Enable to detect and block fragmented email.

Some mail user agents, such as Outlook, can fragment big emails into multiple sub-messages. This is used to bypass oversize limits/scanning.

Enable to apply the block action configured in the content action profile if an attached MS Office, OpenOffice, PDF document is password-protected, and therefore cannot be decompressed in order to scan its contents.

Enable to omit content profile scanning if the SMTP session is authenticated.

Enable to determine which action to perform, instead of blocking/passing based solely upon the application/archive MIME type you specify in the File Type Filtering settings (see “Configuring file filters”). FortiMail is capable of decompressing such archive attachments as ZIP, PKZIP, LHA, ARJ, and RAR files.

By default, archives with less than 10 levels of compression will be blocked if they cannot be successfully decompressed or are password-protected.

Depending on the nesting depth threshold and the attachment’s depth of nested archives, the FortiMail unit may also consider the file types of files within the archive when determining which action to perform. For details, see the section below.

If disabled, the FortiMail unit will perform the Block/Pass action solely based upon whether an email contains an archive. It will disregard the depth of nesting, password protection, successful decompression, and the file types of contents within the archive.

Enable to apply the block action configured in the content action profile if an attached archive cannot be successfully decompressed, such as if the compression algorithm is unknown, and therefore cannot be decompressed in order to scan its contents.

This option is available only if Check Archive Content is enabled.

Enable to apply the block action configured in the content action profile if an attached archive is password-protected, and therefore cannot be decompressed in order to scan its contents.

This option is available only if Check Archive Content is enabled.

Enter the nesting depth threshold. Depending upon each attached archive’s depth of archives nested within the archive, the FortiMail unit uses one of the following methods to determine if it should block or pass the email.

The specified compression value is always considered if Check Archive Content is enabled, but has an effect only if the threshold is exceeded.

This option is available only if Check Archive Content is enabled.

Documents, similar to an archive, can sometimes contain video, graphics, sounds, and other files that are used by the document. By embedding the required file within itself instead of linking to such files externally, a document becomes more portable. However, it also means that documents can be used to hide infected files that are the real attack vector.

Enable to, for application/document MIME types such as Microsoft Office, Microsoft Visio, and OpenOffice.org documents, scan files that are encapsulated within the document itself. The FortiMail unit will scan only for MIME types that are enabled in File type filtering.

Enable to defer mail delivery from specific senders configured in policy to conserve peak time bandwidth at the expense of sending low priority, bandwidth consuming traffic at scheduled times. For example, you can apply this function to senders of marketing campaign emails or mass mailing.

For information on policy, see “How to use policies”.

For information on scheduling deferred delivery, see “Configuring mail server settings”.

Enter the file size limit over which the FortiMail unit will defer processing large email messages. If not enabled, large messages are not deferred.

For information on scheduling deferred delivery, see “Configuring mail server settings”.

Specify how many attachments are allowed in one email message. The valid range is between 1 and 100. The default value is 10.

Enable to detect hypertext markup language (HTML) tags and, if found:

Use this option to mitigate potentially harmful HTML content such as corrupted images or files, or phishing URLs that are specially crafted for a targeted attack, and not yet identified by the FortiGuard Antispam service.

Depending on the action profile, for example, you could warn email users by tagging email that contains potentially dangerous HTML content, or, if you have removed the HTML tags, allow users to safely read the email to decide whether or not it is legitimate first, without automatically displaying and executing potentially dangerous scripts, images, or other files. (Automatic display of HTML content is a risk on some email clients.)

Caution: Unless you also select Replace in the content action profile, HTML is not removed, and the email will not be converted to plain text. Instead, the FortiMail unit will only apply whichever other action profile “block” action you have selected.

If you select Replace, all HTML tags are removed, except for the minimum required by the HTML document type definition (DTD): <html>, <head>, and <body>.

Stripped body text is surrounded by <pre> tags, which is typically rendered in a monospace font, causing the appearance to mimic plain text.

For linked files, which are hosted on an external web site for subsequent download rather than directly attached to the email, the FortiMail unit will download and attach the file to the email before removing the <img> or <embed> tag. In this way, while the format is converted to plain text, attachments and linked files which may be relevant to the content are still preserved.

For example, in an email is a mixture of HTML and plain text (Content‑Type: multipart/alternative), and the action profile’s “block” action is Replace, the FortiMail unit removes hyperlink, font, and other HTML tags in the sections labeled with Content-Type: text/html. Linked images are converted to attachments. (The MIME Content‑Type: text/html label itself is not be modified.)

Enable to apply the block action configured in the content action profile if an email does not have any attachments.