Configuring dictionary profiles
The Profiles tab lets you configure dictionary profiles.
Unlike banned words, dictionary terms are UTF-8 encoded, and may include characters other than US-ASCII characters, such as é or ñ.
Dictionary profiles can be grouped or used individually by antispam or content profiles to detect spam, banned content, or content that requires encryption to be applied. For more information on content profiles and antispam profiles, see Configuring antispam profiles and actions and Configuring content profiles and content action profiles.
A dictionary can contain predefined and/or user-defined patterns.
The FortiMail unit comes with the following six predefined patterns. You can edit a predefined pattern and edit or delete a user-defined pattern by selecting it and then clicking the Edit or Delete icon.
If a pattern is enabled, the FortiMail unit will look for the template/format defined in a pattern. For example, if you enable the Canadian SIN predefined pattern, the FortiMail unit looks for the three groups of three digits defined in this pattern. This is useful when you want to use IBE to encrypt an email based on its content. In such cases, the dictionary profile can be used in a content profile which is included in a policy to apply to the email. For more information about IBE, see Configuring IBE encryption.
Predefined patterns
Canadian SIN |
Canadian Social Insurance Number. The format is three groups of three digits, such as 649 242 666. |
US SSN |
United States Social Security number. The format is a nine digit number, such as 078051111. |
Credit Card |
Major credit card number formats. |
ABA Routing |
A routing transit number (RTN) is a nine digit bank code, used in the United States, which appears on the bottom of negotiable instruments such as checks identifying the financial institution on which it was drawn. |
CUSIP |
CUSIP typically refers to both the Committee on Uniform Security Identification Procedures and the 9-character alphanumeric security identifiers that they distribute for all North American securities for the purposes of facilitating clearing and settlement of trades. |
ISIN |
An International Securities Identification Number (ISIN) uniquely identifies a security. Securities for which ISINs are issued include bonds, commercial paper, equities and warrants. The ISIN code is a 12-character alpha-numerical code that does not contain information characterizing financial instruments but serves for uniform identification of a security at trading and settlement. |
To view the list of dictionary profiles
- Go to Profile > Dictionary > Dictionary.
- Click New to create a new profile or double-click a profile to modify it.
- For a new profile, type its name. The profile name is editable later.
- To enable or edit a predefined pattern:
GUI item |
Description |
Export (button) |
Select one dictionary check box and click Export. Follow the prompts to save the dictionary file. Note that you can only export one dictionary at a time. |
Import (button) |
Select one dictionary check box and then click the import button to import dictionary entries into the existing dictionary. In the dialog, click Browse to locate a dictionary in text format. Click OK to upload the file. Note that you can only select one dictionary at a time and you can only import dictionary entries into an existing dictionary. |
Displays the dictionary name. |
A two-part page appears.
- Double-click a pattern in Smart Identifiers.
- A dialog appears.
- Select Enable to add the pattern to the dictionary profile.
- To edit a predefined pattern, do the same as for a user-defined pattern in Step 5
- Click OK.
- Click New under Dictionary Entries to add an entry or double click an entry to modify it.
- A dialog appears.
GUI item |
Description |
Enable |
Select to enable a pattern. |
Type a word or phrase that you want the dictionary to match, expressed either verbatim, with wild cards, or as a regular expression. Optionally, before entering a regular expression, click Validate to test regular expressions and string text. Regular expressions do not require slash ( v[i1]agr?a Matches are not case sensitive and can occur over multiple lines as if the word were on a single line (that is, Perl-style match modifier options The FortiMail unit will convert the encoding and character set into UTF‑8, the same encoding in which dictionary patterns are stored, before evaluating an email for a match with the pattern. Because of this, your pattern must match the UTF‑8 string, not the originally encoded string. For example, if the original encoded string is:
then the pattern must match:
Entering the pattern This option is not editable for predefined patterns. |
|
Pattern type |
For a new dictionary entry, select either:
This option is not editable for predefined patterns. |
Comments |
Enter any descriptions for the pattern. |
Pattern weight |
Enter a number by which an email’s dictionary match score will be incremented for each word or phrase it contains that matches this pattern. The dictionary match score may be used by content monitor profiles and antispam profiles to determine whether or not to apply the content action. See also Dictionary section and Configuring content monitor and filtering. |
Enter the maximum by which matches of this pattern can contribute to an email’s dictionary match score. This option applies only if Enable pattern max weight limit is enabled. |
|
Enable if the pattern must not increase an email’s dictionary match score more than the amount configured in Pattern max weight. |
|
Search header |
Enable to match occurrences of the pattern when it is located in an email’s message headers, including the subject line. The FortiMail unit uses the full header string, including the header name and value, to match the pattern. Therefore, when you define the pattern, you can specify both the header name and value. For example, such a pattern entry as |
Search body |
Enable to match occurrences of the pattern when it is located in an email’s message body. |
To apply a dictionary, in an antispam profile or content profile, either select it individually or select a dictionary group that contains it. For more information, see Configuring dictionary groups, Configuring antispam profiles, and Configuring content profiles.
Configuring dictionary groups
The Group tab lets you create groups of dictionary profiles.
Dictionary groups can be useful when you want to use multiple dictionary profiles during the same scan.
For example, you might have several dictionaries of prohibited words — one for each language — that you want to use to enforce your network usage policy. Rather than combining the dictionaries or creating multiple policies and multiple content profiles to apply each dictionary profile separately, you could simply group the dictionaries, then select that group in the content monitor profile.
Before you can create a dictionary group, you must first create one or more dictionary profiles. For more information about dictionary profiles, see Configuring dictionary profiles.
To view and configure a dictionary group
- Go to Profile > Dictionary > Group.
- Either click New to add a profile or double-click a profile to modify it.
- For a new group, enter the name of the dictionary group in Group name.
- In the Available dictionaries area, select one or more dictionaries that you want to include in the dictionary group, then click ->.
- Click Create or OK.
GUI item |
Description |
---|---|
Create New |
Select the name of a protected domain from Select Domain, then click Create New to add a dictionary for that protected domain. Note: If you have not yet configured a protected domain, new dictionary groups will by default be assigned to the system domain. For more information on protected domains, see “Configuring protected domains” on page 229. |
Select Domain |
Select the name of a protected domain to display dictionary groups belonging to that protected domain, or select system to display system-wide dictionary groups. This option is not available if you have not yet configured a protected domain. For more information on protected domains, see “Configuring protected domains” on page 229. |
Clone (button) |
Click the row corresponding to the profile whose settings you want to duplicate when creating the new profile, then click Clone. A single-field dialog appears. Enter a name for the new profile. Click OK. |
Group Name |
Displays the name of the dictionary group or dictionary group item. |
Domain |
The entire FortiMail unit (System) or name of a protected domain to which the profile is assigned. Which dictionary groups are visible and modifiable by the administrator varies by whether a FortiMail administrator account is assigned to specific protected domain. For more information, see “About administrator account permissions and domains” on page 143. |
Description |
The description of the dictionary group. |
The dictionaries move to the Members area.
To apply a dictionary group, select it instead of a dictionary profile when configuring an antispam profile or content profile. For details, see Configuring antispam profiles and Configuring content profiles.