Fortinet black logo

CLI Reference

Home FortiGate / FortiOS 6.0.0 CLI Reference

spamfilter bwl

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0
Copy Link
Copy Doc ID c287b6bf-a995-11e9-81a4-00505692583a:732448
Download PDF

spamfilter bwl

Use this command to filter email based on the sender’s email address or address pattern. The FortiGate email filters are applied in the following order:

For SMTP

  1. IP address BWL check - Last hop IP
  2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
  3. E-mail address BWL check
  4. MIME headers check
  5. IP address BWL check (for IPs extracted from “Received” headers)
  6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
  7. Banned word check

For POP3 and IMAP

  1. E-mail address BWL check
  2. MIME headers check, IP BWL check
  3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check
  4. Banned word check

For SMTP, POP3, and IMAP using the email address

The FortiGate unit compares the email address or domain of the sender to the list in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.

The FortiGate unit can filter email from specific senders or all email from a domain (such as example.net). Each email address can be marked as clear or spam.

Use Perl regular expressions or wildcards to add email address patterns to the list.

Use this command to filter email based on the IP or subnet address.

For SMTP, POP3, and IMAP using the IP address

The FortiGate unit compares the IP address of the sender to the list in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.

Enter an IP address and mask in one of two formats:

  • x.x.x.x/x.x.x.x, for example 192.168.10.23/255.255.255.0
  • x.x.x.x/x, for example 192.168.10.23/24

Configure the FortiGate unit to filter email from specific IP addresses. Mark each IP address as clear, spam, or reject. Filter single IP addresses, or a range of addresses at the network level by configuring an address and mask.

config spamfilter bwl
    edit {id}
    # Configure anti-spam black/white list.
        set id {integer}   ID. range[0-4294967295]
        set name {string}   Name of table. size[35]
        set comment {string}   Optional comments. size[255]
        config entries
            edit {id}
            # Anti-spam black/white list entries.
                set status {enable | disable}   Enable/disable status.
                set id {integer}   Entry ID. range[0-4294967295]
                set type {ip | email}   Entry type.
                        ip     By IP address.
                        email  By email address.
                set action {reject | spam | clear}   Reject, mark as spam or good email.
                        reject  Reject the connection.
                        spam    Mark as spam email.
                        clear   Mark as good email.
                set addr-type {ipv4 | ipv6}   IP address type.
                        ipv4  IPv4 Address type.
                        ipv6  IPv6 Address type.
                set ip4-subnet {ipv4 classnet}   IPv4 network address/subnet mask bits.
                set ip6-subnet {ipv6 network}   IPv6 network address/subnet mask bits.
                set pattern-type {wildcard | regexp}   Wildcard pattern or regular expression.
                        wildcard  Wildcard pattern.
                        regexp    Perl regular expression.
                set email-pattern {string}   Email address pattern. size[127]
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

action

The options for this setting will depend on what the setting type is set to.

Type Available options
email
  • clear
  • spam
ip
  • clear
  • reject
  • spam
  • clear - exempt the email from the rest of the spam filters
  • reject - to drop any current or incoming sessions.
  • spam - apply the spam action configured in the profile

addr-type

Select whether IPv4 or IPv6 addresses will be used.

Available if type is ip.

email-pattern

Enter the email address pattern using wildcards or Perl regular expressions.

Available if type is email.

ip4-subnet

The trusted IPv4 IP address and subnet mask in the format x.x.x.x x.x.x.x or x.x.x.x/x.

Available if type is ip.

ip6-subnet

The trusted IPv6 IP address.

This is available when type is ip and addr-type is ipv6.

pattern-type

Enter the pattern-type for the email address. Choose from wildcards or Perl regular expressions.

Available if type is email.

Previous
Next

spamfilter bwl

Use this command to filter email based on the sender’s email address or address pattern. The FortiGate email filters are applied in the following order:

For SMTP

  1. IP address BWL check - Last hop IP
  2. DNSBL & ORDBL check, IP address FortiGuard check, HELO DNS lookup
  3. E-mail address BWL check
  4. MIME headers check
  5. IP address BWL check (for IPs extracted from “Received” headers)
  6. Return e-mail DNS check, FortiGuard Antispam check (for IPs extracted from “Received” headers, and URLs in email content)
  7. Banned word check

For POP3 and IMAP

  1. E-mail address BWL check
  2. MIME headers check, IP BWL check
  3. Return e-mail DNS check, FortiGuard Antispam check, DNSBL & ORDBL check
  4. Banned word check

For SMTP, POP3, and IMAP using the email address

The FortiGate unit compares the email address or domain of the sender to the list in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.

The FortiGate unit can filter email from specific senders or all email from a domain (such as example.net). Each email address can be marked as clear or spam.

Use Perl regular expressions or wildcards to add email address patterns to the list.

Use this command to filter email based on the IP or subnet address.

For SMTP, POP3, and IMAP using the IP address

The FortiGate unit compares the IP address of the sender to the list in sequence. If a match is found, the corresponding action is taken. If no match is found, the email is passed on to the next email filter.

Enter an IP address and mask in one of two formats:

  • x.x.x.x/x.x.x.x, for example 192.168.10.23/255.255.255.0
  • x.x.x.x/x, for example 192.168.10.23/24

Configure the FortiGate unit to filter email from specific IP addresses. Mark each IP address as clear, spam, or reject. Filter single IP addresses, or a range of addresses at the network level by configuring an address and mask.

config spamfilter bwl
    edit {id}
    # Configure anti-spam black/white list.
        set id {integer}   ID. range[0-4294967295]
        set name {string}   Name of table. size[35]
        set comment {string}   Optional comments. size[255]
        config entries
            edit {id}
            # Anti-spam black/white list entries.
                set status {enable | disable}   Enable/disable status.
                set id {integer}   Entry ID. range[0-4294967295]
                set type {ip | email}   Entry type.
                        ip     By IP address.
                        email  By email address.
                set action {reject | spam | clear}   Reject, mark as spam or good email.
                        reject  Reject the connection.
                        spam    Mark as spam email.
                        clear   Mark as good email.
                set addr-type {ipv4 | ipv6}   IP address type.
                        ipv4  IPv4 Address type.
                        ipv6  IPv6 Address type.
                set ip4-subnet {ipv4 classnet}   IPv4 network address/subnet mask bits.
                set ip6-subnet {ipv6 network}   IPv6 network address/subnet mask bits.
                set pattern-type {wildcard | regexp}   Wildcard pattern or regular expression.
                        wildcard  Wildcard pattern.
                        regexp    Perl regular expression.
                set email-pattern {string}   Email address pattern. size[127]
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

action

The options for this setting will depend on what the setting type is set to.

Type Available options
email
  • clear
  • spam
ip
  • clear
  • reject
  • spam
  • clear - exempt the email from the rest of the spam filters
  • reject - to drop any current or incoming sessions.
  • spam - apply the spam action configured in the profile

addr-type

Select whether IPv4 or IPv6 addresses will be used.

Available if type is ip.

email-pattern

Enter the email address pattern using wildcards or Perl regular expressions.

Available if type is email.

ip4-subnet

The trusted IPv4 IP address and subnet mask in the format x.x.x.x x.x.x.x or x.x.x.x/x.

Available if type is ip.

ip6-subnet

The trusted IPv6 IP address.

This is available when type is ip and addr-type is ipv6.

pattern-type

Enter the pattern-type for the email address. Choose from wildcards or Perl regular expressions.

Available if type is email.

Previous
Next