Fortinet black logo

CLI Reference

spamfilter profile

spamfilter profile

Use this command to configure UTM email filtering profiles for firewall policies. Email filtering profiles configure how Email filtering and FortiGuard Antispam is applied to sessions accepted by a firewall policy that includes the Email filtering profile.

config spamfilter profile
    edit {name}
    # Configure AntiSpam profiles.
        set name {string}   Profile name. size[35]
        set comment {string}   Comment. size[255]
        set flow-based {enable | disable}   Enable/disable flow-based spam filtering.
        set replacemsg-group {string}   Replacement message group. size[35] - datasource(s): system.replacemsg-group.name
        set spam-log {disable | enable}   Enable/disable spam logging for email filtering.
        set spam-log-fortiguard-response {disable | enable}   Enable/disable logging FortiGuard spam response.
        set spam-filtering {enable | disable}   Enable/disable spam filtering.
        set external {enable | disable}   Enable/disable external Email inspection.
        set options {option}   Options.
                bannedword    Content block.
                spambwl       Black/white list.
                spamfsip      Email IP address FortiGuard AntiSpam black list check.
                spamfssubmit  Add FortiGuard AntiSpam spam submission text.
                spamfschksum  Email checksum FortiGuard AntiSpam check.
                spamfsurl     Email content URL FortiGuard AntiSpam check.
                spamhelodns   Email helo/ehlo domain DNS check.
                spamraddrdns  Email return address DNS check.
                spamrbl       Email DNSBL & ORBL check.
                spamhdrcheck  Email mime header check.
                spamfsphish   Email content phishing URL FortiGuard AntiSpam check.
        config imap
            set log {enable | disable}   Enable/disable logging.
            set action {pass | tag}   Action for spam email.
                    pass  Allow spam email to pass through.
                    tag   Tag spam email with configured text in subject or header.
            set tag-type {subject | header | spaminfo}   Tag subject or header for spam email.
                    subject   Prepend text to spam email subject.
                    header    Append a user defined mime header to spam email.
                    spaminfo  Append spam info to spam email header.
            set tag-msg {string}   Subject text or header added to spam email. size[63]
        config pop3
            set log {enable | disable}   Enable/disable logging.
            set action {pass | tag}   Action for spam email.
                    pass  Allow spam email to pass through.
                    tag   Tag spam email with configured text in subject or header.
            set tag-type {subject | header | spaminfo}   Tag subject or header for spam email.
                    subject   Prepend text to spam email subject.
                    header    Append a user defined mime header to spam email.
                    spaminfo  Append spam info to spam email header.
            set tag-msg {string}   Subject text or header added to spam email. size[63]
        config smtp
            set log {enable | disable}   Enable/disable logging.
            set action {pass | tag | discard}   Action for spam email.
                    pass     Allow spam email to pass through.
                    tag      Tag spam email with configured text in subject or header.
                    discard  Discard (block) spam email.
            set tag-type {subject | header | spaminfo}   Tag subject or header for spam email.
                    subject   Prepend text to spam email subject.
                    header    Append a user defined mime header to spam email.
                    spaminfo  Append spam info to spam email header.
            set tag-msg {string}   Subject text or header added to spam email. size[63]
            set hdrip {disable | enable}   Enable/disable SMTP email header IP checks for spamfsip, spamrbl and spambwl filters.
            set local-override {disable | enable}   Enable/disable local filter to override SMTP remote check result.
        config mapi
            set log {enable | disable}   Enable/disable logging.
            set action {pass | discard}   Action for spam email.
                    pass     Allow spam email to pass through.
                    discard  Discard (block) spam email.
        config msn-hotmail
            set log {enable | disable}   Enable/disable logging.
        config yahoo-mail
            set log {enable | disable}   Enable/disable logging.
        config gmail
            set log {enable | disable}   Enable/disable logging.
        set spam-bword-threshold {integer}   Spam banned word threshold. range[0-2147483647]
        set spam-bword-table {integer}   Anti-spam banned word table ID. range[0-4294967295] - datasource(s): spamfilter.bword.id
        set spam-bwl-table {integer}   Anti-spam black/white list table ID. range[0-4294967295] - datasource(s): spamfilter.bwl.id
        set spam-mheader-table {integer}   Anti-spam MIME header table ID. range[0-4294967295] - datasource(s): spamfilter.mheader.id
        set spam-rbl-table {integer}   Anti-spam DNSBL table ID. range[0-4294967295] - datasource(s): spamfilter.dnsbl.id
        set spam-iptrust-table {integer}   Anti-spam IP trust table ID. range[0-4294967295] - datasource(s): spamfilter.iptrust.id
    next
end

Additional information

The following section is for those options that require additional explanation.

options

Select actions, if any, the FortiGate unit will perform with email traffic.

  • bannedword — block email containing content in the banned word list.
  • spambwl — filter email using a block/allowlist
  • spamfsip — filter email using the FortiGuard Antispam filtering IP address blocklist.
  • spamfssubmit — add a link to the message body allowing users to report messages incorrectly marked as spam. If an email message is not spam, click the link in the message to report the false positive.
  • spamfsurl — filter email using the FortiGuard Antispam filtering URL blocklist.
  • spamhdrcheck — filter email using the MIME header list.
  • spamaddrdns — filter email using a return email DNS check.
  • spamrbl — filter email using configured DNS-based Blackhole List (DNSBL) and Open Relay Database List (ORDBL) servers.

Separate multiple options with a space. To remove an option from the list or add an option to the list, retype the list with the option removed or added.

spam-bword-threshold

If the combined scores of the banned word patterns appearing in an email message exceed the threshold value, the message will be processed according to the Spam Action setting.

config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps}

Configure spam filtering options for the IMAP, IMAPS, MAPI, POP3, POP3S, SMTP, and SMTPS email protocols.

action

Select the action that this profile uses for filtered email. Tagging appends custom text to the subject or header of email identified as spam. When scan or streaming mode (also called splice) is selected, the FortiGate unit can only discard spam email. Discard immediately drops the connection. Without streaming mode or scanning enabled, chose to discard, pass, or tag spam.

  • discard — do not pass email identified as spam.
  • pass — disable spam filtering.
  • tag — tag spam email with text configured using the tagmsg option and the location set using the tag-type option.

local-override

For smtp and smtps. Select to override SMTP or SMTPS remote check, which includes IP RBL check, IP FortiGuard antispam check, and HELO DNS check, with the locally defined antispam block/allowlist.

tag-type

Select to affix the tag to either the MIME header or the subject line, and whether or not to append spam information to the spam header, when an email is detected as spam. Also configure tag-msg.

If you select to add the tag to the subject line, the FortiGate unit will convert the entire subject line, including tag, to UTF-8 by default. This improves display for some email clients that cannot properly display subject lines that use more than one encoding.

tag-msg

Enter a word or phrase (tag) to affix to email identified as spam.

When typing a tag, use the same language as the FortiGate unit’s current administrator language setting. Tagging text using other encodings may not be accepted.

To correctly enter the tag, your SSH or telnet client must also support your language’s encoding. Alternatively, you can use the web-based manager’s CLI widget to enter the tag.

Tags must not exceed 64 bytes. The number of characters constituting 64 bytes of data varies by text encoding, which may vary by the FortiGate administrator language setting.

Tags containing space characters, such as multiple words or phrases, must be surrounded by quote characters (‘)to be accepted by the CLI.

spamfilter profile

Use this command to configure UTM email filtering profiles for firewall policies. Email filtering profiles configure how Email filtering and FortiGuard Antispam is applied to sessions accepted by a firewall policy that includes the Email filtering profile.

config spamfilter profile
    edit {name}
    # Configure AntiSpam profiles.
        set name {string}   Profile name. size[35]
        set comment {string}   Comment. size[255]
        set flow-based {enable | disable}   Enable/disable flow-based spam filtering.
        set replacemsg-group {string}   Replacement message group. size[35] - datasource(s): system.replacemsg-group.name
        set spam-log {disable | enable}   Enable/disable spam logging for email filtering.
        set spam-log-fortiguard-response {disable | enable}   Enable/disable logging FortiGuard spam response.
        set spam-filtering {enable | disable}   Enable/disable spam filtering.
        set external {enable | disable}   Enable/disable external Email inspection.
        set options {option}   Options.
                bannedword    Content block.
                spambwl       Black/white list.
                spamfsip      Email IP address FortiGuard AntiSpam black list check.
                spamfssubmit  Add FortiGuard AntiSpam spam submission text.
                spamfschksum  Email checksum FortiGuard AntiSpam check.
                spamfsurl     Email content URL FortiGuard AntiSpam check.
                spamhelodns   Email helo/ehlo domain DNS check.
                spamraddrdns  Email return address DNS check.
                spamrbl       Email DNSBL & ORBL check.
                spamhdrcheck  Email mime header check.
                spamfsphish   Email content phishing URL FortiGuard AntiSpam check.
        config imap
            set log {enable | disable}   Enable/disable logging.
            set action {pass | tag}   Action for spam email.
                    pass  Allow spam email to pass through.
                    tag   Tag spam email with configured text in subject or header.
            set tag-type {subject | header | spaminfo}   Tag subject or header for spam email.
                    subject   Prepend text to spam email subject.
                    header    Append a user defined mime header to spam email.
                    spaminfo  Append spam info to spam email header.
            set tag-msg {string}   Subject text or header added to spam email. size[63]
        config pop3
            set log {enable | disable}   Enable/disable logging.
            set action {pass | tag}   Action for spam email.
                    pass  Allow spam email to pass through.
                    tag   Tag spam email with configured text in subject or header.
            set tag-type {subject | header | spaminfo}   Tag subject or header for spam email.
                    subject   Prepend text to spam email subject.
                    header    Append a user defined mime header to spam email.
                    spaminfo  Append spam info to spam email header.
            set tag-msg {string}   Subject text or header added to spam email. size[63]
        config smtp
            set log {enable | disable}   Enable/disable logging.
            set action {pass | tag | discard}   Action for spam email.
                    pass     Allow spam email to pass through.
                    tag      Tag spam email with configured text in subject or header.
                    discard  Discard (block) spam email.
            set tag-type {subject | header | spaminfo}   Tag subject or header for spam email.
                    subject   Prepend text to spam email subject.
                    header    Append a user defined mime header to spam email.
                    spaminfo  Append spam info to spam email header.
            set tag-msg {string}   Subject text or header added to spam email. size[63]
            set hdrip {disable | enable}   Enable/disable SMTP email header IP checks for spamfsip, spamrbl and spambwl filters.
            set local-override {disable | enable}   Enable/disable local filter to override SMTP remote check result.
        config mapi
            set log {enable | disable}   Enable/disable logging.
            set action {pass | discard}   Action for spam email.
                    pass     Allow spam email to pass through.
                    discard  Discard (block) spam email.
        config msn-hotmail
            set log {enable | disable}   Enable/disable logging.
        config yahoo-mail
            set log {enable | disable}   Enable/disable logging.
        config gmail
            set log {enable | disable}   Enable/disable logging.
        set spam-bword-threshold {integer}   Spam banned word threshold. range[0-2147483647]
        set spam-bword-table {integer}   Anti-spam banned word table ID. range[0-4294967295] - datasource(s): spamfilter.bword.id
        set spam-bwl-table {integer}   Anti-spam black/white list table ID. range[0-4294967295] - datasource(s): spamfilter.bwl.id
        set spam-mheader-table {integer}   Anti-spam MIME header table ID. range[0-4294967295] - datasource(s): spamfilter.mheader.id
        set spam-rbl-table {integer}   Anti-spam DNSBL table ID. range[0-4294967295] - datasource(s): spamfilter.dnsbl.id
        set spam-iptrust-table {integer}   Anti-spam IP trust table ID. range[0-4294967295] - datasource(s): spamfilter.iptrust.id
    next
end

Additional information

The following section is for those options that require additional explanation.

options

Select actions, if any, the FortiGate unit will perform with email traffic.

  • bannedword — block email containing content in the banned word list.
  • spambwl — filter email using a block/allowlist
  • spamfsip — filter email using the FortiGuard Antispam filtering IP address blocklist.
  • spamfssubmit — add a link to the message body allowing users to report messages incorrectly marked as spam. If an email message is not spam, click the link in the message to report the false positive.
  • spamfsurl — filter email using the FortiGuard Antispam filtering URL blocklist.
  • spamhdrcheck — filter email using the MIME header list.
  • spamaddrdns — filter email using a return email DNS check.
  • spamrbl — filter email using configured DNS-based Blackhole List (DNSBL) and Open Relay Database List (ORDBL) servers.

Separate multiple options with a space. To remove an option from the list or add an option to the list, retype the list with the option removed or added.

spam-bword-threshold

If the combined scores of the banned word patterns appearing in an email message exceed the threshold value, the message will be processed according to the Spam Action setting.

config {imap | imaps | mapi | pop3 | pop3s | smtp | smtps}

Configure spam filtering options for the IMAP, IMAPS, MAPI, POP3, POP3S, SMTP, and SMTPS email protocols.

action

Select the action that this profile uses for filtered email. Tagging appends custom text to the subject or header of email identified as spam. When scan or streaming mode (also called splice) is selected, the FortiGate unit can only discard spam email. Discard immediately drops the connection. Without streaming mode or scanning enabled, chose to discard, pass, or tag spam.

  • discard — do not pass email identified as spam.
  • pass — disable spam filtering.
  • tag — tag spam email with text configured using the tagmsg option and the location set using the tag-type option.

local-override

For smtp and smtps. Select to override SMTP or SMTPS remote check, which includes IP RBL check, IP FortiGuard antispam check, and HELO DNS check, with the locally defined antispam block/allowlist.

tag-type

Select to affix the tag to either the MIME header or the subject line, and whether or not to append spam information to the spam header, when an email is detected as spam. Also configure tag-msg.

If you select to add the tag to the subject line, the FortiGate unit will convert the entire subject line, including tag, to UTF-8 by default. This improves display for some email clients that cannot properly display subject lines that use more than one encoding.

tag-msg

Enter a word or phrase (tag) to affix to email identified as spam.

When typing a tag, use the same language as the FortiGate unit’s current administrator language setting. Tagging text using other encodings may not be accepted.

To correctly enter the tag, your SSH or telnet client must also support your language’s encoding. Alternatively, you can use the web-based manager’s CLI widget to enter the tag.

Tags must not exceed 64 bytes. The number of characters constituting 64 bytes of data varies by text encoding, which may vary by the FortiGate administrator language setting.

Tags containing space characters, such as multiple words or phrases, must be surrounded by quote characters (‘)to be accepted by the CLI.