Configuring AntiSPAM Settings

Configuring the black lists and white lists

The AntiSpam > Black/White List submenu lets you reject, discard, or allow email messages based on email addresses, domain names, and IP addresses. It also lets you back up and restore the black lists and white lists.

Multiple types of black lists and white lists exist: system-wide, per-domain, per-user, and per-session profile. There are several places in the web UI where you can configure these black lists and white lists.

  • For system-wide, per-domain, and per-user black lists and white lists, go to AntiSpam >

Black/White List. For details, see “Configuring the global black list and white list” on

page 616, “Configuring the per-domain black lists and white lists” on page 618, and “Configuring the personal black lists and white lists” on page 620.

  • For per-user black lists and white lists, you can alternatively go to User > User > User Preferences. For details, see “Configuring user preferences” on page 428.
  • For session profile black lists and white lists, go to Profile > Session > Session and modify the session profile. For details, see “Configuring session profiles” on page 482.

In addition to FortiMail administrators being able to configure per-user black lists and white lists, email users can configure their own per-user black list and white list by going to the Preferences tab in FortiMail webmail. For more information, see the online help for FortiMail webmail.

For more information on order of execution, see “Order of execution of black lists and white lists” on page 614.

All black and white list entries are automatically sorted into alphabetical order, where wildcard characters (* and ?) and numbers sort before letters.

  • Order of execution of black lists and white lists
  • About black list and white list address formats
  • Configuring the global black list and white list
  • Configuring the per-domain black lists and white lists
  • Configuring the personal black lists and white lists
  • Configuring the black list action

Order of execution of black lists and white lists

As one of the first steps to detect spam, FortiMail units evaluate whether an email message matches a black list or white list entry.

Generally, white lists take precedence over black lists. If the same entry appears in both lists, the entry will be whitelisted. Similarly, system-wide lists generally take precedence over per-domain lists, while per-domain lists take precedence over per-user lists.

Table 60 displays the sequence in which the FortiMail unit evaluates email for matches with black list and white list entries. If the FortiMail unit finds a match, it does not look for any additional matches, and cancels any remaining antispam scans of the message.

Table 60:Black and white list order of operations

Order List Examines Action taken if match is found
1 System white list Sender address, Client IP Accept message
2 System black list Sender address, Client IP Invoke black list action
3 Domain white list Sender address, Client IP Accept message
4 Domain black list Sender address, Client IP Invoke black list action

Table 60:Black and white list order of operations

Order List Examines Action taken if match is found
5 Session recipient white list Recipient address Accept message for matching recipients
6 Session recipient black list Recipient address Invoke black list action
7 Session sender white list Sender address, Client IP Accept message for all recipients
8 Session sender black list Sender address, Client IP Invoke black list action
9 User white list Sender address, Client IP Accept message for this recipient
10 User black list Sender address, Client IP Discard message

When the sender email address or domain is examined for a match:

  • email addresses and domain names in the list are compared to the sender address in the message envelope (MAIL FROM:) and message header (From:)
  • IP addresses are compared to the IP address of the SMTP client delivering the email, also known as the last hop address

When the recipient is examined for a match, email addresses and domain names in the list are compared to the recipient address in both the envelop and header. An IP address in a recipient white or black list is not a valid entry, because IP addresses are not used.

System-wide, per-domain, and per-user black lists and white lists are executed before any policy match. In contrast, per-session profile black lists and white lists require that the traffic first match a policy. When configuring a session profile (see “Configuring session profiles” on page 482), you can create black and white lists that will be used with the session profile. Session profiles are selected in IP-based policies, and as a result, per-session profile black lists and white lists are not applied until the traffic matches an IP-based policy.

For information on order of execution relative to other antispam methods, see “Order of execution” on page 16.

One thought on “Configuring AntiSPAM Settings

  1. David Geddie

    Emails from at least one customer are still going to quarantine after being added to personal AND system safe list. What am I missing?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.