Setting up idp for a mail server – D-Link DFL-2500 User Manual

triggered. At least one new event occurs within the Hold Time of 120 seconds, thus reaching the log threshold
level (at least 2 events have occurred). This results in an email being sent containing a summary of the IDP
events. Several more IDP events may occur after this, but to prevent flooding the mail server, NetDefendOS will
wait 600 seconds (equivalent to 10 minutes) before sending a new email. An SMTP server is assumed to have
been configured in the address book with the name smtp-server.

CLI
Adding an SMTP log receiver:

gw-world:/> add LogReceiver LogReceiverSMTP smt4IDP IPAddress=smtp-server

[email protected]

IDP Rules:

gw-world:/> cc IDPRule examplerule

gw-world:/examplerule> set IDPRuleAction 1 LogEnabled=Yes

Web Interface
Adding an SMTP log receiver:

1.

Go to System > Log and Event Receivers > Add > SMTP Event Receiver

2.

Now enter:

•

Name: smtp4IDP

•

SMTP Server: smtp-server

•

Server Port: 25

•

Specify alternative email addresses (up to 3)

•

Sender: hostmaster

•

Subject: Log event from NetDefendOS

•

Minimum Repeat Delay: 600

•

Hold Time: 120

•

Log Threshold: 2

•

Click OK

IDP Rules:

1.

Go to IDP > IDP Rules

2.

Select a rule in the grid, right click and choose Edit

3.

Select the action you wish to log and choose Edit

4.

Check the Enable logging checkbox in the Log Settings tab

5.

Click OK

Example 6.20. Setting up IDP for a Mail Server

The following example details the steps needed to set up IDP for a simple scenario where a mail server is
exposed to the Internet on the DMZ network with a public IP address. The public Internet can be reached through
the firewall on the WAN interface as illustrated below.

6.5.8. SMTP Log Receiver for IDP
Events

Chapter 6. Security Mechanisms

195