Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiMail 7.4.3 Administration Guide
    7.4.3
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.7
    6.2.0
    6.0.6
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    Configuring preferences

    Configuring preferences

    Go to Security > Option > Preference to configure a few global settings for action profile, mail scan, and antispam preferences.

    GUI item

    Description

    Action Profile

    When you configure action profiles (see Configuring antispam action profiles, Configuring antivirus action profiles, and Configuring content action profiles), you may use the following actions:

    • Deliver to alternate host
    • Deliver to original host
    • System quarantine
    • Personal quarantine
    • Disclaimer insertion
    • Subject tag location
    • Replacement message location

    For the delivery and quarantine actions, you can choose to deliver or quarantine the original email or the modified email.

    • Modified copy means that the email message to be delivered or quarantined is not the original one. It has been modified by the matching FortiMail actions.
    • Unmodified copy means that the email message to be delivered or quarantined still contains the original header and body. However, the envelope recipient or RCPT TO might have been rewritten by the relevant action profile.

    For example, when the HTML content is converted to text, if you choose to deliver the unmodified copy, the HTML version will be delivered; if you choose to deliver the modified copy, the plain text version will be delivered.

    For the disclaimer insertion action, you can choose to insert the disclaimer in the selected messages or all messages.

    For the subject tagging action, you can choose to insert the tag at the beginning or the end of the subject.

    Enforce delivery action if 'delivery to original/alternate host' is enabled

    If the action in one profile is one of the final actions, such as System quarantine, while the action in another profile is to deliver to the original host or alternate host, you can enable this option to overwrite the final action.

    Execute attachment scan on spam email under personal quarantine

    For spam email that is sent to personal quarantine, you have the option to continue or stop further scanning the email attachments.

    Mail Scan

    Specify the following:

    • Maximum level to decompress archive file: Specify how many levels to decompress the archived files for antivirus and content scan. Valid range is 1 to 36. Default value is 12.

    • Maximum archive file size to decompress (MB): Specify the maximum file size to scan after the archived files are decompressed. This applies to every single file after decompression. Bigger files will not be scanned. Default value is 10MB.

    • Maximum compression ratio for archive bomb: Specify the maximum compression ratio for FortiMail to decompress. Valid range is 1 to 1000. Default value is 200.

    AntiSpam

    DMARC failure action

    Select either:

    • Action profile: Use the action specified in the antispam profile.
    • Action profile with none: If the policy option in the sender's DMARC record is p=none, use that action. Else use the action in the antispam profile.
    • DMARC record policy: Use the actions specified in the policy option of the sender's DMARC record.

    The default setting is Action profile with none.

    This system-wide setting can be overridden by a per-domain setting. For details, see the FortiMail CLI Reference.

    Impersonation analysis

    Email impersonation is one of the email spoofing attacks. It forges the email header to deceive the recipient because the message appears to be from a different source than the actual address.

    To fight against email impersonation, you can map display names with email addresses and check email for the mapping.

    You can choose whether the impersonation analysis uses manual mapping entries or dynamic entries. You can also use both types of entries.

    • Manual: Use the entries you manually entered under Profile > AntiSpam > Impersonation.
    • Dynamic: Use the entries automatically learned by the FortiMail mail statistics service. To enable this service, enable mailstat-service under config system global.

    The default setting is Manual.

    QR code URL scan

    Select which location(s) to scan for QR code images that contain known spam URLs.

    • Inline image: Embedded inline, in the email body.
    • Attachment image: Email attachments.
    Previous
    Next

    Configuring preferences

    Configuring preferences

    Go to Security > Option > Preference to configure a few global settings for action profile, mail scan, and antispam preferences.

    GUI item

    Description

    Action Profile

    When you configure action profiles (see Configuring antispam action profiles, Configuring antivirus action profiles, and Configuring content action profiles), you may use the following actions:

    • Deliver to alternate host
    • Deliver to original host
    • System quarantine
    • Personal quarantine
    • Disclaimer insertion
    • Subject tag location
    • Replacement message location

    For the delivery and quarantine actions, you can choose to deliver or quarantine the original email or the modified email.

    • Modified copy means that the email message to be delivered or quarantined is not the original one. It has been modified by the matching FortiMail actions.
    • Unmodified copy means that the email message to be delivered or quarantined still contains the original header and body. However, the envelope recipient or RCPT TO might have been rewritten by the relevant action profile.

    For example, when the HTML content is converted to text, if you choose to deliver the unmodified copy, the HTML version will be delivered; if you choose to deliver the modified copy, the plain text version will be delivered.

    For the disclaimer insertion action, you can choose to insert the disclaimer in the selected messages or all messages.

    For the subject tagging action, you can choose to insert the tag at the beginning or the end of the subject.

    Enforce delivery action if 'delivery to original/alternate host' is enabled

    If the action in one profile is one of the final actions, such as System quarantine, while the action in another profile is to deliver to the original host or alternate host, you can enable this option to overwrite the final action.

    Execute attachment scan on spam email under personal quarantine

    For spam email that is sent to personal quarantine, you have the option to continue or stop further scanning the email attachments.

    Mail Scan

    Specify the following:

    • Maximum level to decompress archive file: Specify how many levels to decompress the archived files for antivirus and content scan. Valid range is 1 to 36. Default value is 12.

    • Maximum archive file size to decompress (MB): Specify the maximum file size to scan after the archived files are decompressed. This applies to every single file after decompression. Bigger files will not be scanned. Default value is 10MB.

    • Maximum compression ratio for archive bomb: Specify the maximum compression ratio for FortiMail to decompress. Valid range is 1 to 1000. Default value is 200.

    AntiSpam

    DMARC failure action

    Select either:

    • Action profile: Use the action specified in the antispam profile.
    • Action profile with none: If the policy option in the sender's DMARC record is p=none, use that action. Else use the action in the antispam profile.
    • DMARC record policy: Use the actions specified in the policy option of the sender's DMARC record.

    The default setting is Action profile with none.

    This system-wide setting can be overridden by a per-domain setting. For details, see the FortiMail CLI Reference.

    Impersonation analysis

    Email impersonation is one of the email spoofing attacks. It forges the email header to deceive the recipient because the message appears to be from a different source than the actual address.

    To fight against email impersonation, you can map display names with email addresses and check email for the mapping.

    You can choose whether the impersonation analysis uses manual mapping entries or dynamic entries. You can also use both types of entries.

    • Manual: Use the entries you manually entered under Profile > AntiSpam > Impersonation.
    • Dynamic: Use the entries automatically learned by the FortiMail mail statistics service. To enable this service, enable mailstat-service under config system global.

    The default setting is Manual.

    QR code URL scan

    Select which location(s) to scan for QR code images that contain known spam URLs.

    • Inline image: Embedded inline, in the email body.
    • Attachment image: Email attachments.
    Previous
    Next