Email Filtering; Fortiguard Email Filtering (Also Called The Fortiguard Antispam Service); Order Of Email Filtering - Fortinet FortiGate Series Administration Manual

Email filtering

Email filtering
FortiGuard Email Filtering (also called the FortiGuard Antispam
Service)

Order of email filtering

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
This chapter describes how to configure FortiGate email filtering for IMAP, POP3, and
SMTP email. If your FortiGate unit supports SSL content scanning and inspection you can
also configure email filtering for IMAPS, POP3S, and SMTPS email traffic. For information
about SSL content scanning and inspection, see
on page 481.
If you enable virtual domains (VDOMs) on the FortiGate unit, Email filtering is configured
separately for each virtual domain. For details, see
This section provides an introduction to configuring email filtering. For more information
see the FortiGate UTM User
This section describes:
•

FortiGuard Email Filtering (also called the FortiGuard Antispam Service)

• Banned word
• IP address and email address black/white lists
• Advanced Email Filter configuration
• Using wildcards and Perl regular expressions
You can configure the FortiGate unit to manage unsolicited commercial email by detecting
and identifying spam messages from known or suspected spam servers.
The FortiGuard Antispam Service
signature database, along with sophisticated spam filtering tools, to detect and block a
wide range of spam messages. Using FortiGuard Email Filtering protection profile settings
you can enable IP address checking, URL checking, E-mail checksum checking, and
Spam submission. Updates to the IP reputation and spam signature databases are
provided continuously from the global FortiGuard distribution network.
From the FortiGuard Antispam Service
signature lookup to check whether an IP address is blacklisted in the FortiGuard antispam
IP reputation database, or whether a URL or email address is in the signature database.
FortiGate email filtering uses various filtering techniques. The order the FortiGate unit
uses these filters depends on the mail protocol used.
Filters requiring a query to a server and a reply (FortiGuard Antispam Service and
DNSBL/ORDBL) are run simultaneously. To avoid delays, queries are sent while other
filters are running. The first reply to trigger a spam action takes effect as soon as the reply
is received.
Each filter passes the email to the next if no matches or problems are found. If the action
in the filter is Mark as Spam, the FortiGate unit tags as spam the email according to the
settings in the protection profile.
For SMTP and SMTPS if the action is discard the email message is discarded or dropped.
FortiGuard Email Filtering (also called the FortiGuard Antispam Service)
"SSL content scanning and inspection"
"Using virtual domains" on page
Guide.
uses both a sender IP reputation database and a spam
page in the FortiGuard center you can use IP and
159.
567