Fortinet Fortimail

Fortinet Fortimail v1.1.0

Home FortiSOAR Connectors Fortinet Fortimail

1.1.0

Fortinet Fortimail v1.1.0

About the connector

Fortinet FortiMail is an email security gateway product that monitors email messages on behalf of an organization to identify messages that contain malicious content, including spam, malware, and phishing attempts.

This document provides information about the Fortinet FortiMail connector, which facilitates automated interactions, with your Fortinet FortiMail server using FortiSOAR™ playbooks. Add the Fortinet FortiMail connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all domains configured on Fortinet FortiMail and retrieving the sender blacklist and whitelist for session profiles.

Version information

Connector Version: 1.1.0

FortiSOAR™ Version Tested on: 6.4.4-3164

Fortinet FortiMail Version Tested on: v6.4.0(GA), build384, 2020.05.07

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.1.0

Following enhancements have been made to the Fortinet FortiMail connector in version 1.1.0:

Added the following operations and playbooks
- Block Sender Address
- Block Recipient Address
- Unblock Sender Address
- Unblock Recipient Address
- Update Block List
- Update Safe List
Updated the output schemas for the following operations:
- Create Session Profile
- Create Antispam Profile
- Get Profile Name
- Update Session Profile
- Update Antispam Profile
- Get Antispam Profile Details
- Get AntiSpam Profiles for Domain
- Get Auto Exempt GreyList
- Get GreyList
- Get Session Profile Details
- Get Recipient Policies for Domain

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:

yum install cyops-connector-fortinet-fortimail

Prerequisites to configuring the connector

You must have the URL of Fortinet FortiMail server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
The FortiSOAR™ server should have outbound connectivity to port 443 on the Fortinet FortiMail server.
You must also enable the REST API on FortiMail as explained in the Enabling FortiMAIL REST API Support section. Also, users who will be using the performing actions using the API must have the Access Mode "REST API" enabled.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Fortinet FortiMail connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter	Description
Server URL	URL of the Fortinet FortiMail server to which you will connect and perform automated operations.
Username	Username of the Fortinet FortiMail server to which you will connect and perform automated operations.
Password	Password used to access the Fortinet FortiMail server to which you will connect and perform the automated operations.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified or not.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 and onwards:

Function	Description	Annotation and Category
Get Domains Configured	Retrieves a list of all domains configured on Fortinet FortiMail.	get_domains Investigation
Get AntiSpam Profiles for Domain	Retrieves a list of all AntiSpam Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified.	get_antispam_domains Investigation
Get Recipient Policies for Domain	Retrieves a list of all Recipient Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified.	get_recipient_policies Investigation
Get GreyList	Retrieves the Greylist configured on Fortinet FortiMail.	grey_list Investigation
Get Auto Exempt GreyList	Retrieves the Auto Exempt Greylist configured on Fortinet FortiMail.	grey_list Investigation
Get Sender Whitelist For Session Profile	Retrieves a list of sender whitelists from Fortinet FortiMail, based on the profile name you have specified.	get_session_safe_list Investigation
Get Sender Blacklist for Session Profile	Retrieves a list of sender blacklists from Fortinet FortiMail, based on the profile name you have specified.	get_session_block_list Investigation
Get Profile Name	Retrieves a list of profile names from Fortinet FortiMail, based on the profile type you have specified.	get_profile_name Investigation
Block Sender Address	Adds an email address to the sender block list of the specified session profile, based on the profile name and email address you have specified.	block_sender_address Containment
Block Recipient Address	Adds an email address to the recipient block list of the specified session profile, based on the profile name and email address you have specified.	block_recipient_address Containment
Unblock Sender Address	Unblocks an email address by removing the specified email address from the sender block list of the specified session profile, based on the profile name and email address you have specified.	unblock_sender_address Remediation
Unblock Recipient Address	Unblocks an email address by removing the specified email address from the recipient block list of the specified session profile, based on the profile name and email address you have specified.	unblock_recipient_address Remediation
Update Block List	Updates, i.e., adds or removes items such as email addresses, domains, IP addresses from the selected block list, based on the input parameters you have specified.	update_block_list Remediation
Update Safe List	Updates, i.e., adds or removes items such as email addresses, domains, IP addresses from the selected safe list, based on the input parameters you have specified.	update_safe_list Remediation
Update Session Profile	Updates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified.	update_session_profile Investigation
Update Antispam Profile	Updates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified.	update_antispam_profile Investigation
Create Session Profile	Creates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified.	create_session_profile Investigation
Create Antispam Profile	Creates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified.	create_antispam_profile Investigation
Delete Session Profile	Deletes a session profile from Fortinet FortiMail, based on the profile name you have specified.	delete_session_profile Investigation
Delete Antispam Profile	Deletes an antispam profile from Fortinet FortiMail, based on the profile name you have specified.	delete_antispam_profile Investigation
Get Session Profile Details	Retrieves details of a session profile from Fortinet FortiMail, based on the profile name you have specified.	get_session_profile Investigation
Get Antispam Profile Details	Retrieves details of an antispam profile from Fortinet FortiMail, based on the profile name you have specified.	get_antispam_profile Investigation

operation: Get Domains Configured

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"collection": [
{
"mkey": "",
"is_subdomain": "",
"ip": "",
"recipient_verification": "",
"is_association": "",
"maindomain": "",
"mxflag": "",
"is_service_domain": "",
"port": ""
}
],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}

operation: Get AntiSpam Profiles for Domain

Input parameters

Parameter	Description
Domain	Name of the domain whose associated AntiSpam Profiles you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
"objectID": "",
"reqAction": "",
"totalRemoteCount": "",
"subCount": "",
"remoteSorting": "",
"nextPage": "",
"collection": [
{
"mdomain": "",
"mkey": "",
"dictionary_type": "",
"minimum_dictionary_score": "",
"isReferenced": ""
}
]
}

operation: Get Recipient Policies for Domain

Input parameters

Parameter	Description
Domain	Name of the domain whose associated Recipient Profiles you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
"nextPage": "",
"objectID": "",
"subCount": "",
"reqAction": "",
"collection": [
{
"auth": "",
"misc": "",
"mkey": "",
"status": "",
"comment": "",
"content": "",
"mdomain": "",
"pkiauth": "",
"pkiuser": "",
"antispam": "",
"antivirus": "",
"direction": "",
"groupmode": "",
"imap_auth": "",
"ldap_auth": "",
"pop3_auth": "",
"smtp_auth": "",
"profile_dlp": "",
"radius_auth": "",
"sender_type": "",
"ldap_profile": "",
"sender_domain": "",
"sender_pattern": "",
"recipient_domain": "",
"recipient_pattern": "",
"sender_email_address_group": "",
"recipient_email_address_group": ""
}
],
"remoteSorting": "",
"nodePermission": "",
"totalRemoteCount": ""
}

operation: Get GreyList

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"nextPage": "",
"objectID": "",
"subCount": "",
"reqAction": "",
"collection": [],
"remoteSorting": "",
"nodePermission": "",
"totalRemoteCount": ""
}

operation: Get Auto Exempt GreyList

Input parameters

None.

Output

operation: Get Sender Whitelist For Session Profile

Input parameters

Parameter	Description
Profile Name	Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
"totalRemoteCount": "",
"objectID": "",
"collection": [
{
"mkey": ""
}
],
"reqAction": "",
"subCount": "",
"nextPage": "",
"remoteSorting": ""
}

operation: Get Sender Blacklist for Session Profile

Input parameters

Parameter	Description
Profile Name	Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

operation: Get Profile Name

Input parameters

Parameter	Description
Profile Type	Select the type of profile based on which you want to retrieve profile names from Fortinet FortiMail. You can choose between Session and Antispam.

Output

The output contains the following populated JSON schema if 'Session' is selected as the 'Profile Type':
{
"nextPage": "",
"objectID": "",
"subCount": "",
"reqAction": "",
"collection": [
{
"mkey": "",
"action": "",
"isReferenced": ""
}
],
"remoteSorting": "",
"nodePermission": "",
"totalRemoteCount": ""
}

The output contains the following populated JSON schema if 'Antispam' is selected as the 'Profile Type':
{
"nextPage": "",
"objectID": "",
"subCount": "",
"reqAction": "",
"collection": [
{
"mkey": "",
"isReferenced": "",
"dictionary_type": "",
"minimum_dictionary_score": ""
}
],
"remoteSorting": "",
"nodePermission": "",
"totalRemoteCount": ""
}

operation: Block Sender Address

Input parameters

Parameter	Description
Profile Name	Name of the session profile to whose associated sender block list you want to add the specified address.
Sender Email Address	Email address that you want to block by adding it to the sender block list of the specified session profile.

Output

The output contains the following populated JSON schema:
{
"objectID": "",
"reqAction": "",
"nodePermission": "",
"mkey": ""
}

operation: Block Recipient Address

Input parameters

Parameter	Description
Profile Name	Name of the session profile to whose associated recipient block list you want to add the specified address.
Recipient Email Address	Email address that you want to block by adding it to the recipient block list of the specified session profile.

Output

The output contains the following populated JSON schema:
{
"objectID": "",
"reqAction": "",
"nodePermission": "",
"mkey": ""
}

operation: Unblock Sender Address

Input parameters

Parameter	Description
Profile Name	Name of the session profile from whose associated sender block list you want to remove the specified address.
Sender Email Address	Email address that you want to unblock by removing it from the sender block list of the specified session profile.

Output

The output contains the following populated JSON schema:
{
"errorType": "",
"errorMsg": "",
"objectID": "",
"reqAction": ""
}

operation: Unblock Recipient Address

Input parameters

Parameter	Description
Profile Name	Name of the session profile from whose associated recipient block list you want to remove the specified address.
Recipient Email Address	Email address that you want to unblock by removing it from the recipient block list of the specified session profile.

Output

The output contains the following populated JSON schema:
{
"errorType": "",
"errorMsg": "",
"objectID": "",
"reqAction": ""
}

operation: Update Block List

Input parameters

Parameter	Description
Action	Select the action that you want to perform, i.e., whether you want to Add or Remove items from the block list.
List Type	Select the block list you want to update. You can choose between System, Domain, and Personal. If you choose System, then you do not have to specify any other parameters. If you choose Domain, then in the Domain field, you need to provide a domain for which you want to create the block list. If you choose Personal, then in the Email Address field, you need to provide an email address for which you want to create a personal block list.
Items	Provide a CSV list of items, i.e., email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected block list.

Parameter

Description

Action

Select the action that you want to perform, i.e., whether you want to Add or Remove items from the block list.

List Type

Select the block list you want to update. You can choose between System, Domain, and Personal.

If you choose System, then you do not have to specify any other parameters.
If you choose Domain, then in the Domain field, you need to provide a domain for which you want to create the block list.
If you choose Personal, then in the Email Address field, you need to provide an email address for which you want to create a personal block list.

Items

Provide a CSV list of items, i.e., email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected block list.

Output

The output contains the following populated JSON schema if 'Add' is selected as the 'Action':
{
"mkey": "",
"listname": "",
"objectID": "",
"listitems": "",
"reqAction": "",
"nodePermission": ""
}

The output contains the following populated JSON schema if 'Remove' is selected as the 'Action':
{
"errorMsg": "",
"objectID": "",
"errorType": "",
"reqAction": ""
}

operation: Update Safe List

Input parameters

Parameter	Description
Action	Select the action that you want to perform, i.e., whether you want to Add or Remove items from the safe list.
List Type	Select the safe list you want to update. You can choose between System, Domain, and Personal. If you choose System, then you do not have to specify any other parameters. If you choose Domain, then in the Domain field, you need to provide a domain for which you want to create the safe list. If you choose Personal, then in the Email Address field, you need to provide an email address for which you want to create a personal safe list.
Items	Provide a CSV list of items, i.e., email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected safe list.

Parameter

Description

Action

Select the action that you want to perform, i.e., whether you want to Add or Remove items from the safe list.

List Type

Select the safe list you want to update. You can choose between System, Domain, and Personal.

If you choose System, then you do not have to specify any other parameters.
If you choose Domain, then in the Domain field, you need to provide a domain for which you want to create the safe list.
If you choose Personal, then in the Email Address field, you need to provide an email address for which you want to create a personal safe list.

Items

Provide a CSV list of items, i.e., email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected safe list.

Output

The output contains the following populated JSON schema if 'Remove' is selected as the 'Action':
{
"errorMsg": "",
"objectID": "",
"errorType": "",
"reqAction": ""
}

operation: Update Session Profile

Input parameters

Parameter	Description
Profile Name	Name of the profile that you want to update on Fortinet FortiMail.
Connection Settings	Select this option to configure the connection setting. If you select this option, then you can specify the following parameters: Restrict the number of connections per client per 30 minutes to: Specify the maximum number of connections per client IP address per 30 minutes. "0" means no limit. Restrict the number of messages per client per 30 minutes to: Specify the maximum number of email messages a client can send per 30 minutes. "0" means no limit. Restrict the number of recipients per client per 30 minutes to: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. "0" means no limit. Maximum concurrent connections for each client: Specify the maximum number of concurrent connections per client. "0" means no limit. Connection idle timeout (seconds): Specify the number of seconds up to which a client remains idle before Fortinet FortiMail drops the connection.
Sender Reputation	Select this option to configure sender reputation. If you select this option, then you can specify the following parameters: Enable Sender Reputation: Select Enable or Disable. If you select Enable, then the email is accepted or rejected based on the sender's reputation score. Other parameters are applicable only if you select Enable. Throttle Client at: Enter the sender reputation score over which Fortinet FortiMail will rate limit the number of email messages that can be sent by this SMTP client. Restrict number of email per hour to: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client. Restrict email to [percent of previous hour]: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client, as a percentage of the number of email messages that the SMTP client sent during the previous hour. Temporarily fail client at: Enter a sender reputation score over which Fortinet FortiMail will return a temporary failure error when the SMTP client attempts to initiate a connection. Reject client at: Enter a sender reputation score over which Fortinet FortiMail will reject the email and reply to the SMTP client with SMTP reply code "550" when the SMTP client attempts to initiate a connection. Check FortiGuard IP reputation at connection phase: Select this option to query the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted, during the connection phase.
Endpoint Reputation	Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters: Enable Endpoint Reputation: If you select Enable, then the email is accepted or rejected based on sender reputation score. The following parameters are applicable only if you select Enable. Action: Select either Reject to Reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value or Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries will appear in the history log. Auto blocklist score trigger value: Enter the MSISDN reputation score over which Fortinet FortiMail will add the MSISDN/subscriber ID to the automatic blocklist. Auto blocklist duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID will be prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation	Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters: SPF Check: If the sender domain DNS record lists SPF authorized IP addresses, use SPF check to compare the client IP address to the IP addresses of authorized senders in the DNS record. You can choose from the following options: Enable, Disable, or Bypass. Enable DKIM check: If a DKIM signature is present (RFC 4871), enable this to query the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature. You can choose from the following options: Enable or Disable. Enable DKIM signing for outgoing messages: Select the Enable option to sign an outgoing email with a DKIM signature.This option requires that you first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain. Enable DKIM signing for authenticated senders only: Select the Enable option to sign an outgoing email with a DKIM signature only if the sender is authenticated. Enable domain key check: If a DomainKey signature is present, then select Enable for this option and use this option to query the DNS server for the sender’s domain name to retrieve its public key to decrypt and verify the DomainKey signature. Bypass bounce verification check: Select the Enable option to omit verification of bounce address tags on incoming bounce messages. Sender address verification with LDAP: Select the Enable option to verify sender email addresses on an LDAP server.
Session Settings	Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters: Session Action: Select an action profile. You can choose from the following options: Discard, Encrypt_Pull, Reject, Replace, System Quarantine, or User Quarantine. Message Selection: Select whether the action should be applied to All messages or Accepted messages only. Reject EHLO/HELO commands with invalid characters in the domain: Select the Enable option to return SMTP reply code "501", and to reject the SMTP greeting if the client or server uses a greeting that contains a domain name with invalid characters. Perform strict syntax checking: Select the Enable option to return SMTP reply code "503", and to reject an SMTP command, if the client or server uses SMTP commands that are syntactically incorrect. ACK EOM before AntiSpam check: Select the Enable option to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for antispam scanning to complete.
Lists	Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters: Enable sender safelist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the safe list in the SMTP sessions to which this profile is applied. Enable sender blocklist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the block list in the SMTP sessions to which this profile is applied Allow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the safe list in the SMTP sessions to which this profile is applied. Disallow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the block list in the SMTP sessions to which this profile is applied.

Output

The output contains the following populated JSON schema:
{
"spf": "",
"dkim": "",
"mkey": "",
"queue": "",
"route": "",
"action": "",
"eom_ack": "",
"rewrite": "",
"objectID": "",
"conn_hide": "",
"domainkey": "",
"reqAction": "",
"error_free": "",
"remote_log": "",
"bounce_rule": "",
"error_total": "",
"helo_custom": "",
"hide_header": "",
"limit_NOOPs": "",
"limit_RSETs": "",
"limit_helos": "",
"splice_what": "",
"dkim_signing": "",
"limit_emails": "",
"rewrite_helo": "",
"splice_after": "",
"hide_received": "",
"splice_enable": "",
"access_control": "",
"nodePermission": "",
"sender_rewrite": "",
"block_encrypted": "",
"check_client_ip": "",
"conn_concurrent": "",
"error_increment": "",
"allow_pipelining": "",
"blacklist_enable": "",
"check_open_relay": "",
"command_checking": "",
"conn_blacklisted": "",
"limit_recipients": "",
"whitelist_enable": "",
"check_helo_domain": "",
"conn_idle_timeout": "",
"limit_header_size": "",
"recipient_rewrite": "",
"sender_reputation": "",
"check_domain_chars": "",
"check_mason_effect": "",
"conn_rate_how_many": "",
"disallow_encrypted": "",
"limit_message_size": "",
"number_of_messages": "",
"check_sender_domain": "",
"error_initial_delay": "",
"rewrite_helo_custom": "",
"sender_verification": "",
"to_blacklist_enable": "",
"to_whitelist_enable": "",
"bypass_bounce_verify": "",
"number_of_recipients": "",
"check_recipient_domain": "",
"disallow_empty_domains": "",
"remove_current_headers": "",
"session_action_msg_type": "",
"sender_reputation_reject": "",
"sender_reputation_tempfail": "",
"sender_reputation_throttle": "",
"sender_addr_rate_ctrl_state": "",
"sender_verification_profile": "",
"sender_addr_rate_ctrl_action": "",
"dkim_signing_authenticated_only": "",
"msisdn_sender_reputation_action": "",
"msisdn_sender_reputation_status": "",
"msisdn_sender_reputation_trigger": "",
"sender_reputation_throttle_number": "",
"sender_reputation_throttle_percent": "",
"sender_addr_rate_ctrl_max_recipients": "",
"msisdn_sender_reputation_blacklist_duration": ""
}

operation: Update Antispam Profile

Input parameters

Parameter	Description
Profile Name	Name of the antispam profile that you want to update on Fortinet FortiMail.
Default Action	Select the default action that this operation should take when the policy matches. You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
Scan Configurations	Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters: Greylist: Select Enable to apply greylisting. SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record. SPF options: Select this checkbox to enable to specify different actions towards different SPF check results. Spf Fail Status: Select Enable to indicate that host is not authorized to send messages. SPF Fail Action: Select the actions to be performed if the host is not authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement. SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Sender Alignment Status: Select Enable to indicate Header From and authorization domain mismatch. SPF Sender Alignment Action: Select the actions to be performed if Header From and authorization domain mismatch. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Permanent Error Status: Select Enable to indicate that the SPF records are invalid. SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Temporary Error Status: Select Enable to indicate a processing error. SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Pass Status: Select Enable to indicate that the host is authorized to send messages. SPF Pass Action: Select the actions to be performed if the host is authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion. SPF Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion. Spf None Status: Select Enable to indicate there is no SPF record. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. SPF None Action: Select the actions to be performed if there is no SPF record. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. DMARC Status: Enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. If either SPF check or DKIM check passes, DMARC check will pass. If both of them fail, DMARC check fails. DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Behavior Analysis Status: Enable Behavior analysis (BA) to analyze the similarities between the uncertain email and the known spam email in the BA database and determine if the uncertain email is spam. Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Header Analysis Status: Enable this option to examine the entire message header for spam characteristics. Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Image Spam: Enable this option to enable Image spam in the AntiSpam Profile. Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Aggressive: Enable Aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

The output contains the following populated JSON schema:
{
"mkey": "",
"dnsbl": "",
"surbl": "",
"bayesian": "",
"greylist": "",
"objectID": "",
"scan_pdf": "",
"heuristic": "",
"imagespam": "",
"reqAction": "",
"aggressive": "",
"bannedword": "",
"dictionary": "",
"fortiguard": "",
"scanner_rbl": "",
"action_dmarc": "",
"dmarc_status": "",
"phishing_uri": "",
"scan_maxsize": "",
"spf_checking": "",
"impersonation": "",
"scanner_surbl": "",
"spam_outbreak": "",
"whitelistword": "",
"nodePermission": "",
"action_spf_fail": "",
"action_spf_none": "",
"action_spf_pass": "",
"dictionary_type": "",
"heuristic_lower": "",
"heuristic_upper": "",
"scanner_default": "",
"spf_fail_status": "",
"spf_none_status": "",
"spf_pass_status": "",
"bayesian_user_db": "",
"scanner_bayesian": "",
"action_newsletter": "",
"behavior_analysis": "",
"newsletter_status": "",
"scanner_grey_list": "",
"scanner_heuristic": "",
"action_spf_neutral": "",
"scanner_dictionary": "",
"scanner_fortiguard": "",
"scanner_image_spam": "",
"spf_neutral_status": "",
"deepheader_analysis": "",
"deepheader_check_ip": "",
"dictionary_group_id": "",
"fortiguard_check_ip": "",
"scan_bypass_on_auth": "",
"scanner_banned_word": "",
"scanner_deep_header": "",
"action_spf_soft_fail": "",
"apply_action_default": "",
"scanner_phishing_uri": "",
"spf_soft_fail_status": "",
"uri_filter_secondary": "",
"action_spf_perm_error": "",
"action_spf_temp_error": "",
"bayesian_autotraining": "",
"bayesian_usertraining": "",
"spf_perm_error_status": "",
"spf_temp_error_status": "",
"uri_filter_fortiguard": "",
"impersonation_analysis": "",
"heuristic_rules_percent": "",
"action_behavior_analysis": "",
"minimum_dictionary_score": "",
"dictionary_profile_id_new": "",
"scanner_fortiguard_blackip": "",
"action_ip_reputation_level1": "",
"action_ip_reputation_level2": "",
"action_ip_reputation_level3": "",
"action_spf_sender_alignment": "",
"action_uri_filter_secondary": "",
"ip_reputation_level1_status": "",
"ip_reputation_level2_status": "",
"ip_reputation_level3_status": "",
"spf_sender_alignment_status": "",
"uri_filter_secondary_status": "",
"action_suspicious_newsletter": "",
"suspicious_newsletter_status": "",
"action_impersonation_analysis": ""
}

operation: Create Session Profile

Input parameters

Parameter	Description
Profile Name	Provide the Session Profile Name to Create the Profile.
Connection Settings	Select this option to configure the connection setting. If you select this option, then you must specify the following parameters: Restrict the number of connections per client per 30 minutes to: Specify the maximum number of connections per client IP address per 30 minutes. "0" means no limit. Restrict the number of messages per client per 30 minutes to: Specify the maximum number of email messages a client can send per 30 minutes. "0" means no limit. Restrict the number of recipients per client per 30 minutes to: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. "0" means no limit. Maximum concurrent connections for each client: Specify the maximum number of concurrent connections per client. "0" means no limit. Connection idle timeout (seconds): Specify the number of seconds up to which a client remains idle before Fortinet FortiMail drops the connection.
Sender Reputation	Select this option to configure sender reputation. If you select this option, then you must specify the following parameters: Enable Sender Reputation: Select Enable or Disable. If you select Enable, then the email is accepted or rejected based on the sender's reputation score. Other parameters are applicable only if you select Enable. Throttle Client at: Enter the sender reputation score over which Fortinet FortiMail will rate limit the number of email messages that can be sent by this SMTP client. Restrict number of email per hour to: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client. Restrict email to [percent of previous hour]: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client, as a percentage of the number of email messages that the SMTP client sent during the previous hour. Temporarily fail client at: Enter a sender reputation score over which Fortinet FortiMail will return a temporary failure error when the SMTP client attempts to initiate a connection. Reject client at: Enter a sender reputation score over which Fortinet FortiMail will reject the email and reply to the SMTP client with SMTP reply code "550" when the SMTP client attempts to initiate a connection. Check FortiGuard IP reputation at connection phase: Select this option to query the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted, during the connection phase.
Endpoint Reputation	Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters: Enable Endpoint Reputation: If you select Enable, then the email is accepted or rejected based on the sender's reputation score. The following parameters are applicable only if you select Enable. Action: Select either Reject to Reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value or Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries will appear in the history log. Auto blocklist score trigger value: Enter the MSISDN reputation score over which Fortinet FortiMail will add the MSISDN/subscriber ID to the automatic blocklist. Auto blocklist duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID will be prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation	Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters: SPF Check: If the sender domain DNS record lists SPF authorized IP addresses, use SPF check to compare the client IP address to the IP addresses of authorized senders in the DNS record. You can choose from the following options: Enable, Disable, or Bypass. Enable DKIM check: If a DKIM signature is present (RFC 4871), enable this to query the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature. You can choose from the following options: Enable or Disable. Enable DKIM signing for outgoing messages: Select the Enable option to sign an outgoing email with a DKIM signature. This option requires that you first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain. Enable DKIM signing for authenticated senders only: Select the Enable option to sign an outgoing email with a DKIM signature only if the sender is authenticated. Enable domain key check: If a DomainKey signature is present, then select Enable for this option and use this option to query the DNS server for the sender’s domain name to retrieve its public key to decrypt and verify the DomainKey signature. Bypass bounce verification check: Select the Enable option to omit verification of bounce address tags on incoming bounce messages. Sender address verification with LDAP: Select the Enable option to verify sender email addresses on an LDAP server.
Session Settings	Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters: Session Action: Select an action profile. You can choose from the following options: Discard, Encrypt_Pull, Reject, Replace, System Quarantine, or User Quarantine. Message Selection: Select whether the action should be applied to All messages or Accepted messages only. Reject EHLO/HELO commands with invalid characters in the domain: Select the Enable option to return SMTP reply code "501", and to reject the SMTP greeting if the client or server uses a greeting that contains a domain name with invalid characters. Perform strict syntax checking: Select the Enable option to return SMTP reply code "503", and to reject an SMTP command, if the client or server uses SMTP commands that are syntactically incorrect. ACK EOM before AntiSpam check: Select the Enable option to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for antispam scanning to complete.
Lists	Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters: Enable sender safelist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the safe list in the SMTP sessions to which this profile is applied. Enable sender blocklist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the block list in the SMTP sessions to which this profile is applied Allow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the safe list in the SMTP sessions to which this profile is applied. Disallow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the block list in the SMTP sessions to which this profile is applied.

Output

operation: Create Antispam Profile

Input parameters

Parameter	Description
Profile Name	Name of the antispam profile that you want to create on Fortinet FortiMail.
Deafult Action	Select the default action that this operation should take when the policy matches. You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
Scan Configurations	Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters: Greylist: Select Enable to apply greylisting. SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record. SPF options: Select this checkbox to enable to specify different actions towards different SPF check results. Spf Fail Status: Select Enable to indicate that host is not authorized to send messages. SPF Fail Action: Select the actions to be performed if the host is not authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement. SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Sender Alignment Status: Select Enable to indicate Header From and authorization domain mismatch. SPF Sender Alignment Action: Select the actions to be performed if Header From and authorization domain mismatch. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Permanent Error Status: Select Enable to indicate that the SPF records are invalid. SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Temporary Error Status: Select Enable to indicate a processing error. SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Pass Status: Select Enable to indicate that the host is authorized to send messages. SPF Pass Action: Select the actions to be performed if the host is authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion. SPF Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion. Spf None Status: Select Enable to indicate there is no SPF record. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. SPF None Action: Select the actions to be performed if there is no SPF record. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. DMARC Status: Enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. If either SPF check or DKIM check passes, DMARC check will pass. If both of them fail, DMARC check fails. DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Behavior Analysis Status: Enable Behavior analysis (BA) to analyze the similarities between the uncertain email and the known spam email in the BA database and determine if the uncertain email is spam. Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Header Analysis Status: Enable this option to examine the entire message header for spam characteristics. Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Image Spam: Enable this option to enable Image spam in the AntiSpam Profile. Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Aggressive: Enable Aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

operation: Delete Session Profile

Input parameters

Parameter	Description
Profile Name	Name of the session profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
"objectID": "",
"errorMsg": "",
"errorType": "",
"reqAction": ""
}

operation: Delete Antispam Profile

Input parameters

Parameter	Description
Profile Name	Name of the antispam profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
"objectID": "",
"errorMsg": "",
"errorType": "",
"reqAction": ""
}

operation: Get Session Profile Details

Input parameters

Parameter	Description
Profile Name	Name of the session profile whose details you want to delete from Fortinet FortiMail.

Output

operation: Get Antispam Profile Details

Input parameters

Parameter	Description
Profile Name	Name of the antispam profile whose associated details you want to retrieve from Fortinet FortiMail.

Output

Included playbooks

The Sample - Fortinet Fortimail - 1.1.0 playbook collection comes bundled with the Fortinet FortiMail connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiMail connector.

Block Recipient Address
Block Sender Address
Create Antispam Profile
Create Session Profile
Delete Antispam Profile
Delete Session Profile
Get AntiSpam Profile Details
Get AntiSpam Profiles for Domain
Get Auto Exempt GreyList
Get Domains Configured
Get GreyList
Get Profile Name
Get Recipient Policies for Domain
Get Sender Blacklist for Session Profile
Get Sender Whitelist for Session Profile
Get Session Profile Details
Unblock Recipient Address
Unblock Sender Address
Update Antispam Profile
Update Block List
Update Safe List
Update Session Profile

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Enabling FortiMail REST API Support

To gain access to the FortiMail REST API and perform operations, you must enable the REST API on FortiMail, which by default is disabled.

To enable the REST API, for FortiMail releases 6.4.x and 7.0.x, use the following CLI command:
config system global set rest-api enable end

To enable the REST API, for FortiMail releases 7.2.x, use the following CLI command:
config system web-service set rest-api enable end

Additionally, to perform operations using the REST API users must also have the Access Mode "REST API" enabled.

About the connector

Version information

Connector Version: 1.1.0

FortiSOAR™ Version Tested on: 6.4.4-3164

Fortinet FortiMail Version Tested on: v6.4.0(GA), build384, 2020.05.07

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.1.0

Following enhancements have been made to the Fortinet FortiMail connector in version 1.1.0:

Added the following operations and playbooks
- Block Sender Address
- Block Recipient Address
- Unblock Sender Address
- Unblock Recipient Address
- Update Block List
- Update Safe List
Updated the output schemas for the following operations:
- Create Session Profile
- Create Antispam Profile
- Get Profile Name
- Update Session Profile
- Update Antispam Profile
- Get Antispam Profile Details
- Get AntiSpam Profiles for Domain
- Get Auto Exempt GreyList
- Get GreyList
- Get Session Profile Details
- Get Recipient Policies for Domain

Installing the connector

yum install cyops-connector-fortinet-fortimail

Prerequisites to configuring the connector

You must have the URL of Fortinet FortiMail server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
The FortiSOAR™ server should have outbound connectivity to port 443 on the Fortinet FortiMail server.
You must also enable the REST API on FortiMail as explained in the Enabling FortiMAIL REST API Support section. Also, users who will be using the performing actions using the API must have the Access Mode "REST API" enabled.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

Parameter	Description
Server URL	URL of the Fortinet FortiMail server to which you will connect and perform automated operations.
Username	Username of the Fortinet FortiMail server to which you will connect and perform automated operations.
Password	Password used to access the Fortinet FortiMail server to which you will connect and perform the automated operations.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified or not.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 and onwards:

Function	Description	Annotation and Category
Get Domains Configured	Retrieves a list of all domains configured on Fortinet FortiMail.	get_domains Investigation
Get AntiSpam Profiles for Domain	Retrieves a list of all AntiSpam Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified.	get_antispam_domains Investigation
Get Recipient Policies for Domain	Retrieves a list of all Recipient Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified.	get_recipient_policies Investigation
Get GreyList	Retrieves the Greylist configured on Fortinet FortiMail.	grey_list Investigation
Get Auto Exempt GreyList	Retrieves the Auto Exempt Greylist configured on Fortinet FortiMail.	grey_list Investigation
Get Sender Whitelist For Session Profile	Retrieves a list of sender whitelists from Fortinet FortiMail, based on the profile name you have specified.	get_session_safe_list Investigation
Get Sender Blacklist for Session Profile	Retrieves a list of sender blacklists from Fortinet FortiMail, based on the profile name you have specified.	get_session_block_list Investigation
Get Profile Name	Retrieves a list of profile names from Fortinet FortiMail, based on the profile type you have specified.	get_profile_name Investigation
Block Sender Address	Adds an email address to the sender block list of the specified session profile, based on the profile name and email address you have specified.	block_sender_address Containment
Block Recipient Address	Adds an email address to the recipient block list of the specified session profile, based on the profile name and email address you have specified.	block_recipient_address Containment
Unblock Sender Address	Unblocks an email address by removing the specified email address from the sender block list of the specified session profile, based on the profile name and email address you have specified.	unblock_sender_address Remediation
Unblock Recipient Address	Unblocks an email address by removing the specified email address from the recipient block list of the specified session profile, based on the profile name and email address you have specified.	unblock_recipient_address Remediation
Update Block List	Updates, i.e., adds or removes items such as email addresses, domains, IP addresses from the selected block list, based on the input parameters you have specified.	update_block_list Remediation
Update Safe List	Updates, i.e., adds or removes items such as email addresses, domains, IP addresses from the selected safe list, based on the input parameters you have specified.	update_safe_list Remediation
Update Session Profile	Updates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified.	update_session_profile Investigation
Update Antispam Profile	Updates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified.	update_antispam_profile Investigation
Create Session Profile	Creates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified.	create_session_profile Investigation
Create Antispam Profile	Creates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified.	create_antispam_profile Investigation
Delete Session Profile	Deletes a session profile from Fortinet FortiMail, based on the profile name you have specified.	delete_session_profile Investigation
Delete Antispam Profile	Deletes an antispam profile from Fortinet FortiMail, based on the profile name you have specified.	delete_antispam_profile Investigation
Get Session Profile Details	Retrieves details of a session profile from Fortinet FortiMail, based on the profile name you have specified.	get_session_profile Investigation
Get Antispam Profile Details	Retrieves details of an antispam profile from Fortinet FortiMail, based on the profile name you have specified.	get_antispam_profile Investigation

operation: Get Domains Configured

Input parameters

None.

Output

operation: Get AntiSpam Profiles for Domain

Input parameters

Parameter	Description
Domain	Name of the domain whose associated AntiSpam Profiles you want to retrieve from Fortinet FortiMail.

Output

operation: Get Recipient Policies for Domain

Input parameters

Parameter	Description
Domain	Name of the domain whose associated Recipient Profiles you want to retrieve from Fortinet FortiMail.

Output

operation: Get GreyList

Input parameters

None.

Output

operation: Get Auto Exempt GreyList

Input parameters

None.

Output

operation: Get Sender Whitelist For Session Profile

Input parameters

Parameter	Description
Profile Name	Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

operation: Get Sender Blacklist for Session Profile

Input parameters

Parameter	Description
Profile Name	Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

operation: Get Profile Name

Input parameters

Parameter	Description
Profile Type	Select the type of profile based on which you want to retrieve profile names from Fortinet FortiMail. You can choose between Session and Antispam.

Output

operation: Block Sender Address

Input parameters

Parameter	Description
Profile Name	Name of the session profile to whose associated sender block list you want to add the specified address.
Sender Email Address	Email address that you want to block by adding it to the sender block list of the specified session profile.

Output

The output contains the following populated JSON schema:
{
"objectID": "",
"reqAction": "",
"nodePermission": "",
"mkey": ""
}

operation: Block Recipient Address

Input parameters

Parameter	Description
Profile Name	Name of the session profile to whose associated recipient block list you want to add the specified address.
Recipient Email Address	Email address that you want to block by adding it to the recipient block list of the specified session profile.

Output

The output contains the following populated JSON schema:
{
"objectID": "",
"reqAction": "",
"nodePermission": "",
"mkey": ""
}

operation: Unblock Sender Address

Input parameters

Parameter	Description
Profile Name	Name of the session profile from whose associated sender block list you want to remove the specified address.
Sender Email Address	Email address that you want to unblock by removing it from the sender block list of the specified session profile.

Output

The output contains the following populated JSON schema:
{
"errorType": "",
"errorMsg": "",
"objectID": "",
"reqAction": ""
}

operation: Unblock Recipient Address

Input parameters

Parameter	Description
Profile Name	Name of the session profile from whose associated recipient block list you want to remove the specified address.
Recipient Email Address	Email address that you want to unblock by removing it from the recipient block list of the specified session profile.

Output

The output contains the following populated JSON schema:
{
"errorType": "",
"errorMsg": "",
"objectID": "",
"reqAction": ""
}

operation: Update Block List

Input parameters

Parameter	Description
Action	Select the action that you want to perform, i.e., whether you want to Add or Remove items from the block list.
List Type	Select the block list you want to update. You can choose between System, Domain, and Personal. If you choose System, then you do not have to specify any other parameters. If you choose Domain, then in the Domain field, you need to provide a domain for which you want to create the block list. If you choose Personal, then in the Email Address field, you need to provide an email address for which you want to create a personal block list.
Items	Provide a CSV list of items, i.e., email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected block list.

Parameter

Description

Action

Select the action that you want to perform, i.e., whether you want to Add or Remove items from the block list.

List Type

Select the block list you want to update. You can choose between System, Domain, and Personal.

If you choose System, then you do not have to specify any other parameters.
If you choose Domain, then in the Domain field, you need to provide a domain for which you want to create the block list.
If you choose Personal, then in the Email Address field, you need to provide an email address for which you want to create a personal block list.

Items

Provide a CSV list of items, i.e., email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected block list.

Output

The output contains the following populated JSON schema if 'Remove' is selected as the 'Action':
{
"errorMsg": "",
"objectID": "",
"errorType": "",
"reqAction": ""
}

operation: Update Safe List

Input parameters

Parameter	Description
Action	Select the action that you want to perform, i.e., whether you want to Add or Remove items from the safe list.
List Type	Select the safe list you want to update. You can choose between System, Domain, and Personal. If you choose System, then you do not have to specify any other parameters. If you choose Domain, then in the Domain field, you need to provide a domain for which you want to create the safe list. If you choose Personal, then in the Email Address field, you need to provide an email address for which you want to create a personal safe list.
Items	Provide a CSV list of items, i.e., email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected safe list.

Parameter

Description

Action

Select the action that you want to perform, i.e., whether you want to Add or Remove items from the safe list.

List Type

Select the safe list you want to update. You can choose between System, Domain, and Personal.

If you choose System, then you do not have to specify any other parameters.
If you choose Domain, then in the Domain field, you need to provide a domain for which you want to create the safe list.
If you choose Personal, then in the Email Address field, you need to provide an email address for which you want to create a personal safe list.

Items

Provide a CSV list of items, i.e., email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected safe list.

Output

The output contains the following populated JSON schema if 'Remove' is selected as the 'Action':
{
"errorMsg": "",
"objectID": "",
"errorType": "",
"reqAction": ""
}

operation: Update Session Profile

Input parameters

Parameter	Description
Profile Name	Name of the profile that you want to update on Fortinet FortiMail.
Connection Settings	Select this option to configure the connection setting. If you select this option, then you can specify the following parameters: Restrict the number of connections per client per 30 minutes to: Specify the maximum number of connections per client IP address per 30 minutes. "0" means no limit. Restrict the number of messages per client per 30 minutes to: Specify the maximum number of email messages a client can send per 30 minutes. "0" means no limit. Restrict the number of recipients per client per 30 minutes to: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. "0" means no limit. Maximum concurrent connections for each client: Specify the maximum number of concurrent connections per client. "0" means no limit. Connection idle timeout (seconds): Specify the number of seconds up to which a client remains idle before Fortinet FortiMail drops the connection.
Sender Reputation	Select this option to configure sender reputation. If you select this option, then you can specify the following parameters: Enable Sender Reputation: Select Enable or Disable. If you select Enable, then the email is accepted or rejected based on the sender's reputation score. Other parameters are applicable only if you select Enable. Throttle Client at: Enter the sender reputation score over which Fortinet FortiMail will rate limit the number of email messages that can be sent by this SMTP client. Restrict number of email per hour to: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client. Restrict email to [percent of previous hour]: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client, as a percentage of the number of email messages that the SMTP client sent during the previous hour. Temporarily fail client at: Enter a sender reputation score over which Fortinet FortiMail will return a temporary failure error when the SMTP client attempts to initiate a connection. Reject client at: Enter a sender reputation score over which Fortinet FortiMail will reject the email and reply to the SMTP client with SMTP reply code "550" when the SMTP client attempts to initiate a connection. Check FortiGuard IP reputation at connection phase: Select this option to query the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted, during the connection phase.
Endpoint Reputation	Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters: Enable Endpoint Reputation: If you select Enable, then the email is accepted or rejected based on sender reputation score. The following parameters are applicable only if you select Enable. Action: Select either Reject to Reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value or Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries will appear in the history log. Auto blocklist score trigger value: Enter the MSISDN reputation score over which Fortinet FortiMail will add the MSISDN/subscriber ID to the automatic blocklist. Auto blocklist duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID will be prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation	Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters: SPF Check: If the sender domain DNS record lists SPF authorized IP addresses, use SPF check to compare the client IP address to the IP addresses of authorized senders in the DNS record. You can choose from the following options: Enable, Disable, or Bypass. Enable DKIM check: If a DKIM signature is present (RFC 4871), enable this to query the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature. You can choose from the following options: Enable or Disable. Enable DKIM signing for outgoing messages: Select the Enable option to sign an outgoing email with a DKIM signature.This option requires that you first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain. Enable DKIM signing for authenticated senders only: Select the Enable option to sign an outgoing email with a DKIM signature only if the sender is authenticated. Enable domain key check: If a DomainKey signature is present, then select Enable for this option and use this option to query the DNS server for the sender’s domain name to retrieve its public key to decrypt and verify the DomainKey signature. Bypass bounce verification check: Select the Enable option to omit verification of bounce address tags on incoming bounce messages. Sender address verification with LDAP: Select the Enable option to verify sender email addresses on an LDAP server.
Session Settings	Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters: Session Action: Select an action profile. You can choose from the following options: Discard, Encrypt_Pull, Reject, Replace, System Quarantine, or User Quarantine. Message Selection: Select whether the action should be applied to All messages or Accepted messages only. Reject EHLO/HELO commands with invalid characters in the domain: Select the Enable option to return SMTP reply code "501", and to reject the SMTP greeting if the client or server uses a greeting that contains a domain name with invalid characters. Perform strict syntax checking: Select the Enable option to return SMTP reply code "503", and to reject an SMTP command, if the client or server uses SMTP commands that are syntactically incorrect. ACK EOM before AntiSpam check: Select the Enable option to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for antispam scanning to complete.
Lists	Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters: Enable sender safelist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the safe list in the SMTP sessions to which this profile is applied. Enable sender blocklist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the block list in the SMTP sessions to which this profile is applied Allow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the safe list in the SMTP sessions to which this profile is applied. Disallow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the block list in the SMTP sessions to which this profile is applied.

Output

operation: Update Antispam Profile

Input parameters

Parameter	Description
Profile Name	Name of the antispam profile that you want to update on Fortinet FortiMail.
Default Action	Select the default action that this operation should take when the policy matches. You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
Scan Configurations	Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters: Greylist: Select Enable to apply greylisting. SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record. SPF options: Select this checkbox to enable to specify different actions towards different SPF check results. Spf Fail Status: Select Enable to indicate that host is not authorized to send messages. SPF Fail Action: Select the actions to be performed if the host is not authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement. SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Sender Alignment Status: Select Enable to indicate Header From and authorization domain mismatch. SPF Sender Alignment Action: Select the actions to be performed if Header From and authorization domain mismatch. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Permanent Error Status: Select Enable to indicate that the SPF records are invalid. SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Temporary Error Status: Select Enable to indicate a processing error. SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Pass Status: Select Enable to indicate that the host is authorized to send messages. SPF Pass Action: Select the actions to be performed if the host is authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion. SPF Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion. Spf None Status: Select Enable to indicate there is no SPF record. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. SPF None Action: Select the actions to be performed if there is no SPF record. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. DMARC Status: Enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. If either SPF check or DKIM check passes, DMARC check will pass. If both of them fail, DMARC check fails. DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Behavior Analysis Status: Enable Behavior analysis (BA) to analyze the similarities between the uncertain email and the known spam email in the BA database and determine if the uncertain email is spam. Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Header Analysis Status: Enable this option to examine the entire message header for spam characteristics. Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Image Spam: Enable this option to enable Image spam in the AntiSpam Profile. Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Aggressive: Enable Aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

operation: Create Session Profile

Input parameters

Parameter	Description
Profile Name	Provide the Session Profile Name to Create the Profile.
Connection Settings	Select this option to configure the connection setting. If you select this option, then you must specify the following parameters: Restrict the number of connections per client per 30 minutes to: Specify the maximum number of connections per client IP address per 30 minutes. "0" means no limit. Restrict the number of messages per client per 30 minutes to: Specify the maximum number of email messages a client can send per 30 minutes. "0" means no limit. Restrict the number of recipients per client per 30 minutes to: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. "0" means no limit. Maximum concurrent connections for each client: Specify the maximum number of concurrent connections per client. "0" means no limit. Connection idle timeout (seconds): Specify the number of seconds up to which a client remains idle before Fortinet FortiMail drops the connection.
Sender Reputation	Select this option to configure sender reputation. If you select this option, then you must specify the following parameters: Enable Sender Reputation: Select Enable or Disable. If you select Enable, then the email is accepted or rejected based on the sender's reputation score. Other parameters are applicable only if you select Enable. Throttle Client at: Enter the sender reputation score over which Fortinet FortiMail will rate limit the number of email messages that can be sent by this SMTP client. Restrict number of email per hour to: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client. Restrict email to [percent of previous hour]: Enter the maximum number of email messages per hour that Fortinet FortiMail will accept from a throttled SMTP client, as a percentage of the number of email messages that the SMTP client sent during the previous hour. Temporarily fail client at: Enter a sender reputation score over which Fortinet FortiMail will return a temporary failure error when the SMTP client attempts to initiate a connection. Reject client at: Enter a sender reputation score over which Fortinet FortiMail will reject the email and reply to the SMTP client with SMTP reply code "550" when the SMTP client attempts to initiate a connection. Check FortiGuard IP reputation at connection phase: Select this option to query the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted, during the connection phase.
Endpoint Reputation	Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters: Enable Endpoint Reputation: If you select Enable, then the email is accepted or rejected based on the sender's reputation score. The following parameters are applicable only if you select Enable. Action: Select either Reject to Reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value or Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries will appear in the history log. Auto blocklist score trigger value: Enter the MSISDN reputation score over which Fortinet FortiMail will add the MSISDN/subscriber ID to the automatic blocklist. Auto blocklist duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID will be prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation	Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters: SPF Check: If the sender domain DNS record lists SPF authorized IP addresses, use SPF check to compare the client IP address to the IP addresses of authorized senders in the DNS record. You can choose from the following options: Enable, Disable, or Bypass. Enable DKIM check: If a DKIM signature is present (RFC 4871), enable this to query the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature. You can choose from the following options: Enable or Disable. Enable DKIM signing for outgoing messages: Select the Enable option to sign an outgoing email with a DKIM signature. This option requires that you first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain. Enable DKIM signing for authenticated senders only: Select the Enable option to sign an outgoing email with a DKIM signature only if the sender is authenticated. Enable domain key check: If a DomainKey signature is present, then select Enable for this option and use this option to query the DNS server for the sender’s domain name to retrieve its public key to decrypt and verify the DomainKey signature. Bypass bounce verification check: Select the Enable option to omit verification of bounce address tags on incoming bounce messages. Sender address verification with LDAP: Select the Enable option to verify sender email addresses on an LDAP server.
Session Settings	Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters: Session Action: Select an action profile. You can choose from the following options: Discard, Encrypt_Pull, Reject, Replace, System Quarantine, or User Quarantine. Message Selection: Select whether the action should be applied to All messages or Accepted messages only. Reject EHLO/HELO commands with invalid characters in the domain: Select the Enable option to return SMTP reply code "501", and to reject the SMTP greeting if the client or server uses a greeting that contains a domain name with invalid characters. Perform strict syntax checking: Select the Enable option to return SMTP reply code "503", and to reject an SMTP command, if the client or server uses SMTP commands that are syntactically incorrect. ACK EOM before AntiSpam check: Select the Enable option to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for antispam scanning to complete.
Lists	Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters: Enable sender safelist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the safe list in the SMTP sessions to which this profile is applied. Enable sender blocklist checking: Select the Enable option to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the block list in the SMTP sessions to which this profile is applied Allow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the safe list in the SMTP sessions to which this profile is applied. Disallow recipients on this list: Select the Enable option to check the recipient addresses in the email envelope (RCPT TO:) against the block list in the SMTP sessions to which this profile is applied.

Output

operation: Create Antispam Profile

Input parameters

Parameter	Description
Profile Name	Name of the antispam profile that you want to create on Fortinet FortiMail.
Deafult Action	Select the default action that this operation should take when the policy matches. You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject.
Scan Configurations	Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters: Greylist: Select Enable to apply greylisting. SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record. SPF options: Select this checkbox to enable to specify different actions towards different SPF check results. Spf Fail Status: Select Enable to indicate that host is not authorized to send messages. SPF Fail Action: Select the actions to be performed if the host is not authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement. SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Sender Alignment Status: Select Enable to indicate Header From and authorization domain mismatch. SPF Sender Alignment Action: Select the actions to be performed if Header From and authorization domain mismatch. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Permanent Error Status: Select Enable to indicate that the SPF records are invalid. SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Temporary Error Status: Select Enable to indicate a processing error. SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Pass Status: Select Enable to indicate that the host is authorized to send messages. SPF Pass Action: Select the actions to be performed if the host is authorized to send messages. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Spf Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion. SPF Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion. Spf None Status: Select Enable to indicate there is no SPF record. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. SPF None Action: Select the actions to be performed if there is no SPF record. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. DMARC Status: Enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. If either SPF check or DKIM check passes, DMARC check will pass. If both of them fail, DMARC check fails. DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Behavior Analysis Status: Enable Behavior analysis (BA) to analyze the similarities between the uncertain email and the known spam email in the BA database and determine if the uncertain email is spam. Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Header Analysis Status: Enable this option to examine the entire message header for spam characteristics. Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Image Spam: Enable this option to enable Image spam in the AntiSpam Profile. Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. Aggressive: Enable Aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

operation: Delete Session Profile

Input parameters

Parameter	Description
Profile Name	Name of the session profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
"objectID": "",
"errorMsg": "",
"errorType": "",
"reqAction": ""
}

operation: Delete Antispam Profile

Input parameters

Parameter	Description
Profile Name	Name of the antispam profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:
{
"objectID": "",
"errorMsg": "",
"errorType": "",
"reqAction": ""
}

operation: Get Session Profile Details

Input parameters

Parameter	Description
Profile Name	Name of the session profile whose details you want to delete from Fortinet FortiMail.

Output

operation: Get Antispam Profile Details

Input parameters

Parameter	Description
Profile Name	Name of the antispam profile whose associated details you want to retrieve from Fortinet FortiMail.

Output

Included playbooks

Block Recipient Address
Block Sender Address
Create Antispam Profile
Create Session Profile
Delete Antispam Profile
Delete Session Profile
Get AntiSpam Profile Details
Get AntiSpam Profiles for Domain
Get Auto Exempt GreyList
Get Domains Configured
Get GreyList
Get Profile Name
Get Recipient Policies for Domain
Get Sender Blacklist for Session Profile
Get Sender Whitelist for Session Profile
Get Session Profile Details
Unblock Recipient Address
Unblock Sender Address
Update Antispam Profile
Update Block List
Update Safe List
Update Session Profile

Enabling FortiMail REST API Support

To gain access to the FortiMail REST API and perform operations, you must enable the REST API on FortiMail, which by default is disabled.

To enable the REST API, for FortiMail releases 6.4.x and 7.0.x, use the following CLI command:
config system global set rest-api enable end

To enable the REST API, for FortiMail releases 7.2.x, use the following CLI command:
config system web-service set rest-api enable end

Additionally, to perform operations using the REST API users must also have the Access Mode "REST API" enabled.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions