Email filtering
The FortiGate Email Filter can be configured to do AntiSpam and file-type based filtering. To enable email filtering, create a profile using either the CLI or GUI, then use this profile in the firewall policy.
To configure the email filter profile in the CLI:
| config emailfilter profile edit “ProfileName” set options ? | |
| bannedword | Content block. |
| spambwl | Black/white list. |
| spamfsip | Email IP address FortiGuard AntiSpam black list check. |
| spamfssubmit | Add FortiGuard AntiSpam spam submission text. |
| spamfschksum | Email checksum FortiGuard AntiSpam check. |
| spamfsurl | Email content URL FortiGuard AntiSpam check. |
| spamhelodns | Email helo/ehlo domain DNS check. |
| spamraddrdns | Email return address DNS check. |
| spamrbl | Email DNSBL & ORBL check. |
| spamhdrcheck | Email mime header check. |
| spamfsphish | Email content phishing URL FortiGuard AntiSpam check. |
These options can be reorganized according to the source of the decision:
- Local options: The FortiGate qualifies the email based on local conditions like BWL, bannedwords, or DNS checks (with the use of FortiGuard service).
| bannedword | Content block. |
| spambwl | Black/white list. |
| spamhelodns | Email helo/ehlo domain DNS check. |
| spamraddrdns | Email return address DNS check. |
| spamhdrcheck | Email mime header check. |
- FortiGuard-based options: The FortiGate qualifies the email based on score or verdict returned from the FortiGuard service.
| spamfsip | Email IP address FortiGuard AntiSpam black list check. |
| spamfssubmit | Add FortiGuard AntiSpam spam submission text. |
| spamfschksum | Email checksum FortiGuard AntiSpam check. |
| spamfsurl | Email content URL FortiGuard AntiSpam check. |
| spamfsphish | Email content phishing URL FortiGuard AntiSpam check. |
- Third-party options: The FortiGate qualifies the email based on information from a third-party source (like ORB list). spamrbl Email DNSBL & ORBL check.
Local and FortiGuard black/white lists can be enabled and combined in a single profile. When combined, the Local black/white list has a higher priority than the FortiGuard’s black list during a decision making process.
For example: If a client’s IP address is black listed in FortiGuard servers, but the admin wants to override this decision and allow the IP to pass through the filter, they can define the IP address or subnet in a BWL with the clear action. Because the information coming from the Local BWL has a higher priority than the FortiGuard service, the email will be considered clean.