spamfilter : bwl
 
bwl
Use this command to filter email based on the sender’s email address or address pattern.
The FortiGate email filters are applied in the following order:
For SMTP
1. IP address BWL check - Last hop IP
2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
3. E-mail address BWL check
4. MIME headers check
5. IP address BWL check (for IPs extracted from “Received” headers)
6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
7. Banned word check
For POP3 and IMAP
1. E-mail address BWL check
2. MIME headers check, IP BWL check
3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check
4. Banned word check
For SMTP, POP3, and IMAP using the email address
The FortiGate unit compares the email address or domain of the sender to the list in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.
The FortiGate unit can filter email from specific senders or all email from a domain (such as example.net). Each email address can be marked as clear or spam.
Use Perl regular expressions or wildcards to add email address patterns to the list.
Use this command to filter email based on the IP or subnet address.
The FortiGate email filters are generally applied in the following order:
For SMTP, POP3, and IMAP using the IP address
The FortiGate unit compares the IP address of the sender to the list in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.
Enter an IP address and mask in one of two formats:
x.x.x.x/x.x.x.x, for example 192.168.10.23/255.255.255.0
x.x.x.x/x, for example 192.168.10.23/24
Configure the FortiGate unit to filter email from specific IP addresses. Mark each IP address as clear, spam, or reject. Filter single IP addresses, or a range of addresses at the network level by configuring an address and mask.
Syntax
config spamfilter bwl
edit <list_int>
set name <list_str>
set comment <comment_str>
config entries
edit <entry_id>
set type email
set action {clear | spam}
set email-pattern <email_str>
set pattern-type {regexp | wildcard}
set status {enable | disable}
end
edit <entry_id>
set type ip
set action {clear | reject | spam}
set addr-type {ipv4 | ipv6}
set ip4-subnet {<address_ipv4mask>}
set ip6-subnet {<address_ipv6mask>}
set status {enable | disable}
end
Variable
Description
Default
<list_int>
A unique number to identify the email black/white list.
 
<list_str>
The name of the email black/white list.
 
<comment_str>
The comment attached to the email black/white list.
 
<entry_id>
A unique number to identify the entry.
 
type {email | ip}
Select whether pattern is by email address or IP address.
ip
action {clear | spam}
If type is email:
Enter clear to exempt the email from the rest of the spam filters. Enter spam to apply the spam action configured in the profile.
spam
action {clear | reject | spam}
If type is ip:
Enter clear to exempt the email from the rest of the email filters. Enter reject to drop any current or incoming sessions. Enter spam to apply the spam action.
spam
addr-type {ipv4 | ipv6}
Select whether IPv4 or IPv6 addresses will be used. Available if type is ip.
ipv4
email-pattern <email_str>
Enter the email address pattern using wildcards or Perl regular expressions. Available if type is email.
 
ip4-subnet {<address_ipv4mask>}
The trusted IPv4 IP address and subnet mask in the format 192.168.10.23 255.255.255.0 or 192.168.10.23/24. Available if type is ip.
No default
ip6-subnet {<address_ipv6mask>}
The trusted IPv6 IP address.
This is available when type is ip and addr-type is ipv6.
No default
pattern-type {regexp | wildcard}
Enter the pattern-type for the email address. Choose from wildcards or Perl regular expressions. Available if type is email.
wildcard
status {enable | disable}
Enable or disable scanning for each email address.
enable