Email filter examples
Configuring simple antispam protection
Small offices, whether they are small companies, home offices, or satellite offices, often have very simple needs. This example details how to enable antispam protection on a FortiGate unit located in a satellite office.
Creating an email filter profile
Most email filter settings are configured in an email filter profile. Email filter profiles are selected in firewall policies. This way, you can create multiple email filter profiles, and tailor them to the traffic controlled by the security policy in which they are selected. In this example, you will create one email filter profile.
To create an email filter profile — web-based manager
- Go to Security Profiles > Email Filter.
- Select the Create New icon in the Edit Email Filter Profile window title.
- In the Name field, enter
basic_emailfilter
. - Select Enable Spam Detection and Filtering.
- Ensure that IMAP, POP3, and SMTP are selected in the header row.
These header row selections enable or disable examination of each email traffic type. When disabled, the email traffic of that type is ignored by the FortiGate unit and no email filtering options are available.
- Under FortiGuard Spam Filtering, enable IP Address Check.
- Under FortiGuard Spam Filtering, enable URL Check.
- Under FortiGuard Spam Filtering, enable E-mail Checksum Check.
- Select OK to save the email filter profile.
To create an email filter profile — CLI
config spamfilter profile
edit basic_emailfilter
set options spamfsip spamfsurl spamfschksum
end
Selecting the email filter profile in a security policy
An email filter profile directs the FortiGate unit to scan network traffic only when it is selected in a security policy. When an email filter profile is selected in a security policy, its settings are applied to all the traffic the security policy handles.
To select the email filter profile in a security policy — web-based manager
- Go to Policy > Policy > IPv4.
- Create a new or edit a policy.
- Turn on email filtering.
- Select the
basic_emailfilter
profile from the list. - Select OK to save the security policy.
To select the email filter profile in a security policy — CLI
config firewall policy
edit 1
set utm-status enable
set profile-protocol-options default
set spamfilter-profile basic_emailfilter
end
IMAP, POP3, and SMTP email traffic handled by the security policy you modified will be scanned for spam. Spam messages have the text “Spam” added to their subject lines. A small office may have only one security policy configured. If you have multiple policies, consider enabling spam scanning for all of them.
Blocking email from a user
Employees of the Example.com corporation have been receiving unwanted email messages from a former client at a company called example.net. The client’s email address is client@example.net. All ties between the company and the client have been severed, but the messages continue. The FortiGate unit can be configured to prevent these messages from being delivered.
To enable Email Filter
- Go to Security Profiles > Email Filter > Profile.
- Select the email filter profile that is used by the firewall policies handling email traffic from the email filter profile drop down list.
- In the row Tag Location, select Subject for all three mail protocols.
- In the row Tag Format, enter
SPAM:
in all three fields.
This means that normal spam will be tagged in the subject line. - Select Enable Spam Detection and Filtering.
- Under Local Spam Filtering, enable Black White List and select Create New.
- In the Black White List widget, select Create New.
- Select Email Address Wildcard.
- Enter
client@example.net
in the Pattern field.
- If you wanted to prevent everyone’s email from the client’s company from getting through you could have used *@example.net instead.
- Set the Action as Mark as Spam.
- Set the Status to Enable.
- Confirm that the SMTP protocol action is set to Discard.
- Select OK.
Now that the email address list is created, you must enable the email filter in the email filter profile.
When this email filter profile is selected in a security policy, the FortiGate unit will reject any email message from an address ending with @example.net for all email traffic handled by the security policy.