Setup

Using Source

The Using Source field allows the administrator to select which server, or source, to view. A
Global server will always be visible; if an LDAP server is added, this will also be available from
the dropdown list. Select the server you wish to view, and then click the Go button.

Find All Users in Column

The Find all users in column field allows the administrator to quickly search for users by
specifying the User Name or Primary Email. You can also filter the search by the values equal

to, starting with, or containing.

Adding Users

SonicWALL Comprehensive Anti-Spam Service 2.0

7