Local-based filters
You can make block/allowlists from emails or IP subnets to forbid or allow them to send or receive emails. With the spamhelodns
(HELO DNS Lookup) and spamraddrdns
(Return Email DNS Check) options, the FortiGate performs a standard DNS check on the machine name used in the HELO SMTP message, and/or the return to field to determine if these names belong to a registered domain. The FortiGate does not check the FortiGuard service during these operations.
You can also define a list of banned words. Emails that contain any of these banned words are considered spam.
Banned words can only be configured in the CLI. |
By default, HELO/DNS and Return-to/DNS checls are done before the block/allow list check. In some situations, such as when configuring a block/allow list to clear an email from performing further filtering, use the following command to give precedence to the block/allow list: config emailfilter profile edit <filter> config smtp set local-override enable next end end |
To configure a local-based email filter in the GUI:
- Configure the email filter profile:
- Go to Security Profiles > Email Filter and click Create New, or edit an existing profile.
- Select a Feature set and enable Enable spam detection and filtering.
- In the Local Spam Filtering section, enable the desired filters (HELO DNS Lookup, Return Email DNS Check, Block/Allow List).
If Block/Allow List is enabled, click Create New. The Create Anti-Spam Block/Allow List Entry pane opens.
- Select a Type, enter a Pattern, and select and Action.
- Click OK to save the block/allow list.
- Click OK save the email filter profile.
- Configure the firewall policy:
- Go to Policy & Objects > Firewall Policy and click Create New, or edit an existing policy.
- Set the inspection-mode to Proxy-based.
- Enable the Email Filter option and select the previously created profile.
- Set SSL Inspection to a profile that has deep SSL inspection enabled.
Deep inspection is required if you intend to filter SMTP, POP3, IMAP, or any SSL/TLS encapsulated protocol.
- Configure the other settings as needed.
- Click OK.
To configure a local-based email filter in the CLI:
- Configure a block/allow list:
config emailfilter block-allow-list edit 1 set name "myBAL" config entries edit 1 set status enable set type ip set action spam set addr-type ipv4 set ip4-subnet 10.1.100.0 255.255.255.0 next end next end
- Configure an email filter profile:
config emailfilter profile edit "myLocalEmailFilter" set spam-filtering enable set options spambal spamhelodns spamraddrdns config smtp set action tag end set spam-bal-table 1 next end
- Use the profile in a firewall policy:
config firewall policy edit 1 ..... set inspection-mode proxy set emailfilter-profile "myLocalEmailFilter" next end
To configure banned words:
- Configure a banned words list:
config emailfilter bword edit 1 set name "banned" config entries edit 1 set pattern <string> next end next end
- Configure an email filter profile:
config emailfilter profile edit "myBannedWordsProfile" set spam-filtering enable set options bannedword set spam-bword-table 1 next end
- Use the profile in a firewall policy:
config firewall policy edit 1 ..... set inspection-mode proxy set emailfilter-profile "myBannedWordsProfile" next end