Administration Guide

Email concepts and process workflow
- Email protocols
- Client-server connections in SMTP
- DNS role in email delivery
- How FortiMail processes email
- FortiMail operation modes
- FortiMail high availability
- FortiMail management methods
Setting up the FortiMail system
- Connecting to the GUI or CLI
- Choosing the operation mode
- Running the Quick Start Wizard
- Connecting to FortiGuard services
- Gateway mode deployment
- Transparent mode deployment
- Server mode deployment
- Testing the installation
- Backing up the configuration
Using the dashboard
- Viewing the dashboard
- Using the CLI Console
Using FortiView
- Viewing mail statistics
- View threat statistics
- View outbreak statistics
- Viewing top user statistics
- Viewing current IP sessions
Monitoring the system
- Viewing log messages
- Managing the quarantines
- Managing the mail queue
- Viewing DMARC report statistics
  - Viewing the DMARC and SPF report summary
  - Viewing details about DMARC and SPF report statistics
- Viewing the greylist statuses
- Viewing sender, authentication and endpoint reputation
- Managing archived email
- Viewing reports
Centrally monitoring the HA cluster
- Viewing the cluster status
- Viewing HA cluster mail statistics
- Viewing HA cluster threat statistics
- Searching the HA cluster logs
Configuring system settings
- Configuring network settings
- Configuring administrator accounts and access profiles
- Configuring system time, options, and other system options
- Configuring mail settings
- Customizing GUI, custom messages, email templates, and Security Fabric
- Configuring single sign-on (SSO)
- Configuring RAID
- Using high availability (HA)
- Managing certificates
- Using FortiNDR malware inspection
- Using FortiSandbox antivirus inspection
- Configuring FortiGuard services and licensed features
  - Configuring licensed features
    - Configuring image analysis
- System maintenance
- System utility
Configuring domains and users
- Configuring protected domains
- Managing users
- Configuring user aliases
- Configuring address mappings
- Configuring IBE users
- Configuring the address book
- Sharing calendars and address books (server mode only)
- Migrating email from other mail servers (server mode only)
Configuring policies
- What is a policy?
- How to use policies
- Controlling SMTP access and delivery
- Controlling email based on IP addresses
- Controlling email based on sender and recipient addresses
Configuring profiles
- Configuring session profiles
- Configuring antispam profiles and actions
- Configuring antivirus profiles, file signatures, and actions
- Configuring content profiles and content action profiles
- Configuring replacement message profiles and variables
- Configuring resource profiles
- Workflow to enable and configure authentication of email users
- Configuring authentication profiles
- Configuring LDAP profiles
- Configuring dictionary profiles
- Configuring security profiles
- Configuring IP pools
- Configuring email, IP and GeoIP groups
- Configuring notification profiles
Configuring security settings
- Configuring URL filter profiles
- Configuring a threat feed
  - Types and file formats of threat feeds
- Configuring content disarming and reconstruction
- Configuring authentication reputation
- Configuring email quarantines and quarantine reports
- Configuring the block lists and safe lists
- Configuring greylisting
- Configuring bounce verification and tagging
- Configuring sender rewriting scheme
- Configuring endpoint reputation
- Configuring preferences
- Training and maintaining the Bayesian databases
Configuring encryption settings
- Configuring IBE encryption
- Configuring certificate bindings
Configuring data loss prevention
- DLP configuration workflow
- Defining the sensitive data
- Configuring DLP rules
- Configuring DLP profiles
Archiving email
- Email archiving workflow
- Configuring email archiving accounts
- Configuring email archiving policies
- Configuring email archiving exemptions
Logs, reports, and alerts
- About FortiMail logging
- Configuring logging
- Configuring report profiles and generating reports
- Configuring alert email
Microsoft 365, Exchange and Google Workspace threat remediation
- Microsoft 365, Exchange, and Google Workspace protection workflow
- Configuring accounts
- Configuring scanning policies
- Configuring profiles
- Monitoring log messages
Managing firmware and configuration
- Testing firmware before installing it
- Installing firmware
- Clean installing firmware
- Upgrading firmware on HA units
Best practices and fine tuning
- General security tuning
- System security tuning
- Network topology tuning
- High availability (HA) tuning
- SMTP connectivity tuning
- Antispam tuning
- Policy tuning
- System maintenance tips
- Performance tuning
Troubleshooting
- Establish a system baseline
- Define the problem
- Search for a known solution
- Create a troubleshooting plan
- Gather system information
- Troubleshoot hardware issues
- Troubleshoot GUI and CLI connection issues
- Troubleshoot FortiGuard connection issues
- Troubleshoot MTA issues
- Troubleshoot antispam issues
- Troubleshoot HA issues
- Troubleshoot resource issues
- Troubleshoot bootup issues
- Troubleshoot installation issues
- Contact Fortinet customer support for assistance
Setup for email users
- Training Bayesian databases
- Managing tagged spam
- Accessing the personal quarantine and webmail
- Sending email from an email client (gateway and transparent mode)
Appendix A: Supported RFCs
Appendix B: Maximum Values
Appendix C: Port Numbers
Appendix D: Wildcards and regular expressions
- Special characters with regular expressions and wildcards
- Case sensitivity
- Modifiers
- Word boundary
- Syntax
- Example regular expressions
Appendix E: Working with TLS/SSL
- About TLS/SSL
- How TLS/SSL works
- FortiMail support of TLS/SSL
- Troubleshooting FortiMail TLS issues
Appendix F: PKI Authentication
- Introduction to PKI authentication
- FortiMail PKI architecture
- Configuring PKI authentication on FortiMail
Change log

Home FortiMail 7.6.0 Administration Guide

7.6.0

Configuring antispam action profiles

The Action tab in the AntiSpam submenu lets you define one or more things that the FortiMail unit should do if the antispam profile determines that an email is spam.

For example, assume you configured a default antispam action profile, named quar_and_tag_profile, that both tags the subject line and quarantines email detected to be spam. In general, all antispam profiles using the default action profile will quarantine the email and tag it as spam. However, you can decide that email failing to pass the dictionary scan is always spam and should be rejected so that it does not consume quarantine disk space. Therefore, for the antispam profiles that apply a dictionary scan, you could override the default action by configuring and using a second action profile, named rejection_profile, which rejects such email.

The specific action profile will override the default action profile when mailfilterd scans the email and take disposition (action) against the email. When the email is out of the process of mailfilterd, any remaining actions, such as spam report, web release, and sender safelisting, will still be taken based on the default action profile.

To configure an antispam action profile

Go to Profile > AntiSpam > Action.
Either click New or Clone to add a profile, or double-click a profile to modify it.

Alternatively, see Batch editing antispam profiles.

Configure the following:

GUI item		Description
Domain		Select which protected domain this profile belongs to, or System (all protected domains can use this profile). You can only see the domains that are permitted by your administrator profile. See About administrator account permissions and domains.
Name		Enter a unique name for the profile.
Comment		Enter a comment or description.
Tag subject		Enable and enter the text that appears in the subject line of the email, such as `[spam]`. The FortiMail unit will prepend this text to the subject line of spam before forwarding it to the recipient. Many email clients can sort incoming email messages into separate mailboxes, including a spam mailbox, based on text appearing in various parts of email messages, including the subject line. For details, see the documentation for your email client.
Insert header		Enable and enter the message header key in the field, and the values in the With value field. The FortiMail unit adds this text to the message header of the email before forwarding it to the recipient. Many email clients can sort incoming email messages into separate mailboxes, including a spam mailbox, based on text appearing in various parts of email messages, including the message header. For details, see the documentation for your email client. Message header lines are composed of two parts: a key and a value, which are separated by a colon. For example, you might enter: X-Custom-Header: Detected as spam by profile 22. If you enter a header line that does not include a colon, the FortiMail unit will automatically append a colon, causing the entire text that you enter to be the key. Note: Do not enter spaces in the key portion of the header line, as these are forbidden by RFC 2822 . Starting from FortiMail 6.0.1, you can add multiple headers by adding them to the header table. You can also insert the predefined variables to the header value.
Insert disclaimer		Insert disclaimer as an action, and select whether you want to insert the disclaimer at the start of the message, end of the message, or at the location of the custom message. You can modify the default disclaimer or add new disclaimers by going to System > Mail Setting > Disclaimer.
Deliver to alternate host		Enable to route the email to a specific SMTP server or relay, then type the fully qualified domain name (FQDN) or IP address of the destination. You can choose to deliver the original email or the modified email. Note: If you enable this setting, the FortiMail unit uses this destination for all email that matches the profile and ignores Relay server name and Use this domain’s SMTP server to deliver the mail.
Deliver to original host		Enable to deliver email to the original host.
FortiGuard spam outbreak protection		Enable to manually defer emails and place email in the spam defer queue. Note: The Spam outbreak protection option in the FortiGuard settings under Profile > AntiSpam > AntiSpam does not affect this feature.
Defer delivery		Enable to defer delivery of emails that may be resource intensive and reduce performance of the mail server, such as large email messages, or lower priority email from certain senders (for example, marketing campaign email and mass mailing).
BCC		Enable to send a blind carbon copy (BCC) of the email. You can specify an Envelope from address so that, in the case the email is not deliverable and bounced back, it will be returned to the specified envelope from address, instead of the original sender. This is helpful when you want to use a specific email to collect bounce notifications. Click New to add BCC recipients.
Archive to account		Enable to send the email to an archiving account. Click New to create a new archiving account or click Edit to modify an existing account. For details about archiving accounts, see Email archiving workflow.
Notify with profile		Enable and select a notification profile to send a notification email to the sender, recipient, or any other people as you configure in the notification profile. The notification email is customizable and will tell the users what happened to the email message. For details about notification profiles and email templates, see Configuring notification profiles and Customizing email templates.
Final action		For details about final and non-final actions, see Order of execution.
	Discard	Enable to accept the email, but then delete it instead of delivering the email, without notifying the SMTP client.
	Reject	Enable to reject the email and reply to the SMTP client with SMTP reply code 550. However, if email messages are held for FortiGuard spam outbreak protection or FortiGuard virus outbreak protection, or sent to FortiSandbox, the actual action will fallback to "system quarantine".
	Personal quarantine	For incoming email, enable to redirect the email to the recipient’s personal quarantine. For more information, see Managing the personal quarantines. For outgoing email, this action will fallback to the system quarantine.
	System quarantine	Enable to redirect spam to the system quarantine and then select the quarantine folder. For more information, see Managing the system quarantine. You can also enable and select a notification profile to send a notification email to the sender, recipient, or any other people as you configure in the notification profile. The notification recipients will be able to release the quarantined email using the URL in the notification email. For details about notification profiles and email templates, see Configuring notification profiles and Customizing email templates.
	Domain quarantine	Enable to redirect spam to the domain quarantine and then select the quarantine folder. For more information, see Managing the domain quarantines. You can also enable and select a notification profile to send a notification email to the sender, recipient, or any other people as you configure in the notification profile. The notification recipients will be able to release the quarantined email using the URL in the notification email. For details about notification profiles and email templates, see Configuring notification profiles and Customizing email templates.
	Rewrite recipient email address	Enable to change the recipient address of any email message detected as spam. Configure rewrites separately for the local-part (the portion of the email address before the '@' symbol, typically a user name) and the domain part (the portion of the email address after the `@` symbol). For each part, select either: None: No change. Prefix: Prepend the part with text that you have entered in the With field. Suffix: Append the part with the text you have entered in the With field. Replace: Substitute the part with the text you have entered in the With field.

Click Create or OK.
To apply an antispam action profile, select it in an antispam profile. For details, see Default action.