spamfilter : mheader
 
mheader
Use this command to configure email filtering based on the MIME header. MIME header settings are configured with this command but MIME header filtering is enabled within each profile.
The FortiGate email filters are applied in the following order:
For SMTP
1. IP address BWL check - Last hop IP
2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
3. E-mail address BWL check
4. MIME headers check
5. IP address BWL check (for IPs extracted from “Received” headers)
6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
7. Banned word check
For POP3 and IMAP
1. E-mail address BWL check
2. MIME headers check, IP BWL check
3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check
4. Banned word check
For SMTP, POP3, and IMAP
The FortiGate unit compares the MIME header key-value pair of incoming email to the list pair in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.
MIME (Multipurpose Internet Mail Extensions) headers are added to email to describe content type and content encoding, such as the type of text in the email body or the program that generated the email. Some examples of MIME headers include:
X-mailer: outgluck
X-Distribution: bulk
Content_Type: text/html
Content_Type: image/jpg
The first part of the MIME header is called the header key, or just header. The second part is called the value. Spammers often insert comments into header values or leave them blank. These malformed headers can fool some spam and virus filters.
Use the MIME headers list to mark email from certain bulk mail programs or with certain types of content that are common in spam messages. Mark the email as spam or clear for each header configured.
Use Perl regular expressions or wildcards to add MIME header patterns to the list. MIME header entries are case sensitive.
Syntax
config spamfilter mheader
edit <list_int>
set name <list_str>
set comment <comment_str>
config entries
edit <mime_int>
set action {clear | spam}
set fieldbody <mime_str>
set fieldname <mime_str>
set pattern-type {regexp | wildcard}
set status {enable | disable}
end
end
Variable
Description
Default
<list_int>
A unique number to identify the MIME header list.
 
<list_str>
The name of the MIME header list.
 
<comment_str>
The comment attached to the MIME header list.
 
<mime_int>
A unique number to identify the MIME header.
 
action {clear | spam}
Enter clear to exempt the email from the rest of the email filters. Enter spam to apply the spam action.
spam
fieldbody <mime_str>
Enter the MIME header (key, header field body) using wildcards or Perl regular expressions.
No default.
fieldname <mime_str>
Enter the MIME header value (header field name) using wildcards or Perl regular expressions. Do not include a trailing colon.
No default.
pattern-type
{regexp | wildcard}
Enter the pattern-type for the MIME header. Choose from wildcards or Perl regular expressions.
wildcard
status
{enable | disable}
Enable or disable scanning email headers for the MIME header and header value defined in the fieldbody and fieldname strings.
enable