Email filter
Email filters can be configured to perform spam detection and filtering. You can customize the default profile, or create your own and apply it to a firewall policy.
|
Two kinds of filtering can be defined in a single profile, and they will act independent of one another. |
Filter options can be organized according to the source of the decision:
- Local options: the FortiGate qualifies the email based on local conditions, such as block/allowlists, banned words, or DNS checks using FortiGuard Antispam.
- FortiGuard-based options: the FortiGate qualifies the email based on the score or verdict returned from FortiGuard Antispam.
- Third-party options: the FortiGate qualifies the email based on information from a third-party source (like an ORB list).
Local and FortiGuard block/allowlists can be enabled and combined in a single profile. When combined, the local block/allowlist has a higher priority than the FortiGuard block list during a decision making process. For example, if a client IP address is blocklisted in the FortiGuard server, but you want to override this decision and allow the IP to pass through the filter, you can define the IP address or subnet in a local block/allowlist with the clear action. Because the information coming from the local list has a higher priority than the FortiGuard service, the email will be considered clean.
|
|
Some features of this functionality require a subscription to FortiGuard Antispam. |
Protocol comparison between email filter inspection modes
The following table indicates which email filters are supported by their designated inspection modes.
|
|
SMTP |
POP3 |
IMAP |
MAPI |
|---|---|---|---|---|
|
Proxy |
Yes |
Yes |
Yes |
Yes |
|
Flow |
Yes |
Yes |
Yes |
No |
The following topics provide information about email filter profiles: