Product Documentation

Use Case: OWA-Based Spam Filtering

May 21, 2015

Spam filtering is the ability to dynamically block emails that are not from a known or trusted source or that have inappropriate content. Spam filtering requires an associated business logic that indicates that a particular kind of message is spam. When the NetScaler appliance processes Outlook Web Access (OWA) messages based on the HTTP protocol, HTTP callouts can be used to filter spam.

You can use HTTP callouts to extract any portion of the incoming message and check with an external callout server that has been configured with rules that are meant for determining whether a message is legitimate or spam. In case of spam email, for security reasons, the NetScaler appliance does not notify the sender that the email is marked as spam.

The following example conducts a very basic check for various listed keywords in the email subject. These checks can be more complex in a production environment.

To implement this configuration, you must perform the following tasks:

  1. Enable the responder feature on the NetScaler appliance.
  2. Create an HTTP callout on the NetScaler appliance and configure it with details about the external server and other required parameters.
  3. Create a responder policy to analyze the response, and then bind the policy globally.
  4. Create a callout agent on the remote server.

Enabling Responder

Updated: 2013-08-30

The responder feature must be enabled before it can be used on the NetScaler appliance.

To enable responder by using the configuration utility

  1. Make sure that the responder license is installed.
  2. In the configuration utility, expand AppExpert, and right-click Responder, and then click Enable Responder feature.

Creating an HTTP Callout on the NetScaler Appliance

Updated: 2013-08-30

Create an HTTP callout, HTTP-Callout-4, with the parameter settings shown in the following table. For more information about creating an HTTP callout, see "Configuring an HTTP Callout."
Table 1. Parameters and Values for HTTP-Callout-4
Parameter Value
Name HTTP-Callout-4
Server to receive callout request
IP Address 10.103.56.51
Port 80
Request to send to the server
Method POST
Host Expression fffffff
URL Stem Expression "/cgi-bin/Callout/spam_filter.pl"
Headers
Name Request
Value-expression Callout Request
Parameters
Name Subject
Value-expression ("\"" + HTTP.REQ.BODY(1000).AFTER_STR("urn:schemas:httpmail:subject=").BEFORE_STR("\n").TO_LOWER + "\"")
Server Response
Return Type BOOL
Expression to extract data from the response HTTP.RES.BODY(100) .CONTAINS(\"Matched\")

Creating a Responder Action

Updated: 2013-08-30

Create a responder action, Action-Responder-4. Create the action with the parameter settings shown in the following table.
Table 2. Parameters and Values for Action-Responder-4
Parameter Value

Name

Action-Responder-4
Type Respond with
Target "\"HTTP/1.1 200 OK\r\nServer: Microsoft-IIS/6.0\r\nX-Powered-By: ASP.NET\r\nContent-Length: 0\r\nMS-WebStorage: 6.5.6944\r\nCache-Control: no-cache\r\n\r\n\""

To create a responder action by using the configuration utility

  1. Navigate to AppExpert > Responder > Actions.
  2. In the details pane, click Add.
  3. In the Create Responder Action dialog box, in Name, type Action-Responder-4.
  4. In Type, click Respond with.
  5. In Target, type:
    "\"HTTP/1.1 200 OK\r\nServer: Microsoft-IIS/6.0\r\nX-Powered-By: ASP.NET\r\nContent-Length: 0\r\nMS-WebStorage: 6.5.6944\r\nCache-Control: no-cache\r\n\r\n\""
  6. Click Create, and then click Close.

Creating a Responder Policy to Invoke the HTTP Callout

Updated: 2013-08-30

Create a responder policy, Policy-Responder-4, that will check the request body and, if the body contains the word “subject,” invoke the HTTP callout to verify the email. Create the policy with the parameter settings shown in the following table. While you can create a responder policy in the Policies subnode and then bind it globally by using the Responder Policy Manager, this demonstration uses the Responder Policy Manager to create the responder policy and bind it globally.
Table 3. Parameters and Values for Policy-Responder-4
Parameter Value
Name Policy-Responder-4
Action Action-Responder-4
Undefined-Result-Action -Global undefined-result action-
Expression "HTTP.REQ.BODY(1000).CONTAINS(\"urn:schemas:httpmail:subject\") && SYS.HTTP_CALLOUT(HTTP-Callout-4)"

To create a responder policy by using the configuration utility

  1. Navigate to AppExpert > Responder.
  2. In the details pane, under Policy Manager, click Responder policy manager.
  3. In the Responder Policy Manger dialog box, click Override Global.
  4. Click Insert Policy, and then, in the Policy Name column, click New Policy.
  5. In the Create Responder Policy dialog box, do the following:
    1. In Name, type Policy-Responder-4.
    2. In Action, click Action-Responder-4.
    3. In Undefined-Result Action, click Global undefined-result action.
    4. In the Expression text box, type:
      "HTTP.REQ.BODY(1000).CONTAINS(\"urn:schemas:httpmail:subject\") && SYS.HTTP_CALLOUT(HTTP-Callout-4)"
    5. Click Create, and then click Close.
  6. Click Apply Changes, and then click Close.

Creating an HTTP Callout Agent on the Remote Server

You will now need to create an HTTP callout agent on the remote callout server. The HTTP callout agent receives callout requests from the NetScaler appliance and responds accordingly. The callout agent is a script that is different for each deployment and must be written with server specifications in mind, such as the type of database and the scripting language supported.

The following pseudo-code provides instructions for creating a callout agent that checks a list of words that are generally understood to indicate spam mails. The agent can be implemented in any programming language of your choice. The pseudo-code is to be used only as a guideline for developing the callout agent. You can build additional functionality into the program.

To identify spam email by using pseudo-code

  1. Accept the email subject provided by the NetScaler appliance.
  2. Connect to the database that contains all the terms against which the email subject is checked.
  3. Check the words in the email subject against the spam word list.
  4. Format the response as required by the HTTP callout.
  5. Send the response to the NetScaler appliance.