Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Log Reference

    7.4.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0
    6.0.4

    Antispam logs

    Antispam logs

    This chapter contains information regarding spam log messages, including an example of a Antispam log message. Antispam log messages notify you of any spammed email.

    The FortiMail Antispam uses a dynamic error reporting scheme. This scheme is unable to create a definitive list of log messages that you may encounter. Errors are logged in a format similar to the following examples.

    You can cross-search an antispam log message to get more information about it. For more information about log message cross search, see Log message cross search .

    If you send the FortiMail log messages to a remote Syslog server (including FortiAnalyzer), an antispam log would look like the following and the log fields would appear in the following order:

    Example 1: Banned Word

    date=2024-04-20 time=14:33:26 device_id=FE100C3909600504 log_id=0300000924 type=spam pri=information session_id="q6KIXPZe008097-q6KIXPZf008097" client_name="[172.20.140.94]" dst_ip="172.20.140.92" from="syntax@www.ca" to="user1@1.ca" subject="Email test" msg="Detected by BannedWord test"

    Example 2: FortiGuard URL Filter

    date=2024-04-20 time=14:35:42 device_id=FE100C3909600504 log_id=0300000956 type=spam pri=information session_id="q44RETLE4005653-44RETLE5005653" client_name="[172.20.140.94]" dst_ip="172.20.140.92" from="syntax@www.ca" to="user1@1.ca" subject="Major Cost Savings News Just Released For OTC:NTMT- A Digital Media Company!" msg="FortiGuard-WebFilter identified URL(category: Unrated, id: 0): http://images.conditionedfilter.com/ntmt/Fantastic.gif"

    Example 3: SPF check

    date=2024-05-20 time=15:14:54 device_id=FE100C3909600504 log_id=0300005342 type=spam pri=information session_id="44VG0fLe016071-44VG0fLf016071" client_name="[172.20.140.94]" dst_ip="172.20.140.92" from="syntax@www.ca" to="user1@1.ca" subject="Aloha, wild guy! How are you?" msg="DMARC SPF Result: none"

    SPF check may have the following results. For more information, see the FortiMail Administration Guide.

    • Fail: The host is not authorized to send messages.
    • Soft Fail: The host is not authorized to send messages but not a strong statement.
    • Permanent Error: The SPF record is invalid.
    • Temporary Error: Processing error.
    • Pass: The host is authorized to send messages.
    • Neutral: SPF record is found but no definitive assertion.
    • None: No SPF record.
    Example 4: DKIM check

    date=2024-05-20 time=17:54:23 device_id=FE100C3909600504 log_id=0300005423 type=spam pri=information session_id="44VG0dBB016004-44VG0dBC016004" client_name="[172.20.140.94]" dst_ip="172.20.140.92" from="syntax@www.ca" to="user1@1.ca" subject="Intima??o Juridica" msg="DMARC: No DKIM signature."

    DKIM check may have the following results. For more information, see the FortiMail Administration Guide.

    • Fail: DKIM invalid body hash or invalid signature.
    • None: No DKIM record found or the record could not be correctly parsed.
    • Pass: DKIM check passed.
    • Temporary Error: DNS server returned Temp error when querying DKIM DNS record.

    Previous
    Next

    Antispam logs

    Antispam logs

    This chapter contains information regarding spam log messages, including an example of a Antispam log message. Antispam log messages notify you of any spammed email.

    The FortiMail Antispam uses a dynamic error reporting scheme. This scheme is unable to create a definitive list of log messages that you may encounter. Errors are logged in a format similar to the following examples.

    You can cross-search an antispam log message to get more information about it. For more information about log message cross search, see Log message cross search .

    If you send the FortiMail log messages to a remote Syslog server (including FortiAnalyzer), an antispam log would look like the following and the log fields would appear in the following order:

    Example 1: Banned Word

    date=2024-04-20 time=14:33:26 device_id=FE100C3909600504 log_id=0300000924 type=spam pri=information session_id="q6KIXPZe008097-q6KIXPZf008097" client_name="[172.20.140.94]" dst_ip="172.20.140.92" from="syntax@www.ca" to="user1@1.ca" subject="Email test" msg="Detected by BannedWord test"

    Example 2: FortiGuard URL Filter

    date=2024-04-20 time=14:35:42 device_id=FE100C3909600504 log_id=0300000956 type=spam pri=information session_id="q44RETLE4005653-44RETLE5005653" client_name="[172.20.140.94]" dst_ip="172.20.140.92" from="syntax@www.ca" to="user1@1.ca" subject="Major Cost Savings News Just Released For OTC:NTMT- A Digital Media Company!" msg="FortiGuard-WebFilter identified URL(category: Unrated, id: 0): http://images.conditionedfilter.com/ntmt/Fantastic.gif"

    Example 3: SPF check

    date=2024-05-20 time=15:14:54 device_id=FE100C3909600504 log_id=0300005342 type=spam pri=information session_id="44VG0fLe016071-44VG0fLf016071" client_name="[172.20.140.94]" dst_ip="172.20.140.92" from="syntax@www.ca" to="user1@1.ca" subject="Aloha, wild guy! How are you?" msg="DMARC SPF Result: none"

    SPF check may have the following results. For more information, see the FortiMail Administration Guide.

    • Fail: The host is not authorized to send messages.
    • Soft Fail: The host is not authorized to send messages but not a strong statement.
    • Permanent Error: The SPF record is invalid.
    • Temporary Error: Processing error.
    • Pass: The host is authorized to send messages.
    • Neutral: SPF record is found but no definitive assertion.
    • None: No SPF record.
    Example 4: DKIM check

    date=2024-05-20 time=17:54:23 device_id=FE100C3909600504 log_id=0300005423 type=spam pri=information session_id="44VG0dBB016004-44VG0dBC016004" client_name="[172.20.140.94]" dst_ip="172.20.140.92" from="syntax@www.ca" to="user1@1.ca" subject="Intima??o Juridica" msg="DMARC: No DKIM signature."

    DKIM check may have the following results. For more information, see the FortiMail Administration Guide.

    • Fail: DKIM invalid body hash or invalid signature.
    • None: No DKIM record found or the record could not be correctly parsed.
    • Pass: DKIM check passed.
    • Temporary Error: DNS server returned Temp error when querying DKIM DNS record.

    Previous
    Next