Fortinet black logo

Administration Guide

Home FortiMail 7.4.1 Administration Guide
7.4.1
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.7
6.2.0
6.0.6
6.0.4
6.0.3
6.0.1
6.0.0
5.4.10
5.4.8
5.4.5
5.4.4
5.4.3
5.4.0

Configuring preferences

Configuring preferences

Go to Security > Option > Preference to configure a few global settings for action profile, mail scan, and antispam preferences.

GUI item

Description

Action Profile

Deliver to alternate host

Deliver to original host

Personal quarantine

System quarantine

Domain quarantine

Actions can be selected when you configure action profiles (see Configuring antispam action profiles, Configuring antivirus action profiles, and Configuring content action profiles).

For each delivery and quarantine action, select a preference for whether to apply the action to either:

  • Modified copy: Deliver or quarantine the email after it has been modified by the matching actions.
  • Unmodified copy: Deliver or quarantine the email that still contains the original message header and body. However, the recipient address in the SMTP envelope (RCPT TO:) might be rewritten by the action profile.

For example, when HTML email is converted to plain text, if you choose to deliver the unmodified copy, then the HTML version will be delivered, but if you choose to deliver the modified copy, then the plain text version will be delivered.

Disclaimer insertion

Select whether to insert the disclaimer in either:

  • Selected message: Only new email threads. New email is detected when FortiMail finds the same domain in both the Message-ID: and In-Reply-To:/References: message headers. This avoids repeatedly inserting disclaimers in email threads where the recipient has already seen the disclaimer before. RFC 2822 specifies that those message headers are optional, and therefore some email clients do not support them. For those email clients, this setting does not have an effect.
  • All message: Both old and new email threads.

See also Configuring global disclaimers and Configuring disclaimer exclusion list.

Subject tag location

Select whether to insert the tag at the start or the end of the email's subject line.

Replacement message location

Select whether to insert the replacement message at the start or end of the email body.

Enforce delivery action if 'delivery to original/alternate host' is enabled

If the action in a profile is a final action where no more actions can be performed after it (for example, System quarantine) but the action in another profile is to deliver to the original host or alternate host, then enable this option if you want to override the final action.

Execute attachment scan on spam email under personal quarantine

For spam email that is sent to personal quarantine, enable this option if you want to continue further scanning of the email attachments.

Mail Scan

Maximum level to decompress archive file

Specify how many levels to decompress the archived files for antivirus and content scan. Valid range is 1 to 36. Default value is 12.

Maximum archive file size to decompress (MB)

Specify the maximum file size to scan after the archived files are decompressed. This applies to every single file after decompression. Bigger files will not be scanned. Default value is 10 MB.

Maximum compression ratio for archive bomb

Specify the maximum compression ratio for FortiMail to decompress. Valid range is 1 to 1000. Default value is 200.

AntiSpam

DMARC failure action

Specify a DMARC failure action:

  • Action profile: Use the action specified in the antispam profile.
  • Action profile with none: Respect p=none sender policy in the DMARC record, and use the antispam profile action otherwise.
  • DMARC record policy: Respect all actions specified in the DMARC record.

The default setting is Action profile with none.

Impersonation analysis

Email impersonation is one of the email spoofing attacks. It forges the email header to deceive the recipient because the message appears to be from a different source than the actual address.

To fight against email impersonation, you can map display names with email addresses and check email for the mapping.

You can choose whether the impersonation analysis uses manual mapping entries or dynamic entries. You can also use both types of entries.

  • Manual: Use the entries you manually entered under Profile > AntiSpam > Impersonation.
  • Dynamic: Use the entries automatically learned by the FortiMail mail statistics service. To enable this service, enable mailstat-service under config system global.

The default setting is Manual.

QR code URL scan

Select which location(s) to scan for QR code images that contain known spam URLs.

  • Inline image: Embedded inline, in the email body.
  • Attachment image: Email attachments.
Previous
Next

Configuring preferences

Go to Security > Option > Preference to configure a few global settings for action profile, mail scan, and antispam preferences.

GUI item

Description

Action Profile

Deliver to alternate host

Deliver to original host

Personal quarantine

System quarantine

Domain quarantine

Actions can be selected when you configure action profiles (see Configuring antispam action profiles, Configuring antivirus action profiles, and Configuring content action profiles).

For each delivery and quarantine action, select a preference for whether to apply the action to either:

  • Modified copy: Deliver or quarantine the email after it has been modified by the matching actions.
  • Unmodified copy: Deliver or quarantine the email that still contains the original message header and body. However, the recipient address in the SMTP envelope (RCPT TO:) might be rewritten by the action profile.

For example, when HTML email is converted to plain text, if you choose to deliver the unmodified copy, then the HTML version will be delivered, but if you choose to deliver the modified copy, then the plain text version will be delivered.

Disclaimer insertion

Select whether to insert the disclaimer in either:

  • Selected message: Only new email threads. New email is detected when FortiMail finds the same domain in both the Message-ID: and In-Reply-To:/References: message headers. This avoids repeatedly inserting disclaimers in email threads where the recipient has already seen the disclaimer before. RFC 2822 specifies that those message headers are optional, and therefore some email clients do not support them. For those email clients, this setting does not have an effect.
  • All message: Both old and new email threads.

See also Configuring global disclaimers and Configuring disclaimer exclusion list.

Subject tag location

Select whether to insert the tag at the start or the end of the email's subject line.

Replacement message location

Select whether to insert the replacement message at the start or end of the email body.

Enforce delivery action if 'delivery to original/alternate host' is enabled

If the action in a profile is a final action where no more actions can be performed after it (for example, System quarantine) but the action in another profile is to deliver to the original host or alternate host, then enable this option if you want to override the final action.

Execute attachment scan on spam email under personal quarantine

For spam email that is sent to personal quarantine, enable this option if you want to continue further scanning of the email attachments.

Mail Scan

Maximum level to decompress archive file

Specify how many levels to decompress the archived files for antivirus and content scan. Valid range is 1 to 36. Default value is 12.

Maximum archive file size to decompress (MB)

Specify the maximum file size to scan after the archived files are decompressed. This applies to every single file after decompression. Bigger files will not be scanned. Default value is 10 MB.

Maximum compression ratio for archive bomb

Specify the maximum compression ratio for FortiMail to decompress. Valid range is 1 to 1000. Default value is 200.

AntiSpam

DMARC failure action

Specify a DMARC failure action:

  • Action profile: Use the action specified in the antispam profile.
  • Action profile with none: Respect p=none sender policy in the DMARC record, and use the antispam profile action otherwise.
  • DMARC record policy: Respect all actions specified in the DMARC record.

The default setting is Action profile with none.

Impersonation analysis

Email impersonation is one of the email spoofing attacks. It forges the email header to deceive the recipient because the message appears to be from a different source than the actual address.

To fight against email impersonation, you can map display names with email addresses and check email for the mapping.

You can choose whether the impersonation analysis uses manual mapping entries or dynamic entries. You can also use both types of entries.

  • Manual: Use the entries you manually entered under Profile > AntiSpam > Impersonation.
  • Dynamic: Use the entries automatically learned by the FortiMail mail statistics service. To enable this service, enable mailstat-service under config system global.

The default setting is Manual.

QR code URL scan

Select which location(s) to scan for QR code images that contain known spam URLs.

  • Inline image: Embedded inline, in the email body.
  • Attachment image: Email attachments.
Previous
Next