Fortinet Document Library

Version:


Table of Contents

Fortinet FortiMail

1.0.1
Copy Link

About the connector

Fortinet FortiMail is an email security gateway product that monitors email messages on behalf of an organization to identify messages that contain malicious content, including spam, malware and phishing attempts.

This document provides information about the Fortinet FortiMail connector, which facilitates automated interactions, with your Fortinet FortiMail server using FortiSOAR™ playbooks. Add the Fortinet FortiMail connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all domains configured on Fortinet FortiMail and retrieving the sender blacklist and whitelist for session profiles.

Version information

Connector Version: 1.0.1

FortiSOAR™ Version Tested on: 4.12.1-253

Authored By: Fortinet

Certified: Yes 

Release Notes for version 1.0.1

Following enhancements have been made to the Fortinet FortiMail connector in version 1.0.1:

  • Updated the connector logo for the Fortinet FortiMail connector.

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-fortinet-fortimail

Prerequisites to configuring the connector

  • You must have the URL of Fortinet FortiMail server to which you will connect and perform automated operations and credentials (username-password pair) to access that server. 
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Fortinet FortiMail connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details.  

Parameter Description
Server URL URL of the Fortinet FortiMail server to which you will connect and perform automated operations.
Username Username of the Fortinet FortiMail server to which you will connect and perform automated operations.
Password Password used to access the Fortinet FortiMail server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Domains Configured Retrieves a list of all domains configured on Fortinet FortiMail. get_domains
Investigation
Get AntiSpam Profiles for Domain Retrieves a list of all AntiSpam Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified. get_antispam_domains
Investigation
Get Recipient Policies for Domain Retrieves a list of all Recipient Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified. get_recipient_policies
Investigation
Get GreyList Retrieves the Greylist configured on Fortinet FortiMail. grey_list
Investigation
Get Auto Exempt GreyList Retrieves the Auto Exempt Greylist configured on Fortinet FortiMail. grey_list
Investigation
Get Sender Whitelist For Session Profile Retrieves a list of sender whitelists from Fortinet FortiMail, based on the profile name you have specified. get_session_safe_list
Investigation
Get Sender Blacklist for Session Profile Retrieves a list of sender blacklists from Fortinet FortiMail, based on the profile name you have specified. get_session_block_list
Investigation
Get Profile Name Retrieves a list of profile names from Fortinet FortiMail, based on the profile type you have specified. get_profile_name
Investigation
Update Session Profile Updates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. update_session_profile
Investigation
Update Antispam Profile Updates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. update_antispam_profile
Investigation
Create Session Profile Creates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. create_session_profile
Investigation
Create Antispam Profile Creates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. create_antispam_profile
Investigation
Delete Session Profile Deletes a session profile from Fortinet FortiMail, based on the profile name you have specified. delete_session_profile
Investigation
Delete Antispam Profile Deletes an antispam profile from Fortinet FortiMail, based on the profile name you have specified. delete_antispam_profile
Investigation
Get Session Profile Details Retrieves details of a session profile from Fortinet FortiMail, based on the profile name you have specified. get_session_profile
Investigation
Get Antispam Profile Details Retrieves details of an antispam profile from Fortinet FortiMail, based on the profile name you have specified. get_antispam_profile
Investigation

operation: Get Domains Configured

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "collection": [
         {
             "mkey": "",
             "is_subdomain": "",
             "ip": "",
             "recipient_verification": "",
             "is_association": "",
             "maindomain": "",
             "mxflag": "",
             "is_service_domain": "",
             "port": ""
         }
     ],
     "objectID": "",
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "totalRemoteCount": "",
     "remoteSorting": ""
}

operation: Get AntiSpam Profiles for Domain

Input parameters

Parameter Description
Domain Name of the domain whose associated AntiSpam Profiles you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "collection": [
         {
             "mkey": "",
             "minimum_dictionary_score": "",
             "isReferenced": "",
             "mdomain": "",
             "dictionary_type": ""
         }
     ],
     "objectID": "",
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "totalRemoteCount": "",
     "remoteSorting": ""
}

operation: Get Recipient Policies for Domain

Input parameters

Parameter Description
Domain Name of the domain whose associated Recipient Profiles you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "collection": [
         {
             "antispam": "",
             "imap_auth": "",
             "pkiauth": "",
             "smtp_auth": "",
             "comment": "",
             "sender_email_address_group": "",
             "antivirus": "",
             "ldap_auth": "",
             "groupmode": "",
             "auth": "",
             "misc": "",
             "mdomain": "",
             "sender_type": "",
             "ldap_profile": "",
             "recipient_pattern": "",
             "mkey": "",
             "sender_pattern": "",
             "status": "",
             "content": "",
             "recipient_email_address_group": "",
             "recipient_domain": "",
             "pop3_auth": "",
             "sender_domain": "",
             "direction": "",
             "profile_dlp": "",
             "pkiuser": "",
             "radius_auth": ""
         }
     ],
     "objectID": "",
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "totalRemoteCount": "",
     "remoteSorting": ""
}

operation: Get GreyList

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "collection": [],
     "objectID": "",
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "totalRemoteCount": "",
     "remoteSorting": ""
}

operation: Get Auto Exempt GreyList

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "collection": [],
     "objectID": "",
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "totalRemoteCount": "",
     "remoteSorting": ""
}

operation: Get Sender Whitelist For Session Profile

Input parameters

Parameter Description
Profile Name Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "totalRemoteCount": "",
     "objectID": "",
     "collection": [
         {
             "mkey": ""
         }
     ],
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "remoteSorting": ""
}

operation: Get Sender Blacklist for Session Profile

Input parameters

Parameter Description
Profile Name Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "totalRemoteCount": "",
     "objectID": "",
     "collection": [
         {
             "mkey": ""
         }
     ],
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "remoteSorting": ""
}

operation: Get Profile Name

Input parameters

Parameter Description
Profile Type Select type of profile based on which you want to retrieve profile names from Fortinet FortiMail.
You can choose between Session and Antispam.

Output

The output contains a non-dictionary value.

operation: Update Session Profile

Input parameters

Parameter Description
Profile Name Name of the profile that you want to update on Fortinet FortiMail.
Connection Settings Select this option to configure connection setting. If you select this option, then you can specify the following parameters:
  • Restrict the number of connections per client per 30 minutes to: Specify the maximum number of connections per client IP address per 30 minutes. "0" means no limit.
  • Restrict the number of messages per client per 30 minutes to: Specify the maximum number of email messages a client can send per 30 minutes. "0" means no limit.
  • Restrict the number of recipients per client per 30 minutes to: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. "0" means no limit.
  • Maximum concurrent connections for each client: Specify the maximum number of concurrent connections per client. "0" means no limit.
  • Connection idle timeout (seconds): Specify the number of seconds upto which a client remain idle before Fortinet FortiMail drops the connection.
Sender Reputation Select this option to configure sender reputation. If you select this option, then you can specify the following parameters:
  • Enable Sender Reputation: Select Enable or Disable. If you select Enable, then the email is accepted or rejected based on sender reputation score. Other parameters are applicable only if you select Enable.
  • Throttle Client at: Enter the sender reputation score over which Fortinet FortiMail will rate limit the number of email messages that can be sent by this SMTP client.
  • Restrict number of email per hour to: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client.
  • Restrict email to [percent of previous hour]: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client, as a percentage of the number of email messages that the SMTP client sent during the previous hour.
  • Temporarily fail client at: Enter a sender reputation score over which Fortinet FortiMail will return a temporary failure error when the SMTP client attempts to initiate a connection.
  • Reject client at: Enter a sender reputation score over which Fortinet FortiMail will reject the email and reply to the SMTP client with SMTP reply code "550" when the SMTP client attempts to initiate a connection.
  • Check FortiGuard IP reputation at connection phase: Select this option to query the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted, during the connection phase.
Endpoint Reputation Select this option to configure Endpoint Reputation settings. This option allows you to  restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters:
  • Enable Endpoint Reputation: If you select Enable, then the email is accepted or rejected based on sender reputation score. Following parameters are applicable only if you select Enable.
  • Action: Select either Reject to Reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value or Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries will appear in the history log.
  • Auto blocklist score trigger value: Enter the MSISDN reputation score over which Fortinet FortiMail will add the MSISDN/subscriber ID to the automatic blocklist.
  • Auto blocklist duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID will be prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters:
  • SPF Check: If the sender domain DNS record lists SPF authorized IP addresses, use SPF check to compare the client IP address to the IP addresses of authorized senders in the DNS record. You can choose from the following options: Enable, Disable, or Bypass.
  • Enable DKIM check: If a DKIM signature is present (RFC 4871), enable this to query the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature. You can choose from the following options: Enable or Disable.
  • Enable DKIM signing for outgoing messages: Select the Enable option to sign outgoing email with a DKIM signature.This option requires that you first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain.
  • Enable DKIM signing for authenticated senders only: Select the Enable option to sign outgoing email with a DKIM signature only if the sender is authenticated.
  • Enable domain key check: If a DomainKey signature is present, then select Enable for this option and use this option to query the DNS server for the sender’s domain name to retrieve its public key to decrypt and verify the DomainKey signature.
  • Bypass bounce verification check: Select the Enable option to omit verification of bounce address tags on incoming bounce messages.
  • Sender address verification with LDAP: Select the Enable option to verify sender email addresses on an LDAP server.
Session Settings Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters:
  • Session Action: Select an action profile. You can choose from the following options: Discard, Encrypt_Pull, Reject, Replace, System Quarantine, or User Quarantine.
  • Message Selection: Select whether the action should be applied to All messages or Accepted messages only.
  • Reject EHLO/HELO commands with invalid characters in the domain: Select the Enable option to return SMTP reply code "501", and to reject the SMTP greeting, if the client or server uses a greeting that contains a domain name with invalid characters.
  • Perform strict syntax checking: Select the Enable option to return SMTP reply code "503", and to reject a SMTP command, if the client or server uses SMTP commands that are syntactically incorrect.
  • ACK EOM before AntiSpam check: Select the Enable option to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for antispam scanning to complete.
Lists Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile, and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters:
  • Enable sender safelist checking: Select the Enable option to check the sender addresses in the email envelope (MAILFROM:) and email header (From:) against the safe list in the SMTP sessions to which this profile is applied.
  • Enable sender blocklist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the block list in the SMTP sessions to which this profile is applied
  • Allow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the safe list in the SMTP sessions to which this profile is applied.
  • Disallow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the block list in the SMTP sessions to which this profile is applied.

Output

The output contains the following populated JSON schema:
{
     "check_client_ip_quick": "",
     "sender_addr_rate_ctrl_state": "",
     "disallow_empty_domains": "",
     "session_action_msg_type": "",
     "bounce_rule": "",
     "error_free": "",
     "error_initial_delay": "",
     "check_mason_effect": "",
     "check_helo_domain": "",
     "route": "",
     "sender_reputation_throttle": "",
     "conn_concurrent": "",
     "msisdn_sender_reputation_action": "",
     "access_control": "",
     "sender_reputation_throttle_number": "",
     "check_domain_chars": "",
     "number_of_messages": "",
     "check_recipient_domain": "",
     "sender_addr_rate_ctrl_max_recipients": "",
     "sender_rewrite": "",
     "domainkey": "",
     "error_increment": "",
     "sender_addr_rate_ctrl_action": "",
     "remote_log": "",
     "spf": "",
     "splice_after": "",
     "sender_verification_profile": "",
     "limit_RSETs": "",
     "msisdn_sender_reputation_blacklist_duration": "",
     "mkey": "",
     "action": "",
     "check_open_relay": "",
     "limit_NOOPs": "",
     "rewrite_helo_custom": "",
     "to_whitelist_enable": "",
     "disallow_encrypted": "",
     "conn_blacklisted": "",
     "block_encrypted": "",
     "helo_custom": "",
     "error_total": "",
     "recipient_rewrite": "",
     "sender_reputation_reject": "",
     "msisdn_sender_reputation_trigger": "",
     "eom_ack": "",
     "splice_enable": "",
     "dkim": true,
     "command_checking": "",
     "allow_pipelining": "",
     "number_of_recipients": "",
     "limit_helos": "",
     "bypass_bounce_verify": "",
     "limit_emails": "",
     "conn_rate_how_many": "",
     "conn_idle_timeout": "",
     "rewrite": "",
     "dkim_signing_authenticated_only": "",
     "reqAction": "",
     "check_sender_domain": "",
     "limit_recipients": "",
     "hide_received": "",
     "conn_hide": "",
     "limit_message_size": "",
     "whitelist_enable": "",
     "splice_what": "",
     "dkim_signing": "",
     "to_blacklist_enable": "",
     "msisdn_sender_reputation_status": "",
     "blacklist_enable": "",
     "queue": "",
     "sender_reputation_throttle_percent": "",
     "objectID": "",
     "sender_reputation": "",
     "hide_header": "",
     "limit_header_size": "",
     "sender_reputation_tempfail": "",
     "rewrite_helo": "",
     "sender_verification": ""
}

operation: Update Antispam Profile

Input parameters

Parameter Description
Profile Name Name of the antispam profile that you want to update on Fortinet FortiMail.
Default Action Select the default action that this operation should take when the policy matches.
You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
Scan Configurations Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters:
  • Greylist: Select Enable to apply greylisting.
  • SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record.
  • SPF options: Select this checkbox to enable to specify different actions towards different SPF check results.
    • Spf Fail Status: Select Enable to indicate that host is not authorized to send messages.
    • SPF Fail Action: Select the actions to be performed if host is not authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement.
    • SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Sender Alignment Status: Select Enable to indicate Header From and autorization domain mismatch.
    • SPF Sender Alignment Action: Select the actions to be performed if Header From and autorization domain mismatch. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Permanent Error Status: Select Enable to indicate that the SPF records are invalid.
    • SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Temporary Error Status: Select Enable to indicate a processing error.
    • SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Pass Status:  Select Enable to indicate that the host is authorized to send messages.
    • SPF  Pass Action: Select the actions to be performed if the host is authorized to send messages.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion.
    • SPF  Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion.
    • Spf None Status: Select Enable to indicate there is no SPF record.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • SPF None Action: Select the actions to be performed if there is no SPF record.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • DMARC Status: Enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. If either SPF check or DKIM check passes, DMARC check will pass. If both of them fails, DMARC check fails.
  • DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Behavior Analysis Status: Enable Behavior analysis (BA) to analyze the similarities between the uncertain email and the known spam email in the BA database and determine if the uncertain email is spam.
  • Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Header Analysis Status: Enable this option to examine the entire message header for spam characteristics.
  • Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Image Spam: Enable this option to enable Image spam in the AntiSpam Profile.
  • Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Aggressive: Enable Aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

The output contains the following populated JSON schema:
{
     "scanner_dictionary": "",
     "deepheader_analysis": "",
     "apply_action_default": "",
     "scanner_virus": "",
     "action_spf_fail": "",
     "action_spf_soft_fail": "",
     "bayesian_autotraining": "",
     "suspicious_newsletter_status": "",
     "scanner_surbl": "",
     "spf_soft_fail_status": "",
     "scan_maxsize": "",
     "scanner_banned_word": "",
     "action_suspicious_newsletter": "",
     "surbl": "",
     "dnsbl": "",
     "scanner_phishing_uri": "",
     "deepheader_check_ip": "",
     "whitelistword": "",
     "action_impersonation_analysis": "",
     "imagespam": "",
     "heuristic_upper": "",
     "scanner_fortiguard": "",
     "scanner_grey_list": "",
     "aggressive": "",
     "action_spf_sender_alignment": "",
     "bayesian_user_db": "",
     "spam_outbreak": "",
     "dictionary_group_id": "",
     "mkey": "",
     "minimum_dictionary_score": "",
     "fortiguard_check_ip": "",
     "uri_filter_fortiguard": "",
     "bayesian": "",
     "bannedword": "",
     "spf_none_status": "",
     "action_uri_filter_secondary": "",
     "action_dmarc": "",
     "spf_neutral_status": "",
     "spf_pass_status": "",
     "scanner_fortiguard_blackip": "",
     "action_newsletter": "",
     "action_spf_none": "",
     "scan_pdf": "",
     "action_behavior_analysis": "",
     "impersonation": "",
     "greylist": "",
     "spf_perm_error_status": "",
     "bayesian_usertraining": "",
     "dmarc_status": "",
     "spf_checking": "",
     "scanner_heuristic": "",
     "scanner_bayesian": "",
     "behavior_analysis": "",
     "reqAction": "",
     "fortiguard": "",
     "heuristic_lower": "",
     "scanner_rbl": "",
     "spf_fail_status": "",
     "spf_temp_error_status": "",
     "scanner_default": "",
     "phishing_uri": "",
     "spf_sender_alignment_status": "",
     "impersonation_analysis": "",
     "newsletter_status": "",
     "uri_filter_secondary_status": "",
     "action_spf_temp_error": "",
     "heuristic": "",
     "uri_filter_secondary": "unrated",
     "dictionary_type": "",
     "objectID": "",
     "action_spf_perm_error": "",
     "dictionary_profile_id_new": "",
     "action_spf_neutral": "",
     "scanner_deep_header": "",
     "heuristic_rules_percent": "",
     "scanner_image_spam": "",
     "scan_bypass_on_auth": "",
     "action_spf_pass": "",
     "dictionary": ""
}

operation: Create Session Profile

Input parameters

Parameter Description
Profile Name Provide the Session Profile Name to Create the Profile.
Connection Settings Select this option to configure connection setting. If you select this option, then you must specify the following parameters:
  • Restrict the number of connections per client per 30 minutes to: Specify the maximum number of connections per client IP address per 30 minutes. "0" means no limit.
  • Restrict the number of messages per client per 30 minutes to: Specify the maximum number of email messages a client can send per 30 minutes. "0" means no limit.
  • Restrict the number of recipients per client per 30 minutes to: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. "0" means no limit.
  • Maximum concurrent connections for each client: Specify the maximum number of concurrent connections per client. "0" means no limit.
  • Connection idle timeout (seconds): Specify the number of seconds upto which a client remain idle before Fortinet FortiMail drops the connection.
Sender Reputation Select this option to configure sender reputation. If you select this option, then you must specify the following parameters:
  • Enable Sender Reputation: Select Enable or Disable. If you select Enable, then the email is accepted or rejected based on sender reputation score. Other parameters are applicable only if you select Enable.
  • Throttle Client at: Enter the sender reputation score over which Fortinet FortiMail will rate limit the number of email messages that can be sent by this SMTP client.
  • Restrict number of email per hour to: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client.
  • Restrict email to [percent of previous hour]: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client, as a percentage of the number of email messages that the SMTP client sent during the previous hour.
  • Temporarily fail client at: Enter a sender reputation score over which Fortinet FortiMail will return a temporary failure error when the SMTP client attempts to initiate a connection.
  • Reject client at: Enter a sender reputation score over which Fortinet FortiMail will reject the email and reply to the SMTP client with SMTP reply code "550" when the SMTP client attempts to initiate a connection.
  • Check FortiGuard IP reputation at connection phase: Select this option to query the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted, during the connection phase.
Endpoint Reputation Select this option to configure Endpoint Reputation settings. This option allows you to  restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters:
  • Enable Endpoint Reputation:  If you select Enable, then the email is accepted or rejected based on sender reputation score. Following parameters are applicable only if you select Enable.
  • Action: Select either Reject to Reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value or Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries will appear in the history log.
  • Auto blocklist score trigger value: Enter the MSISDN reputation score over which Fortinet FortiMail will add the MSISDN/subscriber ID to the automatic blocklist.
  • Auto blocklist duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID will be prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters:
  • SPF Check: If the sender domain DNS record lists SPF authorized IP addresses, use SPF check to compare the client IP address to the IP addresses of authorized senders in the DNS record. You can choose from the following options: Enable, Disable, or Bypass.
  • Enable DKIM check: If a DKIM signature is present (RFC 4871), enable this to query the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature. You can choose from the following options: Enable or Disable.
  • Enable DKIM signing for outgoing messages: Select the Enable option to sign outgoing email with a DKIM signature.This option requires that you first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain.
  • Enable DKIM signing for authenticated senders only: Select the Enable option to sign outgoing email with a DKIM signature only if the sender is authenticated.
  • Enable domain key check: If a DomainKey signature is present, then select Enable for this option and use this option to query the DNS server for the sender’s domain name to retrieve its public key to decrypt and verify the DomainKey signature.
  • Bypass bounce verification check: Select the Enable option to omit verification of bounce address tags on incoming bounce messages.
  • Sender address verification with LDAP: Select the Enable option to verify sender email addresses on an LDAP server.
Session Settings Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters:
  • Session Action: Select an action profile. You can choose from the following options: Discard, Encrypt_Pull, Reject, Replace, System Quarantine, or User Quarantine.
  • Message Selection: Select whether the action should be applied to All messages or Accepted messages only.
  • Reject EHLO/HELO commands with invalid characters in the domain: Select the Enable option to return SMTP reply code "501", and to reject the SMTP greeting, if the client or server uses a greeting that contains a domain name with invalid characters.
  • Perform strict syntax checking: Select the Enable option to return SMTP reply code "503", and to reject a SMTP command, if the client or server uses SMTP commands that are syntactically incorrect.
  • ACK EOM before AntiSpam check: Select the Enable option to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for antispam scanning to complete.
Lists Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile, and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters:
  • Enable sender safelist checking: Select the Enable option to check the sender addresses in the email envelope (MAILFROM:) and email header (From:) against the safe list in the SMTP sessions to which this profile is applied.
  • Enable sender blocklist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the block list in the SMTP sessions to which this profile is applied
  • Allow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the safe list in the SMTP sessions to which this profile is applied.
  • Disallow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the block list in the SMTP sessions to which this profile is applied.

Output

The output contains the following populated JSON schema:
{
     "check_client_ip_quick": "",
     "sender_addr_rate_ctrl_state": "",
     "disallow_empty_domains": "",
     "session_action_msg_type": "",
     "bounce_rule": "",
     "error_free": "",
     "error_initial_delay": "",
     "check_mason_effect": "",
     "check_helo_domain": "",
     "route": "",
     "sender_reputation_throttle": "",
     "conn_concurrent": "",
     "msisdn_sender_reputation_action": "",
     "access_control": "",
     "sender_reputation_throttle_number": "",
     "check_domain_chars": "",
     "number_of_messages": "",
     "check_recipient_domain": "",
     "sender_addr_rate_ctrl_max_recipients": "",
     "sender_rewrite": "",
     "domainkey": "",
     "error_increment": "",
     "sender_addr_rate_ctrl_action": "",
     "remote_log": "",
     "spf": "",
     "splice_after": "",
     "sender_verification_profile": "",
     "limit_RSETs": "",
     "msisdn_sender_reputation_blacklist_duration": "",
     "mkey": "",
     "action": "",
     "check_open_relay": "",
     "limit_NOOPs": "",
     "rewrite_helo_custom": "",
     "to_whitelist_enable": "",
     "disallow_encrypted": "",
     "conn_blacklisted": "",
     "block_encrypted": "",
     "helo_custom": "",
     "error_total": "",
     "recipient_rewrite": "",
     "sender_reputation_reject": "",
     "msisdn_sender_reputation_trigger": "",
     "eom_ack": "",
     "splice_enable": "",
     "dkim": true,
     "command_checking": "",
     "allow_pipelining": "",
     "number_of_recipients": "",
     "limit_helos": "",
     "bypass_bounce_verify": "",
     "limit_emails": "",
     "conn_rate_how_many": "",
     "conn_idle_timeout": "",
     "rewrite": "",
     "dkim_signing_authenticated_only": "",
     "reqAction": "",
     "check_sender_domain": "",
     "limit_recipients": "",
     "hide_received": "",
     "conn_hide": "",
     "limit_message_size": "",
     "whitelist_enable": "",
     "splice_what": "",
     "dkim_signing": "",
     "to_blacklist_enable": "",
     "msisdn_sender_reputation_status": "",
     "blacklist_enable": "",
     "queue": "",
     "sender_reputation_throttle_percent": "",
     "objectID": "",
     "sender_reputation": "",
     "hide_header": "",
     "limit_header_size": "",
     "sender_reputation_tempfail": "",
     "rewrite_helo": "",
     "sender_verification": ""
}

operation: Create Antispam Profile

Input parameters

Parameter Description
Profile Name Name of the antispam profile that you want to create on Fortinet FortiMail.
Deafult Action Select the default action that this operation should take when the policy matches.
You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
Scan Configurations Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters:
  • Greylist: Select Enable to apply greylisting.
  • SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record.
  • SPF options: Select this checkbox to enable to specify different actions towards different SPF check results.
    • Spf Fail Status: Select Enable to indicate that host is not authorized to send messages.
    • SPF Fail Action: Select the actions to be performed if host is not authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement.
    • SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Sender Alignment Status: Select Enable to indicate Header From and autorization domain mismatch.
    • SPF Sender Alignment Action: Select the actions to be performed if Header From and autorization domain mismatch. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Permanent Error Status: Select Enable to indicate that the SPF records are invalid.
    • SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Temporary Error Status: Select Enable to indicate a processing error.
    • SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Pass Status:  Select Enable to indicate that the host is authorized to send messages.
    • SPF  Pass Action: Select the actions to be performed if the host is authorized to send messages.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion.
    • SPF  Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion.
    • Spf None Status: Select Enable to indicate there is no SPF record.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • SPF None Action: Select the actions to be performed if there is no SPF record.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • DMARC Status: Enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. If either SPF check or DKIM check passes, DMARC check will pass. If both of them fails, DMARC check fails.
  • DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Behavior Analysis Status: Enable Behavior analysis (BA) to analyze the similarities between the uncertain email and the known spam email in the BA database and determine if the uncertain email is spam.
  • Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Header Analysis Status: Enable this option to examine the entire message header for spam characteristics.
  • Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Image Spam: Enable this option to enable Image spam in the AntiSpam Profile.
  • Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Aggressive: Enable Aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

The output contains the following populated JSON schema:
{
     "scanner_dictionary": "",
     "deepheader_analysis": "",
     "apply_action_default": "",
     "scanner_virus": "",
     "action_spf_fail": "",
     "action_spf_soft_fail": "",
     "bayesian_autotraining": "",
     "suspicious_newsletter_status": "",
     "scanner_surbl": "",
     "spf_soft_fail_status": "",
     "scan_maxsize": "",
     "scanner_banned_word": "",
     "action_suspicious_newsletter": "",
     "surbl": "",
     "dnsbl": "",
     "scanner_phishing_uri": "",
     "deepheader_check_ip": "",
     "whitelistword": "",
     "action_impersonation_analysis": "",
     "imagespam": "",
     "heuristic_upper": "",
     "scanner_fortiguard": "",
     "scanner_grey_list": "",
     "aggressive": "",
     "action_spf_sender_alignment": "",
     "bayesian_user_db": "",
     "spam_outbreak": "",
     "dictionary_group_id": "",
     "mkey": "",
     "minimum_dictionary_score": "",
     "fortiguard_check_ip": "",
     "uri_filter_fortiguard": "",
     "bayesian": "",
     "bannedword": "",
     "spf_none_status": "",
     "action_uri_filter_secondary": "",
     "action_dmarc": "",
     "spf_neutral_status": "",
     "spf_pass_status": "",
     "scanner_fortiguard_blackip": "",
     "action_newsletter": "",
     "action_spf_none": "",
     "scan_pdf": "",
     "action_behavior_analysis": "",
     "impersonation": "",
     "greylist": "",
     "spf_perm_error_status": "",
     "bayesian_usertraining": "",
     "dmarc_status": "",
     "spf_checking": "",
     "scanner_heuristic": "",
     "scanner_bayesian": "",
     "behavior_analysis": "",
     "reqAction": "",
     "fortiguard": "",
     "heuristic_lower": "",
     "scanner_rbl": "",
     "spf_fail_status": "",
     "spf_temp_error_status": "",
     "scanner_default": "",
     "phishing_uri": "",
     "spf_sender_alignment_status": "",
     "impersonation_analysis": "",
     "newsletter_status": "",
     "uri_filter_secondary_status": "",
     "action_spf_temp_error": "",
     "heuristic": "",
     "uri_filter_secondary": "unrated",
     "dictionary_type": "",
     "objectID": "",
     "action_spf_perm_error": "",
     "dictionary_profile_id_new": "",
     "action_spf_neutral": "",
     "scanner_deep_header": "",
     "heuristic_rules_percent": "",
     "scanner_image_spam": "",
     "scan_bypass_on_auth": "",
     "action_spf_pass": "",
     "dictionary": ""
}

operation: Delete Session Profile

Input parameters

Parameter Description
Profile Name Name of the session profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "objectID": "",
     "errorMsg": "",
     "errorType": "",
     "reqAction": ""
}

operation: Delete Antispam Profile

Input parameters

Parameter Description
Profile Name Name of the antispam profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "objectID": "",
     "errorMsg": "",
     "errorType": "",
     "reqAction": ""
}

operation: Get Session Profile Details

Input parameters

Parameter Description
Profile Name Name of the session profile whose details you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "check_client_ip_quick": "",
     "sender_addr_rate_ctrl_state": "",
     "disallow_empty_domains": "",
     "session_action_msg_type": "",
     "bounce_rule": "",
     "error_free": "",
     "error_initial_delay": "",
     "check_mason_effect": "",
     "check_helo_domain": "",
     "route": "",
     "sender_reputation_throttle": "",
     "conn_concurrent": "",
     "msisdn_sender_reputation_action": "",
     "access_control": "",
     "sender_reputation_throttle_number": "",
     "check_domain_chars": "",
     "number_of_messages": "",
     "check_recipient_domain": "",
     "sender_addr_rate_ctrl_max_recipients": "",
     "sender_rewrite": "",
     "domainkey": "",
     "error_increment": "",
     "sender_addr_rate_ctrl_action": "",
     "remote_log": "",
     "spf": "",
     "splice_after": "",
     "sender_verification_profile": "",
     "limit_RSETs": "",
     "msisdn_sender_reputation_blacklist_duration": "",
     "mkey": "",
     "action": "",
     "check_open_relay": "",
     "limit_NOOPs": "",
     "rewrite_helo_custom": "",
     "to_whitelist_enable": "",
     "disallow_encrypted": "",
     "conn_blacklisted": "",
     "block_encrypted": "",
     "helo_custom": "",
     "error_total": "",
     "recipient_rewrite": "",
     "sender_reputation_reject": "",
     "msisdn_sender_reputation_trigger": "",
     "eom_ack": "",
     "splice_enable": "",
     "dkim": true,
     "command_checking": "",
     "allow_pipelining": "",
     "number_of_recipients": "",
     "limit_helos": "",
     "bypass_bounce_verify": "",
     "limit_emails": "",
     "conn_rate_how_many": "",
     "conn_idle_timeout": "",
     "rewrite": "",
     "dkim_signing_authenticated_only": "",
     "reqAction": "",
     "check_sender_domain": "",
     "limit_recipients": "",
     "hide_received": "",
     "conn_hide": "",
     "limit_message_size": "",
     "whitelist_enable": "",
     "splice_what": "",
     "dkim_signing": "",
     "to_blacklist_enable": "",
     "msisdn_sender_reputation_status": "",
     "blacklist_enable": "",
     "queue": "",
     "sender_reputation_throttle_percent": "",
     "objectID": "",
     "sender_reputation": "",
     "hide_header": "",
     "limit_header_size": "",
     "sender_reputation_tempfail": "",
     "rewrite_helo": "",
     "sender_verification": ""
}

operation: Get Antispam Profile Details

Input parameters

Parameter Description
Profile Name Name of the antispam profile whose associated details you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "scanner_dictionary": "",
     "deepheader_analysis": "",
     "apply_action_default": "",
     "scanner_virus": "",
     "action_spf_fail": "",
     "action_spf_soft_fail": "",
     "bayesian_autotraining": "",
     "suspicious_newsletter_status": "",
     "scanner_surbl": "",
     "spf_soft_fail_status": "",
     "scan_maxsize": "",
     "scanner_banned_word": "",
     "action_suspicious_newsletter": "",
     "surbl": "",
     "dnsbl": "",
     "scanner_phishing_uri": "",
     "deepheader_check_ip": "",
     "whitelistword": "",
     "action_impersonation_analysis": "",
     "imagespam": "",
     "heuristic_upper": "",
     "scanner_fortiguard": "",
     "scanner_grey_list": "",
     "aggressive": "",
     "action_spf_sender_alignment": "",
     "bayesian_user_db": "",
     "spam_outbreak": "",
     "dictionary_group_id": "",
     "mkey": "",
     "minimum_dictionary_score": "",
     "fortiguard_check_ip": "",
     "uri_filter_fortiguard": "",
     "bayesian": "",
     "bannedword": "",
     "spf_none_status": "",
     "action_uri_filter_secondary": "",
     "action_dmarc": "",
     "spf_neutral_status": "",
     "spf_pass_status": "",
     "scanner_fortiguard_blackip": "",
     "action_newsletter": "",
     "action_spf_none": "",
     "scan_pdf": "",
     "action_behavior_analysis": "",
     "impersonation": "",
     "greylist": "",
     "spf_perm_error_status": "",
     "bayesian_usertraining": "",
     "dmarc_status": "",
     "spf_checking": "",
     "scanner_heuristic": "",
     "scanner_bayesian": "",
     "behavior_analysis": "",
     "reqAction": "",
     "fortiguard": "",
     "heuristic_lower": "",
     "scanner_rbl": "",
     "spf_fail_status": "",
     "spf_temp_error_status": "",
     "scanner_default": "",
     "phishing_uri": "",
     "spf_sender_alignment_status": "",
     "impersonation_analysis": "",
     "newsletter_status": "",
     "uri_filter_secondary_status": "",
     "action_spf_temp_error": "",
     "heuristic": "",
     "uri_filter_secondary": "unrated",
     "dictionary_type": "",
     "objectID": "",
     "action_spf_perm_error": "",
     "dictionary_profile_id_new": "",
     "action_spf_neutral": "",
     "scanner_deep_header": "",
     "heuristic_rules_percent": "",
     "scanner_image_spam": "",
     "scan_bypass_on_auth": "",
     "action_spf_pass": "",
     "dictionary": ""
}

Included playbooks

The Sample - Fortinet Fortimail - 1.0.1 playbook collection comes bundled with the Fortinet FortiMail connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiMail connector.

  • Create Antispam Profile
  • Create Session Profile
  • Delete Antispam Profile
  • Delete Session Profile
  • Get AntiSpam Profile Details
  • Get AntiSpam Profiles for Domain
  • Get Auto Exempt GreyList
  • Get Domains Configured
  • Get GreyList
  • Get Profile Name
  • Get Recipient Policies for Domain
  • Get Sender Blacklist for Session Profile
  • Get Sender Whitelist for Session Profile
  • Get Session Profile Details
  • Update Antispam Profile
  • Update Session Profile

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Fortinet FortiMail is an email security gateway product that monitors email messages on behalf of an organization to identify messages that contain malicious content, including spam, malware and phishing attempts.

This document provides information about the Fortinet FortiMail connector, which facilitates automated interactions, with your Fortinet FortiMail server using FortiSOAR™ playbooks. Add the Fortinet FortiMail connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all domains configured on Fortinet FortiMail and retrieving the sender blacklist and whitelist for session profiles.

Version information

Connector Version: 1.0.1

FortiSOAR™ Version Tested on: 4.12.1-253

Authored By: Fortinet

Certified: Yes 

Release Notes for version 1.0.1

Following enhancements have been made to the Fortinet FortiMail connector in version 1.0.1:

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-fortinet-fortimail

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Fortinet FortiMail connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details.  

Parameter Description
Server URL URL of the Fortinet FortiMail server to which you will connect and perform automated operations.
Username Username of the Fortinet FortiMail server to which you will connect and perform automated operations.
Password Password used to access the Fortinet FortiMail server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Domains Configured Retrieves a list of all domains configured on Fortinet FortiMail. get_domains
Investigation
Get AntiSpam Profiles for Domain Retrieves a list of all AntiSpam Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified. get_antispam_domains
Investigation
Get Recipient Policies for Domain Retrieves a list of all Recipient Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified. get_recipient_policies
Investigation
Get GreyList Retrieves the Greylist configured on Fortinet FortiMail. grey_list
Investigation
Get Auto Exempt GreyList Retrieves the Auto Exempt Greylist configured on Fortinet FortiMail. grey_list
Investigation
Get Sender Whitelist For Session Profile Retrieves a list of sender whitelists from Fortinet FortiMail, based on the profile name you have specified. get_session_safe_list
Investigation
Get Sender Blacklist for Session Profile Retrieves a list of sender blacklists from Fortinet FortiMail, based on the profile name you have specified. get_session_block_list
Investigation
Get Profile Name Retrieves a list of profile names from Fortinet FortiMail, based on the profile type you have specified. get_profile_name
Investigation
Update Session Profile Updates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. update_session_profile
Investigation
Update Antispam Profile Updates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. update_antispam_profile
Investigation
Create Session Profile Creates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. create_session_profile
Investigation
Create Antispam Profile Creates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. create_antispam_profile
Investigation
Delete Session Profile Deletes a session profile from Fortinet FortiMail, based on the profile name you have specified. delete_session_profile
Investigation
Delete Antispam Profile Deletes an antispam profile from Fortinet FortiMail, based on the profile name you have specified. delete_antispam_profile
Investigation
Get Session Profile Details Retrieves details of a session profile from Fortinet FortiMail, based on the profile name you have specified. get_session_profile
Investigation
Get Antispam Profile Details Retrieves details of an antispam profile from Fortinet FortiMail, based on the profile name you have specified. get_antispam_profile
Investigation

operation: Get Domains Configured

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "collection": [
         {
             "mkey": "",
             "is_subdomain": "",
             "ip": "",
             "recipient_verification": "",
             "is_association": "",
             "maindomain": "",
             "mxflag": "",
             "is_service_domain": "",
             "port": ""
         }
     ],
     "objectID": "",
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "totalRemoteCount": "",
     "remoteSorting": ""
}

operation: Get AntiSpam Profiles for Domain

Input parameters

Parameter Description
Domain Name of the domain whose associated AntiSpam Profiles you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "collection": [
         {
             "mkey": "",
             "minimum_dictionary_score": "",
             "isReferenced": "",
             "mdomain": "",
             "dictionary_type": ""
         }
     ],
     "objectID": "",
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "totalRemoteCount": "",
     "remoteSorting": ""
}

operation: Get Recipient Policies for Domain

Input parameters

Parameter Description
Domain Name of the domain whose associated Recipient Profiles you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "collection": [
         {
             "antispam": "",
             "imap_auth": "",
             "pkiauth": "",
             "smtp_auth": "",
             "comment": "",
             "sender_email_address_group": "",
             "antivirus": "",
             "ldap_auth": "",
             "groupmode": "",
             "auth": "",
             "misc": "",
             "mdomain": "",
             "sender_type": "",
             "ldap_profile": "",
             "recipient_pattern": "",
             "mkey": "",
             "sender_pattern": "",
             "status": "",
             "content": "",
             "recipient_email_address_group": "",
             "recipient_domain": "",
             "pop3_auth": "",
             "sender_domain": "",
             "direction": "",
             "profile_dlp": "",
             "pkiuser": "",
             "radius_auth": ""
         }
     ],
     "objectID": "",
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "totalRemoteCount": "",
     "remoteSorting": ""
}

operation: Get GreyList

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "collection": [],
     "objectID": "",
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "totalRemoteCount": "",
     "remoteSorting": ""
}

operation: Get Auto Exempt GreyList

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "collection": [],
     "objectID": "",
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "totalRemoteCount": "",
     "remoteSorting": ""
}

operation: Get Sender Whitelist For Session Profile

Input parameters

Parameter Description
Profile Name Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "totalRemoteCount": "",
     "objectID": "",
     "collection": [
         {
             "mkey": ""
         }
     ],
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "remoteSorting": ""
}

operation: Get Sender Blacklist for Session Profile

Input parameters

Parameter Description
Profile Name Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "totalRemoteCount": "",
     "objectID": "",
     "collection": [
         {
             "mkey": ""
         }
     ],
     "reqAction": "",
     "subCount": "",
     "nextPage": "",
     "remoteSorting": ""
}

operation: Get Profile Name

Input parameters

Parameter Description
Profile Type Select type of profile based on which you want to retrieve profile names from Fortinet FortiMail.
You can choose between Session and Antispam.

Output

The output contains a non-dictionary value.

operation: Update Session Profile

Input parameters

Parameter Description
Profile Name Name of the profile that you want to update on Fortinet FortiMail.
Connection Settings Select this option to configure connection setting. If you select this option, then you can specify the following parameters:
  • Restrict the number of connections per client per 30 minutes to: Specify the maximum number of connections per client IP address per 30 minutes. "0" means no limit.
  • Restrict the number of messages per client per 30 minutes to: Specify the maximum number of email messages a client can send per 30 minutes. "0" means no limit.
  • Restrict the number of recipients per client per 30 minutes to: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. "0" means no limit.
  • Maximum concurrent connections for each client: Specify the maximum number of concurrent connections per client. "0" means no limit.
  • Connection idle timeout (seconds): Specify the number of seconds upto which a client remain idle before Fortinet FortiMail drops the connection.
Sender Reputation Select this option to configure sender reputation. If you select this option, then you can specify the following parameters:
  • Enable Sender Reputation: Select Enable or Disable. If you select Enable, then the email is accepted or rejected based on sender reputation score. Other parameters are applicable only if you select Enable.
  • Throttle Client at: Enter the sender reputation score over which Fortinet FortiMail will rate limit the number of email messages that can be sent by this SMTP client.
  • Restrict number of email per hour to: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client.
  • Restrict email to [percent of previous hour]: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client, as a percentage of the number of email messages that the SMTP client sent during the previous hour.
  • Temporarily fail client at: Enter a sender reputation score over which Fortinet FortiMail will return a temporary failure error when the SMTP client attempts to initiate a connection.
  • Reject client at: Enter a sender reputation score over which Fortinet FortiMail will reject the email and reply to the SMTP client with SMTP reply code "550" when the SMTP client attempts to initiate a connection.
  • Check FortiGuard IP reputation at connection phase: Select this option to query the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted, during the connection phase.
Endpoint Reputation Select this option to configure Endpoint Reputation settings. This option allows you to  restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters:
  • Enable Endpoint Reputation: If you select Enable, then the email is accepted or rejected based on sender reputation score. Following parameters are applicable only if you select Enable.
  • Action: Select either Reject to Reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value or Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries will appear in the history log.
  • Auto blocklist score trigger value: Enter the MSISDN reputation score over which Fortinet FortiMail will add the MSISDN/subscriber ID to the automatic blocklist.
  • Auto blocklist duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID will be prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters:
  • SPF Check: If the sender domain DNS record lists SPF authorized IP addresses, use SPF check to compare the client IP address to the IP addresses of authorized senders in the DNS record. You can choose from the following options: Enable, Disable, or Bypass.
  • Enable DKIM check: If a DKIM signature is present (RFC 4871), enable this to query the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature. You can choose from the following options: Enable or Disable.
  • Enable DKIM signing for outgoing messages: Select the Enable option to sign outgoing email with a DKIM signature.This option requires that you first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain.
  • Enable DKIM signing for authenticated senders only: Select the Enable option to sign outgoing email with a DKIM signature only if the sender is authenticated.
  • Enable domain key check: If a DomainKey signature is present, then select Enable for this option and use this option to query the DNS server for the sender’s domain name to retrieve its public key to decrypt and verify the DomainKey signature.
  • Bypass bounce verification check: Select the Enable option to omit verification of bounce address tags on incoming bounce messages.
  • Sender address verification with LDAP: Select the Enable option to verify sender email addresses on an LDAP server.
Session Settings Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters:
  • Session Action: Select an action profile. You can choose from the following options: Discard, Encrypt_Pull, Reject, Replace, System Quarantine, or User Quarantine.
  • Message Selection: Select whether the action should be applied to All messages or Accepted messages only.
  • Reject EHLO/HELO commands with invalid characters in the domain: Select the Enable option to return SMTP reply code "501", and to reject the SMTP greeting, if the client or server uses a greeting that contains a domain name with invalid characters.
  • Perform strict syntax checking: Select the Enable option to return SMTP reply code "503", and to reject a SMTP command, if the client or server uses SMTP commands that are syntactically incorrect.
  • ACK EOM before AntiSpam check: Select the Enable option to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for antispam scanning to complete.
Lists Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile, and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters:
  • Enable sender safelist checking: Select the Enable option to check the sender addresses in the email envelope (MAILFROM:) and email header (From:) against the safe list in the SMTP sessions to which this profile is applied.
  • Enable sender blocklist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the block list in the SMTP sessions to which this profile is applied
  • Allow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the safe list in the SMTP sessions to which this profile is applied.
  • Disallow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the block list in the SMTP sessions to which this profile is applied.

Output

The output contains the following populated JSON schema:
{
     "check_client_ip_quick": "",
     "sender_addr_rate_ctrl_state": "",
     "disallow_empty_domains": "",
     "session_action_msg_type": "",
     "bounce_rule": "",
     "error_free": "",
     "error_initial_delay": "",
     "check_mason_effect": "",
     "check_helo_domain": "",
     "route": "",
     "sender_reputation_throttle": "",
     "conn_concurrent": "",
     "msisdn_sender_reputation_action": "",
     "access_control": "",
     "sender_reputation_throttle_number": "",
     "check_domain_chars": "",
     "number_of_messages": "",
     "check_recipient_domain": "",
     "sender_addr_rate_ctrl_max_recipients": "",
     "sender_rewrite": "",
     "domainkey": "",
     "error_increment": "",
     "sender_addr_rate_ctrl_action": "",
     "remote_log": "",
     "spf": "",
     "splice_after": "",
     "sender_verification_profile": "",
     "limit_RSETs": "",
     "msisdn_sender_reputation_blacklist_duration": "",
     "mkey": "",
     "action": "",
     "check_open_relay": "",
     "limit_NOOPs": "",
     "rewrite_helo_custom": "",
     "to_whitelist_enable": "",
     "disallow_encrypted": "",
     "conn_blacklisted": "",
     "block_encrypted": "",
     "helo_custom": "",
     "error_total": "",
     "recipient_rewrite": "",
     "sender_reputation_reject": "",
     "msisdn_sender_reputation_trigger": "",
     "eom_ack": "",
     "splice_enable": "",
     "dkim": true,
     "command_checking": "",
     "allow_pipelining": "",
     "number_of_recipients": "",
     "limit_helos": "",
     "bypass_bounce_verify": "",
     "limit_emails": "",
     "conn_rate_how_many": "",
     "conn_idle_timeout": "",
     "rewrite": "",
     "dkim_signing_authenticated_only": "",
     "reqAction": "",
     "check_sender_domain": "",
     "limit_recipients": "",
     "hide_received": "",
     "conn_hide": "",
     "limit_message_size": "",
     "whitelist_enable": "",
     "splice_what": "",
     "dkim_signing": "",
     "to_blacklist_enable": "",
     "msisdn_sender_reputation_status": "",
     "blacklist_enable": "",
     "queue": "",
     "sender_reputation_throttle_percent": "",
     "objectID": "",
     "sender_reputation": "",
     "hide_header": "",
     "limit_header_size": "",
     "sender_reputation_tempfail": "",
     "rewrite_helo": "",
     "sender_verification": ""
}

operation: Update Antispam Profile

Input parameters

Parameter Description
Profile Name Name of the antispam profile that you want to update on Fortinet FortiMail.
Default Action Select the default action that this operation should take when the policy matches.
You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
Scan Configurations Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters:
  • Greylist: Select Enable to apply greylisting.
  • SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record.
  • SPF options: Select this checkbox to enable to specify different actions towards different SPF check results.
    • Spf Fail Status: Select Enable to indicate that host is not authorized to send messages.
    • SPF Fail Action: Select the actions to be performed if host is not authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement.
    • SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Sender Alignment Status: Select Enable to indicate Header From and autorization domain mismatch.
    • SPF Sender Alignment Action: Select the actions to be performed if Header From and autorization domain mismatch. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Permanent Error Status: Select Enable to indicate that the SPF records are invalid.
    • SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Temporary Error Status: Select Enable to indicate a processing error.
    • SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Pass Status:  Select Enable to indicate that the host is authorized to send messages.
    • SPF  Pass Action: Select the actions to be performed if the host is authorized to send messages.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion.
    • SPF  Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion.
    • Spf None Status: Select Enable to indicate there is no SPF record.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • SPF None Action: Select the actions to be performed if there is no SPF record.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • DMARC Status: Enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. If either SPF check or DKIM check passes, DMARC check will pass. If both of them fails, DMARC check fails.
  • DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Behavior Analysis Status: Enable Behavior analysis (BA) to analyze the similarities between the uncertain email and the known spam email in the BA database and determine if the uncertain email is spam.
  • Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Header Analysis Status: Enable this option to examine the entire message header for spam characteristics.
  • Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Image Spam: Enable this option to enable Image spam in the AntiSpam Profile.
  • Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Aggressive: Enable Aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

The output contains the following populated JSON schema:
{
     "scanner_dictionary": "",
     "deepheader_analysis": "",
     "apply_action_default": "",
     "scanner_virus": "",
     "action_spf_fail": "",
     "action_spf_soft_fail": "",
     "bayesian_autotraining": "",
     "suspicious_newsletter_status": "",
     "scanner_surbl": "",
     "spf_soft_fail_status": "",
     "scan_maxsize": "",
     "scanner_banned_word": "",
     "action_suspicious_newsletter": "",
     "surbl": "",
     "dnsbl": "",
     "scanner_phishing_uri": "",
     "deepheader_check_ip": "",
     "whitelistword": "",
     "action_impersonation_analysis": "",
     "imagespam": "",
     "heuristic_upper": "",
     "scanner_fortiguard": "",
     "scanner_grey_list": "",
     "aggressive": "",
     "action_spf_sender_alignment": "",
     "bayesian_user_db": "",
     "spam_outbreak": "",
     "dictionary_group_id": "",
     "mkey": "",
     "minimum_dictionary_score": "",
     "fortiguard_check_ip": "",
     "uri_filter_fortiguard": "",
     "bayesian": "",
     "bannedword": "",
     "spf_none_status": "",
     "action_uri_filter_secondary": "",
     "action_dmarc": "",
     "spf_neutral_status": "",
     "spf_pass_status": "",
     "scanner_fortiguard_blackip": "",
     "action_newsletter": "",
     "action_spf_none": "",
     "scan_pdf": "",
     "action_behavior_analysis": "",
     "impersonation": "",
     "greylist": "",
     "spf_perm_error_status": "",
     "bayesian_usertraining": "",
     "dmarc_status": "",
     "spf_checking": "",
     "scanner_heuristic": "",
     "scanner_bayesian": "",
     "behavior_analysis": "",
     "reqAction": "",
     "fortiguard": "",
     "heuristic_lower": "",
     "scanner_rbl": "",
     "spf_fail_status": "",
     "spf_temp_error_status": "",
     "scanner_default": "",
     "phishing_uri": "",
     "spf_sender_alignment_status": "",
     "impersonation_analysis": "",
     "newsletter_status": "",
     "uri_filter_secondary_status": "",
     "action_spf_temp_error": "",
     "heuristic": "",
     "uri_filter_secondary": "unrated",
     "dictionary_type": "",
     "objectID": "",
     "action_spf_perm_error": "",
     "dictionary_profile_id_new": "",
     "action_spf_neutral": "",
     "scanner_deep_header": "",
     "heuristic_rules_percent": "",
     "scanner_image_spam": "",
     "scan_bypass_on_auth": "",
     "action_spf_pass": "",
     "dictionary": ""
}

operation: Create Session Profile

Input parameters

Parameter Description
Profile Name Provide the Session Profile Name to Create the Profile.
Connection Settings Select this option to configure connection setting. If you select this option, then you must specify the following parameters:
  • Restrict the number of connections per client per 30 minutes to: Specify the maximum number of connections per client IP address per 30 minutes. "0" means no limit.
  • Restrict the number of messages per client per 30 minutes to: Specify the maximum number of email messages a client can send per 30 minutes. "0" means no limit.
  • Restrict the number of recipients per client per 30 minutes to: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. "0" means no limit.
  • Maximum concurrent connections for each client: Specify the maximum number of concurrent connections per client. "0" means no limit.
  • Connection idle timeout (seconds): Specify the number of seconds upto which a client remain idle before Fortinet FortiMail drops the connection.
Sender Reputation Select this option to configure sender reputation. If you select this option, then you must specify the following parameters:
  • Enable Sender Reputation: Select Enable or Disable. If you select Enable, then the email is accepted or rejected based on sender reputation score. Other parameters are applicable only if you select Enable.
  • Throttle Client at: Enter the sender reputation score over which Fortinet FortiMail will rate limit the number of email messages that can be sent by this SMTP client.
  • Restrict number of email per hour to: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client.
  • Restrict email to [percent of previous hour]: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client, as a percentage of the number of email messages that the SMTP client sent during the previous hour.
  • Temporarily fail client at: Enter a sender reputation score over which Fortinet FortiMail will return a temporary failure error when the SMTP client attempts to initiate a connection.
  • Reject client at: Enter a sender reputation score over which Fortinet FortiMail will reject the email and reply to the SMTP client with SMTP reply code "550" when the SMTP client attempts to initiate a connection.
  • Check FortiGuard IP reputation at connection phase: Select this option to query the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted, during the connection phase.
Endpoint Reputation Select this option to configure Endpoint Reputation settings. This option allows you to  restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters:
  • Enable Endpoint Reputation:  If you select Enable, then the email is accepted or rejected based on sender reputation score. Following parameters are applicable only if you select Enable.
  • Action: Select either Reject to Reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value or Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries will appear in the history log.
  • Auto blocklist score trigger value: Enter the MSISDN reputation score over which Fortinet FortiMail will add the MSISDN/subscriber ID to the automatic blocklist.
  • Auto blocklist duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID will be prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters:
  • SPF Check: If the sender domain DNS record lists SPF authorized IP addresses, use SPF check to compare the client IP address to the IP addresses of authorized senders in the DNS record. You can choose from the following options: Enable, Disable, or Bypass.
  • Enable DKIM check: If a DKIM signature is present (RFC 4871), enable this to query the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature. You can choose from the following options: Enable or Disable.
  • Enable DKIM signing for outgoing messages: Select the Enable option to sign outgoing email with a DKIM signature.This option requires that you first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain.
  • Enable DKIM signing for authenticated senders only: Select the Enable option to sign outgoing email with a DKIM signature only if the sender is authenticated.
  • Enable domain key check: If a DomainKey signature is present, then select Enable for this option and use this option to query the DNS server for the sender’s domain name to retrieve its public key to decrypt and verify the DomainKey signature.
  • Bypass bounce verification check: Select the Enable option to omit verification of bounce address tags on incoming bounce messages.
  • Sender address verification with LDAP: Select the Enable option to verify sender email addresses on an LDAP server.
Session Settings Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters:
  • Session Action: Select an action profile. You can choose from the following options: Discard, Encrypt_Pull, Reject, Replace, System Quarantine, or User Quarantine.
  • Message Selection: Select whether the action should be applied to All messages or Accepted messages only.
  • Reject EHLO/HELO commands with invalid characters in the domain: Select the Enable option to return SMTP reply code "501", and to reject the SMTP greeting, if the client or server uses a greeting that contains a domain name with invalid characters.
  • Perform strict syntax checking: Select the Enable option to return SMTP reply code "503", and to reject a SMTP command, if the client or server uses SMTP commands that are syntactically incorrect.
  • ACK EOM before AntiSpam check: Select the Enable option to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for antispam scanning to complete.
Lists Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile, and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters:
  • Enable sender safelist checking: Select the Enable option to check the sender addresses in the email envelope (MAILFROM:) and email header (From:) against the safe list in the SMTP sessions to which this profile is applied.
  • Enable sender blocklist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the block list in the SMTP sessions to which this profile is applied
  • Allow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the safe list in the SMTP sessions to which this profile is applied.
  • Disallow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the block list in the SMTP sessions to which this profile is applied.

Output

The output contains the following populated JSON schema:
{
     "check_client_ip_quick": "",
     "sender_addr_rate_ctrl_state": "",
     "disallow_empty_domains": "",
     "session_action_msg_type": "",
     "bounce_rule": "",
     "error_free": "",
     "error_initial_delay": "",
     "check_mason_effect": "",
     "check_helo_domain": "",
     "route": "",
     "sender_reputation_throttle": "",
     "conn_concurrent": "",
     "msisdn_sender_reputation_action": "",
     "access_control": "",
     "sender_reputation_throttle_number": "",
     "check_domain_chars": "",
     "number_of_messages": "",
     "check_recipient_domain": "",
     "sender_addr_rate_ctrl_max_recipients": "",
     "sender_rewrite": "",
     "domainkey": "",
     "error_increment": "",
     "sender_addr_rate_ctrl_action": "",
     "remote_log": "",
     "spf": "",
     "splice_after": "",
     "sender_verification_profile": "",
     "limit_RSETs": "",
     "msisdn_sender_reputation_blacklist_duration": "",
     "mkey": "",
     "action": "",
     "check_open_relay": "",
     "limit_NOOPs": "",
     "rewrite_helo_custom": "",
     "to_whitelist_enable": "",
     "disallow_encrypted": "",
     "conn_blacklisted": "",
     "block_encrypted": "",
     "helo_custom": "",
     "error_total": "",
     "recipient_rewrite": "",
     "sender_reputation_reject": "",
     "msisdn_sender_reputation_trigger": "",
     "eom_ack": "",
     "splice_enable": "",
     "dkim": true,
     "command_checking": "",
     "allow_pipelining": "",
     "number_of_recipients": "",
     "limit_helos": "",
     "bypass_bounce_verify": "",
     "limit_emails": "",
     "conn_rate_how_many": "",
     "conn_idle_timeout": "",
     "rewrite": "",
     "dkim_signing_authenticated_only": "",
     "reqAction": "",
     "check_sender_domain": "",
     "limit_recipients": "",
     "hide_received": "",
     "conn_hide": "",
     "limit_message_size": "",
     "whitelist_enable": "",
     "splice_what": "",
     "dkim_signing": "",
     "to_blacklist_enable": "",
     "msisdn_sender_reputation_status": "",
     "blacklist_enable": "",
     "queue": "",
     "sender_reputation_throttle_percent": "",
     "objectID": "",
     "sender_reputation": "",
     "hide_header": "",
     "limit_header_size": "",
     "sender_reputation_tempfail": "",
     "rewrite_helo": "",
     "sender_verification": ""
}

operation: Create Antispam Profile

Input parameters

Parameter Description
Profile Name Name of the antispam profile that you want to create on Fortinet FortiMail.
Deafult Action Select the default action that this operation should take when the policy matches.
You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
Scan Configurations Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters:
  • Greylist: Select Enable to apply greylisting.
  • SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record.
  • SPF options: Select this checkbox to enable to specify different actions towards different SPF check results.
    • Spf Fail Status: Select Enable to indicate that host is not authorized to send messages.
    • SPF Fail Action: Select the actions to be performed if host is not authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement.
    • SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Sender Alignment Status: Select Enable to indicate Header From and autorization domain mismatch.
    • SPF Sender Alignment Action: Select the actions to be performed if Header From and autorization domain mismatch. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Permanent Error Status: Select Enable to indicate that the SPF records are invalid.
    • SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Temporary Error Status: Select Enable to indicate a processing error.
    • SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Pass Status:  Select Enable to indicate that the host is authorized to send messages.
    • SPF  Pass Action: Select the actions to be performed if the host is authorized to send messages.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • Spf Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion.
    • SPF  Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion.
    • Spf None Status: Select Enable to indicate there is no SPF record.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
    • SPF None Action: Select the actions to be performed if there is no SPF record.  You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • DMARC Status: Enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. If either SPF check or DKIM check passes, DMARC check will pass. If both of them fails, DMARC check fails.
  • DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Behavior Analysis Status: Enable Behavior analysis (BA) to analyze the similarities between the uncertain email and the known spam email in the BA database and determine if the uncertain email is spam.
  • Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Header Analysis Status: Enable this option to examine the entire message header for spam characteristics.
  • Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Image Spam: Enable this option to enable Image spam in the AntiSpam Profile.
  • Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
  • Aggressive: Enable Aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

The output contains the following populated JSON schema:
{
     "scanner_dictionary": "",
     "deepheader_analysis": "",
     "apply_action_default": "",
     "scanner_virus": "",
     "action_spf_fail": "",
     "action_spf_soft_fail": "",
     "bayesian_autotraining": "",
     "suspicious_newsletter_status": "",
     "scanner_surbl": "",
     "spf_soft_fail_status": "",
     "scan_maxsize": "",
     "scanner_banned_word": "",
     "action_suspicious_newsletter": "",
     "surbl": "",
     "dnsbl": "",
     "scanner_phishing_uri": "",
     "deepheader_check_ip": "",
     "whitelistword": "",
     "action_impersonation_analysis": "",
     "imagespam": "",
     "heuristic_upper": "",
     "scanner_fortiguard": "",
     "scanner_grey_list": "",
     "aggressive": "",
     "action_spf_sender_alignment": "",
     "bayesian_user_db": "",
     "spam_outbreak": "",
     "dictionary_group_id": "",
     "mkey": "",
     "minimum_dictionary_score": "",
     "fortiguard_check_ip": "",
     "uri_filter_fortiguard": "",
     "bayesian": "",
     "bannedword": "",
     "spf_none_status": "",
     "action_uri_filter_secondary": "",
     "action_dmarc": "",
     "spf_neutral_status": "",
     "spf_pass_status": "",
     "scanner_fortiguard_blackip": "",
     "action_newsletter": "",
     "action_spf_none": "",
     "scan_pdf": "",
     "action_behavior_analysis": "",
     "impersonation": "",
     "greylist": "",
     "spf_perm_error_status": "",
     "bayesian_usertraining": "",
     "dmarc_status": "",
     "spf_checking": "",
     "scanner_heuristic": "",
     "scanner_bayesian": "",
     "behavior_analysis": "",
     "reqAction": "",
     "fortiguard": "",
     "heuristic_lower": "",
     "scanner_rbl": "",
     "spf_fail_status": "",
     "spf_temp_error_status": "",
     "scanner_default": "",
     "phishing_uri": "",
     "spf_sender_alignment_status": "",
     "impersonation_analysis": "",
     "newsletter_status": "",
     "uri_filter_secondary_status": "",
     "action_spf_temp_error": "",
     "heuristic": "",
     "uri_filter_secondary": "unrated",
     "dictionary_type": "",
     "objectID": "",
     "action_spf_perm_error": "",
     "dictionary_profile_id_new": "",
     "action_spf_neutral": "",
     "scanner_deep_header": "",
     "heuristic_rules_percent": "",
     "scanner_image_spam": "",
     "scan_bypass_on_auth": "",
     "action_spf_pass": "",
     "dictionary": ""
}

operation: Delete Session Profile

Input parameters

Parameter Description
Profile Name Name of the session profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "objectID": "",
     "errorMsg": "",
     "errorType": "",
     "reqAction": ""
}

operation: Delete Antispam Profile

Input parameters

Parameter Description
Profile Name Name of the antispam profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "objectID": "",
     "errorMsg": "",
     "errorType": "",
     "reqAction": ""
}

operation: Get Session Profile Details

Input parameters

Parameter Description
Profile Name Name of the session profile whose details you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "check_client_ip_quick": "",
     "sender_addr_rate_ctrl_state": "",
     "disallow_empty_domains": "",
     "session_action_msg_type": "",
     "bounce_rule": "",
     "error_free": "",
     "error_initial_delay": "",
     "check_mason_effect": "",
     "check_helo_domain": "",
     "route": "",
     "sender_reputation_throttle": "",
     "conn_concurrent": "",
     "msisdn_sender_reputation_action": "",
     "access_control": "",
     "sender_reputation_throttle_number": "",
     "check_domain_chars": "",
     "number_of_messages": "",
     "check_recipient_domain": "",
     "sender_addr_rate_ctrl_max_recipients": "",
     "sender_rewrite": "",
     "domainkey": "",
     "error_increment": "",
     "sender_addr_rate_ctrl_action": "",
     "remote_log": "",
     "spf": "",
     "splice_after": "",
     "sender_verification_profile": "",
     "limit_RSETs": "",
     "msisdn_sender_reputation_blacklist_duration": "",
     "mkey": "",
     "action": "",
     "check_open_relay": "",
     "limit_NOOPs": "",
     "rewrite_helo_custom": "",
     "to_whitelist_enable": "",
     "disallow_encrypted": "",
     "conn_blacklisted": "",
     "block_encrypted": "",
     "helo_custom": "",
     "error_total": "",
     "recipient_rewrite": "",
     "sender_reputation_reject": "",
     "msisdn_sender_reputation_trigger": "",
     "eom_ack": "",
     "splice_enable": "",
     "dkim": true,
     "command_checking": "",
     "allow_pipelining": "",
     "number_of_recipients": "",
     "limit_helos": "",
     "bypass_bounce_verify": "",
     "limit_emails": "",
     "conn_rate_how_many": "",
     "conn_idle_timeout": "",
     "rewrite": "",
     "dkim_signing_authenticated_only": "",
     "reqAction": "",
     "check_sender_domain": "",
     "limit_recipients": "",
     "hide_received": "",
     "conn_hide": "",
     "limit_message_size": "",
     "whitelist_enable": "",
     "splice_what": "",
     "dkim_signing": "",
     "to_blacklist_enable": "",
     "msisdn_sender_reputation_status": "",
     "blacklist_enable": "",
     "queue": "",
     "sender_reputation_throttle_percent": "",
     "objectID": "",
     "sender_reputation": "",
     "hide_header": "",
     "limit_header_size": "",
     "sender_reputation_tempfail": "",
     "rewrite_helo": "",
     "sender_verification": ""
}

operation: Get Antispam Profile Details

Input parameters

Parameter Description
Profile Name Name of the antispam profile whose associated details you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
     "scanner_dictionary": "",
     "deepheader_analysis": "",
     "apply_action_default": "",
     "scanner_virus": "",
     "action_spf_fail": "",
     "action_spf_soft_fail": "",
     "bayesian_autotraining": "",
     "suspicious_newsletter_status": "",
     "scanner_surbl": "",
     "spf_soft_fail_status": "",
     "scan_maxsize": "",
     "scanner_banned_word": "",
     "action_suspicious_newsletter": "",
     "surbl": "",
     "dnsbl": "",
     "scanner_phishing_uri": "",
     "deepheader_check_ip": "",
     "whitelistword": "",
     "action_impersonation_analysis": "",
     "imagespam": "",
     "heuristic_upper": "",
     "scanner_fortiguard": "",
     "scanner_grey_list": "",
     "aggressive": "",
     "action_spf_sender_alignment": "",
     "bayesian_user_db": "",
     "spam_outbreak": "",
     "dictionary_group_id": "",
     "mkey": "",
     "minimum_dictionary_score": "",
     "fortiguard_check_ip": "",
     "uri_filter_fortiguard": "",
     "bayesian": "",
     "bannedword": "",
     "spf_none_status": "",
     "action_uri_filter_secondary": "",
     "action_dmarc": "",
     "spf_neutral_status": "",
     "spf_pass_status": "",
     "scanner_fortiguard_blackip": "",
     "action_newsletter": "",
     "action_spf_none": "",
     "scan_pdf": "",
     "action_behavior_analysis": "",
     "impersonation": "",
     "greylist": "",
     "spf_perm_error_status": "",
     "bayesian_usertraining": "",
     "dmarc_status": "",
     "spf_checking": "",
     "scanner_heuristic": "",
     "scanner_bayesian": "",
     "behavior_analysis": "",
     "reqAction": "",
     "fortiguard": "",
     "heuristic_lower": "",
     "scanner_rbl": "",
     "spf_fail_status": "",
     "spf_temp_error_status": "",
     "scanner_default": "",
     "phishing_uri": "",
     "spf_sender_alignment_status": "",
     "impersonation_analysis": "",
     "newsletter_status": "",
     "uri_filter_secondary_status": "",
     "action_spf_temp_error": "",
     "heuristic": "",
     "uri_filter_secondary": "unrated",
     "dictionary_type": "",
     "objectID": "",
     "action_spf_perm_error": "",
     "dictionary_profile_id_new": "",
     "action_spf_neutral": "",
     "scanner_deep_header": "",
     "heuristic_rules_percent": "",
     "scanner_image_spam": "",
     "scan_bypass_on_auth": "",
     "action_spf_pass": "",
     "dictionary": ""
}

Included playbooks

The Sample - Fortinet Fortimail - 1.0.1 playbook collection comes bundled with the Fortinet FortiMail connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiMail connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.