Clearing the LDAP profile cache

You can clear the FortiMail unit’s cache of query results for any LDAP profile.

This may be useful after, for example, you have updated parts of your LDAP directory that are used by that LDAP profile, and you want the FortiMail unit to discard outdated cached query results and reflect changes to the LDAP directory. After the cache is emptied, any subsequent request for information from that LDAP profile causes the FortiMail unit to query the updated LDAP server, refreshing the cache.

To clear the LDAP query cache 1. Go to Profile > LDAP > LDAP.

2. Double-click the LDAP profile whose query cache you want to clear.
3. Click Test LDAP Query.
4. From Select query type, select Clear Cache.

A warning appears at the bottom of the window, notifying you that the cache for this LDAP profile will be cleared if you proceed. All queries will therefore be new again, resulting in decreased performance until the query results are again cached.

5. Click Ok.

The FortiMail unit empties cached LDAP query responses associated with that LDAP profile.

Configuring dictionary profiles

The Profiles tab lets you configure dictionary profiles.

Unlike banned words, dictionary terms are UTF-8 encoded, and may include characters other than US-ASCII characters, such as é or ñ.

Dictionary profiles can be grouped or used individually by antispam or content profiles to detect spam, banned content, or content that requires encryption to be applied. For more information on content profiles and antispam profiles, see “Configuring antispam profiles and antispam action profiles” on page 503 and “Configuring content profiles and content action profiles” on page 526.

A dictionary can contain predefined and/or user-defined patterns.

The FortiMail unit comes with the following six predefined patterns. You can edit a predefined pattern and edit or delete a user-defined pattern by selecting it and then clicking the Edit or Delete icon.

If a pattern is enabled, the FortiMail unit will look for the template/format defined in a pattern. For example, if you enable the Canadian SIN predefined pattern, the FortiMail unit looks for the three groups of three digits defined in this pattern. This is useful when you want to use IBE to encrypt an email based on its content. In such cases, the dictionary profile can be used in a content profile which is included in a policy to apply to the email. For more information about IBE, see “Configuring IBE encryption” on page 357.

Table 56:Predefined patterns

Canadian SIN	Canadian Social Insurance Number. The format is three groups of three digits, such as 649 242 666.
US SSN	United States Social Security number. The format is a nine digit number, such as 078051111.
Credit Card	Major credit card number formats.
ABA Routing	A routing transit number (RTN) is a nine digit bank code, used in the United States, which appears on the bottom of negotiable instruments such as checks identifying the financial institution on which it was drawn.
CUSIP	CUSIP typically refers to both the Committee on Uniform Security Identification Procedures and the 9-character alphanumeric security identifiers that they distribute for all North American securities for the purposes of facilitating clearing and settlement of trades.
ISIN	An International Securities Identification Number (ISIN) uniquely identifies a security. Securities for which ISINs are issued include bonds, commercial paper, equities and warrants. The ISIN code is a 12-character alpha-numerical code that does not contain information characterizing financial instruments but serves for uniform identification of a security at trading and settlement.

To access this part of the web UI, your administrator account’s access profile must have Read or Read-Write permission to the Policy category. For details, see “About administrator account permissions and domains” on page 290.

To view the list of dictionary profiles

1. Go to Profile > Dictionary > Dictionary.

Figure 251:Dictionary tab

GUI item	Description
Export (button)	Select one dictionary check box and click Export. Follow the prompts to save the dictionary file. Note that you can only export one dictionary at a time.
Import (button)	Select one dictionary check box and then click the import button to import dictionary entries into the existing dictionary. In the dialog, click Browse to locate a dictionary in text format. Click OK to upload the file. Note that you can only select one dictionary at a time and you can only import dictionary entries into an existing dictionary.
Name	Displays the dictionary name.

2. Click New to create a new profile or double-click a profile to modify it.

A two-part page appears.

Figure 252:Viewing the patterns in a dictionary profile

3. For a new profile, type its name.
4. To enable or edit a predefined pattern:
   • Double-click a pattern in Smart Identifiers.
     • dialog appears.

Figure 253:Enabling a predefined pattern

• Select Enable to add the pattern to the dictionary profile.
• To edit a predefined pattern, do the same as for a user-defined pattern in Step 5.
• Click OK.

5. To add or edit a user-defined pattern:
   • Click New under Dictionary Entries to add an entry or double click an entry to modify it.
     • dialog appears.

Figure 254:Adding a new pattern

6. Configure a custom entry.

 

GUI item		Description
Enable		Select to enable a pattern.
Pattern		Type a word or phrase that you want the dictionary to match, expressed either verbatim, with wild cards, or as a regular expression. Regular expressions do not require slash ( / ) boundaries. For example, enter: v[i1]agr?a Matches are case insensitive and can occur over multiple lines as if the word were on a single line. (That is, Perl-style match modifier options i and s are in effect.) The FortiMail unit will convert the encoding and character set into UTF-8, the same encoding in which dictionary patterns are stored, before evaluating an email for a match with the pattern. Because of this, your pattern must match the UTF-8 string, not the originally encoded string. For example, if the original encoded string is: =?iso-8859-1?B?U2UgdHJhdGEgZGVsIHNwYW0uCg==?= the pattern must match: Se trata del spam. Entering the pattern *iso-8859-1* would not match. This option is not editable for predefined patterns.
Pattern type		For a new dictionary entry, select either: •      Wildcard: Pattern is verbatim or uses only simple wild cards (? or *). •      Regex: Pattern is a Perl-style regular expression. This option is not editable for predefined patterns.
Comments		Enter any descriptions for the pattern.
Pattern weight		Enter a number by which an email’s dictionary match score will be incremented for each word or phrase it contains that matches this pattern. The dictionary match score may be used by content monitor profiles and antispam profiles to determine whether or not to apply the content action. For more information about antispam profiles, see “Configuring dictionary options” on page 512. For more information about content monitor profiles, see “Configuring content monitor and filtering” on page 533.
Pattern max weight		Enter the maximum by which matches of this pattern can contribute to an email’s dictionary match score. This option applies only if Enable pattern max weight limit is enabled.
Enable pattern max weight limit		Enable if the pattern must not increase an email’s dictionary match score more than the amount configured in Pattern max weight.
	GUI item		Description
	Search header		Enable to match occurrences of the pattern when it is located in an email’s message headers, including the subject line. The FortiMail unit uses the full header string, including the header name and value, to match the pattern. Therefore, when you define the pattern, you can specify both the header name and value. For example, such a pattern entry as from: .*@example.com.* will block all email messages with the From header as xxx@example.com.
	Search body		Enable to match occurrences of the pattern when it is located in an email’s message body.

To apply a dictionary, in an antispam profile or content profile, either select it individually or select a dictionary group that contains it. For more information, see “Configuring dictionary groups” on page 590, “Managing antispam profiles” on page 503, and “Configuring content profiles” on page 526.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!