To help you understand the mechanism, you should see a default rule named “SMTP Reputation”
¶ Create a main rule
- Click on the button “New rule”
- Give a name of this new rule
Firewall option:
The Firewall protection checkbox lets you specify whether a source IP address matches the set of elements inside the rule to create a Firewal rule in order to block the remote client access for a specified time.
- Specify the list of ports you want to deny: you can separate each port by a comma, a semicolon or a space
- Specify in seconds the rule lifetime for the target IP address. Default value is 14400 which corresponds to 4 hours
If the option is unchecked, there will be no firewall rule; the service that uses this reputation rule will reject the request, but the source address will not be banned from a network point of view.
¶ Create a Group.
A rule can store several groups.
A group stores several reputation services.
The group concept allows you to use the same reputation group in different rules, so you can create groups and link them in rules.
- Select your new rule in the table.
- Click on Reputation services tab.
- Click on New group button.
- Set a group name and it's description.
- Click on the new Created group link.
- Select Reputation services.
- Click on the “New service” button.
- Service field
You can add RBL services ( with rbl:// prefix ) that query DNS servers and focus on a specific response.
The sdns:// prefix is used to define a DoH service to query the service ( refer to this article )
In this example, an IP address will be submitted with the domain zen.spamhaus.org and if the response is 127.0.0.2, then the IP address will be banned or allowed (depending on the configuration of the service that will request this rule).
- DNS Server:
By default, to query the service, Artica will submit the query to the DNS servers you have specified in the network settings.
If you want Artica to query a target DNS server directly (e.g. an Artica RBL service you've installed in premice), enter the IP address in the DNS server field.
- Matches if No Answer:
In some cases, RBL servers respond with the code NXDOMAIN when the record exists in their reputation database.
To do this, tick box Matches if No Answer.
- Timeout (seconds):
Source addresses are resolved in real time. This can slow down your Web, DNS or SSH service if the reputation server(s) are slow to react.
A reduced timeout avoids wasting too much time