Fortinet black logo

Administration Guide

Configuring dictionary profiles

Configuring dictionary profiles

The Profiles tab lets you configure dictionary profiles.

Unlike banned words, dictionary terms are UTF-8 encoded, and may include characters other than US-ASCII characters, such as é or ñ.

Dictionary profiles can be grouped or used individually by antispam or content profiles to detect spam, banned content, or content that requires encryption to be applied. For more information on content profiles and antispam profiles, see Configuring antispam profiles and antispam action profiles and Configuring content profiles and content action profiles.

A dictionary can contain predefined and/or user-defined patterns.

The FortiMail unit comes with the following six predefined patterns. You can edit a predefined pattern and edit or delete a user-defined pattern by selecting it and then clicking the Edit or Delete icon.

If a pattern is enabled, the FortiMail unit will look for the template/format defined in a pattern. For example, if you enable the Canadian SIN predefined pattern, the FortiMail unit looks for the three groups of three digits defined in this pattern. This is useful when you want to use IBE to encrypt an email based on its content. In such cases, the dictionary profile can be used in a content profile which is included in a policy to apply to the email. For more information about IBE, see Configuring IBE encryption.

Predefined patterns

Canadian SIN

Canadian Social Insurance Number. The format is three groups of three digits, such as 649 242 666.

US SSN

United States Social Security number. The format is a nine digit number, such as 078051111.

Credit Card

Major credit card number formats.

ABA Routing

A routing transit number (RTN) is a nine digit bank code, used in the United States, which appears on the bottom of negotiable instruments such as checks identifying the financial institution on which it was drawn.

CUSIP

CUSIP typically refers to both the Committee on Uniform Security Identification Procedures and the 9-character alphanumeric security identifiers that they distribute for all North American securities for the purposes of facilitating clearing and settlement of trades.

ISIN

An International Securities Identification Number (ISIN) uniquely identifies a security. Securities for which ISINs are issued include bonds, commercial paper, equities and warrants. The ISIN code is a 12-character alpha-numerical code that does not contain information characterizing financial instruments but serves for uniform identification of a security at trading and settlement.

To view the list of dictionary profiles
  1. Go to Profile > Dictionary > Dictionary.
  2. GUI item

    Description

    Export

    (button)

    Select one dictionary check box and click Export. Follow the prompts to save the dictionary file.

    Note that you can only export one dictionary at a time.

    Import

    (button)

    Select one dictionary check box and then click the import button to import dictionary entries into the existing dictionary. In the dialog, click Browse to locate a dictionary in text format. Click OK to upload the file.

    Note that you can only select one dictionary at a time and you can only import dictionary entries into an existing dictionary.

    Name

    Displays the dictionary name.

  3. Click New to create a new profile or double-click a profile to modify it.
  4. A two-part page appears.

  5. For a new profile, type its name. The profile name is editable later.
  6. To enable or edit a predefined pattern:
  • Double-click a pattern in Smart Identifiers.
  • A dialog appears.
  • Select Enable to add the pattern to the dictionary profile.
  • To edit a predefined pattern, do the same as for a user-defined pattern in Step 5
  • Click OK.
  • To add or edit a user-defined pattern:
    • Click New under Dictionary Entries to add an entry or double click an entry to modify it.
    • A dialog appears.
  • Configure a custom entry.
  • GUI item

    Description

    Enable

    Select to enable a pattern.

    Pattern

    Type a word or phrase that you want the dictionary to match, expressed either verbatim, with wild cards, or as a regular expression. Optionally, before entering a regular expression, click Validate to test regular expressions and string text.

    Regular expressions do not require slash ( / ) boundaries. For example, enter:

    v[i1]agr?a

    Matches are not case sensitive and can occur over multiple lines as if the word were on a single line (that is, Perl-style match modifier options i and s are in effect).

    The FortiMail unit will convert the encoding and character set into UTF‑8, the same encoding in which dictionary patterns are stored, before evaluating an email for a match with the pattern. Because of this, your pattern must match the UTF‑8 string, not the originally encoded string. For example, if the original encoded string is:

    =?iso-8859-1?B?U2UgdHJhdGEgZGVsIHNwYW0uCg==?=

    then the pattern must match:

    Se trata del spam.

    Entering the pattern *iso-8859-1* would not match.

    This option is not editable for predefined patterns.

    Pattern type

    For a new dictionary entry, select either:

    • Wildcard: Pattern is verbatim or uses only simple wild cards (? or *).
    • Regex: Pattern is a Perl-style regular expression. See also Syntax.

    This option is not editable for predefined patterns.

    Comments

    Enter any descriptions for the pattern.

    Pattern weight

    Enter a number by which an email’s dictionary match score will be incremented for each word or phrase it contains that matches this pattern.

    The dictionary match score may be used by content monitor profiles and antispam profiles to determine whether or not to apply the content action. For more information about antispam profiles, see Configuring dictionary options. For more information about content monitor profiles, see Configuring content monitor and filtering.

    Pattern max weight

    Enter the maximum by which matches of this pattern can contribute to an email’s dictionary match score.

    This option applies only if Enable pattern max weight limit is enabled.

    Enable pattern max weight limit

    Enable if the pattern must not increase an email’s dictionary match score more than the amount configured in Pattern max weight.

    Search header

    Enable to match occurrences of the pattern when it is located in an email’s message headers, including the subject line.

    The FortiMail unit uses the full header string, including the header name and value, to match the pattern. Therefore, when you define the pattern, you can specify both the header name and value. For example, such a pattern entry as from: .*@example.com.* will block all email messages with the From header as xxx@example.com.

    Search body

    Enable to match occurrences of the pattern when it is located in an email’s message body.

    To apply a dictionary, in an antispam profile or content profile, either select it individually or select a dictionary group that contains it. For more information, see Configuring dictionary groups, Managing antispam profiles, and Configuring content profiles.

    Configuring dictionary groups

    The Group tab lets you create groups of dictionary profiles.

    Dictionary groups can be useful when you want to use multiple dictionary profiles during the same scan.

    For example, you might have several dictionaries of prohibited words — one for each language — that you want to use to enforce your network usage policy. Rather than combining the dictionaries or creating multiple policies and multiple content profiles to apply each dictionary profile separately, you could simply group the dictionaries, then select that group in the content monitor profile.

    Before you can create a dictionary group, you must first create one or more dictionary profiles. For more information about dictionary profiles, see Configuring dictionary profiles.

    To view and configure a dictionary group
    1. Go to Profile > Dictionary > Group.
    2. GUI item

      Description

      Create New

      Select the name of a protected domain from Select Domain, then click Create New to add a dictionary for that protected domain.

      Note: If you have not yet configured a protected domain, new dictionary groups will by default be assigned to the system domain. For more information on protected domains, see “Configuring protected domains” on page 229.

      Select Domain

      Select the name of a protected domain to display dictionary groups belonging to that protected domain, or select system to display system-wide dictionary groups.

      This option is not available if you have not yet configured a protected domain. For more information on protected domains, see “Configuring protected domains” on page 229.

      Clone

      (button)

      Click the row corresponding to the profile whose settings you want to duplicate when creating the new profile, then click Clone. A single-field dialog appears. Enter a name for the new profile. Click OK.

      Group Name

      Displays the name of the dictionary group or dictionary group item.

      Domain

      The entire FortiMail unit (System) or name of a protected domain to which the profile is assigned.

      Which dictionary groups are visible and modifiable by the administrator varies by whether a FortiMail administrator account is assigned to specific protected domain. For more information, see “About administrator account permissions and domains” on page 143.

      Description

      The description of the dictionary group.

    3. Either click New to add a profile or double-click a profile to modify it.
    4. For a new group, enter the name of the dictionary group in Group name.
    5. In the Available dictionaries area, select one or more dictionaries that you want to include in the dictionary group, then click ->.
    6. The dictionaries move to the Members area.

    7. Click Create or OK.

    To apply a dictionary group, select it instead of a dictionary profile when configuring an antispam profile or content profile. For details, see Managing antispam profiles, and Configuring content profiles.

    Configuring dictionary profiles

    The Profiles tab lets you configure dictionary profiles.

    Unlike banned words, dictionary terms are UTF-8 encoded, and may include characters other than US-ASCII characters, such as é or ñ.

    Dictionary profiles can be grouped or used individually by antispam or content profiles to detect spam, banned content, or content that requires encryption to be applied. For more information on content profiles and antispam profiles, see Configuring antispam profiles and antispam action profiles and Configuring content profiles and content action profiles.

    A dictionary can contain predefined and/or user-defined patterns.

    The FortiMail unit comes with the following six predefined patterns. You can edit a predefined pattern and edit or delete a user-defined pattern by selecting it and then clicking the Edit or Delete icon.

    If a pattern is enabled, the FortiMail unit will look for the template/format defined in a pattern. For example, if you enable the Canadian SIN predefined pattern, the FortiMail unit looks for the three groups of three digits defined in this pattern. This is useful when you want to use IBE to encrypt an email based on its content. In such cases, the dictionary profile can be used in a content profile which is included in a policy to apply to the email. For more information about IBE, see Configuring IBE encryption.

    Predefined patterns

    Canadian SIN

    Canadian Social Insurance Number. The format is three groups of three digits, such as 649 242 666.

    US SSN

    United States Social Security number. The format is a nine digit number, such as 078051111.

    Credit Card

    Major credit card number formats.

    ABA Routing

    A routing transit number (RTN) is a nine digit bank code, used in the United States, which appears on the bottom of negotiable instruments such as checks identifying the financial institution on which it was drawn.

    CUSIP

    CUSIP typically refers to both the Committee on Uniform Security Identification Procedures and the 9-character alphanumeric security identifiers that they distribute for all North American securities for the purposes of facilitating clearing and settlement of trades.

    ISIN

    An International Securities Identification Number (ISIN) uniquely identifies a security. Securities for which ISINs are issued include bonds, commercial paper, equities and warrants. The ISIN code is a 12-character alpha-numerical code that does not contain information characterizing financial instruments but serves for uniform identification of a security at trading and settlement.

    To view the list of dictionary profiles
    1. Go to Profile > Dictionary > Dictionary.
    2. GUI item

      Description

      Export

      (button)

      Select one dictionary check box and click Export. Follow the prompts to save the dictionary file.

      Note that you can only export one dictionary at a time.

      Import

      (button)

      Select one dictionary check box and then click the import button to import dictionary entries into the existing dictionary. In the dialog, click Browse to locate a dictionary in text format. Click OK to upload the file.

      Note that you can only select one dictionary at a time and you can only import dictionary entries into an existing dictionary.

      Name

      Displays the dictionary name.

    3. Click New to create a new profile or double-click a profile to modify it.
    4. A two-part page appears.

    5. For a new profile, type its name. The profile name is editable later.
    6. To enable or edit a predefined pattern:
    • Double-click a pattern in Smart Identifiers.
    • A dialog appears.
    • Select Enable to add the pattern to the dictionary profile.
    • To edit a predefined pattern, do the same as for a user-defined pattern in Step 5
    • Click OK.
  • To add or edit a user-defined pattern:
    • Click New under Dictionary Entries to add an entry or double click an entry to modify it.
    • A dialog appears.
  • Configure a custom entry.
  • GUI item

    Description

    Enable

    Select to enable a pattern.

    Pattern

    Type a word or phrase that you want the dictionary to match, expressed either verbatim, with wild cards, or as a regular expression. Optionally, before entering a regular expression, click Validate to test regular expressions and string text.

    Regular expressions do not require slash ( / ) boundaries. For example, enter:

    v[i1]agr?a

    Matches are not case sensitive and can occur over multiple lines as if the word were on a single line (that is, Perl-style match modifier options i and s are in effect).

    The FortiMail unit will convert the encoding and character set into UTF‑8, the same encoding in which dictionary patterns are stored, before evaluating an email for a match with the pattern. Because of this, your pattern must match the UTF‑8 string, not the originally encoded string. For example, if the original encoded string is:

    =?iso-8859-1?B?U2UgdHJhdGEgZGVsIHNwYW0uCg==?=

    then the pattern must match:

    Se trata del spam.

    Entering the pattern *iso-8859-1* would not match.

    This option is not editable for predefined patterns.

    Pattern type

    For a new dictionary entry, select either:

    • Wildcard: Pattern is verbatim or uses only simple wild cards (? or *).
    • Regex: Pattern is a Perl-style regular expression. See also Syntax.

    This option is not editable for predefined patterns.

    Comments

    Enter any descriptions for the pattern.

    Pattern weight

    Enter a number by which an email’s dictionary match score will be incremented for each word or phrase it contains that matches this pattern.

    The dictionary match score may be used by content monitor profiles and antispam profiles to determine whether or not to apply the content action. For more information about antispam profiles, see Configuring dictionary options. For more information about content monitor profiles, see Configuring content monitor and filtering.

    Pattern max weight

    Enter the maximum by which matches of this pattern can contribute to an email’s dictionary match score.

    This option applies only if Enable pattern max weight limit is enabled.

    Enable pattern max weight limit

    Enable if the pattern must not increase an email’s dictionary match score more than the amount configured in Pattern max weight.

    Search header

    Enable to match occurrences of the pattern when it is located in an email’s message headers, including the subject line.

    The FortiMail unit uses the full header string, including the header name and value, to match the pattern. Therefore, when you define the pattern, you can specify both the header name and value. For example, such a pattern entry as from: .*@example.com.* will block all email messages with the From header as xxx@example.com.

    Search body

    Enable to match occurrences of the pattern when it is located in an email’s message body.

    To apply a dictionary, in an antispam profile or content profile, either select it individually or select a dictionary group that contains it. For more information, see Configuring dictionary groups, Managing antispam profiles, and Configuring content profiles.

    Configuring dictionary groups

    The Group tab lets you create groups of dictionary profiles.

    Dictionary groups can be useful when you want to use multiple dictionary profiles during the same scan.

    For example, you might have several dictionaries of prohibited words — one for each language — that you want to use to enforce your network usage policy. Rather than combining the dictionaries or creating multiple policies and multiple content profiles to apply each dictionary profile separately, you could simply group the dictionaries, then select that group in the content monitor profile.

    Before you can create a dictionary group, you must first create one or more dictionary profiles. For more information about dictionary profiles, see Configuring dictionary profiles.

    To view and configure a dictionary group
    1. Go to Profile > Dictionary > Group.
    2. GUI item

      Description

      Create New

      Select the name of a protected domain from Select Domain, then click Create New to add a dictionary for that protected domain.

      Note: If you have not yet configured a protected domain, new dictionary groups will by default be assigned to the system domain. For more information on protected domains, see “Configuring protected domains” on page 229.

      Select Domain

      Select the name of a protected domain to display dictionary groups belonging to that protected domain, or select system to display system-wide dictionary groups.

      This option is not available if you have not yet configured a protected domain. For more information on protected domains, see “Configuring protected domains” on page 229.

      Clone

      (button)

      Click the row corresponding to the profile whose settings you want to duplicate when creating the new profile, then click Clone. A single-field dialog appears. Enter a name for the new profile. Click OK.

      Group Name

      Displays the name of the dictionary group or dictionary group item.

      Domain

      The entire FortiMail unit (System) or name of a protected domain to which the profile is assigned.

      Which dictionary groups are visible and modifiable by the administrator varies by whether a FortiMail administrator account is assigned to specific protected domain. For more information, see “About administrator account permissions and domains” on page 143.

      Description

      The description of the dictionary group.

    3. Either click New to add a profile or double-click a profile to modify it.
    4. For a new group, enter the name of the dictionary group in Group name.
    5. In the Available dictionaries area, select one or more dictionaries that you want to include in the dictionary group, then click ->.
    6. The dictionaries move to the Members area.

    7. Click Create or OK.

    To apply a dictionary group, select it instead of a dictionary profile when configuring an antispam profile or content profile. For details, see Managing antispam profiles, and Configuring content profiles.