spamfilter : dnsbl
Use this command to configure email filtering using DNS-based Blackhole List (DNSBL) or Open Relay Database List (ORDBL) servers. DSNBL and ORDBL settings are configured with this command but DSNBL and ORDBL filtering is enabled within each profile.
The FortiGate email filters are generally applied in the following order:
1. IP address BWL check - Last hop IP
2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
3. E-mail address BWL check
4. MIME headers check
5. IP address BWL check (for IPs extracted from “Received” headers)
6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
7. Banned word check
For POP3 and IMAP
1. E-mail address BWL check
2. MIME headers check, IP BWL check
3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check
4. Banned word check
For SMTP, POP3, and IMAP
The FortiGate unit compares the IP address or domain name of the sender to any database lists configured in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.
Some spammers use unsecured third party SMTP servers to send unsolicited bulk email. Using DNSBLs and ORDBLs is an effective way to tag or reject spam as it enters the network. These lists act as domain name servers that match the domain of incoming email to a list of IP addresses known to send spam or allow spam to pass through.
There are several free and subscription servers available that provide reliable access to continually updated DNSBLs and ORDBLs. Please check with the service being used to confirm the correct domain name for connecting to the server.
Because the FortiGate unit uses the server domain name to connect to the DNSBL or ORDBL server, it must be able to look up this name on the DNS server. For information on configuring DNS, see system dns.
config spamfilter dnsbl
edit <list_int>
set name <list_str>
set comment <comment_str>
config entries
edit <server_int>
set action {reject | spam}
set server <fqdn>
set status {enable | disable}
A unique number to identify the DNSBL list.
The name of the DNSBL header list.
The comment attached to the DNSBL header list.
A unique number to identify the DNSBL server.
action {reject | spam}
Enter reject to stop any further processing of the current session and to drop an incoming connection at once. Enter spam to identify email as spam.
server <fqdn>
Enter the domain name of a DNSBL server or an ORDBL server.
No default.
status {enable | disable}
Enable or disable querying the server named in the server string.