Local-based filters

You can make block/allowlists from emails or IP subnets to forbid or allow them to send or receive emails. With the spamhelodns (HELO DNS Lookup) and spamraddrdns (Return Email DNS Check) options, the FortiGate performs a standard DNS check on the machine name used in the HELO SMTP message, and/or the return to field to determine if these names belong to a registered domain. The FortiGate does not check the FortiGuard service during these operations.

You can also define a list of banned words. Emails that contain any of these banned words are considered spam.


Banned words can only be configured in the CLI.


By default, HELO/DNS and Return-to/DNS checls are done before the block/allow list check. In some situations, such as when configuring a block/allow list to clear an email from performing further filtering, use the following command to give precedence to the block/allow list:

config emailfilter profile
    edit <filter>
        config smtp
            set local-override enable
To configure a local-based email filter in the GUI:
  1. Configure the email filter profile:
    1. Go to Security Profiles > Email Filter and click Create New, or edit an existing profile.
    2. Select a Feature set and enable Enable spam detection and filtering.
    3. In the Local Spam Filtering section, enable the desired filters (HELO DNS Lookup, Return Email DNS Check, Block/Allow List).
    4. If Block/Allow List is enabled, click Create New. The Create Anti-Spam Block/Allow List Entry pane opens.

    5. Select a Type, enter a Pattern, and select and Action.

    6. Click OK to save the block/allow list.