Fortinet white logo
Fortinet white logo

CLI Reference

profile content-action

profile content-action

Use this command to define content action profiles. Content action profiles can be used to apply content-based encryption.

Alternatively, content action profiles can define one or more things that the FortiMail unit should do if the content profile determines that an email contains prohibited words or phrases, file names, or file types.

For example, you might have configured most content profiles to match prohibited content, and therefore to use a content action profile named quar_profile which quarantines email to the system quarantine for review.

However, you have decided that email that does not pass the dictionary scan named financial_terms is always prohibited, and should be rejected so that it does not require manual review. To do this, you would first configure a second action profile, named rejection_profile, which rejects email. You would then override quar_profile specifically for the dictionary-based content scan in each profile by selecting rejection_profile for content that matches financial_terms.

Syntax

config profile content-action

edit <profile_name>

config header-insertion-list

edit <header-insertion-name>

set header-insertion-value <value_str>

end

set action {discard | encryption | none | quarantine | quarantine-review | reject | replace | rewrite-rcpt | treat-as-spam}

set alternate-host {<relay_fqdn> | <relay_ipv4>}

set alternate-host-status {enable | disable}

set archive-account <account_name>

set archive-status {enable | disable}

set bcc-addr <recipient_email>

set bcc-env-from-addr <message_str>

set bcc-env-from-status {enable | disable}

set bcc-status {enable | disable}

set deliver-to-original-host {enable | disable}

set disclaimer-insertion {enable | disable}

set disclaimer-insertion-content <message_name>

set disclaimer-insertion-location {beginning | end}

set notification-profile <profile_name>

set notification-status {enable | disable}

set replace-content {enable | disable}

set replace-content-message

set rewrite-rcpt-domain-type {none | prefix | replace | suffix}

set rewrite-rcpt-domain-value <case_str>

set rewrite-rcpt-local-type {none | prefix | replace | suffix}

set rewrite-rcpt-local-value <value_str>

set subject-tagging-text <text_str>

set tagging type {insert-header | tag-subject}

end

Variable

Description

Default

<profile_name>

Enter the name of the profile.

To view a list of existing entries, enter a question mark ( ? ).

action {discard | encryption | none | quarantine | quarantine-review | reject | replace | rewrite-rcpt | treat-as-spam}

Enter the action that the FortiMail unit will perform if the content profile determines that an email contains prohibited words or phrases, file names, or file types.

discard: Accept the email, but then delete it instead of delivering the email, without notifying the SMTP client.

encryption: Apply an encryption profile.

none: Apply any configured header or subject line tags, if any.

quarantine: Divert the email to the per-recipient quarantine.

quarantine-review: Divert the email to the system quarantine.

reject: Reject the email, replying with an SMTP error code to the SMTP client.

replace: Accept the email, but replace the content matching this profile with a replacement message, and, if you have enabled check-html-content, strip HTML tags.

rewrite-rcpt: Enter to change the recipient address of any email that matches the content profile. Also configure rewrite-rcpt-domain-type {none | prefix | replace | suffix}, rewrite-rcpt-domain-value <case_str>, rewrite-rcpt-local-type {none | prefix | replace | suffix}, and rewrite-rcpt-local-value <value_str>.

treat-as-spam: Apply the action selected in the antispam profile.

replace

alternate-host {<relay_fqdn> | <relay_ipv4>}

Type the fully qualified domain name (FQDN) or IP address of the alternate relay or SMTP server.

This field applies only if alternate-host-status is enable.

archive-account <account_name>

Type the email archive account name where you want to archive the email.

Enable archive-status {enable | disable} to make this function work.

For more information about archive accounts, see antispam url-fgas-exempt-list.

archive-status {enable | disable}

Enable to allow the archive-account <account_name> function to work.

disable

alternate-host-status {enable | disable}

Enable to route the email to a specific SMTP server or relay. Also configure alternate-host {<relay_fqdn> | <relay_ipv4>}.

Note: If you enable this setting, for all email that matches the profile, the FortiMail unit will use this destination and ignore mailsetting relay-host-list and the protected domain’s tp-use-domain-mta {yes | no}.

disable

bcc-addr <recipient_email>

Type the blind carbon copy (BCC) recipient email address.

This field applies only if bcc-status is enable.

bcc-env-from-addr <message_str>

Specify an envelope from BCC address. In the case that email is not deliverable and bounced back, the email is returned to the specified envelope from address instead of the original sender. This is helpful when you want to use a specific email to collect bounce notifications.

This field applies only if bcc-env-from-status is enable.

bcc-env-from-status {enable | disable}

Enable to specify an envelope from address.

disable

bcc-status {enable | disable}

Enable to send a BCC of the email. Also configure suspicious-newsletter-status {enable | disable}.

disable

deliver-to-original-host {enable | disable}

Enable to deliver the message to the original host.

disable

disclaimer-insertion {enable | disable}

Enable to insert disclaimer.

disable

disclaimer-insertion-content <message_name>

Specify the content name to be inserted.

default

disclaimer-insertion-location {beginning | end}

Insert the disclaimer at the beginning or end of the message.

beginning

header-insertion-name

Enter the message header key. The FortiMail unit will add this text to the message header of the email before forwarding it to the recipient.

Many email clients can sort incoming email messages into separate mailboxes based on text appearing in various parts of email messages, including the message header. For details, see the documentation for your email client.

Message header lines are composed of two parts: a key and a value, which are separated by a colon. For example, you might enter:

X-Content-Filter: Contains banned word.

If you enter a header line that does not include a colon, the FortiMail unit will automatically append a colon, causing the entire text that you enter to be the key.

Note: Do not enter spaces in the key portion of the header line, as these are forbidden by RFC 2822.

Also configure tagging type {insert-header | tag-subject}.

header-insertion-value <value_str>

Enter the message header value. The FortiMail unit will add this value to the message header of the email before forwarding it to the recipient.

Also configure tagging type {insert-header | tag-subject}.

notification-profile <profile_name>

Type the name of the notification profile used for sending notifications.

notification-status {enable | disable}

Enable sending notifications using a notification profile.

disable

replace-content {enable | disable}

Enable or disable content replacement.

disable

replace-content-message

Enter the name of the custom message for content replacement.

rewrite-rcpt-domain-type {none | prefix | replace | suffix}

Change the domain part (the portion of the email address after the '@' symbol) of the recipient address of any email that matches the content profile.

none: No change.

prefix: Enter to prepend the part with new text. Also configure rewrite-rcpt-domain-value <case_str>.

suffix: Enter to append the part with new text. Also configure rewrite-rcpt-domain-value <case_str>.

replace: Enter to substitute the part with new text. Also configure rewrite-rcpt-domain-value <case_str>.

none

rewrite-rcpt-domain-value <case_str>

Enter the text for the option (except none) you choose in rewrite-rcpt-domain-type {none | prefix | replace | suffix}.

rewrite-rcpt-local-type {none | prefix | replace | suffix}

Change the local part (the portion of the email address before the '@' symbol, typically a user name) of the recipient address of any email that matches the content profile.

none: No change.

prefix: Enter to prepend the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

suffix: Enter to append the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

replace: Enter to substitute the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

none

rewrite-rcpt-local-value <value_str>

Enter the text for the option (except none) you choose in rewrite-rcpt-local-type {none | prefix | replace | suffix}.

subject-tagging-text <text_str>

Enter the text that will appear in the subject line of the email, such as “[PROHIBITED-CONTENT]”. The FortiMail unit will prepend this text to the subject line of the email before forwarding it to the recipient.

Many email clients can sort incoming email messages into separate mailboxes based on text appearing in various parts of email messages, including the subject line. For details, see the documentation for your email client.

Also configure tagging type {insert-header | tag-subject}.

tagging type {insert-header | tag-subject}

Enter the type of tagging for this profile.

Related topics

profile encryption

profile content-action

profile content-action

Use this command to define content action profiles. Content action profiles can be used to apply content-based encryption.

Alternatively, content action profiles can define one or more things that the FortiMail unit should do if the content profile determines that an email contains prohibited words or phrases, file names, or file types.

For example, you might have configured most content profiles to match prohibited content, and therefore to use a content action profile named quar_profile which quarantines email to the system quarantine for review.

However, you have decided that email that does not pass the dictionary scan named financial_terms is always prohibited, and should be rejected so that it does not require manual review. To do this, you would first configure a second action profile, named rejection_profile, which rejects email. You would then override quar_profile specifically for the dictionary-based content scan in each profile by selecting rejection_profile for content that matches financial_terms.

Syntax

config profile content-action

edit <profile_name>

config header-insertion-list

edit <header-insertion-name>

set header-insertion-value <value_str>

end

set action {discard | encryption | none | quarantine | quarantine-review | reject | replace | rewrite-rcpt | treat-as-spam}

set alternate-host {<relay_fqdn> | <relay_ipv4>}

set alternate-host-status {enable | disable}

set archive-account <account_name>

set archive-status {enable | disable}

set bcc-addr <recipient_email>

set bcc-env-from-addr <message_str>

set bcc-env-from-status {enable | disable}

set bcc-status {enable | disable}

set deliver-to-original-host {enable | disable}

set disclaimer-insertion {enable | disable}

set disclaimer-insertion-content <message_name>

set disclaimer-insertion-location {beginning | end}

set notification-profile <profile_name>

set notification-status {enable | disable}

set replace-content {enable | disable}

set replace-content-message

set rewrite-rcpt-domain-type {none | prefix | replace | suffix}

set rewrite-rcpt-domain-value <case_str>

set rewrite-rcpt-local-type {none | prefix | replace | suffix}

set rewrite-rcpt-local-value <value_str>

set subject-tagging-text <text_str>

set tagging type {insert-header | tag-subject}

end

Variable

Description

Default

<profile_name>

Enter the name of the profile.

To view a list of existing entries, enter a question mark ( ? ).

action {discard | encryption | none | quarantine | quarantine-review | reject | replace | rewrite-rcpt | treat-as-spam}

Enter the action that the FortiMail unit will perform if the content profile determines that an email contains prohibited words or phrases, file names, or file types.

discard: Accept the email, but then delete it instead of delivering the email, without notifying the SMTP client.

encryption: Apply an encryption profile.

none: Apply any configured header or subject line tags, if any.

quarantine: Divert the email to the per-recipient quarantine.

quarantine-review: Divert the email to the system quarantine.

reject: Reject the email, replying with an SMTP error code to the SMTP client.

replace: Accept the email, but replace the content matching this profile with a replacement message, and, if you have enabled check-html-content, strip HTML tags.

rewrite-rcpt: Enter to change the recipient address of any email that matches the content profile. Also configure rewrite-rcpt-domain-type {none | prefix | replace | suffix}, rewrite-rcpt-domain-value <case_str>, rewrite-rcpt-local-type {none | prefix | replace | suffix}, and rewrite-rcpt-local-value <value_str>.

treat-as-spam: Apply the action selected in the antispam profile.

replace

alternate-host {<relay_fqdn> | <relay_ipv4>}

Type the fully qualified domain name (FQDN) or IP address of the alternate relay or SMTP server.

This field applies only if alternate-host-status is enable.

archive-account <account_name>

Type the email archive account name where you want to archive the email.

Enable archive-status {enable | disable} to make this function work.

For more information about archive accounts, see antispam url-fgas-exempt-list.

archive-status {enable | disable}

Enable to allow the archive-account <account_name> function to work.

disable

alternate-host-status {enable | disable}

Enable to route the email to a specific SMTP server or relay. Also configure alternate-host {<relay_fqdn> | <relay_ipv4>}.

Note: If you enable this setting, for all email that matches the profile, the FortiMail unit will use this destination and ignore mailsetting relay-host-list and the protected domain’s tp-use-domain-mta {yes | no}.

disable

bcc-addr <recipient_email>

Type the blind carbon copy (BCC) recipient email address.

This field applies only if bcc-status is enable.

bcc-env-from-addr <message_str>

Specify an envelope from BCC address. In the case that email is not deliverable and bounced back, the email is returned to the specified envelope from address instead of the original sender. This is helpful when you want to use a specific email to collect bounce notifications.

This field applies only if bcc-env-from-status is enable.

bcc-env-from-status {enable | disable}

Enable to specify an envelope from address.

disable

bcc-status {enable | disable}

Enable to send a BCC of the email. Also configure suspicious-newsletter-status {enable | disable}.

disable

deliver-to-original-host {enable | disable}

Enable to deliver the message to the original host.

disable

disclaimer-insertion {enable | disable}

Enable to insert disclaimer.

disable

disclaimer-insertion-content <message_name>

Specify the content name to be inserted.

default

disclaimer-insertion-location {beginning | end}

Insert the disclaimer at the beginning or end of the message.

beginning

header-insertion-name

Enter the message header key. The FortiMail unit will add this text to the message header of the email before forwarding it to the recipient.

Many email clients can sort incoming email messages into separate mailboxes based on text appearing in various parts of email messages, including the message header. For details, see the documentation for your email client.

Message header lines are composed of two parts: a key and a value, which are separated by a colon. For example, you might enter:

X-Content-Filter: Contains banned word.

If you enter a header line that does not include a colon, the FortiMail unit will automatically append a colon, causing the entire text that you enter to be the key.

Note: Do not enter spaces in the key portion of the header line, as these are forbidden by RFC 2822.

Also configure tagging type {insert-header | tag-subject}.

header-insertion-value <value_str>

Enter the message header value. The FortiMail unit will add this value to the message header of the email before forwarding it to the recipient.

Also configure tagging type {insert-header | tag-subject}.

notification-profile <profile_name>

Type the name of the notification profile used for sending notifications.

notification-status {enable | disable}

Enable sending notifications using a notification profile.

disable

replace-content {enable | disable}

Enable or disable content replacement.

disable

replace-content-message

Enter the name of the custom message for content replacement.

rewrite-rcpt-domain-type {none | prefix | replace | suffix}

Change the domain part (the portion of the email address after the '@' symbol) of the recipient address of any email that matches the content profile.

none: No change.

prefix: Enter to prepend the part with new text. Also configure rewrite-rcpt-domain-value <case_str>.

suffix: Enter to append the part with new text. Also configure rewrite-rcpt-domain-value <case_str>.

replace: Enter to substitute the part with new text. Also configure rewrite-rcpt-domain-value <case_str>.

none

rewrite-rcpt-domain-value <case_str>

Enter the text for the option (except none) you choose in rewrite-rcpt-domain-type {none | prefix | replace | suffix}.

rewrite-rcpt-local-type {none | prefix | replace | suffix}

Change the local part (the portion of the email address before the '@' symbol, typically a user name) of the recipient address of any email that matches the content profile.

none: No change.

prefix: Enter to prepend the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

suffix: Enter to append the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

replace: Enter to substitute the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

none

rewrite-rcpt-local-value <value_str>

Enter the text for the option (except none) you choose in rewrite-rcpt-local-type {none | prefix | replace | suffix}.

subject-tagging-text <text_str>

Enter the text that will appear in the subject line of the email, such as “[PROHIBITED-CONTENT]”. The FortiMail unit will prepend this text to the subject line of the email before forwarding it to the recipient.

Many email clients can sort incoming email messages into separate mailboxes based on text appearing in various parts of email messages, including the subject line. For details, see the documentation for your email client.

Also configure tagging type {insert-header | tag-subject}.

tagging type {insert-header | tag-subject}

Enter the type of tagging for this profile.

Related topics

profile encryption