Fortinet black logo

Cookbook

Local-based filters

Copy Link
Copy Doc ID 5ede200c-a21f-11eb-b70b-00505692583a:873628
Download PDF

Local-based filters

You can make block/allowlists from emails or IP subnets to forbid or allow them to send or receive emails.

You can also define a list of banned words. Emails that contain any of these banned words are considered spam.

With the spamhelodns and spamraddrdns commands, the FortiGate performs a standard DNS check on the machine name used in the helo SMTP message, and/or the return-to field to determine if these names belong to a registered domain. The FortiGate does not check the FortiGuard service during these operations.

To configure a local-based email filter in the CLI:
  1. Configure a BWL:
    config emailfilter bwl
        edit 1
            set name "mtBWL"
            config entries
                edit 1
                    set status enable
                    set type ip
                    set action spam
                    set addr-type ipv4
                    set ip4-subnet 10.1.100.0 255.255.255.0
                next
            end
        next
    end
  2. Configure an email filter profile:
    config emailfilter profile                                             
        edit "myLocalEmailFilter"
            set spam-filtering enable
            set options spambwl spamhelodns spamraddrdns   		
            config smtp
                set action tag
            end
            set spam-bwl-table 1                                           
        next
    end
  3. Use the profile in a firewall policy:
    config firewall policy
        edit 1
            .....
            set inspection-mode proxy                                     	
            set emailfilter-profile "myLocalEmailFilter"                 	
        next
    end
To configure a local-based email filter in the GUI:
  1. Go to Security Profiles > Email Filter.
  2. Click Create New or select an existing profile and click Edit.

  3. In the firewall policy, create or edit a rule.
  4. Set the inspection-mode to Proxy-based.
  5. Enable the Email Filter option and select the previously created profile.

  6. Set SSL Inspection to a profile that has deep SSL inspection enabled.

    Deep inspection is required if you intend to filter SMTP, POP3, IMAP, or any SSL/TLS encapsulated protocol. The below SSL-inspection profile has deep inspection enabled:

  7. Click OK.
To configure bannedwords in the CLI:
  1. Configure a bannedwords list:
    config emailfilter bword
        edit 1
            set name "banned"
            config entries
                edit 1
                    set pattern "undesired_word"
                next
            end
        next
    end
    
  2. Configure an email filter profile:
    config emailfilter profile
        edit "myBannedWordsProfile"
            config file-filter
                set status disable
            end
            set spam-filtering enable
            set options bannedword
            set spam-bword-table 1
        next
    end
  3. Use the profile in a firewall policy:
    config firewall policy
        edit 1
            .....
            set inspection-mode proxy                                     	
            set emailfilter-profile "myBannedWordsProfile"                 	
        next
    end

Once created, this profile should be set in the firewall policy.

Note

Bannedwords can only be configured through the CLI.

Local-based filters

You can make block/allowlists from emails or IP subnets to forbid or allow them to send or receive emails.

You can also define a list of banned words. Emails that contain any of these banned words are considered spam.

With the spamhelodns and spamraddrdns commands, the FortiGate performs a standard DNS check on the machine name used in the helo SMTP message, and/or the return-to field to determine if these names belong to a registered domain. The FortiGate does not check the FortiGuard service during these operations.

To configure a local-based email filter in the CLI:
  1. Configure a BWL:
    config emailfilter bwl
        edit 1
            set name "mtBWL"
            config entries
                edit 1
                    set status enable
                    set type ip
                    set action spam
                    set addr-type ipv4
                    set ip4-subnet 10.1.100.0 255.255.255.0
                next
            end
        next
    end
  2. Configure an email filter profile:
    config emailfilter profile                                             
        edit "myLocalEmailFilter"
            set spam-filtering enable
            set options spambwl spamhelodns spamraddrdns   		
            config smtp
                set action tag
            end
            set spam-bwl-table 1                                           
        next
    end
  3. Use the profile in a firewall policy:
    config firewall policy
        edit 1
            .....
            set inspection-mode proxy                                     	
            set emailfilter-profile "myLocalEmailFilter"                 	
        next
    end
To configure a local-based email filter in the GUI:
  1. Go to Security Profiles > Email Filter.
  2. Click Create New or select an existing profile and click Edit.

  3. In the firewall policy, create or edit a rule.
  4. Set the inspection-mode to Proxy-based.
  5. Enable the Email Filter option and select the previously created profile.

  6. Set SSL Inspection to a profile that has deep SSL inspection enabled.

    Deep inspection is required if you intend to filter SMTP, POP3, IMAP, or any SSL/TLS encapsulated protocol. The below SSL-inspection profile has deep inspection enabled:

  7. Click OK.
To configure bannedwords in the CLI:
  1. Configure a bannedwords list:
    config emailfilter bword
        edit 1
            set name "banned"
            config entries
                edit 1
                    set pattern "undesired_word"
                next
            end
        next
    end
    
  2. Configure an email filter profile:
    config emailfilter profile
        edit "myBannedWordsProfile"
            config file-filter
                set status disable
            end
            set spam-filtering enable
            set options bannedword
            set spam-bword-table 1
        next
    end
  3. Use the profile in a firewall policy:
    config firewall policy
        edit 1
            .....
            set inspection-mode proxy                                     	
            set emailfilter-profile "myBannedWordsProfile"                 	
        next
    end

Once created, this profile should be set in the firewall policy.

Note

Bannedwords can only be configured through the CLI.