FortiSandbox has a BCC adapter to receive and scan forwarded emails from upstream MTA servers. FortiSandbox extracts attachment files and URLs from the email body and sends them to the job queue.
This feature is for information only, like sniffer mode. It will not block any email.
- Enable the BCC adapter:
- Go to Security Fabric > Adapter in the navigation tree.
- Select BCC and click Edit in the toolbar. The BCC adapter is disabled by default.
- Enable the BCC adapter.
- Enable Parse URL to allow the FortiSandbox to extract the first three URLs in an email.
- Enter the SMTP port that the FortiSandbox listens on to receive emails. The default port is 25.
- Select the interface that the FortiSandbox listens on. The default is port1.
- Click Apply.
- Enable file submission from the BCC adapter to create log events:
- Go to Scan Policy and Object > General Settings.
- Under Enable log event of file submission, select BCC Adapter.
- Click OK.
View BCC adapter debug logs in run time, execute the following CLI command:
For more information about the
diagnose-debugcommand, see the FortiSandbox CLI Reference.
- Go to Profile > AntiSpam and create a new AntiSpam profile:
- Enable Apply default action without scan upon policy match.
- Configure BCC as the default action.
- Edit the default action: enable BCC, and add a BCC address, such as email@example.com.
- Go to Policy > Recipient Policy:
- Select the domain for forwarding emails to the FortiSandbox, and apply the new AntiSpam profile.
- Add a new inbound policy, select the domain for forwarding emails to the FortiSandbox, and apply the new AntiSpam profile.
- Add a new outbound policy, select the domain for forwarding emails to the FortiSandbox, and apply the new AntiSpam profile.
- Go to Policy > Access Control:
- On the Delivery tab, add a TLS policy with a recipient pattern matching the previously added BCC address (in this example: *@fsabcctest.com).
- Set TLS Profile as none or Preferred.
- For the DNS server that your upstream mail server is accessing, add an MX record for the BCC email domain to resolve the FortiSandbox device's IP address. In the above example, the email domain is fsabcctest.com and the IP address is that of the port that is receiving the email.