Fortinet black logo

CLI Reference

spamfilter dnsbl

spamfilter dnsbl

Use this command to configure email filtering using DNS-based Blackhole List (DNSBL) or Open Relay Database List (ORDBL) servers. DSNBL and ORDBL settings are configured with this command but DSNBL and ORDBL filtering is enabled within each profile.

The FortiGate email filters are generally applied in the following order:

For SMTP

  1. IP address BWL check - Last hop IP
  2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
  3. E-mail address BWL check
  4. MIME headers check
  5. IP address BWL check (for IPs extracted from “Received” headers)
  6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
  7. Banned word check

For POP3 and IMAP

1. E-mail address BWL check

2. MIME headers check, IP BWL check

3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check

4. Banned word check

For SMTP, POP3, and IMAP

The FortiGate unit compares the IP address or domain name of the sender to any database lists configured in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.

Some spammers use unsecured third party SMTP servers to send unsolicited bulk email. Using DNSBLs and ORDBLs is an effective way to tag or reject spam as it enters the network. These lists act as domain name servers that match the domain of incoming email to a list of IP addresses known to send spam or allow spam to pass through.

There are several free and subscription servers available that provide reliable access to continually updated DNSBLs and ORDBLs. Please check with the service being used to confirm the correct domain name for connecting to the server.

note icon Because the FortiGate unit uses the server domain name to connect to the DNSBL or ORDBL server, it must be able to look up this name on the DNS server. For information on configuring DNS, see system dns.
config spamfilter dnsbl
    edit {id}
    # Configure AntiSpam DNSBL/ORBL.
        set id {integer}   ID. range[0-4294967295]
        set name {string}   Name of table. size[35]
        set comment {string}   Optional comments. size[255]
        config entries
            edit {id}
            # Spam filter DNSBL and ORBL server.
                set status {enable | disable}   Enable/disable status.
                set id {integer}   DNSBL/ORBL entry ID. range[0-4294967295]
                set server {string}   DNSBL or ORBL server name. size[127]
                set action {reject | spam}   Reject connection or mark as spam email.
                        reject  Reject the connection.
                        spam    Mark as spam email.
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

action

  • reject - to stop any further processing of the current session and to drop an incoming connection at once.
  • spam - to identify email as spam.

server

Enter the domain name of a DNSBL server or an ORDBL server.

spamfilter dnsbl

Use this command to configure email filtering using DNS-based Blackhole List (DNSBL) or Open Relay Database List (ORDBL) servers. DSNBL and ORDBL settings are configured with this command but DSNBL and ORDBL filtering is enabled within each profile.

The FortiGate email filters are generally applied in the following order:

For SMTP

  1. IP address BWL check - Last hop IP
  2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
  3. E-mail address BWL check
  4. MIME headers check
  5. IP address BWL check (for IPs extracted from “Received” headers)
  6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
  7. Banned word check

For POP3 and IMAP

1. E-mail address BWL check

2. MIME headers check, IP BWL check

3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check

4. Banned word check

For SMTP, POP3, and IMAP

The FortiGate unit compares the IP address or domain name of the sender to any database lists configured in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.

Some spammers use unsecured third party SMTP servers to send unsolicited bulk email. Using DNSBLs and ORDBLs is an effective way to tag or reject spam as it enters the network. These lists act as domain name servers that match the domain of incoming email to a list of IP addresses known to send spam or allow spam to pass through.

There are several free and subscription servers available that provide reliable access to continually updated DNSBLs and ORDBLs. Please check with the service being used to confirm the correct domain name for connecting to the server.

note icon Because the FortiGate unit uses the server domain name to connect to the DNSBL or ORDBL server, it must be able to look up this name on the DNS server. For information on configuring DNS, see system dns.
config spamfilter dnsbl
    edit {id}
    # Configure AntiSpam DNSBL/ORBL.
        set id {integer}   ID. range[0-4294967295]
        set name {string}   Name of table. size[35]
        set comment {string}   Optional comments. size[255]
        config entries
            edit {id}
            # Spam filter DNSBL and ORBL server.
                set status {enable | disable}   Enable/disable status.
                set id {integer}   DNSBL/ORBL entry ID. range[0-4294967295]
                set server {string}   DNSBL or ORBL server name. size[127]
                set action {reject | spam}   Reject connection or mark as spam email.
                        reject  Reject the connection.
                        spam    Mark as spam email.
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

action

  • reject - to stop any further processing of the current session and to drop an incoming connection at once.
  • spam - to identify email as spam.

server

Enter the domain name of a DNSBL server or an ORDBL server.