Example: Bayesian training
In this example, Company X has set up a FortiMail unit to protect its email server. With over 1,000 email users, Company X plans to enable Bayesian scanning for incoming email. You, the system administrator, have been asked to configure Bayesian scanning, perform initial training of the Bayesian databases, and configure Bayesian control email addresses for ongoing training.
The local domain name of the FortiMail unit itself is example.com.
Company X has email users in two existing protected domains:
Each protected domains receives email with slightly different terminology, which could be considered spam to the other protected domain, and so will use separate per-domain Bayesian databases. Email users prefer not to maintain their own personal Bayesian databases, and so will instead together maintain the per-domain Bayesian databases.
To facilitate initial training of each per-domain Bayesian database, you have used your email client software to collect samples of spam and non-spam email from each protected domain, and exported them into mailbox files:
After initial training, email users will use the default Bayesian control email addresses to perform any required ongoing training for each of their per-domain Bayesian databases.
To enable use of per-domain Bayesian databases
- Go to Mail Settings > Domains > Domains.
- Select the row corresponding to example.net and click Edit.
- Click the arrow to expand Advanced AS/AV Settings.
- Disable the option Use global Bayesian database.
- Click OK.
Repeat the above steps for the protected domain example.org.
To initially train each per-domain Bayesian database using mailbox files
- Go to AntiSpam > Bayesian > User.
Figure 288:Bayesian user tab
- From Select a domain, select a domain.
This example uses example.net and example.org.
- In the Operations area, click Train group Bayesian database with mbox files.
A dialog appears:
Figure 289:Bayesian training using a mailbox
- In Innocent Mailbox, click Browse and locate example-net-not-spam.mbox.
- In Spam Mailbox, click Browse and locate example-net-spam.mbox.
- Click OK.
Repeat the above steps for the protected domain example.org and its sample Bayesian database files.
To enable Bayesian scanning
- Go to Profile > AntiSpam .
- In the row corresponding to an antispam profile that is selected in a policy that matches recipients in the protected domain example.net, click Edit.
- Enable Bayesian.
- Click the arrow to expand Bayesian.
- Disable the option Use personal database.
- Enable the option Accept training messages from users.
- Click OK.
Repeat the above steps for all incoming antispam profiles that are selected in policies that match recipients in the protected domain example.org.
To perform ongoing training of each per-domain Bayesian database
- Notify email users that they can train the Bayesian database for their protected domain by sending them an email similar to the following:
We have enabled a new email system feature that can be trained to recognize the differences between spam and legitimate email. You can help to train this feature. This message describes how to train our email system.
If you have old email messages and spam…
- Forward the old spam to firstname.lastname@example.org from your company email account.
- Forward any old email messages that are not spam to email@example.com from your company email account.
If you receive any new spam, or if a legitimate email is mistakenly classified as spam…
- Forward spam that was not recognized to firstname.lastname@example.org from your company email account.
- Forward legitimate email that was incorrectly classified as spam to email@example.com from your company email account.
- Notify other FortiMail administrators that they can train the per-domain Bayesian databases for those protected domains by forwarding email to the Bayesian control accounts, described in the previous step. To do so, they must configure their email client software with the following sender addresses: • firstname.lastname@example.org
For example, when forwarding a training message from the sender (From:) email address email@example.com, the FortiMail unit will apply the training message to the per-domain Bayesian database of example.net.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!