Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.6
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiMail Appliance and VM 7.4.6 Administration Guide
    7.4.6
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.7
    6.2.0
    6.0.6
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    Configuring preferences

    Configuring preferences

    Go to Security > Option > Preference to configure a few global settings for action profile, mail scan, and antispam preferences.

    GUI item

    Description

    Action Profile

    In action profiles (see Configuring antispam action profiles, Configuring antivirus action profiles, and Configuring content action profiles), you can select an action:

    • Deliver to alternate host

    • Deliver to original host

    • System quarantine

    • Personal quarantine

    • Disclaimer insertion

    • Subject tag location

    • Replacement message location

    For delivery and quarantine actions, you can select which form of the email to use:

    • Modified copy — Modify the email according to the action.

    • Unmodified copy — Original email header and body.

      Note

      If the email is in its original form, the recipient in the SMTP envelope (RCPT TO:) still might be rewritten by the action.

    For example, when the HTML content is converted to text, if you choose to deliver the unmodified copy, then the HTML version will be delivered; if you choose to deliver the modified copy, then the plain text version will be delivered.

    For Disclaimer insertion, select where to insert the disclaimer:

    • Selected messages — Only new email in threads. Thread replies do not receive a disclaimer. This avoids repeatedly inserting disclaimers that recipients have already seen.

      Note

      Threads are detected when the same domain is in both the Message-ID: and In-Reply-To:/References: message headers. In RFC 2822, those message headers are optional. If an email client doesn't support them, then this setting has no effect.

    • All messages — Both new and reply email in threads.

    For Subject tag location, you can choose to insert the tag at the start or end of the subject line.

    Enforce delivery action if 'delivery to original/alternate host' is enabled

    If the action in one profile is one of the final actions, such as System quarantine, while the action in another profile is to deliver to the original host or alternate host, you can enable this option to overwrite the final action.

    Execute attachment scan on spam email under personal quarantine

    For spam email that is sent to personal quarantine, you have the option to continue or stop further scanning the email attachments.

    Mail Scan

    Specify the following:

    • Maximum level to decompress archive file: Specify how many levels to decompress the archived files for antivirus and content scan. Valid range is 1 to 36. Default value is 12.

    • Maximum archive file size to decompress (MB): Specify the maximum file size to scan after the archived files are decompressed. This applies to every single file after decompression. Bigger files will not be scanned. Default value is 10MB.

    • Maximum compression ratio for archive bomb: Specify the maximum compression ratio for FortiMail to decompress. Valid range is 1 to 1000. Default value is 200.

    AntiSpam

    DMARC failure action

    Select either:

    • Action profile: Use the action specified in the antispam profile.
    • Action profile with none: If the policy option in the sender's DMARC record is p=none, use that action. Else use the action in the antispam profile.
    • DMARC record policy: Use the actions specified in the policy option of the sender's DMARC record.

    The default setting is Action profile with none.

    This system-wide setting can be overridden by a per-domain setting. For details, see the FortiMail CLI Reference.

    Impersonation analysis

    Email impersonation is one of the email spoofing attacks. It forges the email header to deceive the recipient because the message appears to be from a different source than the actual address.

    To fight against email impersonation, you can map display names with email addresses and check email for the mapping.

    You can choose whether the impersonation analysis uses manual mapping entries or dynamic entries. You can also use both types of entries.

    • Manual: Use the entries you manually entered under Profile > AntiSpam > Impersonation.
    • Dynamic: Use the entries automatically learned by the FortiMail mail statistics service. To enable this service, enable mailstat-service under config system global.

    The default setting is Manual.

    QR code URL scan

    Select which location(s) to scan for QR code images that contain known spam URLs.

    • Inline image: Embedded inline, in the email body.
    • Attachment image: Email attachments.
    Previous
    Next

    Configuring preferences

    Configuring preferences

    Go to Security > Option > Preference to configure a few global settings for action profile, mail scan, and antispam preferences.

    GUI item

    Description

    Action Profile

    In action profiles (see Configuring antispam action profiles, Configuring antivirus action profiles, and Configuring content action profiles), you can select an action:

    • Deliver to alternate host

    • Deliver to original host

    • System quarantine

    • Personal quarantine

    • Disclaimer insertion

    • Subject tag location

    • Replacement message location

    For delivery and quarantine actions, you can select which form of the email to use:

    • Modified copy — Modify the email according to the action.

    • Unmodified copy — Original email header and body.

      Note

      If the email is in its original form, the recipient in the SMTP envelope (RCPT TO:) still might be rewritten by the action.

    For example, when the HTML content is converted to text, if you choose to deliver the unmodified copy, then the HTML version will be delivered; if you choose to deliver the modified copy, then the plain text version will be delivered.

    For Disclaimer insertion, select where to insert the disclaimer:

    • Selected messages — Only new email in threads. Thread replies do not receive a disclaimer. This avoids repeatedly inserting disclaimers that recipients have already seen.

      Note

      Threads are detected when the same domain is in both the Message-ID: and In-Reply-To:/References: message headers. In RFC 2822, those message headers are optional. If an email client doesn't support them, then this setting has no effect.

    • All messages — Both new and reply email in threads.

    For Subject tag location, you can choose to insert the tag at the start or end of the subject line.

    Enforce delivery action if 'delivery to original/alternate host' is enabled

    If the action in one profile is one of the final actions, such as System quarantine, while the action in another profile is to deliver to the original host or alternate host, you can enable this option to overwrite the final action.

    Execute attachment scan on spam email under personal quarantine

    For spam email that is sent to personal quarantine, you have the option to continue or stop further scanning the email attachments.

    Mail Scan

    Specify the following:

    • Maximum level to decompress archive file: Specify how many levels to decompress the archived files for antivirus and content scan. Valid range is 1 to 36. Default value is 12.

    • Maximum archive file size to decompress (MB): Specify the maximum file size to scan after the archived files are decompressed. This applies to every single file after decompression. Bigger files will not be scanned. Default value is 10MB.

    • Maximum compression ratio for archive bomb: Specify the maximum compression ratio for FortiMail to decompress. Valid range is 1 to 1000. Default value is 200.

    AntiSpam

    DMARC failure action

    Select either:

    • Action profile: Use the action specified in the antispam profile.
    • Action profile with none: If the policy option in the sender's DMARC record is p=none, use that action. Else use the action in the antispam profile.
    • DMARC record policy: Use the actions specified in the policy option of the sender's DMARC record.

    The default setting is Action profile with none.

    This system-wide setting can be overridden by a per-domain setting. For details, see the FortiMail CLI Reference.

    Impersonation analysis

    Email impersonation is one of the email spoofing attacks. It forges the email header to deceive the recipient because the message appears to be from a different source than the actual address.

    To fight against email impersonation, you can map display names with email addresses and check email for the mapping.

    You can choose whether the impersonation analysis uses manual mapping entries or dynamic entries. You can also use both types of entries.

    • Manual: Use the entries you manually entered under Profile > AntiSpam > Impersonation.
    • Dynamic: Use the entries automatically learned by the FortiMail mail statistics service. To enable this service, enable mailstat-service under config system global.

    The default setting is Manual.

    QR code URL scan

    Select which location(s) to scan for QR code images that contain known spam URLs.

    • Inline image: Embedded inline, in the email body.
    • Attachment image: Email attachments.
    Previous
    Next