Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.10
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    7.4.10
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Configuring an email filter profile

    Configuring an email filter profile

    Use an email filter in a policy to perform spam detection and filtering.

    FortiPortal includes two default email filter profiles. To use them, edit the desired email filter profile and enable Enable Spam Detection and Filtering. Configure the other settings as described below then save.

    To configure an email filter profile:

    1. Go to Security > Firewall Objects.

    2. Select Email Filter Profile from the Security Profiles dropdown.

    3. Click Create or select an existing profile from the list and click Edit.

    4. In the form, enter the following information:

      Settings

      Guidelines

      Name

      Required. Enter a name for the profile.

      Comments

      Optionally, enter comments.

      Feature Set

      Select Flow-based or Proxy-based.

      For each mode, the following spam detection and filtering options are available:

      • Flow-based:

        • Spam Detection by Protocol for IMAP, POP3, and SMTP.

        • Local Spam Filtering block/allow list.

      • Proxy-based:

        • Spam Detection by Protocol for IMAP, POP3, and SMTP.

        • Spam Filtering features.

        • Local Spam Filtering HELO DNS lookup, return email DNS check, and block/allow list.

      Enable Spam Detection and Filtering

      Enable or disable spam detection and filtering. This essentially enables or disables this email filter profile.

      Spam Detection by Protocol

      For each protocol, specify the spam action:

      • Pass: Allow the email.

      • Tag: Add notice in the email Subject or header (MIME).

      • Discard: Discard the email. Only available for SMTP protocol.

      Local Spam Filtering

      Block/Allow List

      Enable and select the local block/allow list to use for this filter.

      HELO DNS Lookup

      Enable to perform a DNS lookup on the client domain name specified in the SMTP HELO command. If the lookup fails, emails delivered in this SMTP session are classified as spam.

      The HELO DNS lookup is only available for SMTP traffic

      Return Email DNS Check

      Enable to perform a DNS lookup on the the reply-to email address and reply-to domain. If the lookup fails, the email is treated as spam.

      Spam Filtering

      IP Address Check

      The firewall queries the antispam service to determine if the IP address of the client delivering the email is in the block list. If there is a match, the email is treated as spam.

      URL Check

      The firewall submits all URLs that appear in the email body to the antispam service for checking. If a URL exists in the URL block list, the email is treated as spam.

      Detect Phishing URLs in Email

      The firewall submits all URL hyperlinks that appear in the email body to the antispam service for checking. If a URL exists in the phishing list, the firewall removes the hyperlink from the message. The URL remains in place, but it is no longer a clickable hyperlink.

      Email Checksum Check

      The firewall submits a checksum of each email to the antispam service for checking. If a checksum exists in the checksum block list, the email is treated as spam.

      Spam Submission

      Spam submission is a way to inform the antispam service of non-spam messages incorrectly marked as spam. When enabled, the firewall adds a link to the end of every email marked as spam. Click the link to notify the antispam service if an email is marked incorrectly.

    5. Click Save.

    Previous
    Next

    Configuring an email filter profile

    Configuring an email filter profile

    Use an email filter in a policy to perform spam detection and filtering.

    FortiPortal includes two default email filter profiles. To use them, edit the desired email filter profile and enable Enable Spam Detection and Filtering. Configure the other settings as described below then save.

    To configure an email filter profile:

    1. Go to Security > Firewall Objects.

    2. Select Email Filter Profile from the Security Profiles dropdown.

    3. Click Create or select an existing profile from the list and click Edit.

    4. In the form, enter the following information:

      Settings

      Guidelines

      Name

      Required. Enter a name for the profile.

      Comments

      Optionally, enter comments.

      Feature Set

      Select Flow-based or Proxy-based.

      For each mode, the following spam detection and filtering options are available:

      • Flow-based:

        • Spam Detection by Protocol for IMAP, POP3, and SMTP.

        • Local Spam Filtering block/allow list.

      • Proxy-based:

        • Spam Detection by Protocol for IMAP, POP3, and SMTP.

        • Spam Filtering features.

        • Local Spam Filtering HELO DNS lookup, return email DNS check, and block/allow list.

      Enable Spam Detection and Filtering

      Enable or disable spam detection and filtering. This essentially enables or disables this email filter profile.

      Spam Detection by Protocol

      For each protocol, specify the spam action:

      • Pass: Allow the email.

      • Tag: Add notice in the email Subject or header (MIME).

      • Discard: Discard the email. Only available for SMTP protocol.

      Local Spam Filtering

      Block/Allow List

      Enable and select the local block/allow list to use for this filter.

      HELO DNS Lookup

      Enable to perform a DNS lookup on the client domain name specified in the SMTP HELO command. If the lookup fails, emails delivered in this SMTP session are classified as spam.

      The HELO DNS lookup is only available for SMTP traffic

      Return Email DNS Check

      Enable to perform a DNS lookup on the the reply-to email address and reply-to domain. If the lookup fails, the email is treated as spam.

      Spam Filtering

      IP Address Check

      The firewall queries the antispam service to determine if the IP address of the client delivering the email is in the block list. If there is a match, the email is treated as spam.

      URL Check

      The firewall submits all URLs that appear in the email body to the antispam service for checking. If a URL exists in the URL block list, the email is treated as spam.

      Detect Phishing URLs in Email

      The firewall submits all URL hyperlinks that appear in the email body to the antispam service for checking. If a URL exists in the phishing list, the firewall removes the hyperlink from the message. The URL remains in place, but it is no longer a clickable hyperlink.

      Email Checksum Check

      The firewall submits a checksum of each email to the antispam service for checking. If a checksum exists in the checksum block list, the email is treated as spam.

      Spam Submission

      Spam submission is a way to inform the antispam service of non-spam messages incorrectly marked as spam. When enabled, the firewall adds a link to the end of every email marked as spam. Click the link to notify the antispam service if an email is marked incorrectly.

    5. Click Save.

    Previous
    Next