Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.0
Download PDF
Copy Link

spamfilter mheader

Use this command to configure email filtering based on the MIME header. MIME header settings are configured with this command but MIME header filtering is enabled within each profile.

The FortiGate email filters are applied in the following order:

For SMTP

  1. IP address BWL check - Last hop IP
  2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
  3. E-mail address BWL check
  4. MIME headers check
  5. IP address BWL check (for IPs extracted from “Received” headers)
  6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
  7. Banned word check

For POP3 and IMAP

  1. E-mail address BWL check
  2. MIME headers check, IP BWL check
  3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check
  4. Banned word check

For SMTP, POP3, and IMAP

The FortiGate unit compares the MIME header key-value pair of incoming email to the list pair in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.

MIME (Multipurpose Internet Mail Extensions) headers are added to email to describe content type and content encoding, such as the type of text in the email body or the program that generated the email. Some examples of MIME headers include:

  • X-mailer: outgluck
  • X-Distribution: bulk
  • Content_Type: text/html
  • Content_Type: image/jpg

The first part of the MIME header is called the header key, or just header. The second part is called the value. Spammers often insert comments into header values or leave them blank. These malformed headers can fool some spam and virus filters.

Use the MIME headers list to mark email from certain bulk mail programs or with certain types of content that are common in spam messages. Mark the email as spam or clear for each header configured.

Use Perl regular expressions or wildcards to add MIME header patterns to the list. MIME header entries are case sensitive.

config spamfilter mheader
    edit {id}
    # Configure AntiSpam MIME header.
        set id {integer}   ID. range[0-4294967295]
        set name {string}   Name of table. size[35]
        set comment {string}   Optional comments. size[255]
        config entries
            edit {id}
            # Spam filter mime header content.
                set status {enable | disable}   Enable/disable status.
                set id {integer}   Mime header entry ID. range[0-4294967295]
                set fieldname {string}   Pattern for header field name. size[63]
                set fieldbody {string}   Pattern for the header field body. size[127]
                set pattern-type {wildcard | regexp}   Wildcard pattern or regular expression.
                        wildcard  Wildcard pattern.
                        regexp    Perl regular expression.
                set action {spam | clear}   Mark spam or good.
                        spam   Mark as spam email.
                        clear  Mark as good email.
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

fieldbody

Enter the MIME header (key, header field body) using wildcards or Perl regular expressions.

fieldname

Enter the MIME header value (header field name) using wildcards or Perl regular expressions. Do not include a trailing colon.

 

 

 

 

 

spamfilter mheader

Use this command to configure email filtering based on the MIME header. MIME header settings are configured with this command but MIME header filtering is enabled within each profile.

The FortiGate email filters are applied in the following order:

For SMTP

  1. IP address BWL check - Last hop IP
  2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
  3. E-mail address BWL check
  4. MIME headers check
  5. IP address BWL check (for IPs extracted from “Received” headers)
  6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
  7. Banned word check

For POP3 and IMAP

  1. E-mail address BWL check
  2. MIME headers check, IP BWL check
  3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check
  4. Banned word check

For SMTP, POP3, and IMAP

The FortiGate unit compares the MIME header key-value pair of incoming email to the list pair in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.

MIME (Multipurpose Internet Mail Extensions) headers are added to email to describe content type and content encoding, such as the type of text in the email body or the program that generated the email. Some examples of MIME headers include:

  • X-mailer: outgluck
  • X-Distribution: bulk
  • Content_Type: text/html
  • Content_Type: image/jpg

The first part of the MIME header is called the header key, or just header. The second part is called the value. Spammers often insert comments into header values or leave them blank. These malformed headers can fool some spam and virus filters.

Use the MIME headers list to mark email from certain bulk mail programs or with certain types of content that are common in spam messages. Mark the email as spam or clear for each header configured.

Use Perl regular expressions or wildcards to add MIME header patterns to the list. MIME header entries are case sensitive.

config spamfilter mheader
    edit {id}
    # Configure AntiSpam MIME header.
        set id {integer}   ID. range[0-4294967295]
        set name {string}   Name of table. size[35]
        set comment {string}   Optional comments. size[255]
        config entries
            edit {id}
            # Spam filter mime header content.
                set status {enable | disable}   Enable/disable status.
                set id {integer}   Mime header entry ID. range[0-4294967295]
                set fieldname {string}   Pattern for header field name. size[63]
                set fieldbody {string}   Pattern for the header field body. size[127]
                set pattern-type {wildcard | regexp}   Wildcard pattern or regular expression.
                        wildcard  Wildcard pattern.
                        regexp    Perl regular expression.
                set action {spam | clear}   Mark spam or good.
                        spam   Mark as spam email.
                        clear  Mark as good email.
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

fieldbody

Enter the MIME header (key, header field body) using wildcards or Perl regular expressions.

fieldname

Enter the MIME header value (header field name) using wildcards or Perl regular expressions. Do not include a trailing colon.