Chapter 15 Unified Threat Management for FortiOS 5.0 : Email filter : Email filter examples : Blocking email from a user
  
Blocking email from a user
Employees of the Example.com corporation have been receiving unwanted email messages from a former client at a company called example.net. The client’s email address is client@example.net. All ties between the company and the client have been severed, but the messages continue. The FortiGate unit can be configured to prevent these messages from being delivered.
To create the email address list
1. Go to Security Profiles > Email Filter > Email List.
2. Select Create New.
3. Enter a name for the new email address list.
4. Optionally, enter a descriptive comment for the email address list.
5. Select OK to create the list.
6. Select Create New to add a new entry to the email address list.
7. Select Email Address.
8. Enter client@example.net in the E-mail Address field.
If you wanted to prevent everyone’s email from the client’s company from getting through you could have used *@example.net instead.
9. Leave Pattern Type set to the default, Wildcard.
10. Leave Action as Mark as Spam to have the FortiGate unit mark all messages from example.net as spam.
Now that the email address list is created, you must enable the email filter in the email filter profile.
To enable Email Filter
1. Go to Security Profiles > Email Filter > Profile.
2. Select the email filter profile that is used by the firewall policies handling email traffic from the email filter profile drop down list.
3. In the row Tag Location, select Subject for all three mail protocols.
4. In the row Tag Format, enter SPAM: in all three fields.
5. Select Enable Spam Detection and Filtering.
6. Ensure that the check boxes labeled IMAP, POP3, and SMTP in the header row are selected.
7. Under Local Spam Filtering, enable BWL Check and select the email address list you created in the previous procedure from the drop down list.
8. Select OK.
When this email filter profile is selected in a security policy, the FortiGate unit will add “SPAM:” to the subject of any email message from an address ending with @example.net for all email traffic handled by the security policy. Recipients can ignore the message or they can configure their email clients to automatically delete messages with “SPAM:” in the subject.