Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Cookbook

    6.2.6
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.0
    6.0.0
    5.6.0
    5.4.0

    Local-based filters

    Local-based filters

    You can make block/allowlists from emails or IP subnets to forbid or allow them to send or receive emails.

    You can also define a list of banned words. Emails that contain any of these banned words are considered spam.

    With the spamhelodns and spamraddrdns commands, the FortiGate performs a standard DNS check on the machine name used in the helo SMTP message, and/or the return-to field to determine if these names belong to a registered domain. The FortiGate does not check the FortiGuard service during these operations.

    To configure a local-based email filter in the CLI:
    1. Configure a BWL:
      config emailfilter bwl
    edit 1
        set name "mtBWL"
        config entries
            edit 1
                set status enable
                set type ip
                set action spam
                set addr-type ipv4
                set ip4-subnet 10.1.100.0 255.255.255.0
            next
        end
    next
end
    2. Configure an email filter profile:
      config emailfilter profile                                             
    edit "myLocalEmailFilter"
        set spam-filtering enable
        set options spambwl spamhelodns spamraddrdns   		
        config smtp
            set action tag
        end
        set spam-bwl-table 1                                           
    next
end
    3. Use the profile in a firewall policy:
      config firewall policy
    edit 1
        .....
        set inspection-mode proxy                                     	
        set emailfilter-profile "myLocalEmailFilter"                 	
    next
end
    To configure a local-based email filter in the GUI:
    1. Go to Security Profiles > Email Filter.
    2. Click Create New or select an existing profile and click Edit.

    3. In the firewall policy, create or edit a rule.
    4. Set the inspection-mode to Proxy-based.
    5. Enable the Email Filter option and select the previously created profile.

    6. Set SSL Inspection to a profile that has deep SSL inspection enabled.

      Deep inspection is required if you intend to filter SMTP, POP3, IMAP, or any SSL/TLS encapsulated protocol. The below SSL-inspection profile has deep inspection enabled:

    7. Click OK.
    To configure bannedwords in the CLI:
    1. Configure a bannedwords list:
      config emailfilter bword
    edit 1
        set name "banned"
        config entries
            edit 1
                set pattern "undesired_word"
            next
        end
    next
end
    2. Configure an email filter profile:
      config emailfilter profile
    edit "myBannedWordsProfile"
        config file-filter
            set status disable
        end
        set spam-filtering enable
        set options bannedword
        set spam-bword-table 1
    next
end
    3. Use the profile in a firewall policy:
      config firewall policy
    edit 1
        .....
        set inspection-mode proxy                                     	
        set emailfilter-profile "myBannedWordsProfile"                 	
    next
end

    Once created, this profile should be set in the firewall policy.

    Note

    Bannedwords can only be configured through the CLI.
    Previous
    Next

    Local-based filters

    Local-based filters

    You can make block/allowlists from emails or IP subnets to forbid or allow them to send or receive emails.

    You can also define a list of banned words. Emails that contain any of these banned words are considered spam.

    With the spamhelodns and spamraddrdns commands, the FortiGate performs a standard DNS check on the machine name used in the helo SMTP message, and/or the return-to field to determine if these names belong to a registered domain. The FortiGate does not check the FortiGuard service during these operations.

    To configure a local-based email filter in the CLI:
    1. Configure a BWL:
      config emailfilter bwl
    edit 1
        set name "mtBWL"
        config entries
            edit 1
                set status enable
                set type ip
                set action spam
                set addr-type ipv4
                set ip4-subnet 10.1.100.0 255.255.255.0
            next
        end
    next
end
    2. Configure an email filter profile:
      config emailfilter profile                                             
    edit "myLocalEmailFilter"
        set spam-filtering enable
        set options spambwl spamhelodns spamraddrdns   		
        config smtp
            set action tag
        end
        set spam-bwl-table 1                                           
    next
end
    3. Use the profile in a firewall policy:
      config firewall policy
    edit 1
        .....
        set inspection-mode proxy                                     	
        set emailfilter-profile "myLocalEmailFilter"                 	
    next
end
    To configure a local-based email filter in the GUI:
    1. Go to Security Profiles > Email Filter.
    2. Click Create New or select an existing profile and click Edit.

    3. In the firewall policy, create or edit a rule.
    4. Set the inspection-mode to Proxy-based.
    5. Enable the Email Filter option and select the previously created profile.

    6. Set SSL Inspection to a profile that has deep SSL inspection enabled.

      Deep inspection is required if you intend to filter SMTP, POP3, IMAP, or any SSL/TLS encapsulated protocol. The below SSL-inspection profile has deep inspection enabled:

    7. Click OK.
    To configure bannedwords in the CLI:
    1. Configure a bannedwords list:
      config emailfilter bword
    edit 1
        set name "banned"
        config entries
            edit 1
                set pattern "undesired_word"
            next
        end
    next
end
    2. Configure an email filter profile:
      config emailfilter profile
    edit "myBannedWordsProfile"
        config file-filter
            set status disable
        end
        set spam-filtering enable
        set options bannedword
        set spam-bword-table 1
    next
end
    3. Use the profile in a firewall policy:
      config firewall policy
    edit 1
        .....
        set inspection-mode proxy                                     	
        set emailfilter-profile "myBannedWordsProfile"                 	
    next
end

    Once created, this profile should be set in the firewall policy.

    Note

    Bannedwords can only be configured through the CLI.
    Previous
    Next