Configuring email, IP and GeoIP groups
The Profile > Group tab displays the list of email and IP group and override profiles.
This sections includes:
Configuring email groups
Email groups include groups of email addresses that can be used when configuring access control rules and recipient-based policies. For information about access control rules and polices, see Configuring access control receiving policies and Controlling email based on sender and recipient addresses.
To configure email groups
- Go to Profile > Group > Email Group.
- Either click New to add a profile or double-click a profile to modify it. The profile name is editable.
- Optionally enter a comment.
- Select whether this profile will be applied system-wide or to a specific domain.
- For a new group, enter a name for this email group.
- Click New to add email addresses.
- Click Create or OK.
The name must contain only alphanumeric characters. Spaces are not allowed.
You can also use wildcards to enter partial patterns that can match multiple email addresses. The asterisk represents one or more characters and the question mark (?) represents any single character.
For example, the pattern ??@*.com
will match any email user with a two letter email user name from any “.com” domain name.
Configuring IP groups
IP groups include groups of IP addresses that can be used when configuring access control rules, IP-based policies, and reports. See also Configuring access control receiving policies, Controlling email based on IP addresses, and Configuring report profiles and generating reports.
To configure an IP group
- Go to Profile > Group > IP Group.
- Either click New to add a profile or double-click a profile to modify it.
- For a new group, enter a name in Group name.
- Optionally enter a comment.
- Under IP Groups, click New.
- Enter the IP address and netmask of the group, or the IP range. Use the netmask, the portion after the slash (
/
), to specify the matching subnet. - Click Create.
The name must contain only alphanumeric characters. Spaces are not allowed.
A field appears under IP/Netmask or IP Range.
For example, enter 10.10.10.10/24
to match a 24-bit subnet, or all addresses starting with 10.10.10. This will appear as 10.10.10.0/24 in the access control rule table, with the 0
indicating that any value is matched in that position of the address.
Similarly, 10.10.10.10/32
will appear as 10.10.10.10/32 and match only the 10.10.10.10 address.
Configuring GeoIP groups
Starting from 6.2 release, FortiMail utilizes the GeoIP database to map the geolocations of client IP addresses. You can use GeoIP groups in access control rules and IP-based policies to geo-targeting spam and virus devices. For information about access control rules and polices, see Configuring access control receiving policies and Controlling email based on IP addresses.
You can also override geolocation mappings that may not be correct in the GeoIP database. For details, see Configuring GeoIP override.
To configure a GeoIP group
- Go to Profile > Group > GeoIP Group.
- Either click New to add a profile or double-click a profile to modify it.
- For a new group, enter a name in Group name.
- Optionally enter a comment.
- If you want to create a group to include all countries and regions, enable this option and click Create. Otherwise, disable this option and move the available countries, regions, or override groups to the member list, and click Create. You can have a maximum of 30 countries and regions in one group.
The name must contain only alphanumeric characters. Spaces are not allowed.
Configuring GeoIP override
GeoIP service looks up the IP address geographic locations in the GeoIP database. However, in some cases, the lookup might not be accurate, for example, when clients use proxies.
With FortiMail, you can override the GeoIP lookup by manually specifying the geographic locations of some IP addresses and ranges. When you create GeoIP groups (see Configuring GeoIP groups), you can use the override geographic locations in the groups.
When entering IP addresses for GeoIP overrides, only IPv4 addresses are supported. |
To configure a GeoIP override
- Go to Profile > Group > GeoIP Override.
- Click New.
- Specify a geographic location name for the client IP addresses.
- Optionally enter a comment.
- Click New to specify the IPv4 addresses that you want to include in the geographic location.
-
Click Create.
To test a lookup, click IP Geography Query.