You can use an LDAP query to enable or disable antispam scanning on a per-user basis. For details, see “Configuring LDAP profiles” and “Enable LDAP scan override”. |
GUI item | Description |
Clone (button) | Click the row corresponding to the profile whose settings you want to duplicate when creating the new profile, then click Clone. A single-field dialog appears. Enter a name for the new profile. Click OK. |
Batch Edit (button) | Edit several profiles simultaneously. See “Performing a batch edit”. |
Domain (drop-down list) | Select System to see profiles for the entire FortiMail unit, or select a protected domain name to see profiles for that domain. You can see only the domains that are permitted by your administrator profile. |
Profile Name | Displays the name of the profile. |
Domain Name (column) | Displays either System or a domain name. |
Direction | Displays either Incoming for a profile that can be used by an incoming policy, or Outgoing for a profile that can be used by an outgoing policy. |
(Green dot in column heading) | Indicates whether or not the entry is currently referred to by another item in the configuration. If another item is using this entry, a red dot appears in this column, and the entry cannot be deleted. |
GUI item | Description |
Domain | Select the entire FortiMail unit (System) or name of a protected domain.You can see only the domains that are permitted by your administrator profile. For more information, see “About administrator account permissions and domains”. |
Profile name | For a new profile, enter the name of the profile. |
Direction | Select either Incoming for a profile that can be used by an incoming policy, or Outgoing for a profile that can be used by an outgoing policy. For definitions of outgoing and incoming email, see “Incoming versus outgoing email messages”. |
Default action | Select the default action to take when the policy matches. See “Configuring antispam action profiles”. |
FortiGuard | |
Greylist | Enable to apply greylisting. For more information, see “Configuring greylisting”. Note: Enabling greylisting can improve performance by blocking most spam before it undergoes other resource-intensive antispam scans. |
SPF check | If the sender domain DNS record lists SPF authorized IP addresses, use this option to compare the client IP address to the IP addresses of authorized senders in the DNS record (RFC 4408). If the DNS record for the domain name of the sender does not publish SPF information, the FortiMail unit omits the SPF client IP address validation. If the client IP address fails the SPF check, FortiMail will take the antispam action configured in this antispam profile. But unlike SPF checking in a session profile, failed SPF checking in an antispam profile will not increase the client’s reputation score. Note: Before FortiMail 4.0 MR3 Patch 1 release, you must enable SPF checking in the session profile before SPF checking in the antispam profile takes effect. Starting from 4.0 MR3 Patch 2 release, SPF checking can be enabled in either a session profile or an antispam profile, or both profiles. However, if you select to Bypass SPF checking in the session profile (see “Configuring sender validation options”), SPF checking will be bypassed even though you enable it in the antispam profile. Note: Before FortiMail 4.0 MR3 Patch 1 release, only SPF hardfailed (-all) email is treated as spam. Starting from 4.0 MR3 Patch 2 release, you can use a CLI command (set spf-checking {strict | aggressive} under config antispam settings) to control if the SPF softfailed (~all) email should also be treated as spam. For details, see the FortiMail CLI Guide. |
DMARC | Domain-based Message Authentication, Reporting & Conformance (DMARC) performs email authentication with SPF and DKIM checking. If either SPF check or DKIM check passes, DMARC check will pass. If both of them fails, DMARC check fails. More DMARC features will be added in future releases. |
Behavior analysis | Behavior analysis (BA) analyzes the similarities between the uncertain email and the known spam email in the BA database and determines if the uncertain email is spam. The BA database is a gathering of spam email caught by FortiGuard Antispam Service. Therefore, the accuracy of the FortiGuard Antispam Service has a direct impact on the BA accuracy. You can adjust the BA aggressiveness using the following CLI commands: config antispam behavior-analysis set analysis-level {high | medium | low} end The high setting means the most aggressive while the low setting means the least aggressive. The default setting is medium. You can also reset (empty) the BA database using the following CLI command: diagnose debug application mailfilterd behavior-analysis update |
Header analysis | Enable this option to examine the entire message header for spam characteristics. |
Heuristic | |
SURBL | |
DNSBL | |
Banned word | |
Safelist word | |
Dictionary | |
Image spam | |
Bayesian | |
Suspicious newsletter | Suspicious newsletters are part of the newsletter category. But FortiMail may find them to be suspicious because they may actually be spam under the disguise of newsletters. Note that if you enable detection of both newsletters and suspicious newsletters and specify actions for both types, if a newsletter is found to be suspicious, the action towards suspicious newsletters will take effect, not the action towards newsletters. |
Newsletter | Although newsletters and other marketing campaigns are not spam, some users may find them annoying. Enable detection of newsletters and select an action profile to deal with them. For example, you can tag newsletter email so that users can filter them in their email clients. |
Scan Conditions | |
Other Settings |