FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 21 - Security Profiles > Email filter > Email filter examples

Email filter examples

Configuring simple antispam protection

Small offices, whether they are small companies, home offices, or satellite offices, often have very simple needs. This example details how to enable antispam protection on a FortiGate unit located in a satellite office.

Creating an email filter profile

Most email filter settings are configured in an email filter profile. Email filter profiles are selected in firewall policies. This way, you can create multiple email filter profiles, and tailor them to the traffic controlled by the security policy in which they are selected. In this example, you will create one email filter profile.

To create an email filter profile — web-based manager
  1. Go to Security Profiles > Email Filter.
  2. Select the Create New icon in the Edit Email Filter Profile window title.
  3. In the Name field, enter basic_emailfilter.
  4. Select Enable Spam Detection and Filtering.
  5. Ensure that IMAP, POP3, and SMTP are selected in the header row.

These header row selections enable or disable examination of each email traffic type. When disabled, the email traffic of that type is ignored by the FortiGate unit and no email filtering options are available.

  1. Under FortiGuard Spam Filtering, enable IP Address Check.
  2. Under FortiGuard Spam Filtering, enable URL Check.
  3. Under FortiGuard Spam Filtering, enable E-mail Checksum Check.
  4. Select OK to save the email filter profile.
To create an email filter profile — CLI

config spamfilter profile

edit basic_emailfilter

set options spamfsip spamfsurl spamfschksum

end

Selecting the email filter profile in a security policy

An email filter profile directs the FortiGate unit to scan network traffic only when it is selected in a security policy. When an email filter profile is selected in a security policy, its settings are applied to all the traffic the security policy handles.

To select the email filter profile in a security policy — web-based manager
  1. Go to Policy > Policy > IPv4.
  2. Create a new or edit a policy.
  3. Turn on email filtering.
  4. Select the basic_emailfilter profile from the list.
  5. Select OK to save the security policy.
To select the email filter profile in a security policy — CLI

config firewall policy

edit 1

set utm-status enable

set profile-protocol-options default

set spamfilter-profile basic_emailfilter

end

IMAP, POP3, and SMTP email traffic handled by the security policy you modified will be scanned for spam. Spam messages have the text “Spam” added to their subject lines. A small office may have only one security policy configured. If you have multiple policies, consider enabling spam scanning for all of them.

Blocking email from a user

Employees of the Example.com corporation have been receiving unwanted email messages from a former client at a company called example.net. The client’s email address is client@example.net. All ties between the company and the client have been severed, but the messages continue. The FortiGate unit can be configured to prevent these messages from being delivered.

To enable Email Filter
  1. Go to Security Profiles > Email Filter > Profile.
  2. Select the email filter profile that is used by the firewall policies handling email traffic from the email filter profile drop down list.
  3. In the row Tag Location, select Subject for all three mail protocols.
  4. In the row Tag Format, enter SPAM: in all three fields.
    This means that normal spam will be tagged in the subject line.
  5. Select Enable Spam Detection and Filtering.
  6. Under Local Spam Filtering, enable Black White List and select Create New.
  7. In the Black White List widget, select Create New.
  8. Select Email Address Wildcard.
  9. Enter client@example.net in the Pattern field.
  • If you wanted to prevent everyone’s email from the client’s company from getting through you could have used *@example.net instead.
  1. Set the Action as Mark as Spam.
  2. Set the Status to Enable.
  3. Confirm that the SMTP protocol action is set to Discard.
  4. Select OK.

Now that the email address list is created, you must enable the email filter in the email filter profile.

When this email filter profile is selected in a security policy, the FortiGate unit will reject any email message from an address ending with @example.net for all email traffic handled by the security policy.

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy