Local-based filters
You can make black or white lists (BWLs) from emails or IP subnets to forbid or allow them to send or receive emails.
You can also define a list of banned words. Emails that contain any of these banned words are considered spam.
With the spamhelodns
and spamraddrdns
commands, the FortiGate performs a standard DNS check on the machine name used in the helo SMTP message, and/or the return-to field to determine if these names belong to a registered domain. The FortiGate does not check the FortiGuard service during these operations.
To configure a local-based email filter in the CLI:
- Configure a BWL:
config emailfilter bwl edit 1 set name "mtBWL" config entries edit 1 set status enable set type ip set action spam set addr-type ipv4 set ip4-subnet 10.1.100.0 255.255.255.0 next end next end
- Configure an email filter profile:
config emailfilter profile edit "myLocalEmailFilter" set spam-filtering enable set options spambwl spamhelodns spamraddrdns config smtp set action tag end set spam-bwl-table 1 next end
- Use the profile in a firewall policy:
config firewall policy edit 1 ..... set inspection-mode proxy set emailfilter-profile "myLocalEmailFilter" next end
To configure a local-based email filter in the GUI:
- Go to Security Profiles > Email Filter.
- Click Create New or select an existing profile and click Edit.
- In the firewall policy, create or edit a rule.
- Set the inspection-mode to Proxy-based.
- Enable the Email Filter option and select the previously created profile.
- Set SSL Inspection to a profile that has deep SSL inspection enabled.
Deep inspection is required if you intend to filter SMTP, POP3, IMAP, or any SSL/TLS encapsulated protocol. The below SSL-inspection profile has deep inspection enabled:
- Click OK.
To configure bannedwords in the CLI:
- Configure a bannedwords list:
config emailfilter bword edit 1 set name "banned" config entries edit 1 set pattern "undesired_word" next end next end
- Configure an email filter profile:
config emailfilter profile edit "myBannedWordsProfile" config file-filter set status disable end set spam-filtering enable set options bannedword set spam-bword-table 1 next end
- Use the profile in a firewall policy:
config firewall policy edit 1 ..... set inspection-mode proxy set emailfilter-profile "myBannedWordsProfile" next end
Once created, this profile should be set in the firewall policy.
Bannedwords can only be configured through the CLI. |