Fortinet black logo

Cookbook

Local-based filters

Copy Link
Copy Doc ID af0e75e9-211f-11ea-9384-00505692583a:873628
Download PDF

You can make black or white lists (BWLs) from emails or IP subnets to forbid or allow them to send or receive emails.

You can also define a list of banned words. Emails that contain any of these banned words are considered spam.

With the spamhelodns and spamraddrdns commands, the FortiGate performs a standard DNS check on the machine name used in the helo SMTP message, and/or the return-to field to determine if these names belong to a registered domain. The FortiGate does not check the FortiGuard service during these operations.

To configure a local-based email filter in the CLI:
  1. Configure a BWL:
    config emailfilter bwl
        edit 1
            set name "mtBWL"
            config entries
                edit 1
                    set status enable
                    set type ip
                    set action spam
                    set addr-type ipv4
                    set ip4-subnet 10.1.100.0 255.255.255.0
                next
            end
        next
    end
  2. Configure an email filter profile:
    config emailfilter profile                                             
        edit "myLocalEmailFilter"
            set spam-filtering enable
            set options spambwl spamhelodns spamraddrdns   		
            config smtp
                set action tag
            end
            set spam-bwl-table 1                                           
        next
    end
  3. Use the profile in a firewall policy:
    config firewall policy
        edit 1
            .....
            set inspection-mode proxy                                     	
            set emailfilter-profile "myLocalEmailFilter"                 	
        next
    end
To configure a local-based email filter in the GUI:
  1. Go to Security Profiles > Email Filter.
  2. Click Create New or select an existing profile and click Edit.

  3. In the firewall policy, create or edit a rule.
  4. Set the inspection-mode to Proxy-based.
  5. Enable the Email Filter option and select the previously created profile.

  6. Set SSL Inspection to a profile that has deep SSL inspection enabled.

    Deep inspection is required if you intend to filter SMTP, POP3, IMAP, or any SSL/TLS encapsulated protocol. The below SSL-inspection profile has deep inspection enabled:

  7. Click OK.
To configure bannedwords in the CLI:
  1. Configure a bannedwords list:
    config emailfilter bword
        edit 1
            set name "banned"
            config entries
                edit 1
                    set pattern "undesired_word"
                next
            end
        next
    end
    
  2. Configure an email filter profile:
    config emailfilter profile
        edit "myBannedWordsProfile"
            config file-filter
                set status disable
            end
            set spam-filtering enable
            set options bannedword
            set spam-bword-table 1
        next
    end
  3. Use the profile in a firewall policy:
    config firewall policy
        edit 1
            .....
            set inspection-mode proxy                                     	
            set emailfilter-profile "myBannedWordsProfile"                 	
        next
    end

Once created, this profile should be set in the firewall policy.

Note

Bannedwords can only be configured through the CLI.

You can make black or white lists (BWLs) from emails or IP subnets to forbid or allow them to send or receive emails.

You can also define a list of banned words. Emails that contain any of these banned words are considered spam.

With the spamhelodns and spamraddrdns commands, the FortiGate performs a standard DNS check on the machine name used in the helo SMTP message, and/or the return-to field to determine if these names belong to a registered domain. The FortiGate does not check the FortiGuard service during these operations.

To configure a local-based email filter in the CLI:
  1. Configure a BWL:
    config emailfilter bwl
        edit 1
            set name "mtBWL"
            config entries
                edit 1
                    set status enable
                    set type ip
                    set action spam
                    set addr-type ipv4
                    set ip4-subnet 10.1.100.0 255.255.255.0
                next
            end
        next
    end
  2. Configure an email filter profile:
    config emailfilter profile                                             
        edit "myLocalEmailFilter"
            set spam-filtering enable
            set options spambwl spamhelodns spamraddrdns   		
            config smtp
                set action tag
            end
            set spam-bwl-table 1                                           
        next
    end
  3. Use the profile in a firewall policy:
    config firewall policy
        edit 1
            .....
            set inspection-mode proxy                                     	
            set emailfilter-profile "myLocalEmailFilter"                 	
        next
    end
To configure a local-based email filter in the GUI:
  1. Go to Security Profiles > Email Filter.
  2. Click Create New or select an existing profile and click Edit.

  3. In the firewall policy, create or edit a rule.
  4. Set the inspection-mode to Proxy-based.
  5. Enable the Email Filter option and select the previously created profile.

  6. Set SSL Inspection to a profile that has deep SSL inspection enabled.

    Deep inspection is required if you intend to filter SMTP, POP3, IMAP, or any SSL/TLS encapsulated protocol. The below SSL-inspection profile has deep inspection enabled:

  7. Click OK.
To configure bannedwords in the CLI:
  1. Configure a bannedwords list:
    config emailfilter bword
        edit 1
            set name "banned"
            config entries
                edit 1
                    set pattern "undesired_word"
                next
            end
        next
    end
    
  2. Configure an email filter profile:
    config emailfilter profile
        edit "myBannedWordsProfile"
            config file-filter
                set status disable
            end
            set spam-filtering enable
            set options bannedword
            set spam-bword-table 1
        next
    end
  3. Use the profile in a firewall policy:
    config firewall policy
        edit 1
            .....
            set inspection-mode proxy                                     	
            set emailfilter-profile "myBannedWordsProfile"                 	
        next
    end

Once created, this profile should be set in the firewall policy.

Note

Bannedwords can only be configured through the CLI.