Fortinet black logo

CLI Reference

spamfilter fortishield

spamfilter fortishield

Use this command to configure the settings for the FortiGuard-Antispam Service.

The FortiGate email filters are applied in the following order:

For SMTP

  1. IP address BWL check - Last hop IP
  2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
  3. E-mail address BWL check
  4. MIME headers check
  5. IP address BWL check (for IPs extracted from “Received” headers)
  6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
  7. Banned word check

For POP3 and IMAP

  1. E-mail address BWL check
  2. MIME headers check, IP BWL check
  3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check
  4. Banned word check

For SMTP, POP3, and IMAP

FortiGuard-Antispam Service is an antispam system from Fortinet that includes an IP address blocklist, a URL blocklist, and email filtering tools. The IP address blocklist contains IP addresses of email servers known to be used to generate Spam. The URL blocklist contains found in Spam email.

FortiGuard-Antispam Service compiles the IP address and URL list from email captured by spam probes located around the world. Spam probes are email addresses purposely configured to attract spam and identify known spam sources to create the antispam IP address and URL list. FortiGuard-Antispam Service combines IP address and URL checks with other email filter techniques in a two-pass process.

On the first pass, if spamfsip is selected in the profile, FortiGuard-Antispam Service extracts the SMTP mail server source address and sends the IP address to a FortiGuard-Antispam Service server to see if this IP address matches the list of known spammers. If spamfsurl is selected in the profile, FortiGuard-Antispam Service checks the body of email messages to extract any URL links. These URL links will be sent to a FortiGuard-Antispam Service server to see if any of them is listed. Typically spam messages contain URL links to advertisements (also called spamvertizing).

If an IP address or URL match is found, FortiGuard-Antispam Service terminates the session. If FortiGuard-Antispam Service does not find a match, the mail server sends the email to the recipient.

As each email is received, FortiGuard-Antispam Service performs the second antispam pass by checking the header, subject, and body of the email for common spam content. If FortiGuard- Antispam Service finds spam content, the email is tagged or dropped.

config spamfilter fortishield
    set spam-submit-srv {string}   Hostname of the spam submission server. size[63]
    set spam-submit-force {enable | disable}   Enable/disable force insertion of a new mime entity for the submission text.
    set spam-submit-txt2htm {enable | disable}   Enable/disable conversion of text email to HTML email.
end

Additional information

The following section is for those options that require additional explanation.

spam-submit-srv

The host name of the FortiGuard-Antispam Service server. The FortiGate unit comes preconfigured with a host name. Use this command only to change the host name.

spamfilter fortishield

Use this command to configure the settings for the FortiGuard-Antispam Service.

The FortiGate email filters are applied in the following order:

For SMTP

  1. IP address BWL check - Last hop IP
  2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
  3. E-mail address BWL check
  4. MIME headers check
  5. IP address BWL check (for IPs extracted from “Received” headers)
  6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
  7. Banned word check

For POP3 and IMAP

  1. E-mail address BWL check
  2. MIME headers check, IP BWL check
  3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check
  4. Banned word check

For SMTP, POP3, and IMAP

FortiGuard-Antispam Service is an antispam system from Fortinet that includes an IP address blocklist, a URL blocklist, and email filtering tools. The IP address blocklist contains IP addresses of email servers known to be used to generate Spam. The URL blocklist contains found in Spam email.

FortiGuard-Antispam Service compiles the IP address and URL list from email captured by spam probes located around the world. Spam probes are email addresses purposely configured to attract spam and identify known spam sources to create the antispam IP address and URL list. FortiGuard-Antispam Service combines IP address and URL checks with other email filter techniques in a two-pass process.

On the first pass, if spamfsip is selected in the profile, FortiGuard-Antispam Service extracts the SMTP mail server source address and sends the IP address to a FortiGuard-Antispam Service server to see if this IP address matches the list of known spammers. If spamfsurl is selected in the profile, FortiGuard-Antispam Service checks the body of email messages to extract any URL links. These URL links will be sent to a FortiGuard-Antispam Service server to see if any of them is listed. Typically spam messages contain URL links to advertisements (also called spamvertizing).

If an IP address or URL match is found, FortiGuard-Antispam Service terminates the session. If FortiGuard-Antispam Service does not find a match, the mail server sends the email to the recipient.

As each email is received, FortiGuard-Antispam Service performs the second antispam pass by checking the header, subject, and body of the email for common spam content. If FortiGuard- Antispam Service finds spam content, the email is tagged or dropped.

config spamfilter fortishield
    set spam-submit-srv {string}   Hostname of the spam submission server. size[63]
    set spam-submit-force {enable | disable}   Enable/disable force insertion of a new mime entity for the submission text.
    set spam-submit-txt2htm {enable | disable}   Enable/disable conversion of text email to HTML email.
end

Additional information

The following section is for those options that require additional explanation.

spam-submit-srv

The host name of the FortiGuard-Antispam Service server. The FortiGate unit comes preconfigured with a host name. Use this command only to change the host name.