Email Filter Controls - Fortinet FortiGate Series Administration Manual

FortiGuard Email Filtering (also called the FortiGuard Antispam Service)
Order of SMTP and SMTPS email filtering
Order of IMAP, POP3, IMAPS and POP3S email filtering

Email filter controls

568
If the action in the filter is Mark as Clear, the email is exempt from any remaining filters. If
the action in the filter is Mark as Reject, the email session is dropped. Rejected SMTP or
SMTPS email messages are substituted with a configurable replacement message.
SMTPS email filtering is available on FortiGate units that support SSL content scanning
and inspection.
1 IP address BWL check on last hop IP.
2 DNSBL & ORDBL check on last hop IP, FortiGuard Antispam IP check on last hop IP,
HELO DNS lookup.
3 MIME headers check, E-mail address BWL check.
4 Banned word check on email subject.
5 IP address BWL check (for IPs extracted from "Received" headers).
6 Banned word check on email body.
7 Return email DNS check, FortiGuard Antispam email checksum check, FortiGuard
Antispam URL check, DNSBL & ORDBL check on public IP extracted from header.
IMAPS and POP3S email filtering is available on FortiGate units the support SSL content
scanning and inspection.
1 MIME headers check, E-mail address BWL check.
2 Banned word check on email subject.
3 IP BWL check.
4 Banned word check on email body.
5 Return email DNS check, FortiGuard Antispam email checksum check, FortiGuard
Antispam URL check, DNSBL & ORDBL check.
Email filters are configured for system-wide use, but enabled on a per profile basis.
Table 55 describes the Email filter settings and where to configure and access them.
To access protection profile Email Filter options, go to Firewall > Protection Profile, select
the Edit icon beside an existing profile, or select Create New. Select Email Filtering.
Table 55: Email filtering and Protection Profile email filtering configuration
Protection Profile Email filtering options
IP address FortiGuard Email Filtering check
Configure the FortiGuard Email Filtering
service. Fortinet has its own DNSBL server
for FortiGuard Antispam that provides spam
IP address and URL blacklists. Fortinet
keeps the FortiGuard Antispam IP and URLs
up-to-date as new spam sources are found.
IP address BWL check
Black/white list check. Configure the
checking of incoming IP addresses against
the configured spam filter IP address list.
DNSBL & ORDBL check
Email Filter setting
System > Maintenance > FortiGuard
Enable FortiGuard Email Filtering, check the status
of the FortiGuard Antispam server, view the license
type and expiry date, and configure the cache. For
more information, see "Configuring the FortiGate
unit for FDN and FortiGuard subscription services"
on page 323
UTM > Email Filter > IP Address
Add to and edit IP addresses to the list. You can
configure the action to take as spam, clear, or reject
for each IP address. You can place an IP address
anywhere in the list. The filter checks each IP
address in sequence.
Command line only
FortiGate Version 4.0 MR1 Administration Guide
http://docs.fortinet.com/
Email filtering
01-410-89802-20090903
• Feedback