Email filtering

Email filtering

The FortiGate Email Filter can be configured to do AntiSpam and file-type based filtering. To enable email filtering, create a profile using either the CLI or GUI, then use this profile in the firewall policy.

To configure the email filter profile in the CLI:

config emailfilter profile edit “ProfileName” set options ?  
bannedword Content block.
spambwl Black/white list.
spamfsip Email IP address FortiGuard AntiSpam black list check.
spamfssubmit Add FortiGuard AntiSpam spam submission text.
spamfschksum Email checksum FortiGuard AntiSpam check.
spamfsurl Email content URL FortiGuard AntiSpam check.
spamhelodns Email helo/ehlo domain DNS check.
spamraddrdns Email return address DNS check.
spamrbl Email DNSBL & ORBL check.
spamhdrcheck Email mime header check.
spamfsphish Email content phishing URL FortiGuard AntiSpam check.

These options can be reorganized according to the source of the decision:

  • Local options: The FortiGate qualifies the email based on local conditions like BWL, bannedwords, or DNS checks (with the use of FortiGuard service).
bannedword Content block.
spambwl Black/white list.
spamhelodns Email helo/ehlo domain DNS check.
spamraddrdns Email return address DNS check.
spamhdrcheck Email mime header check.
  • FortiGuard-based options: The FortiGate qualifies the email based on score or verdict returned from the FortiGuard service.
spamfsip Email IP address FortiGuard AntiSpam black list check.
spamfssubmit Add FortiGuard AntiSpam spam submission text.
spamfschksum Email checksum FortiGuard AntiSpam check.
spamfsurl Email content URL FortiGuard AntiSpam check.
spamfsphish Email content phishing URL FortiGuard AntiSpam check.
  • Third-party options: The FortiGate qualifies the email based on information from a third-party source (like ORB list). spamrbl Email DNSBL & ORBL check.

Local and FortiGuard black/white lists can be enabled and combined in a single profile. When combined, the Local black/white list has a higher priority than the FortiGuard’s black list during a decision making process.

For example: If a client’s IP address is black listed in FortiGuard servers, but the admin wants to override this decision and allow the IP to pass through the filter, they can define the IP address or subnet in a BWL with the clear action. Because the information coming from the Local BWL has a higher priority than the FortiGuard service, the email will be considered clean.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU