Adding Custom RBLs and SBLs to Juniper Firewall’s Anti-Spam

Anti-virus and anti-spam protection at the firewall level is a growing trend, often referred to as Unified Threat Management. If you purchase one of the Juniper SSG Series firewalls, you can purchase subscriptions for “built-in” anti-virus and anti-spam UTM. Basically, you are allowed to attach these protections to an existing policy for scanning on inbound/outbound connections.
The anti-spam portion uses a Spam Block List (SBL) which is more commonly known as a Relay Block List (RBL). The SBL/RBL that Juniper offers is updated and maintained by Symantec and contains the Top 100 known spammers.
You can find a sample of the list at: http://www.juniper.net/security/spam/.

While the Top 100 known spammers is a good start, it still allows a lot of spam through which could be stopped/tagged. There is no way to add another SBL/RBL in the web GUI, but there is a hidden command in the CLI which will allow you to add other lists.

ssg140-fw-> set anti-spam profile ns-profile
ssg140-fw(anti-spam:ns-profile)-> unset sbl msgsecurity.juniper.net
ssg140-fw(anti-spam:ns-profile)-> set sbl dnsbl.sorbs.net input-type ip
ssg140-fw(anti-spam:ns-profile)-> set sbl bl.spamcop.net input-type ip
ssg140-fw(anti-spam:ns-profile)-> set sbl sbl.spamhaus.org input-type ip
ssg140-fw(anti-spam:ns-profile)-> set sbl msgsecurity.juniper.net input-type ip
ssg140-fw(anti-spam:ns-profile)-> get sbl
*SBL Blacklist Server:
dnsbl.sorbs.net
bl.spamcop.net
sbl.spamhaus.org
msgsecurity.juniper.net


One should obviously use this at your own risk, and realize you are not using something that is necessarily supported by Juniper. The more lists you add, the more resources you will use on the firewall.

For search: netscreen firewall, juniper firewall, rbl, sbl

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.