Configuring the black lists and white lists
The AntiSpam > Black/White List submenu lets you reject, discard, or allow email messages based on email addresses, domain names, and IP addresses. It also lets you back up and restore the black lists and white lists.
Multiple types of black lists and white lists exist: system-wide, per-domain, per-user, and per-session profile. There are several places in the web UI where you can configure these black lists and white lists.
- For system-wide, per-domain, and per-user black lists and white lists, go to AntiSpam >
Black/White List. For details, see “Configuring the global black list and white list” on
page 616, “Configuring the per-domain black lists and white lists” on page 618, and “Configuring the personal black lists and white lists” on page 620.
- For per-user black lists and white lists, you can alternatively go to User > User > User Preferences. For details, see “Configuring user preferences” on page 428.
- For session profile black lists and white lists, go to Profile > Session > Session and modify the session profile. For details, see “Configuring session profiles” on page 482.
In addition to FortiMail administrators being able to configure per-user black lists and white lists, email users can configure their own per-user black list and white list by going to the Preferences tab in FortiMail webmail. For more information, see the online help for FortiMail webmail.
For more information on order of execution, see “Order of execution of black lists and white lists” on page 614.
All black and white list entries are automatically sorted into alphabetical order, where wildcard characters (* and ?) and numbers sort before letters.
- Order of execution of black lists and white lists
- About black list and white list address formats
- Configuring the global black list and white list
- Configuring the per-domain black lists and white lists
- Configuring the personal black lists and white lists
- Configuring the black list action
Order of execution of black lists and white lists
As one of the first steps to detect spam, FortiMail units evaluate whether an email message matches a black list or white list entry.
Generally, white lists take precedence over black lists. If the same entry appears in both lists, the entry will be whitelisted. Similarly, system-wide lists generally take precedence over per-domain lists, while per-domain lists take precedence over per-user lists.
Table 60 displays the sequence in which the FortiMail unit evaluates email for matches with black list and white list entries. If the FortiMail unit finds a match, it does not look for any additional matches, and cancels any remaining antispam scans of the message.
Table 60:Black and white list order of operations
| Order | List | Examines | Action taken if match is found |
| 1 | System white list | Sender address, Client IP | Accept message |
| 2 | System black list | Sender address, Client IP | Invoke black list action |
| 3 | Domain white list | Sender address, Client IP | Accept message |
| 4 | Domain black list | Sender address, Client IP | Invoke black list action |
Table 60:Black and white list order of operations
| Order | List | Examines | Action taken if match is found |
| 5 | Session recipient white list | Recipient address | Accept message for matching recipients |
| 6 | Session recipient black list | Recipient address | Invoke black list action |
| 7 | Session sender white list | Sender address, Client IP | Accept message for all recipients |
| 8 | Session sender black list | Sender address, Client IP | Invoke black list action |
| 9 | User white list | Sender address, Client IP | Accept message for this recipient |
| 10 | User black list | Sender address, Client IP | Discard message |
When the sender email address or domain is examined for a match:
- email addresses and domain names in the list are compared to the sender address in the message envelope (MAIL FROM:) and message header (From:)
- IP addresses are compared to the IP address of the SMTP client delivering the email, also known as the last hop address
When the recipient is examined for a match, email addresses and domain names in the list are compared to the recipient address in both the envelop and header. An IP address in a recipient white or black list is not a valid entry, because IP addresses are not used.
System-wide, per-domain, and per-user black lists and white lists are executed before any policy match. In contrast, per-session profile black lists and white lists require that the traffic first match a policy. When configuring a session profile (see “Configuring session profiles” on page 482), you can create black and white lists that will be used with the session profile. Session profiles are selected in IP-based policies, and as a result, per-session profile black lists and white lists are not applied until the traffic matches an IP-based policy.
For information on order of execution relative to other antispam methods, see “Order of execution” on page 16.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Emails from at least one customer are still going to quarantine after being added to personal AND system safe list. What am I missing?
i want to delist my domain in fortimail.