FortiOS 6 – Anti-spam filter

Configuring Anti-spam

FortiGuard email filtering techniques us FortiGuard services to detect the presence of spam among your email. A FortiGuard subscription is required to use the FortiGuard email filters. To enable email filtering an email filter needs to be created and then the filter needs to be associated with a security policy.

The Anti-Spam security profile is only available when operating the FortiGate in proxy-based inspection.

The filter can be created as follows:

  • Go to Security Profiles > Anti-Spam.
  • Select the Create New icon (a plus symbol in a circle in the upper right hand corner). l Select the List icon (a page symbol in the upper right hand corner) and in the new window select Create New.

An existing filter can be edited as follows:

  • Go to Security Profiles > Anti-Spam.
  • Select the filter that you wish to edit from the dropdown menu in the upper right corner.
  • Select the List icon (a page symbol in the upper right hand corner) and select the filter that you wish to edit from the list.

Once you are in the proper Edit Anti-Spam Profile window, you can enter a name in the Name field if it’s a new filter.

The Comments field is for a description or other information that will assist in understanding the function or purpose of the this particular filter.

 

Configuring Anti-spam

Before any of the other features or options of the filter appear the checkbox next to Enable Spam Detection and Filtering must be checked.

Spam detection by protocol

This matrix includes three rows that represent the email protocols IMAP, POP3 and SMTP.

There are also columns for:

Spam Action

For the client protocols, IMAP and POP3 the options are:

  • Tag – This action will insert a tag into the email somewhere so that when the recipients view the email they will be warned that it is likely a spam.
  • Pass – This action will allow any emails marked as spam to pass through without change. If this option is chosen, the Tag comments will be greyed out. For the transfer protocol, SMTP, the options are:
  • Tag – This action will insert a tag into the email somewhere so that when the recipients view the email they will be warned that it is likely a spam.
  • Discard – The action will drop the email before it reaches its destination.
  • Pass – This action will allow any emails marked as spam to pass through without change. If this option is chosen, the Tag comments will be greyed out. Tag Location
  • Subject – The contents of the Tag Format will be inserted into the subject line. The subject line is the most commonly used. l MIME – The contents of the Tag Format will be inserted in with the MIME header header.

Tag Format

The contents of this field will be entered into the tag location specified. The most common tag is something along the lines of [Spam] or **SPAM**

FortiGuard spam filtering

The options in the section are ones that require a FortiGuard subscription.

The options available in this section, to be selected by checkbox are:

  • IP Address Check l URL Check
  • Detect Phishing URLs in Email l Email Checksum Check l Spam Submission

Order of spam filtering

Local spam filtering

The options in the section are ones can be managed on the local device without the need for a FortiGuard subscription.

The options available in this section, to be selected by checkbox are: l HELO DNS Lookup l Return Email DNS Check l Black White List – checking this option will produce a table that can be edited to create a number of black / white lists that can be separately configured and enabled.

Another local spam filter profile option that can only be configured in the CLI is the bannedword.check. To configure this, enter the following commands in the CLI:

config spamfilter profile edit <filter_name> set options bannedword set spam-bword-table 1

next

end

See the section on banned word checking for more information on how content is evaluated.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiOS 6 and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.