Fortinet black logo

Administration Guide

Home FortiMail 7.4.2 Administration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.7
6.2.0
6.0.6
6.0.4
6.0.3
6.0.1
6.0.0
5.4.10
5.4.8
5.4.5
5.4.4
5.4.3
5.4.0

Configuring preferences

Configuring preferences

Go to Security > Option > Preference to configure a few global settings for action profile, mail scan, and antispam preferences.

GUI item

Description

Action Profile

When you configure action profiles (see Configuring antispam action profiles, Configuring antivirus action profiles, and Configuring content action profiles), you may use the following actions:

  • Deliver to alternate host
  • Deliver to original host
  • System quarantine
  • Personal quarantine
  • Disclaimer insertion
  • Subject tag location
  • Replacement message location

For the delivery and quarantine actions, you can choose to deliver or quarantine the original email or the modified email.

  • Modified copy means that the email message to be delivered or quarantined is not the original one. It has been modified by the matching FortiMail actions.
  • Unmodified copy means that the email message to be delivered or quarantined still contains the original header and body. However, the envelope recipient or RCPT TO might have been rewritten by the relevant action profile.

For example, when the HTML content is converted to text, if you choose to deliver the unmodified copy, the HTML version will be delivered; if you choose to deliver the modified copy, the plain text version will be delivered.

For the disclaimer insertion action, you can choose to insert the disclaimer in the selected messages or all messages.

For the subject tagging action, you can choose to insert the tag at the beginning or the end of the subject.

Enforce delivery action if 'delivery to original/alternate host' is enabled

If the action in one profile is one of the final actions, such as System quarantine, while the action in another profile is to deliver to the original host or alternate host, you can enable this option to overwrite the final action.

Execute attachment scan on spam email under personal quarantine

For spam email that is sent to personal quarantine, you have the option to continue or stop further scanning the email attachments.

Mail Scan

Specify the following:

  • Maximum level to decompress archive file: Specify how many levels to decompress the archived files for antivirus and content scan. Valid range is 1 to 36. Default value is 12.

  • Maximum archive file size to decompress (MB): Specify the maximum file size to scan after the archived files are decompressed. This applies to every single file after decompression. Bigger files will not be scanned. Default value is 10MB.

  • Maximum compression ratio for archive bomb: Specify the maximum compression ratio for FortiMail to decompress. Valid range is 1 to 1000. Default value is 200.

AntiSpam

DMARC failure action

Select either:

  • Action profile: Use the action specified in the antispam profile.
  • Action profile with none: If the policy option in the sender's DMARC record is p=none, use that action. Else use the action in the antispam profile.
  • DMARC record policy: Use the actions specified in the policy option of the sender's DMARC record.

The default setting is Action profile with none.

This system-wide setting can be overridden by a per-domain setting. For details, see the FortiMail CLI Reference.

Impersonation analysis

Email impersonation is one of the email spoofing attacks. It forges the email header to deceive the recipient because the message appears to be from a different source than the actual address.

To fight against email impersonation, you can map display names with email addresses and check email for the mapping.

You can choose whether the impersonation analysis uses manual mapping entries or dynamic entries. You can also use both types of entries.

  • Manual: Use the entries you manually entered under Profile > AntiSpam > Impersonation.
  • Dynamic: Use the entries automatically learned by the FortiMail mail statistics service. To enable this service, enable mailstat-service under config system global.

The default setting is Manual.

QR code URL scan

Select which location(s) to scan for QR code images that contain known spam URLs.

  • Inline image: Embedded inline, in the email body.
  • Attachment image: Email attachments.
Previous
Next

Configuring preferences

Go to Security > Option > Preference to configure a few global settings for action profile, mail scan, and antispam preferences.

GUI item

Description

Action Profile

When you configure action profiles (see Configuring antispam action profiles, Configuring antivirus action profiles, and Configuring content action profiles), you may use the following actions:

  • Deliver to alternate host
  • Deliver to original host
  • System quarantine
  • Personal quarantine
  • Disclaimer insertion
  • Subject tag location
  • Replacement message location

For the delivery and quarantine actions, you can choose to deliver or quarantine the original email or the modified email.

  • Modified copy means that the email message to be delivered or quarantined is not the original one. It has been modified by the matching FortiMail actions.
  • Unmodified copy means that the email message to be delivered or quarantined still contains the original header and body. However, the envelope recipient or RCPT TO might have been rewritten by the relevant action profile.

For example, when the HTML content is converted to text, if you choose to deliver the unmodified copy, the HTML version will be delivered; if you choose to deliver the modified copy, the plain text version will be delivered.

For the disclaimer insertion action, you can choose to insert the disclaimer in the selected messages or all messages.

For the subject tagging action, you can choose to insert the tag at the beginning or the end of the subject.

Enforce delivery action if 'delivery to original/alternate host' is enabled

If the action in one profile is one of the final actions, such as System quarantine, while the action in another profile is to deliver to the original host or alternate host, you can enable this option to overwrite the final action.

Execute attachment scan on spam email under personal quarantine

For spam email that is sent to personal quarantine, you have the option to continue or stop further scanning the email attachments.

Mail Scan

Specify the following:

  • Maximum level to decompress archive file: Specify how many levels to decompress the archived files for antivirus and content scan. Valid range is 1 to 36. Default value is 12.

  • Maximum archive file size to decompress (MB): Specify the maximum file size to scan after the archived files are decompressed. This applies to every single file after decompression. Bigger files will not be scanned. Default value is 10MB.

  • Maximum compression ratio for archive bomb: Specify the maximum compression ratio for FortiMail to decompress. Valid range is 1 to 1000. Default value is 200.

AntiSpam

DMARC failure action

Select either:

  • Action profile: Use the action specified in the antispam profile.
  • Action profile with none: If the policy option in the sender's DMARC record is p=none, use that action. Else use the action in the antispam profile.
  • DMARC record policy: Use the actions specified in the policy option of the sender's DMARC record.

The default setting is Action profile with none.

This system-wide setting can be overridden by a per-domain setting. For details, see the FortiMail CLI Reference.

Impersonation analysis

Email impersonation is one of the email spoofing attacks. It forges the email header to deceive the recipient because the message appears to be from a different source than the actual address.

To fight against email impersonation, you can map display names with email addresses and check email for the mapping.

You can choose whether the impersonation analysis uses manual mapping entries or dynamic entries. You can also use both types of entries.

  • Manual: Use the entries you manually entered under Profile > AntiSpam > Impersonation.
  • Dynamic: Use the entries automatically learned by the FortiMail mail statistics service. To enable this service, enable mailstat-service under config system global.

The default setting is Manual.

QR code URL scan

Select which location(s) to scan for QR code images that contain known spam URLs.

  • Inline image: Embedded inline, in the email body.
  • Attachment image: Email attachments.
Previous
Next