Fortinet Fortimail

Fortinet Fortimail v1.2.0

Home FortiSOAR Connectors Fortinet Fortimail

1.2.0

Fortinet Fortimail v1.2.0

About the connector

Fortinet-FortiMail Connector facilitates automated operation FortiMail email security gateway that monitors email messages on behalf of an organization to identify messages that contain malicious content, including spam, malware and phishing attempts.

This document provides information about the Fortinet FortiMail Connector, which facilitates automated interactions, with a Fortinet FortiMail server using FortiSOAR™ playbooks. Add the Fortinet FortiMail Connector as a step in FortiSOAR™ playbooks and perform automated operations with Fortinet FortiMail.

Version information

Connector Version: 1.2.0

FortiSOAR™ Version Tested on: 7.4.0-3024

Fortinet FortiMail Version Tested on: v7.2.0(GA-Feature), build338, 2022.05.09

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.2.0

Following enhancements have been made to the Fortinet FortiMail Connector in version 1.2.0:

Fixed a bug where Update Block List and Update Safe List actions were failing.
Added following actions and playbooks:
- Display Quarantine Mail List
- View All Emails in Quarantine
- Release Quarantine Emails
- Batch Release System Quarantine Emails
Added a parameter Resource to following actions:
- Update Safe List
- Update Block List
Updated titles of parameter in following actions:
- Create Session Profile
- Create AntiSpam Profile
- Update Session Profile
- Update AntiSpam Profile
Updated titles of following actions:
- Renamed Get Profile Name to Get Profile Names Based on Profile Type
- Renamed Get Domains Configured to Get Configured Domains
Updated the output schemas for the following operations in accordance with the new API:
- Create Session Profile
- Create AntiSpam Profile
- Get AntiSpam Profile Details
- Get AntiSpam Profiles for Domain
- Get Configured Domains
- Get GreyList
- Get Auto Exempt GreyList
- Get Profile Names Based on Profile Type
- Get Recipient Policies for Domain
- Get Sender Whitelist For Session Profile
- Get Sender Blacklist for Session Profile
- Update Block List
- Update Safe List
- Update Session Profile
- Update AntiSpam Profile"

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

    yum install cyops-connector-fortinet-fortimail

Prerequisites to configuring the connector

You must have the URL of Fortinet FortiMail server to connect and perform automated operations and credentials (username-password pair) to access that server.
The FortiSOAR™ server should have outbound connectivity to port 443 on the Fortinet FortiMail server.
You must also enable the REST API on FortiMail as explained in the Enabling FortiMAIL REST API Support section. Also, users who will be performing actions using the API must have the Access Mode REST API enabled.

Minimum Permissions Required

Not applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Fortinet FortiMail connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter	Description
Server URL	URL of the Fortinet FortiMail server to connect and perform automated operations.
Username	Username of the Fortinet FortiMail server to connect and perform automated operations.
Password	Password used to access the Fortinet FortiMail server to connect and perform the automated operations.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to `True`.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function	Description	Annotation and Category
Create Session Profile	Creates a session profile on Fortinet FortiMail based on the profile name and other input parameters you have specified.	create_session_profile Investigation
Create AntiSpam Profile	Creates an anti-spam profile on Fortinet FortiMail based on the profile name and other input parameters you have specified.	create_antispam_profile Investigation
Get AntiSpam Profile Details	Retrieves details of an anti-spam profile from Fortinet FortiMail based on the profile name you have specified.	get_antispam_profile Investigation
Get AntiSpam Profiles for Domain	Retrieves a list of all anti-spam profiles for a domain in Fortinet FortiMail based on the domain ID you have specified.	get_antispam_domains Investigation
Get Configured Domains	Retrieves a list of all domains configured on Fortinet FortiMail.	get_domains Investigation
Get GreyList	Retrieves the grey list configured on Fortinet FortiMail.	grey_list Investigation
Get Auto Exempt GreyList	Retrieves the automatically exempted grey list configured on Fortinet FortiMail.	grey_list Investigation
Get Profile Names Based on Profile Type	Retrieves a list of profile names from Fortinet FortiMail based on the profile type you have specified.	get_profile_name Investigation
Get Recipient Policies for Domain	Retrieves a list of all recipient policies for a domain in Fortinet FortiMail based on the domain ID you have specified.	get_recipient_policies Investigation
Get Session Profile Details	Retrieves details of a session profile from Fortinet FortiMail based on the profile name you have specified.	get_session_profile Investigation
Get Sender Whitelist For Session Profile	Retrieves a list of sender whitelists from Fortinet FortiMail based on the profile name you have specified.	get_session_safe_list Investigation
Get Sender Blacklist for Session Profile	Retrieves a list of sender blacklists from Fortinet FortiMail based on the profile name you have specified.	get_session_block_list Investigation
Block Sender Address	Adds an email address to the sender block list of a session profile based on the profile name and email address you have specified.	block_sender_address Containment
Block Recipient Address	Adds an email address to the recipient block list of a session profile based on the profile name and email address you have specified.	block_recipient_address Containment
Unblock Sender Address	Unblocks an email address by removing an email address from the sender block list of a session profile based on the profile name and email address you have specified.	unblock_sender_address Remediation
Unblock Recipient Address	Unblocks an email address by removing an email address from the recipient block list of a session profile based on the profile name and email address you have specified.	unblock_recipient_address Remediation
Update Block List	Updates, i.e. adds or removes items such as email addresses, domains, IP addresses from a block list based on the action, resource, and other input parameters you have specified.	update_block_list Remediation
Update Safe List	Updates, i.e. adds or removes items such as email addresses, domains, IP addresses from a safe list based on the action, resource, and other input parameters you have specified.	update_safe_list Remediation
Update Session Profile	Updates a session profile on Fortinet FortiMail based on the profile name and other input parameters you have specified.	update_session_profile Investigation
Update AntiSpam Profile	Updates an anti-spam profile on Fortinet FortiMail based on the profile name and other input parameters you have specified.	update_antispam_profile Investigation
Delete Session Profile	Deletes a session profile from Fortinet FortiMail based on the profile name you have specified.	delete_session_profile Investigation
Delete AntiSpam Profile	Deletes an anti-spam profile from Fortinet FortiMail based on the profile name you have specified.	delete_antispam_profile Investigation
Display Quarantine Mail List	Retrieves quarantine mail list from Fortinet FortiMail.	display_quarantine_mail_list Investigation
View All Emails in Quarantine	Retrieves all emails in quarantine from Fortinet FortiMail.	view_mail_in_quarantine Investigation
Release Quarantine Emails	Releases quarantine emails from Fortinet FortiMail based on the account type, folder name, and input parameters you have specified.	quarantine_release Investigation
Batch Release System Quarantine Emails	Releases quarantine emails from Fortinet FortiMail based on folder name, time period, and other input parameters you have specified.	system_quarantine_batch_release Investigation

operation: Create Session Profile

Input parameters

Parameter	Description
Profile Name	Specify the session profile name to create the profile.
Connection Settings	Select this option to configure connection settings. Once selected, specify the following parameters: Restrict The Number Of Connections Per Client Per 30 Minutes To: Specify the maximum number of connections per client IP address per 30 minutes. `0` means no limit. Restrict The Number Of Messages Per Client Per 30 Minutes To: Specify the maximum number of email messages a client can send per 30 minutes. `0` means no limit. Restrict The Number Of Recipients Per Client Per 30 Minutes To: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. `0` means no limit. Maximum Concurrent Connections For Each Client: Specify the maximum number of concurrent connections per client. `0` means no limit. Connection Idle Timeout (Seconds): Specify the number of seconds upto which a client remain idle before Fortinet FortiMail drops the connection.
Sender Reputation	Select this option to configure sender reputation. Once selected, specify the following parameters: Enable Sender Reputation: Select this option to accept or reject emails based on the sender reputation score. Other parameters are applicable only if you select Enable. Throttle Client At: Specify the sender reputation score for the FortiMail unit to rate limit the number of email messages that can be sent by this SMTP client. Restrict Number Of Email Per Hour To: Specify the maximum number of email messages per hour for Fortinet FortiMail to accept from a throttled SMTP client. Restrict Email To [Percent Of Previous Hour]: Specify the maximum number of email messages per hour for Fortinet FortiMail to accept from a throttled SMTP client as a percentage of the number of email messages sent during the previous hour. Temporarily Fail Client At: Specify a sender reputation score for Fortinet FortiMail to return a temporary failure error when the SMTP client attempts to initiate a connection. Reject Client At: Specify a sender reputation score for Fortinet FortiMail to reject the email and reply with SMTP reply code `550` when the SMTP client attempts to initiate a connection. Check FortiGuard IP reputation at connection phase: Select this option to query the FortiGuard anti-spam service to determine if the IP address of the SMTP server is in a blocked list, during the connection phase.
Endpoint Reputation	Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once selected, specify the following parameters: Enable Endpoint Reputation: Select this option to accept or reject emails based on the sender reputation score. Other parameters are applicable only if you select Enable. Action:: Select Reject to reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value.Select Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries appear in the history log. Auto Blocklist Score Trigger Value: Enter the MSISDN reputation score over which Fortinet FortiMail adds the MSISDN/subscriber ID to the automatic blocklist. Auto Blocklist Duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID is prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation	Select to configure the settings for confirming sender and message authenticity. Once selected, specify the following parameters: SPF Check: Select an action for the SPF check that compares the client IP address to the IP addresses of authorized senders in the DNS record provided the sender domain DNS record lists SPF authorized IP addresses. You can choose from the following options: Enable Disable Bypass Enable DKIM check: Select Enable to query the DNS server that hosts the DNS record for the sender's domain name to retrieve its public key to decrypt and verify the DKIM signature; provided an `RFC 4871` DKIM signature is present. Enable DKIM signing for outgoing messages: Select Enable to sign outgoing email with a DKIM signature. You must first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain. Enable DKIM signing for authenticated senders only: Select Enable to sign outgoing emails with a DKIM signature only if the sender is authenticated. Enable Domain Key Check: Select Enable to query the DNS server for the sender's domain name to retrieve its public key to decrypt and verify the DomainKey signature; provided a DomainKey signature is present. Bypass Bounce Verification Check: Select Enable to omit verification of bounce address tags on incoming bounce messages. Sender Address Verification With Ldap: Select Enable to verify sender email addresses on an LDAP server.
Session Settings	Select to configure session profiles. Session Action: Select an action profile from the following options: Discard Encrypt_Pull Reject Replace System Quarantine User Quarantine Message Selection: Select whether the action should be applied to All messages or Accepted messages only. Reject EHLO/HELO commands with invalid characters in the domain: Select Enable to return SMTP reply code `501` rejecting the SMTP greeting, provided the client or server uses a greeting that contains a domain name with invalid characters. Perform Strict Syntax Checking: Select Enable to return SMTP reply code `503` rejecting the SMTP command, provided the client or server uses SMTP commands that are syntactically incorrect. ACK EOM before AntiSpam check: Select Enable to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for anti-spam scanning to complete.
Lists	Select this option to configure the sender and recipient block lists and safe lists, to use with the session profile. Block and safe lists are separate for each session profile and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Enable Sender Safe List: Select Enable to check the sender addresses in the email envelope (`MAILFROM:`) and email header (`From:`) against the safe list in the SMTP sessions to which this profile is applied. Enable Sender Blocklist: Select Enable to check the sender addresses in the email envelope (`MAIL FROM:`) and email header (`From:`) against the block list in the SMTP sessions to which this profile is applied Allow Recipients on this list: Select Enable to check the recipient addresses in the email envelope (`RCPT TO:`) against the safe list in the SMTP sessions to which this profile is applied. Disallow Recipients on this list: Select Enable to check the recipient addresses in the email envelope (`RCPT TO:`) against the block list in the SMTP sessions to which this profile is applied.

Output

The output contains the following populated JSON schema:

{
    "spf": "",
    "dkim": "",
    "mkey": "",
    "queue": "",
    "route": "",
    "action": "",
    "eom_ack": "",
    "comment": "",
    "rewrite": "",
    "objectID": "",
    "conn_hide": "",
    "domainkey": "",
    "reqAction": "",
    "error_free": "",
    "remote_log": "",
    "bounce_rule": "",
    "error_total": "",
    "helo_custom": "",
    "hide_header": "",
    "limit_NOOPs": "",
    "limit_RSETs": "",
    "limit_helos": "",
    "splice_what": "",
    "dkim_signing": "",
    "limit_emails": "",
    "rewrite_helo": "",
    "splice_after": "",
    "hide_received": "",
    "splice_enable": "",
    "access_control": "",
    "nodePermission": "",
    "sender_rewrite": "",
    "block_encrypted": "",
    "check_client_ip": "",
    "conn_concurrent": "",
    "error_increment": "",
    "allow_pipelining": "",
    "blacklist_enable": "",
    "check_open_relay": "",
    "command_checking": "",
    "conn_blacklisted": "",
    "limit_recipients": "",
    "whitelist_enable": "",
    "check_helo_domain": "",
    "conn_idle_timeout": "",
    "limit_header_size": "",
    "recipient_rewrite": "",
    "sender_reputation": "",
    "check_domain_chars": "",
    "check_mason_effect": "",
    "conn_rate_how_many": "",
    "disallow_encrypted": "",
    "limit_message_size": "",
    "number_of_messages": "",
    "check_sender_domain": "",
    "error_initial_delay": "",
    "rewrite_helo_custom": "",
    "sender_verification": "",
    "to_blacklist_enable": "",
    "to_whitelist_enable": "",
    "bypass_bounce_verify": "",
    "number_of_recipients": "",
    "check_recipient_domain": "",
    "disallow_empty_domains": "",
    "remove_current_headers": "",
    "session_action_msg_type": "",
    "sender_reputation_reject": "",
    "sender_reputation_tempfail": "",
    "sender_reputation_throttle": "",
    "sender_addr_rate_ctrl_state": "",
    "sender_verification_profile": "",
    "sender_addr_rate_ctrl_action": "",
    "dkim_signing_authenticated_only": "",
    "msisdn_sender_reputation_action": "",
    "msisdn_sender_reputation_status": "",
    "msisdn_sender_reputation_trigger": "",
    "sender_reputation_throttle_number": "",
    "sender_reputation_throttle_percent": "",
    "sender_addr_rate_ctrl_max_recipients": "",
    "msisdn_sender_reputation_blacklist_duration": ""
}

operation: Create AntiSpam Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the anti-spam profile that you want to create on Fortinet FortiMail.
Default Action	Select the default action that this operation should take when the policy matches. You can choose from the following actions: None Default Discard Reject System Quarantine User Quarantine Tag Subject
Scan Configurations	Select this option to configure the scan on Fortinet FortiMail. Greylist: Select Enable to apply grey-listing. SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record. SPF Options: Select this checkbox to enable specifying different actions towards different SPF check results. SPF Fail Status: Select Enable to indicate that host is not authorized to send messages. SPF Fail Action: Select the actions to be performed if host is not authorized to send messages. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Soft Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement. SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Sender Alignment Status: Select Enable to indicate Header From and authorization domain mismatch. SPF Sender Alignment Action: Select the actions to be performed if Header From and authorization domain mismatch. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Permanent Error Status: Select Enable to indicate that the SPF records are invalid. SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Temporary Error Status: Select Enable to indicate a processing error. SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Pass Status: Select Enable to indicate that the host is authorized to send messages. SPF Pass Action: Select the actions to be performed if the host is authorized to send messages. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion. SPF Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion.You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF None Status: Select Enable to indicate there is no SPF record. SPF None Action: Select the actions to be performed if there is no SPF record. You can choose from the following options: DMARC Status: Select to enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. DMARC passes when either SPF or DKIM check passes. If both of them fail, DMARC check fails. DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Behavior Analysis Status: Select to enable Behavior analysis (BA) to analyze the similarities between an uncertain email and a known spam email in the BA database and determine if the uncertain email is spam. Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Header Analysis Status: Select to enable this option to examine the entire message header for spam characteristics. Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Image Spam: Select to enable Image spam in the AntiSpam Profile. Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Aggressive: Select to enable aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

The output contains the following populated JSON schema:

{
    "mkey": "",
    "dnsbl": "",
    "surbl": "",
    "bayesian": "",
    "greylist": "",
    "objectID": "",
    "scan_pdf": "",
    "heuristic": "",
    "imagespam": "",
    "reqAction": "",
    "aggressive": "",
    "bannedword": "",
    "dictionary": "",
    "fortiguard": "",
    "scanner_rbl": "",
    "action_dmarc": "",
    "dmarc_status": "",
    "phishing_uri": "",
    "scan_maxsize": "",
    "spf_checking": "",
    "impersonation": "",
    "scanner_surbl": "",
    "spam_outbreak": "",
    "whitelistword": "",
    "nodePermission": "",
    "action_spf_fail": "",
    "action_spf_none": "",
    "action_spf_pass": "",
    "dictionary_type": "",
    "heuristic_lower": "",
    "heuristic_upper": "",
    "scanner_default": "",
    "spf_fail_status": "",
    "spf_none_status": "",
    "spf_pass_status": "",
    "bayesian_user_db": "",
    "scanner_bayesian": "",
    "action_newsletter": "",
    "behavior_analysis": "",
    "newsletter_status": "",
    "scanner_grey_list": "",
    "scanner_heuristic": "",
    "action_spf_neutral": "",
    "scanner_dictionary": "",
    "scanner_fortiguard": "",
    "scanner_image_spam": "",
    "spf_neutral_status": "",
    "deepheader_analysis": "",
    "deepheader_check_ip": "",
    "dictionary_group_id": "",
    "fortiguard_check_ip": "",
    "scan_bypass_on_auth": "",
    "scanner_banned_word": "",
    "scanner_deep_header": "",
    "action_spf_soft_fail": "",
    "apply_action_default": "",
    "scanner_phishing_uri": "",
    "spf_soft_fail_status": "",
    "uri_filter_secondary": "",
    "action_spf_perm_error": "",
    "action_spf_temp_error": "",
    "bayesian_autotraining": "",
    "bayesian_usertraining": "",
    "spf_perm_error_status": "",
    "spf_temp_error_status": "",
    "uri_filter_fortiguard": "",
    "impersonation_analysis": "",
    "heuristic_rules_percent": "",
    "action_behavior_analysis": "",
    "minimum_dictionary_score": "",
    "dictionary_profile_id_new": "",
    "scanner_fortiguard_blackip": "",
    "action_ip_reputation_level1": "",
    "action_ip_reputation_level2": "",
    "action_ip_reputation_level3": "",
    "action_spf_sender_alignment": "",
    "action_uri_filter_secondary": "",
    "ip_reputation_level1_status": "",
    "ip_reputation_level2_status": "",
    "ip_reputation_level3_status": "",
    "spf_sender_alignment_status": "",
    "uri_filter_secondary_status": "",
    "action_suspicious_newsletter": "",
    "suspicious_newsletter_status": "",
    "action_impersonation_analysis": "",
    "dkim_status": "",
    "arc_status": "",
    "action_arc": "",
    "arc_override_option": "",
    "impersonation_status": "",
    "cousin_domain": "",
    "cousin_domain_scan_option": "",
    "cousin_domain_profile": "",
    "action_dkim": "",
    "action_cousin_domain": "",
    "comment": ""
}

operation: Get AntiSpam Profile Details

Input parameters

Parameter	Description
Profile Name	Specify the name of the anti-spam profile whose associated details you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "mkey": "",
    "dnsbl": "",
    "surbl": "",
    "bayesian": "",
    "greylist": "",
    "objectID": "",
    "scan_pdf": "",
    "heuristic": "",
    "imagespam": "",
    "reqAction": "",
    "aggressive": "",
    "bannedword": "",
    "dictionary": "",
    "fortiguard": "",
    "scanner_rbl": "",
    "action_dmarc": "",
    "dmarc_status": "",
    "phishing_uri": "",
    "scan_maxsize": "",
    "spf_checking": "",
    "impersonation": "",
    "scanner_surbl": "",
    "spam_outbreak": "",
    "whitelistword": "",
    "nodePermission": "",
    "action_spf_fail": "",
    "action_spf_none": "",
    "action_spf_pass": "",
    "dictionary_type": "",
    "heuristic_lower": "",
    "heuristic_upper": "",
    "scanner_default": "",
    "spf_fail_status": "",
    "spf_none_status": "",
    "spf_pass_status": "",
    "bayesian_user_db": "",
    "scanner_bayesian": "",
    "action_newsletter": "",
    "behavior_analysis": "",
    "newsletter_status": "",
    "scanner_grey_list": "",
    "scanner_heuristic": "",
    "action_spf_neutral": "",
    "scanner_dictionary": "",
    "scanner_fortiguard": "",
    "scanner_image_spam": "",
    "spf_neutral_status": "",
    "deepheader_analysis": "",
    "deepheader_check_ip": "",
    "dictionary_group_id": "",
    "fortiguard_check_ip": "",
    "scan_bypass_on_auth": "",
    "scanner_banned_word": "",
    "scanner_deep_header": "",
    "action_spf_soft_fail": "",
    "apply_action_default": "",
    "scanner_phishing_uri": "",
    "spf_soft_fail_status": "",
    "uri_filter_secondary": "",
    "action_spf_perm_error": "",
    "action_spf_temp_error": "",
    "bayesian_autotraining": "",
    "bayesian_usertraining": "",
    "spf_perm_error_status": "",
    "spf_temp_error_status": "",
    "uri_filter_fortiguard": "",
    "impersonation_analysis": "",
    "heuristic_rules_percent": "",
    "action_behavior_analysis": "",
    "minimum_dictionary_score": "",
    "dictionary_profile_id_new": "",
    "scanner_fortiguard_blackip": "",
    "action_ip_reputation_level1": "",
    "action_ip_reputation_level2": "",
    "action_ip_reputation_level3": "",
    "action_spf_sender_alignment": "",
    "action_uri_filter_secondary": "",
    "ip_reputation_level1_status": "",
    "ip_reputation_level2_status": "",
    "ip_reputation_level3_status": "",
    "spf_sender_alignment_status": "",
    "uri_filter_secondary_status": "",
    "action_suspicious_newsletter": "",
    "suspicious_newsletter_status": "",
    "action_impersonation_analysis": "",
    "dkim_status": "",
    "arc_status": "",
    "action_arc": "",
    "arc_override_option": "",
    "impersonation_status": "",
    "cousin_domain": "",
    "cousin_domain_scan_option": "",
    "cousin_domain_profile": "",
    "action_dkim": "",
    "action_cousin_domain": "",
    "comment": ""
}

operation: Get AntiSpam Profiles for Domain

Input parameters

Parameter	Description
Domain	Specify the name of the domain whose associated AntiSpam Profiles you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "totalRemoteCount": "",
    "subCount": "",
    "remoteSorting": "",
    "nextPage": "",
    "collection": [
        {
        "mdomain": "",
        "mkey": "",
        "dictionary_type": "",
        "minimum_dictionary_score": "",
        "isReferenced": "",
        "comment": ""
        }
    ],
    "nodePermission": "",
    "nodeAccessDetails": ""
}

operation: Get Configured Domains

Input parameters

None.

Output

The output contains the following populated JSON schema:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [
        {
        "ip": "",
        "mkey": "",
        "port": "",
        "mxflag": "",
        "maindomain": "",
        "is_subdomain": "",
        "is_association": "",
        "is_service_domain": "",
        "recipient_verification": "",
        "ec_status": "",
        "isReferenced": "",
        "failed_time": ""
        }
    ],
    "remoteSorting": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "totalRemoteCount": ""
}

operation: Get GreyList

Input parameters

None.

Output

The output contains the following populated JSON schema:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [],
    "remoteSorting": "",
    "nodePermission": "",
    "totalRemoteCount": "",
    "nodeAccessDetails": ""
}

operation: Get Auto Exempt GreyList

Input parameters

None.

Output

The output contains the following populated JSON schema:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [],
    "remoteSorting": "",
    "nodePermission": "",
    "totalRemoteCount": "",
    "nodeAccessDetails": ""
}

operation: Get Profile Names Based on Profile Type

Input parameters

Parameter	Description
Profile Type	Select the profile type to retrieve profile names from Fortinet FortiMail. You can choose from following options: Session AntiSpam

Output

The output contains the following populated JSON schema:

Output schema when you choose Profile Type as Session:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [
        {
        "mkey": "",
        "action": "",
        "comment": "",
        "isReferenced": ""
        }
    ],
    "remoteSorting": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "totalRemoteCount": ""
}

Output schema when you choose Profile Type as AntiSpam:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [
        {
        "mkey": "",
        "isReferenced": "",
        "dictionary_type": "",
        "minimum_dictionary_score": "",
        "comment": ""
        }
    ],
    "remoteSorting": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "totalRemoteCount": ""
}

operation: Get Recipient Policies for Domain

Input parameters

Parameter	Description
Domain	Specify the name of the domain whose associated Recipient Policies you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [
        {
            "auth": "",
            "misc": "",
            "mkey": "",
            "status": "",
            "comment": "",
            "content": "",
            "mdomain": "",
            "pkiauth": "",
            "pkiuser": "",
            "antispam": "",
            "antivirus": "",
            "direction": "",
            "groupmode": "",
            "imap_auth": "",
            "ldap_auth": "",
            "pop3_auth": "",
            "smtp_auth": "",
            "profile_dlp": "",
            "radius_auth": "",
            "sender_type": "",
            "sender_pattern_regex": "",
            "ldap_profile": "",
            "sender_domain": "",
            "sender_pattern": "",
            "recipient_domain": "",
            "recipient_pattern": "",
            "recipient_pattern_regex": "",
            "sender_ldap_profile": "",
            "sender_email_address_group": "",
            "recipient_email_address_group": ""
        }
    ],
    "remoteSorting": "",
    "nodePermission": "",
    "totalRemoteCount": ""
}

operation: Get Session Profile Details

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile whose details you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "spf": "",
    "dkim": "",
    "mkey": "",
    "queue": "",
    "route": "",
    "action": "",
    "eom_ack": "",
    "rewrite": "",
    "objectID": "",
    "conn_hide": "",
    "domainkey": "",
    "reqAction": "",
    "error_free": "",
    "remote_log": "",
    "bounce_rule": "",
    "error_total": "",
    "helo_custom": "",
    "hide_header": "",
    "limit_NOOPs": "",
    "limit_RSETs": "",
    "limit_helos": "",
    "splice_what": "",
    "dkim_signing": "",
    "limit_emails": "",
    "rewrite_helo": "",
    "splice_after": "",
    "hide_received": "",
    "splice_enable": "",
    "access_control": "",
    "nodePermission": "",
    "sender_rewrite": "",
    "block_encrypted": "",
    "check_client_ip": "",
    "conn_concurrent": "",
    "error_increment": "",
    "allow_pipelining": "",
    "blacklist_enable": "",
    "check_open_relay": "",
    "command_checking": "",
    "conn_blacklisted": "",
    "limit_recipients": "",
    "whitelist_enable": "",
    "check_helo_domain": "",
    "conn_idle_timeout": "",
    "limit_header_size": "",
    "recipient_rewrite": "",
    "sender_reputation": "",
    "check_domain_chars": "",
    "check_mason_effect": "",
    "conn_rate_how_many": "",
    "disallow_encrypted": "",
    "limit_message_size": "",
    "number_of_messages": "",
    "check_sender_domain": "",
    "error_initial_delay": "",
    "rewrite_helo_custom": "",
    "sender_verification": "",
    "to_blacklist_enable": "",
    "to_whitelist_enable": "",
    "bypass_bounce_verify": "",
    "number_of_recipients": "",
    "check_recipient_domain": "",
    "disallow_empty_domains": "",
    "remove_current_headers": "",
    "session_action_msg_type": "",
    "sender_reputation_reject": "",
    "sender_reputation_tempfail": "",
    "sender_reputation_throttle": "",
    "sender_addr_rate_ctrl_state": "",
    "sender_verification_profile": "",
    "sender_addr_rate_ctrl_action": "",
    "dkim_signing_authenticated_only": "",
    "msisdn_sender_reputation_action": "",
    "msisdn_sender_reputation_status": "",
    "msisdn_sender_reputation_trigger": "",
    "sender_reputation_throttle_number": "",
    "sender_reputation_throttle_percent": "",
    "sender_addr_rate_ctrl_max_recipients": "",
    "msisdn_sender_reputation_blacklist_duration": ""
}

operation: Get Sender Whitelist For Session Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "totalRemoteCount": "",
    "subCount": "",
    "remoteSorting": "",
    "nextPage": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "collection": [
        {
            "mkey": ""
        }
    ]
}

operation: Get Sender Blacklist for Session Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "totalRemoteCount": "",
    "subCount": "",
    "remoteSorting": "",
    "nextPage": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "collection": [
        {
            "mkey": ""
        }
    ]
}

operation: Block Sender Address

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile to whose associated sender block list you want to add the specified address.
Sender Email Address	Specify the email address that you want to block by adding it to the sender block list of the specified session profile.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": ""
}

operation: Block Recipient Address

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile to whose associated recipient block list you want to add the specified address.
Recipient Email Address	Specify the email address that you want to block by adding it to the recipient block list of the specified session profile.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": ""
}

operation: Unblock Sender Address

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile from whose associated sender block list you want to remove the specified address.
Sender Email Address	Specify the email address that you want to unblock by removing it from the sender block list of the specified session profile.

Output

The output contains the following populated JSON schema:

{
    "errorType": "",
    "errorMsg": "",
    "objectID": "",
    "reqAction": ""
}

operation: Unblock Recipient Address

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile from whose associated recipient block list you want to remove the specified address.
Recipient Email Address	Specify the email address that you want to unblock by removing it from the recipient block list of the specified session profile.

Output

The output contains the following populated JSON schema:

{
    "errorType": "",
    "errorMsg": "",
    "objectID": "",
    "reqAction": ""
}

operation: Update Block List

Input parameters

Parameter	Description
Action	Select the action that you want to perform. You can choose from the following options: Add: Select this option to add items to blocked list. Remove: Select this option to remove items from blocked list.
Resource	Select the resource you want use for this request. You can choose from following options: `UserMaillist` `SenderListV2` By default, it is set to `UserMaillist`.
List Type	Select the block list you want to update. You can choose from following options: System Domain: Specify the domain name for which you want to create the block list in the Domain field. Personal: Specify the email address for which you want to create a personal block list in the Email Address field.
Items	Specify a comma-separated list of items, i.e. email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected block list.

Output

The output contains the following populated JSON schema:

If you choose Action as Add and Resource as UserMaillist, then the output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": "",
    "listname": "",
    "listitems": ""
}

If you choose Action as Add and Resource as SenderListV2, then the output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": ""
}

Output schema when you choose Action as Remove:

{
    "errorMsg": "",
    "objectID": "",
    "errorType": "",
    "reqAction": ""
}

operation: Update Safe List

Input parameters

Parameter	Description
Action	Select the action that you want to perform. You can choose from the following options: Add: Select this option to add items to safe list. Remove: Select this option to remove items from safe list.
Resource	Select the resource you want use for this request. You can choose from following options: `UserMaillist` `SenderListV2` By default, it is set to `UserMaillist`.
List Type	Select the safe list you want to update. You can choose from following options: System Domain: Specify the domain name for which you want to create the safe list in the Domain field. Personal: Specify the email address for which you want to create a personal safe list in the Email Address field.
Items	Specify a comma-separated list of items, i.e. email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected safe list.

Output

The output contains the following populated JSON schema:

If you choose Action as Add and Resource as UserMaillist, then the output contains the following populated JSON schema:

{
    "mkey": "",
    "listname": "",
    "objectID": "",
    "listitems": "",
    "reqAction": "",
    "nodePermission": ""
}

If you choose Action as Add and Resource as SenderListV2, then the output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": ""
}

Output schema when you choose Action as Remove:

{
    "errorType": "",
    "errorMsg": "",
    "objectID": "",
    "reqAction": ""
}

operation: Update Session Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the profile that you want to update on Fortinet FortiMail.
Connection Settings	Select this option to configure connection settings. Once selected, specify the following parameters: Restrict The Number Of Connections Per Client Per 30 Minutes To: Specify the maximum number of connections per client IP address per 30 minutes. `0` means no limit. Restrict The Number Of Messages Per Client Per 30 Minutes To: Specify the maximum number of email messages a client can send per 30 minutes. `0` means no limit. Restrict The Number Of Recipients Per Client Per 30 Minutes To: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. `0` means no limit. Maximum Concurrent Connections For Each Client: Specify the maximum number of concurrent connections per client. `0` means no limit. Connection Idle Timeout (seconds): Specify the number of seconds upto which a client remain idle before Fortinet FortiMail drops the connection.
Sender Reputation	Select this option to configure sender reputation. Once selected, specify the following parameters: Enable Sender Reputation: Select this option to accept or reject emails based on the sender reputation score. Other parameters are applicable only if you select Enable. Throttle Client At: Specify the sender reputation score for the FortiMail unit to rate limit the number of email messages that can be sent by this SMTP client. Restrict Number Of Email Per Hour To: Specify the maximum number of email messages per hour for Fortinet FortiMail to accept from a throttled SMTP client. Restrict Email To [Percent Of Previous Hour]: Specify the maximum number of email messages per hour for Fortinet FortiMail to accept from a throttled SMTP client as a percentage of the number of email messages sent during the previous hour. Temporarily Fail Client At: Specify a sender reputation score for Fortinet FortiMail to return a temporary failure error when the SMTP client attempts to initiate a connection. Reject Client At: Specify a sender reputation score for Fortinet FortiMail to reject the email and reply with SMTP reply code `550` when the SMTP client attempts to initiate a connection. Check Fortiguard Ip Reputation At Connection Phase: Select this option to query the FortiGuard anti-spam service to determine if the IP address of the SMTP server is in a blocked list, during the connection phase.
Endpoint Reputation	Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once selected, specify the following parameters: Enable Endpoint Reputation: Select this option to accept or reject emails based on the sender reputation score. Other parameters are applicable only if you select Enable. Action:: Select Reject to reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value.Select Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries appear in the history log. Auto Blocklist Score Trigger Value: Enter the MSISDN reputation score over which Fortinet FortiMail adds the MSISDN/subscriber ID to the automatic blocklist. Auto Blocklist Duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID is prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation	Select to configure the settings for confirming sender and message authenticity. Once selected, specify the following parameters: SPF Check: Select an action for the SPF check that compares the client IP address to the IP addresses of authorized senders in the DNS record provided the sender domain DNS record lists SPF authorized IP addresses. You can choose from the following options: Enable Disable Bypass Enable DKIM check: Select Enable to query the DNS server that hosts the DNS record for the sender's domain name to retrieve its public key to decrypt and verify the DKIM signature; provided an `RFC 4871` DKIM signature is present. Enable DKIM signing for outgoing messages: Select Enable to sign outgoing email with a DKIM signature. You must first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain. Enable DKIM signing for authenticated senders only: Select Enable to sign outgoing emails with a DKIM signature only if the sender is authenticated. Enable Domain Key Check: Select Enable to query the DNS server for the sender's domain name to retrieve its public key to decrypt and verify the DomainKey signature; provided a DomainKey signature is present. Bypass Bounce Verification Check: Select Enable to omit verification of bounce address tags on incoming bounce messages. Sender Address Verification With LDAP: Select Enable to verify sender email addresses on an LDAP server.
Session Settings	Select to configure session profiles. Session Action: Select an action profile from the following options: Discard Encrypt_Pull Reject Replace System Quarantine User Quarantine Message Selection: Select whether the action should be applied to All messages or Accepted messages only. Reject EHLO/HELO commands with invalid characters in the domain: Select Enable to return SMTP reply code `501` rejecting the SMTP greeting, provided the client or server uses a greeting that contains a domain name with invalid characters. Perform Strict Syntax Checking: Select Enable to return SMTP reply code `503` rejecting the SMTP command, provided the client or server uses SMTP commands that are syntactically incorrect. ACK EOM before AntiSpam check: Select Enable to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for anti-spam scanning to complete.
Lists	Select this option to configure the sender and recipient block lists and safe lists, to use with the session profile. Block and safe lists are separate for each session profile and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Enable Sender Safe List: Select Enable to check the sender addresses in the email envelope (`MAILFROM:`) and email header (`From:`) against the safe list in the SMTP sessions to which this profile is applied. Enable Sender Blocklist: Select Enable to check the sender addresses in the email envelope (`MAIL FROM:`) and email header (`From:`) against the block list in the SMTP sessions to which this profile is applied Allow Recipients on this list: Select Enable to check the recipient addresses in the email envelope (`RCPT TO:`) against the safe list in the SMTP sessions to which this profile is applied. Disallow Recipients on this list: Select Enable to check the recipient addresses in the email envelope (`RCPT TO:`) against the block list in the SMTP sessions to which this profile is applied.

Output

The output contains the following populated JSON schema:

{
    "spf": "",
    "dkim": "",
    "mkey": "",
    "queue": "",
    "route": "",
    "action": "",
    "eom_ack": "",
    "comment": "",
    "rewrite": "",
    "objectID": "",
    "conn_hide": "",
    "domainkey": "",
    "reqAction": "",
    "error_free": "",
    "remote_log": "",
    "bounce_rule": "",
    "error_total": "",
    "helo_custom": "",
    "hide_header": "",
    "limit_NOOPs": "",
    "limit_RSETs": "",
    "limit_helos": "",
    "splice_what": "",
    "dkim_signing": "",
    "limit_emails": "",
    "rewrite_helo": "",
    "splice_after": "",
    "hide_received": "",
    "splice_enable": "",
    "access_control": "",
    "nodePermission": "",
    "sender_rewrite": "",
    "block_encrypted": "",
    "check_client_ip": "",
    "conn_concurrent": "",
    "error_increment": "",
    "allow_pipelining": "",
    "blacklist_enable": "",
    "check_open_relay": "",
    "command_checking": "",
    "conn_blacklisted": "",
    "limit_recipients": "",
    "whitelist_enable": "",
    "check_helo_domain": "",
    "conn_idle_timeout": "",
    "limit_header_size": "",
    "recipient_rewrite": "",
    "sender_reputation": "",
    "check_domain_chars": "",
    "check_mason_effect": "",
    "conn_rate_how_many": "",
    "disallow_encrypted": "",
    "limit_message_size": "",
    "number_of_messages": "",
    "check_sender_domain": "",
    "error_initial_delay": "",
    "rewrite_helo_custom": "",
    "sender_verification": "",
    "to_blacklist_enable": "",
    "to_whitelist_enable": "",
    "bypass_bounce_verify": "",
    "number_of_recipients": "",
    "check_recipient_domain": "",
    "disallow_empty_domains": "",
    "remove_current_headers": "",
    "session_action_msg_type": "",
    "sender_reputation_reject": "",
    "sender_reputation_tempfail": "",
    "sender_reputation_throttle": "",
    "sender_addr_rate_ctrl_state": "",
    "sender_verification_profile": "",
    "sender_addr_rate_ctrl_action": "",
    "dkim_signing_authenticated_only": "",
    "msisdn_sender_reputation_action": "",
    "msisdn_sender_reputation_status": "",
    "msisdn_sender_reputation_trigger": "",
    "sender_reputation_throttle_number": "",
    "sender_reputation_throttle_percent": "",
    "sender_addr_rate_ctrl_max_recipients": "",
    "msisdn_sender_reputation_blacklist_duration": ""
}

operation: Update AntiSpam Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the anti-spam profile that you want to update on Fortinet FortiMail.
Default Action	Select the default action that this operation should take when the policy matches. You can choose from the following actions: None Default Discard Reject System Quarantine User Quarantine Tag Subject
Scan Configurations	Select this option to configure the scan on Fortinet FortiMail. Greylist: Select Enable to apply grey-listing. SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record. SPF Options: Select this checkbox to enable specifying different actions towards different SPF check results. SPF Fail Status: Select Enable to indicate that host is not authorized to send messages. SPF Fail Action: Select the actions to be performed if host is not authorized to send messages. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Soft Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement. SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Sender Alignment Status: Select Enable to indicate Header From and authorization domain mismatch. SPF Sender Alignment Action: Select the actions to be performed if Header From and authorization domain mismatch. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Permanent Error Status: Select Enable to indicate that the SPF records are invalid. SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Temporary Error Status: Select Enable to indicate a processing error. SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Pass Status: Select Enable to indicate that the host is authorized to send messages. SPF Pass Action: Select the actions to be performed if the host is authorized to send messages. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion. SPF Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion.You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF None Status: Select Enable to indicate there is no SPF record. SPF None Action: Select the actions to be performed if there is no SPF record. You can choose from the following options: DMARC Status: Select to enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. DMARC passes when either SPF or DKIM check passes. If both of them fail, DMARC check fails. DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Behavior Analysis Status: Select to enable Behavior analysis (BA) to analyze the similarities between an uncertain email and a known spam email in the BA database and determine if the uncertain email is spam. Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Header Analysis Status: Select to enable this option to examine the entire message header for spam characteristics. Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Image Spam: Select to enable Image spam in the AntiSpam Profile. Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Aggressive: Select to enable aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

The output contains the following populated JSON schema:

{
    "mkey": "",
    "dnsbl": "",
    "surbl": "",
    "bayesian": "",
    "greylist": "",
    "objectID": "",
    "scan_pdf": "",
    "heuristic": "",
    "imagespam": "",
    "reqAction": "",
    "aggressive": "",
    "bannedword": "",
    "dictionary": "",
    "fortiguard": "",
    "scanner_rbl": "",
    "action_dmarc": "",
    "dmarc_status": "",
    "phishing_uri": "",
    "scan_maxsize": "",
    "spf_checking": "",
    "impersonation": "",
    "scanner_surbl": "",
    "spam_outbreak": "",
    "whitelistword": "",
    "nodePermission": "",
    "action_spf_fail": "",
    "action_spf_none": "",
    "action_spf_pass": "",
    "dictionary_type": "",
    "heuristic_lower": "",
    "heuristic_upper": "",
    "scanner_default": "",
    "spf_fail_status": "",
    "spf_none_status": "",
    "spf_pass_status": "",
    "bayesian_user_db": "",
    "scanner_bayesian": "",
    "action_newsletter": "",
    "behavior_analysis": "",
    "newsletter_status": "",
    "scanner_grey_list": "",
    "scanner_heuristic": "",
    "action_spf_neutral": "",
    "scanner_dictionary": "",
    "scanner_fortiguard": "",
    "scanner_image_spam": "",
    "spf_neutral_status": "",
    "deepheader_analysis": "",
    "deepheader_check_ip": "",
    "dictionary_group_id": "",
    "fortiguard_check_ip": "",
    "scan_bypass_on_auth": "",
    "scanner_banned_word": "",
    "scanner_deep_header": "",
    "action_spf_soft_fail": "",
    "apply_action_default": "",
    "scanner_phishing_uri": "",
    "spf_soft_fail_status": "",
    "uri_filter_secondary": "",
    "action_spf_perm_error": "",
    "action_spf_temp_error": "",
    "bayesian_autotraining": "",
    "bayesian_usertraining": "",
    "spf_perm_error_status": "",
    "spf_temp_error_status": "",
    "uri_filter_fortiguard": "",
    "impersonation_analysis": "",
    "heuristic_rules_percent": "",
    "action_behavior_analysis": "",
    "minimum_dictionary_score": "",
    "dictionary_profile_id_new": "",
    "scanner_fortiguard_blackip": "",
    "action_ip_reputation_level1": "",
    "action_ip_reputation_level2": "",
    "action_ip_reputation_level3": "",
    "action_spf_sender_alignment": "",
    "action_uri_filter_secondary": "",
    "ip_reputation_level1_status": "",
    "ip_reputation_level2_status": "",
    "ip_reputation_level3_status": "",
    "spf_sender_alignment_status": "",
    "uri_filter_secondary_status": "",
    "action_suspicious_newsletter": "",
    "suspicious_newsletter_status": "",
    "action_impersonation_analysis": "",
    "dkim_status": "",
    "arc_status": "",
    "action_arc": "",
    "arc_override_option": "",
    "impersonation_status": "",
    "cousin_domain": "",
    "cousin_domain_scan_option": "",
    "cousin_domain_profile": "",
    "action_dkim": "",
    "action_cousin_domain": "",
    "comment": ""
}

operation: Delete Session Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "errorMsg": "",
    "reqAction": "",
    "errorType": ""
}

operation: Delete AntiSpam Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the anti-spam profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "errorMsg": "",
    "reqAction": "",
    "errorType": ""
}

operation: Display Quarantine Mail List

Input parameters

Parameter	Description
Type	Select the type of quarantine mail list to retrieve from Fortinet FortiMail. You can select from the following options: System: Specify the name of folder in the Folder Name field from which to retrieve system quarantine mail list. Personal: Specify the email of user in the Account Email field whose mail list to retrieve from personal quarantine.
Start Index	Specify the start index of quarantine mail list you want to retrieve from Fortinet FortiMail. By default it is set as `0`.
Size	Specify the page size of quarantine mail list you want to retrieve from Fortinet FortiMail. By default it is set as `50`.

Output

The output contains the following populated JSON schema:

{
    "collection": [
        {
            "basename": "",
            "date": "",
            "env_from": "",
            "env_to": "",
            "folder": "",
            "from": "",
            "log_domain": "",
            "mkey": "",
            "rec_date": "",
            "session_id": "",
            "size": "",
            "status": "",
            "subject": "",
            "to": ""
        }
    ],
    "countInfo": "",
    "nextPage": "",
    "nodeAccessDetails": "",
    "nodePermission": "",
    "objectID": "",
    "remoteSorting": "",
    "reqAction": "",
    "subCount": "",
    "totalRemoteCount": ""
}

operation: View All Emails in Quarantine

Input parameters

Parameter	Description
Account Type	Specify the type of quarantine emails you want to retrieve from Fortinet FortiMail. You can select from the following options: System Quarantine: Specify the name of folder in the Folder Name field from which to retrieve system quarantine mail list. Personal Quarantine: Specify the email of user in the Email ID field whose mail list to retrieve from personal quarantine.
UID Scope	Specify the `mkey` of message of quarantine email whose details to retrieve.

Output

The output contains the following populated JSON schema:

Output schema when the UID Scope is specified:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": "",
    "status": "",
    "flag": "",
    "from": "",
    "subject": "",
    "received": "",
    "date": "",
    "size": "",
    "to": "",
    "importance": "",
    "attachments": "",
    "remain_time": "",
    "mailbox": "",
    "reply_to": "",
    "cc": "",
    "message_id": "",
    "references": "",
    "in_reply_to": "",
    "open_method": "",
    "readables": [
        {
            "mkey": "",
            "type": "",
            "content": ""
        }
    ],
    "parts": [
        {
            "mkey": "",
            "charset": "",
            "mediatype": "",
            "subtype": ""
        },
        {
            "mkey": "",
            "charset": "",
            "filename": "",
            "mediatype": "",
            "subtype": ""
        }
    ]
}

Output schema when the UID Scope is not specified:

{
    "objectID": "",
    "reqAction": "",
    "totalRemoteCount": "",
    "subCount": "",
    "remoteSorting": "",
    "nextPage": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "collection": [
        {
            "mkey": "",
            "status": "",
            "flag": "",
            "from": "",
            "subject": "",
            "received": "",
            "date": "",
            "size": "",
            "to": "",
            "importance": "",
            "attachments": "",
            "remain_time": ""
        }
    ]
}

operation: Release Quarantine Emails

Input parameters

Parameter	Description
Account Type	Specify the type of quarantine emails you want to release from Fortinet FortiMail. You can select from the following options: System Quarantine: Specify the name of folder in the Folder Name field from which to release system quarantine mail list. Personal Quarantine: Specify the email of user in the Email ID field whose mail list to release from personal quarantine.
Message IDs	Specify the message IDs(basenames) of quarantine emails you want to release from Fortinet FortiMail. You can specify multiple comma-separated message IDs. You can get message IDs(basename) from Display Quarantine Mail List action. For example: `1632943937.1321_675428_894122.D00001#Q#18TJWDLZ0022120000,1632943932.1321_675069_681493.D00001#Q#18TJW9aF002210000`
Release To Others	Select to release quarantine emails to other recipients. By default it is set as `false`. Release Recipients: Specify the emails of other recipient(s),to whom you want to release quarantine emails from Fortinet FortiMail. You can specify multiple comma-separated recipients(do not add whitespace).

Output

The output contains the following populated JSON schema:

{
    "errorType": "",
    "errorMsg": "",
    "objectID": "",
    "reqAction": ""
}

operation: Batch Release System Quarantine Emails

Input parameters

Parameter	Description
Folder Name	Specify the name of folder from which quarantine email you want to release. For Example, Bulk or user@domain.com
Start Date	Specify the start date for the system quarantine batch you want to release from Fortinet FortiMail.
End Date	Specify the end date for the system quarantine batch you want to release from Fortinet FortiMail.
Message Type	Specify the type of messages you want to release from system quarantine. You can choose from following: All Messages, Unreleased Only. By default it will release Unreleased Only.
Release To Original Recipients	Specify you want to release messages to original recipients or not. By default it is set to true.
Release To Others	Select to release system quarantine emails to other recipients. By default it is set as `false`. Release Recipients: Specify the emails of other recipient(s) to whom to release quarantine emails from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "errorType": "",
    "errorMsg": "",
    "objectID": "",
    "reqAction": ""
}

Included playbooks

The Sample - Fortinet FortiMail - 1.2.0 playbook collection comes bundled with the Fortinet FortiMail connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiMail connector.

Batch Release System Quarantine Emails
Block Recipient Address
Block Sender Address
Create AntiSpam Profile
Create Session Profile
Delete AntiSpam Profile
Delete Session Profile
Display Quarantine Mail List
Get AntiSpam Profiles for Domain
Get AntiSpam Profile Details
Get Auto Exempt GreyList
Get Configured Domains
Get GreyList
Get Profile Names Based on Profile Type
Get Recipient Policies for Domain
Get Sender Blacklist for Session Profile
Get Sender Whitelist For Session Profile
Get Session Profile Details
Release Quarantine Emails
Unblock Recipient Address
Unblock Sender Address
Update AntiSpam Profile
Update Block List
Update Safe List
Update Session Profile
View All Emails in Quarantine

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Enabling FortiMail REST API Support

To gain access to the FortiMail REST API and perform operations, you must enable the REST API on FortiMail, which by default is disabled.

To enable the REST API, for FortiMail releases 6.4.x and 7.0.x, use the following CLI command:

config system global
    set rest-api enable
end

To enable the REST API, for FortiMail releases 7.2.x, use the following CLI command:

config system web-service

    set rest-api enable

end

Additionally, to perform operations using the REST API users must also have the Access Mode REST API enabled.

About the connector

Version information

Connector Version: 1.2.0

FortiSOAR™ Version Tested on: 7.4.0-3024

Fortinet FortiMail Version Tested on: v7.2.0(GA-Feature), build338, 2022.05.09

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.2.0

Following enhancements have been made to the Fortinet FortiMail Connector in version 1.2.0:

Fixed a bug where Update Block List and Update Safe List actions were failing.
Added following actions and playbooks:
- Display Quarantine Mail List
- View All Emails in Quarantine
- Release Quarantine Emails
- Batch Release System Quarantine Emails
Added a parameter Resource to following actions:
- Update Safe List
- Update Block List
Updated titles of parameter in following actions:
- Create Session Profile
- Create AntiSpam Profile
- Update Session Profile
- Update AntiSpam Profile
Updated titles of following actions:
- Renamed Get Profile Name to Get Profile Names Based on Profile Type
- Renamed Get Domains Configured to Get Configured Domains
Updated the output schemas for the following operations in accordance with the new API:
- Create Session Profile
- Create AntiSpam Profile
- Get AntiSpam Profile Details
- Get AntiSpam Profiles for Domain
- Get Configured Domains
- Get GreyList
- Get Auto Exempt GreyList
- Get Profile Names Based on Profile Type
- Get Recipient Policies for Domain
- Get Sender Whitelist For Session Profile
- Get Sender Blacklist for Session Profile
- Update Block List
- Update Safe List
- Update Session Profile
- Update AntiSpam Profile"

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

    yum install cyops-connector-fortinet-fortimail

Prerequisites to configuring the connector

You must have the URL of Fortinet FortiMail server to connect and perform automated operations and credentials (username-password pair) to access that server.
The FortiSOAR™ server should have outbound connectivity to port 443 on the Fortinet FortiMail server.
You must also enable the REST API on FortiMail as explained in the Enabling FortiMAIL REST API Support section. Also, users who will be performing actions using the API must have the Access Mode REST API enabled.

Minimum Permissions Required

Not applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

Parameter	Description
Server URL	URL of the Fortinet FortiMail server to connect and perform automated operations.
Username	Username of the Fortinet FortiMail server to connect and perform automated operations.
Password	Password used to access the Fortinet FortiMail server to connect and perform the automated operations.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to `True`.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function	Description	Annotation and Category
Create Session Profile	Creates a session profile on Fortinet FortiMail based on the profile name and other input parameters you have specified.	create_session_profile Investigation
Create AntiSpam Profile	Creates an anti-spam profile on Fortinet FortiMail based on the profile name and other input parameters you have specified.	create_antispam_profile Investigation
Get AntiSpam Profile Details	Retrieves details of an anti-spam profile from Fortinet FortiMail based on the profile name you have specified.	get_antispam_profile Investigation
Get AntiSpam Profiles for Domain	Retrieves a list of all anti-spam profiles for a domain in Fortinet FortiMail based on the domain ID you have specified.	get_antispam_domains Investigation
Get Configured Domains	Retrieves a list of all domains configured on Fortinet FortiMail.	get_domains Investigation
Get GreyList	Retrieves the grey list configured on Fortinet FortiMail.	grey_list Investigation
Get Auto Exempt GreyList	Retrieves the automatically exempted grey list configured on Fortinet FortiMail.	grey_list Investigation
Get Profile Names Based on Profile Type	Retrieves a list of profile names from Fortinet FortiMail based on the profile type you have specified.	get_profile_name Investigation
Get Recipient Policies for Domain	Retrieves a list of all recipient policies for a domain in Fortinet FortiMail based on the domain ID you have specified.	get_recipient_policies Investigation
Get Session Profile Details	Retrieves details of a session profile from Fortinet FortiMail based on the profile name you have specified.	get_session_profile Investigation
Get Sender Whitelist For Session Profile	Retrieves a list of sender whitelists from Fortinet FortiMail based on the profile name you have specified.	get_session_safe_list Investigation
Get Sender Blacklist for Session Profile	Retrieves a list of sender blacklists from Fortinet FortiMail based on the profile name you have specified.	get_session_block_list Investigation
Block Sender Address	Adds an email address to the sender block list of a session profile based on the profile name and email address you have specified.	block_sender_address Containment
Block Recipient Address	Adds an email address to the recipient block list of a session profile based on the profile name and email address you have specified.	block_recipient_address Containment
Unblock Sender Address	Unblocks an email address by removing an email address from the sender block list of a session profile based on the profile name and email address you have specified.	unblock_sender_address Remediation
Unblock Recipient Address	Unblocks an email address by removing an email address from the recipient block list of a session profile based on the profile name and email address you have specified.	unblock_recipient_address Remediation
Update Block List	Updates, i.e. adds or removes items such as email addresses, domains, IP addresses from a block list based on the action, resource, and other input parameters you have specified.	update_block_list Remediation
Update Safe List	Updates, i.e. adds or removes items such as email addresses, domains, IP addresses from a safe list based on the action, resource, and other input parameters you have specified.	update_safe_list Remediation
Update Session Profile	Updates a session profile on Fortinet FortiMail based on the profile name and other input parameters you have specified.	update_session_profile Investigation
Update AntiSpam Profile	Updates an anti-spam profile on Fortinet FortiMail based on the profile name and other input parameters you have specified.	update_antispam_profile Investigation
Delete Session Profile	Deletes a session profile from Fortinet FortiMail based on the profile name you have specified.	delete_session_profile Investigation
Delete AntiSpam Profile	Deletes an anti-spam profile from Fortinet FortiMail based on the profile name you have specified.	delete_antispam_profile Investigation
Display Quarantine Mail List	Retrieves quarantine mail list from Fortinet FortiMail.	display_quarantine_mail_list Investigation
View All Emails in Quarantine	Retrieves all emails in quarantine from Fortinet FortiMail.	view_mail_in_quarantine Investigation
Release Quarantine Emails	Releases quarantine emails from Fortinet FortiMail based on the account type, folder name, and input parameters you have specified.	quarantine_release Investigation
Batch Release System Quarantine Emails	Releases quarantine emails from Fortinet FortiMail based on folder name, time period, and other input parameters you have specified.	system_quarantine_batch_release Investigation

operation: Create Session Profile

Input parameters

Parameter	Description
Profile Name	Specify the session profile name to create the profile.
Connection Settings	Select this option to configure connection settings. Once selected, specify the following parameters: Restrict The Number Of Connections Per Client Per 30 Minutes To: Specify the maximum number of connections per client IP address per 30 minutes. `0` means no limit. Restrict The Number Of Messages Per Client Per 30 Minutes To: Specify the maximum number of email messages a client can send per 30 minutes. `0` means no limit. Restrict The Number Of Recipients Per Client Per 30 Minutes To: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. `0` means no limit. Maximum Concurrent Connections For Each Client: Specify the maximum number of concurrent connections per client. `0` means no limit. Connection Idle Timeout (Seconds): Specify the number of seconds upto which a client remain idle before Fortinet FortiMail drops the connection.
Sender Reputation	Select this option to configure sender reputation. Once selected, specify the following parameters: Enable Sender Reputation: Select this option to accept or reject emails based on the sender reputation score. Other parameters are applicable only if you select Enable. Throttle Client At: Specify the sender reputation score for the FortiMail unit to rate limit the number of email messages that can be sent by this SMTP client. Restrict Number Of Email Per Hour To: Specify the maximum number of email messages per hour for Fortinet FortiMail to accept from a throttled SMTP client. Restrict Email To [Percent Of Previous Hour]: Specify the maximum number of email messages per hour for Fortinet FortiMail to accept from a throttled SMTP client as a percentage of the number of email messages sent during the previous hour. Temporarily Fail Client At: Specify a sender reputation score for Fortinet FortiMail to return a temporary failure error when the SMTP client attempts to initiate a connection. Reject Client At: Specify a sender reputation score for Fortinet FortiMail to reject the email and reply with SMTP reply code `550` when the SMTP client attempts to initiate a connection. Check FortiGuard IP reputation at connection phase: Select this option to query the FortiGuard anti-spam service to determine if the IP address of the SMTP server is in a blocked list, during the connection phase.
Endpoint Reputation	Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once selected, specify the following parameters: Enable Endpoint Reputation: Select this option to accept or reject emails based on the sender reputation score. Other parameters are applicable only if you select Enable. Action:: Select Reject to reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value.Select Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries appear in the history log. Auto Blocklist Score Trigger Value: Enter the MSISDN reputation score over which Fortinet FortiMail adds the MSISDN/subscriber ID to the automatic blocklist. Auto Blocklist Duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID is prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation	Select to configure the settings for confirming sender and message authenticity. Once selected, specify the following parameters: SPF Check: Select an action for the SPF check that compares the client IP address to the IP addresses of authorized senders in the DNS record provided the sender domain DNS record lists SPF authorized IP addresses. You can choose from the following options: Enable Disable Bypass Enable DKIM check: Select Enable to query the DNS server that hosts the DNS record for the sender's domain name to retrieve its public key to decrypt and verify the DKIM signature; provided an `RFC 4871` DKIM signature is present. Enable DKIM signing for outgoing messages: Select Enable to sign outgoing email with a DKIM signature. You must first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain. Enable DKIM signing for authenticated senders only: Select Enable to sign outgoing emails with a DKIM signature only if the sender is authenticated. Enable Domain Key Check: Select Enable to query the DNS server for the sender's domain name to retrieve its public key to decrypt and verify the DomainKey signature; provided a DomainKey signature is present. Bypass Bounce Verification Check: Select Enable to omit verification of bounce address tags on incoming bounce messages. Sender Address Verification With Ldap: Select Enable to verify sender email addresses on an LDAP server.
Session Settings	Select to configure session profiles. Session Action: Select an action profile from the following options: Discard Encrypt_Pull Reject Replace System Quarantine User Quarantine Message Selection: Select whether the action should be applied to All messages or Accepted messages only. Reject EHLO/HELO commands with invalid characters in the domain: Select Enable to return SMTP reply code `501` rejecting the SMTP greeting, provided the client or server uses a greeting that contains a domain name with invalid characters. Perform Strict Syntax Checking: Select Enable to return SMTP reply code `503` rejecting the SMTP command, provided the client or server uses SMTP commands that are syntactically incorrect. ACK EOM before AntiSpam check: Select Enable to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for anti-spam scanning to complete.
Lists	Select this option to configure the sender and recipient block lists and safe lists, to use with the session profile. Block and safe lists are separate for each session profile and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Enable Sender Safe List: Select Enable to check the sender addresses in the email envelope (`MAILFROM:`) and email header (`From:`) against the safe list in the SMTP sessions to which this profile is applied. Enable Sender Blocklist: Select Enable to check the sender addresses in the email envelope (`MAIL FROM:`) and email header (`From:`) against the block list in the SMTP sessions to which this profile is applied Allow Recipients on this list: Select Enable to check the recipient addresses in the email envelope (`RCPT TO:`) against the safe list in the SMTP sessions to which this profile is applied. Disallow Recipients on this list: Select Enable to check the recipient addresses in the email envelope (`RCPT TO:`) against the block list in the SMTP sessions to which this profile is applied.

Output

The output contains the following populated JSON schema:

{
    "spf": "",
    "dkim": "",
    "mkey": "",
    "queue": "",
    "route": "",
    "action": "",
    "eom_ack": "",
    "comment": "",
    "rewrite": "",
    "objectID": "",
    "conn_hide": "",
    "domainkey": "",
    "reqAction": "",
    "error_free": "",
    "remote_log": "",
    "bounce_rule": "",
    "error_total": "",
    "helo_custom": "",
    "hide_header": "",
    "limit_NOOPs": "",
    "limit_RSETs": "",
    "limit_helos": "",
    "splice_what": "",
    "dkim_signing": "",
    "limit_emails": "",
    "rewrite_helo": "",
    "splice_after": "",
    "hide_received": "",
    "splice_enable": "",
    "access_control": "",
    "nodePermission": "",
    "sender_rewrite": "",
    "block_encrypted": "",
    "check_client_ip": "",
    "conn_concurrent": "",
    "error_increment": "",
    "allow_pipelining": "",
    "blacklist_enable": "",
    "check_open_relay": "",
    "command_checking": "",
    "conn_blacklisted": "",
    "limit_recipients": "",
    "whitelist_enable": "",
    "check_helo_domain": "",
    "conn_idle_timeout": "",
    "limit_header_size": "",
    "recipient_rewrite": "",
    "sender_reputation": "",
    "check_domain_chars": "",
    "check_mason_effect": "",
    "conn_rate_how_many": "",
    "disallow_encrypted": "",
    "limit_message_size": "",
    "number_of_messages": "",
    "check_sender_domain": "",
    "error_initial_delay": "",
    "rewrite_helo_custom": "",
    "sender_verification": "",
    "to_blacklist_enable": "",
    "to_whitelist_enable": "",
    "bypass_bounce_verify": "",
    "number_of_recipients": "",
    "check_recipient_domain": "",
    "disallow_empty_domains": "",
    "remove_current_headers": "",
    "session_action_msg_type": "",
    "sender_reputation_reject": "",
    "sender_reputation_tempfail": "",
    "sender_reputation_throttle": "",
    "sender_addr_rate_ctrl_state": "",
    "sender_verification_profile": "",
    "sender_addr_rate_ctrl_action": "",
    "dkim_signing_authenticated_only": "",
    "msisdn_sender_reputation_action": "",
    "msisdn_sender_reputation_status": "",
    "msisdn_sender_reputation_trigger": "",
    "sender_reputation_throttle_number": "",
    "sender_reputation_throttle_percent": "",
    "sender_addr_rate_ctrl_max_recipients": "",
    "msisdn_sender_reputation_blacklist_duration": ""
}

operation: Create AntiSpam Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the anti-spam profile that you want to create on Fortinet FortiMail.
Default Action	Select the default action that this operation should take when the policy matches. You can choose from the following actions: None Default Discard Reject System Quarantine User Quarantine Tag Subject
Scan Configurations	Select this option to configure the scan on Fortinet FortiMail. Greylist: Select Enable to apply grey-listing. SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record. SPF Options: Select this checkbox to enable specifying different actions towards different SPF check results. SPF Fail Status: Select Enable to indicate that host is not authorized to send messages. SPF Fail Action: Select the actions to be performed if host is not authorized to send messages. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Soft Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement. SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Sender Alignment Status: Select Enable to indicate Header From and authorization domain mismatch. SPF Sender Alignment Action: Select the actions to be performed if Header From and authorization domain mismatch. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Permanent Error Status: Select Enable to indicate that the SPF records are invalid. SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Temporary Error Status: Select Enable to indicate a processing error. SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Pass Status: Select Enable to indicate that the host is authorized to send messages. SPF Pass Action: Select the actions to be performed if the host is authorized to send messages. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion. SPF Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion.You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF None Status: Select Enable to indicate there is no SPF record. SPF None Action: Select the actions to be performed if there is no SPF record. You can choose from the following options: DMARC Status: Select to enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. DMARC passes when either SPF or DKIM check passes. If both of them fail, DMARC check fails. DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Behavior Analysis Status: Select to enable Behavior analysis (BA) to analyze the similarities between an uncertain email and a known spam email in the BA database and determine if the uncertain email is spam. Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Header Analysis Status: Select to enable this option to examine the entire message header for spam characteristics. Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Image Spam: Select to enable Image spam in the AntiSpam Profile. Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Aggressive: Select to enable aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

The output contains the following populated JSON schema:

{
    "mkey": "",
    "dnsbl": "",
    "surbl": "",
    "bayesian": "",
    "greylist": "",
    "objectID": "",
    "scan_pdf": "",
    "heuristic": "",
    "imagespam": "",
    "reqAction": "",
    "aggressive": "",
    "bannedword": "",
    "dictionary": "",
    "fortiguard": "",
    "scanner_rbl": "",
    "action_dmarc": "",
    "dmarc_status": "",
    "phishing_uri": "",
    "scan_maxsize": "",
    "spf_checking": "",
    "impersonation": "",
    "scanner_surbl": "",
    "spam_outbreak": "",
    "whitelistword": "",
    "nodePermission": "",
    "action_spf_fail": "",
    "action_spf_none": "",
    "action_spf_pass": "",
    "dictionary_type": "",
    "heuristic_lower": "",
    "heuristic_upper": "",
    "scanner_default": "",
    "spf_fail_status": "",
    "spf_none_status": "",
    "spf_pass_status": "",
    "bayesian_user_db": "",
    "scanner_bayesian": "",
    "action_newsletter": "",
    "behavior_analysis": "",
    "newsletter_status": "",
    "scanner_grey_list": "",
    "scanner_heuristic": "",
    "action_spf_neutral": "",
    "scanner_dictionary": "",
    "scanner_fortiguard": "",
    "scanner_image_spam": "",
    "spf_neutral_status": "",
    "deepheader_analysis": "",
    "deepheader_check_ip": "",
    "dictionary_group_id": "",
    "fortiguard_check_ip": "",
    "scan_bypass_on_auth": "",
    "scanner_banned_word": "",
    "scanner_deep_header": "",
    "action_spf_soft_fail": "",
    "apply_action_default": "",
    "scanner_phishing_uri": "",
    "spf_soft_fail_status": "",
    "uri_filter_secondary": "",
    "action_spf_perm_error": "",
    "action_spf_temp_error": "",
    "bayesian_autotraining": "",
    "bayesian_usertraining": "",
    "spf_perm_error_status": "",
    "spf_temp_error_status": "",
    "uri_filter_fortiguard": "",
    "impersonation_analysis": "",
    "heuristic_rules_percent": "",
    "action_behavior_analysis": "",
    "minimum_dictionary_score": "",
    "dictionary_profile_id_new": "",
    "scanner_fortiguard_blackip": "",
    "action_ip_reputation_level1": "",
    "action_ip_reputation_level2": "",
    "action_ip_reputation_level3": "",
    "action_spf_sender_alignment": "",
    "action_uri_filter_secondary": "",
    "ip_reputation_level1_status": "",
    "ip_reputation_level2_status": "",
    "ip_reputation_level3_status": "",
    "spf_sender_alignment_status": "",
    "uri_filter_secondary_status": "",
    "action_suspicious_newsletter": "",
    "suspicious_newsletter_status": "",
    "action_impersonation_analysis": "",
    "dkim_status": "",
    "arc_status": "",
    "action_arc": "",
    "arc_override_option": "",
    "impersonation_status": "",
    "cousin_domain": "",
    "cousin_domain_scan_option": "",
    "cousin_domain_profile": "",
    "action_dkim": "",
    "action_cousin_domain": "",
    "comment": ""
}

operation: Get AntiSpam Profile Details

Input parameters

Parameter	Description
Profile Name	Specify the name of the anti-spam profile whose associated details you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "mkey": "",
    "dnsbl": "",
    "surbl": "",
    "bayesian": "",
    "greylist": "",
    "objectID": "",
    "scan_pdf": "",
    "heuristic": "",
    "imagespam": "",
    "reqAction": "",
    "aggressive": "",
    "bannedword": "",
    "dictionary": "",
    "fortiguard": "",
    "scanner_rbl": "",
    "action_dmarc": "",
    "dmarc_status": "",
    "phishing_uri": "",
    "scan_maxsize": "",
    "spf_checking": "",
    "impersonation": "",
    "scanner_surbl": "",
    "spam_outbreak": "",
    "whitelistword": "",
    "nodePermission": "",
    "action_spf_fail": "",
    "action_spf_none": "",
    "action_spf_pass": "",
    "dictionary_type": "",
    "heuristic_lower": "",
    "heuristic_upper": "",
    "scanner_default": "",
    "spf_fail_status": "",
    "spf_none_status": "",
    "spf_pass_status": "",
    "bayesian_user_db": "",
    "scanner_bayesian": "",
    "action_newsletter": "",
    "behavior_analysis": "",
    "newsletter_status": "",
    "scanner_grey_list": "",
    "scanner_heuristic": "",
    "action_spf_neutral": "",
    "scanner_dictionary": "",
    "scanner_fortiguard": "",
    "scanner_image_spam": "",
    "spf_neutral_status": "",
    "deepheader_analysis": "",
    "deepheader_check_ip": "",
    "dictionary_group_id": "",
    "fortiguard_check_ip": "",
    "scan_bypass_on_auth": "",
    "scanner_banned_word": "",
    "scanner_deep_header": "",
    "action_spf_soft_fail": "",
    "apply_action_default": "",
    "scanner_phishing_uri": "",
    "spf_soft_fail_status": "",
    "uri_filter_secondary": "",
    "action_spf_perm_error": "",
    "action_spf_temp_error": "",
    "bayesian_autotraining": "",
    "bayesian_usertraining": "",
    "spf_perm_error_status": "",
    "spf_temp_error_status": "",
    "uri_filter_fortiguard": "",
    "impersonation_analysis": "",
    "heuristic_rules_percent": "",
    "action_behavior_analysis": "",
    "minimum_dictionary_score": "",
    "dictionary_profile_id_new": "",
    "scanner_fortiguard_blackip": "",
    "action_ip_reputation_level1": "",
    "action_ip_reputation_level2": "",
    "action_ip_reputation_level3": "",
    "action_spf_sender_alignment": "",
    "action_uri_filter_secondary": "",
    "ip_reputation_level1_status": "",
    "ip_reputation_level2_status": "",
    "ip_reputation_level3_status": "",
    "spf_sender_alignment_status": "",
    "uri_filter_secondary_status": "",
    "action_suspicious_newsletter": "",
    "suspicious_newsletter_status": "",
    "action_impersonation_analysis": "",
    "dkim_status": "",
    "arc_status": "",
    "action_arc": "",
    "arc_override_option": "",
    "impersonation_status": "",
    "cousin_domain": "",
    "cousin_domain_scan_option": "",
    "cousin_domain_profile": "",
    "action_dkim": "",
    "action_cousin_domain": "",
    "comment": ""
}

operation: Get AntiSpam Profiles for Domain

Input parameters

Parameter	Description
Domain	Specify the name of the domain whose associated AntiSpam Profiles you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "totalRemoteCount": "",
    "subCount": "",
    "remoteSorting": "",
    "nextPage": "",
    "collection": [
        {
        "mdomain": "",
        "mkey": "",
        "dictionary_type": "",
        "minimum_dictionary_score": "",
        "isReferenced": "",
        "comment": ""
        }
    ],
    "nodePermission": "",
    "nodeAccessDetails": ""
}

operation: Get Configured Domains

Input parameters

None.

Output

The output contains the following populated JSON schema:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [
        {
        "ip": "",
        "mkey": "",
        "port": "",
        "mxflag": "",
        "maindomain": "",
        "is_subdomain": "",
        "is_association": "",
        "is_service_domain": "",
        "recipient_verification": "",
        "ec_status": "",
        "isReferenced": "",
        "failed_time": ""
        }
    ],
    "remoteSorting": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "totalRemoteCount": ""
}

operation: Get GreyList

Input parameters

None.

Output

The output contains the following populated JSON schema:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [],
    "remoteSorting": "",
    "nodePermission": "",
    "totalRemoteCount": "",
    "nodeAccessDetails": ""
}

operation: Get Auto Exempt GreyList

Input parameters

None.

Output

The output contains the following populated JSON schema:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [],
    "remoteSorting": "",
    "nodePermission": "",
    "totalRemoteCount": "",
    "nodeAccessDetails": ""
}

operation: Get Profile Names Based on Profile Type

Input parameters

Parameter	Description
Profile Type	Select the profile type to retrieve profile names from Fortinet FortiMail. You can choose from following options: Session AntiSpam

Output

The output contains the following populated JSON schema:

Output schema when you choose Profile Type as Session:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [
        {
        "mkey": "",
        "action": "",
        "comment": "",
        "isReferenced": ""
        }
    ],
    "remoteSorting": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "totalRemoteCount": ""
}

Output schema when you choose Profile Type as AntiSpam:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [
        {
        "mkey": "",
        "isReferenced": "",
        "dictionary_type": "",
        "minimum_dictionary_score": "",
        "comment": ""
        }
    ],
    "remoteSorting": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "totalRemoteCount": ""
}

operation: Get Recipient Policies for Domain

Input parameters

Parameter	Description
Domain	Specify the name of the domain whose associated Recipient Policies you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "nextPage": "",
    "objectID": "",
    "subCount": "",
    "reqAction": "",
    "collection": [
        {
            "auth": "",
            "misc": "",
            "mkey": "",
            "status": "",
            "comment": "",
            "content": "",
            "mdomain": "",
            "pkiauth": "",
            "pkiuser": "",
            "antispam": "",
            "antivirus": "",
            "direction": "",
            "groupmode": "",
            "imap_auth": "",
            "ldap_auth": "",
            "pop3_auth": "",
            "smtp_auth": "",
            "profile_dlp": "",
            "radius_auth": "",
            "sender_type": "",
            "sender_pattern_regex": "",
            "ldap_profile": "",
            "sender_domain": "",
            "sender_pattern": "",
            "recipient_domain": "",
            "recipient_pattern": "",
            "recipient_pattern_regex": "",
            "sender_ldap_profile": "",
            "sender_email_address_group": "",
            "recipient_email_address_group": ""
        }
    ],
    "remoteSorting": "",
    "nodePermission": "",
    "totalRemoteCount": ""
}

operation: Get Session Profile Details

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile whose details you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "spf": "",
    "dkim": "",
    "mkey": "",
    "queue": "",
    "route": "",
    "action": "",
    "eom_ack": "",
    "rewrite": "",
    "objectID": "",
    "conn_hide": "",
    "domainkey": "",
    "reqAction": "",
    "error_free": "",
    "remote_log": "",
    "bounce_rule": "",
    "error_total": "",
    "helo_custom": "",
    "hide_header": "",
    "limit_NOOPs": "",
    "limit_RSETs": "",
    "limit_helos": "",
    "splice_what": "",
    "dkim_signing": "",
    "limit_emails": "",
    "rewrite_helo": "",
    "splice_after": "",
    "hide_received": "",
    "splice_enable": "",
    "access_control": "",
    "nodePermission": "",
    "sender_rewrite": "",
    "block_encrypted": "",
    "check_client_ip": "",
    "conn_concurrent": "",
    "error_increment": "",
    "allow_pipelining": "",
    "blacklist_enable": "",
    "check_open_relay": "",
    "command_checking": "",
    "conn_blacklisted": "",
    "limit_recipients": "",
    "whitelist_enable": "",
    "check_helo_domain": "",
    "conn_idle_timeout": "",
    "limit_header_size": "",
    "recipient_rewrite": "",
    "sender_reputation": "",
    "check_domain_chars": "",
    "check_mason_effect": "",
    "conn_rate_how_many": "",
    "disallow_encrypted": "",
    "limit_message_size": "",
    "number_of_messages": "",
    "check_sender_domain": "",
    "error_initial_delay": "",
    "rewrite_helo_custom": "",
    "sender_verification": "",
    "to_blacklist_enable": "",
    "to_whitelist_enable": "",
    "bypass_bounce_verify": "",
    "number_of_recipients": "",
    "check_recipient_domain": "",
    "disallow_empty_domains": "",
    "remove_current_headers": "",
    "session_action_msg_type": "",
    "sender_reputation_reject": "",
    "sender_reputation_tempfail": "",
    "sender_reputation_throttle": "",
    "sender_addr_rate_ctrl_state": "",
    "sender_verification_profile": "",
    "sender_addr_rate_ctrl_action": "",
    "dkim_signing_authenticated_only": "",
    "msisdn_sender_reputation_action": "",
    "msisdn_sender_reputation_status": "",
    "msisdn_sender_reputation_trigger": "",
    "sender_reputation_throttle_number": "",
    "sender_reputation_throttle_percent": "",
    "sender_addr_rate_ctrl_max_recipients": "",
    "msisdn_sender_reputation_blacklist_duration": ""
}

operation: Get Sender Whitelist For Session Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "totalRemoteCount": "",
    "subCount": "",
    "remoteSorting": "",
    "nextPage": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "collection": [
        {
            "mkey": ""
        }
    ]
}

operation: Get Sender Blacklist for Session Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "totalRemoteCount": "",
    "subCount": "",
    "remoteSorting": "",
    "nextPage": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "collection": [
        {
            "mkey": ""
        }
    ]
}

operation: Block Sender Address

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile to whose associated sender block list you want to add the specified address.
Sender Email Address	Specify the email address that you want to block by adding it to the sender block list of the specified session profile.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": ""
}

operation: Block Recipient Address

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile to whose associated recipient block list you want to add the specified address.
Recipient Email Address	Specify the email address that you want to block by adding it to the recipient block list of the specified session profile.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": ""
}

operation: Unblock Sender Address

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile from whose associated sender block list you want to remove the specified address.
Sender Email Address	Specify the email address that you want to unblock by removing it from the sender block list of the specified session profile.

Output

The output contains the following populated JSON schema:

{
    "errorType": "",
    "errorMsg": "",
    "objectID": "",
    "reqAction": ""
}

operation: Unblock Recipient Address

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile from whose associated recipient block list you want to remove the specified address.
Recipient Email Address	Specify the email address that you want to unblock by removing it from the recipient block list of the specified session profile.

Output

The output contains the following populated JSON schema:

{
    "errorType": "",
    "errorMsg": "",
    "objectID": "",
    "reqAction": ""
}

operation: Update Block List

Input parameters

Parameter	Description
Action	Select the action that you want to perform. You can choose from the following options: Add: Select this option to add items to blocked list. Remove: Select this option to remove items from blocked list.
Resource	Select the resource you want use for this request. You can choose from following options: `UserMaillist` `SenderListV2` By default, it is set to `UserMaillist`.
List Type	Select the block list you want to update. You can choose from following options: System Domain: Specify the domain name for which you want to create the block list in the Domain field. Personal: Specify the email address for which you want to create a personal block list in the Email Address field.
Items	Specify a comma-separated list of items, i.e. email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected block list.

Output

The output contains the following populated JSON schema:

If you choose Action as Add and Resource as UserMaillist, then the output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": "",
    "listname": "",
    "listitems": ""
}

If you choose Action as Add and Resource as SenderListV2, then the output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": ""
}

Output schema when you choose Action as Remove:

{
    "errorMsg": "",
    "objectID": "",
    "errorType": "",
    "reqAction": ""
}

operation: Update Safe List

Input parameters

Parameter	Description
Action	Select the action that you want to perform. You can choose from the following options: Add: Select this option to add items to safe list. Remove: Select this option to remove items from safe list.
Resource	Select the resource you want use for this request. You can choose from following options: `UserMaillist` `SenderListV2` By default, it is set to `UserMaillist`.
List Type	Select the safe list you want to update. You can choose from following options: System Domain: Specify the domain name for which you want to create the safe list in the Domain field. Personal: Specify the email address for which you want to create a personal safe list in the Email Address field.
Items	Specify a comma-separated list of items, i.e. email addresses, IP addresses, or domains, that you want to update (add or remove) in the selected safe list.

Output

The output contains the following populated JSON schema:

If you choose Action as Add and Resource as UserMaillist, then the output contains the following populated JSON schema:

{
    "mkey": "",
    "listname": "",
    "objectID": "",
    "listitems": "",
    "reqAction": "",
    "nodePermission": ""
}

If you choose Action as Add and Resource as SenderListV2, then the output contains the following populated JSON schema:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": ""
}

Output schema when you choose Action as Remove:

{
    "errorType": "",
    "errorMsg": "",
    "objectID": "",
    "reqAction": ""
}

operation: Update Session Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the profile that you want to update on Fortinet FortiMail.
Connection Settings	Select this option to configure connection settings. Once selected, specify the following parameters: Restrict The Number Of Connections Per Client Per 30 Minutes To: Specify the maximum number of connections per client IP address per 30 minutes. `0` means no limit. Restrict The Number Of Messages Per Client Per 30 Minutes To: Specify the maximum number of email messages a client can send per 30 minutes. `0` means no limit. Restrict The Number Of Recipients Per Client Per 30 Minutes To: Specify the maximum recipients (number of RCPT TO) a client can send email to for a period of 30 minutes. `0` means no limit. Maximum Concurrent Connections For Each Client: Specify the maximum number of concurrent connections per client. `0` means no limit. Connection Idle Timeout (seconds): Specify the number of seconds upto which a client remain idle before Fortinet FortiMail drops the connection.
Sender Reputation	Select this option to configure sender reputation. Once selected, specify the following parameters: Enable Sender Reputation: Select this option to accept or reject emails based on the sender reputation score. Other parameters are applicable only if you select Enable. Throttle Client At: Specify the sender reputation score for the FortiMail unit to rate limit the number of email messages that can be sent by this SMTP client. Restrict Number Of Email Per Hour To: Specify the maximum number of email messages per hour for Fortinet FortiMail to accept from a throttled SMTP client. Restrict Email To [Percent Of Previous Hour]: Specify the maximum number of email messages per hour for Fortinet FortiMail to accept from a throttled SMTP client as a percentage of the number of email messages sent during the previous hour. Temporarily Fail Client At: Specify a sender reputation score for Fortinet FortiMail to return a temporary failure error when the SMTP client attempts to initiate a connection. Reject Client At: Specify a sender reputation score for Fortinet FortiMail to reject the email and reply with SMTP reply code `550` when the SMTP client attempts to initiate a connection. Check Fortiguard Ip Reputation At Connection Phase: Select this option to query the FortiGuard anti-spam service to determine if the IP address of the SMTP server is in a blocked list, during the connection phase.
Endpoint Reputation	Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once selected, specify the following parameters: Enable Endpoint Reputation: Select this option to accept or reject emails based on the sender reputation score. Other parameters are applicable only if you select Enable. Action:: Select Reject to reject email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceeds the Auto blocklist score trigger value.Select Monitor to log, but do not reject, email and MMS messages from MSISDNs/subscriber IDs whose MSISDN reputation scores exceed Auto blocklist score trigger value. Entries appear in the history log. Auto Blocklist Score Trigger Value: Enter the MSISDN reputation score over which Fortinet FortiMail adds the MSISDN/subscriber ID to the automatic blocklist. Auto Blocklist Duration (minutes): Enter the number of minutes that an MSISDN/subscriber ID is prevented from sending email or MMS messages after they have been automatically blocklisted.
Sender Validation	Select to configure the settings for confirming sender and message authenticity. Once selected, specify the following parameters: SPF Check: Select an action for the SPF check that compares the client IP address to the IP addresses of authorized senders in the DNS record provided the sender domain DNS record lists SPF authorized IP addresses. You can choose from the following options: Enable Disable Bypass Enable DKIM check: Select Enable to query the DNS server that hosts the DNS record for the sender's domain name to retrieve its public key to decrypt and verify the DKIM signature; provided an `RFC 4871` DKIM signature is present. Enable DKIM signing for outgoing messages: Select Enable to sign outgoing email with a DKIM signature. You must first generate a domain key pair and publish the public key in the DNS record for the domain name of the protected domain. Enable DKIM signing for authenticated senders only: Select Enable to sign outgoing emails with a DKIM signature only if the sender is authenticated. Enable Domain Key Check: Select Enable to query the DNS server for the sender's domain name to retrieve its public key to decrypt and verify the DomainKey signature; provided a DomainKey signature is present. Bypass Bounce Verification Check: Select Enable to omit verification of bounce address tags on incoming bounce messages. Sender Address Verification With LDAP: Select Enable to verify sender email addresses on an LDAP server.
Session Settings	Select to configure session profiles. Session Action: Select an action profile from the following options: Discard Encrypt_Pull Reject Replace System Quarantine User Quarantine Message Selection: Select whether the action should be applied to All messages or Accepted messages only. Reject EHLO/HELO commands with invalid characters in the domain: Select Enable to return SMTP reply code `501` rejecting the SMTP greeting, provided the client or server uses a greeting that contains a domain name with invalid characters. Perform Strict Syntax Checking: Select Enable to return SMTP reply code `503` rejecting the SMTP command, provided the client or server uses SMTP commands that are syntactically incorrect. ACK EOM before AntiSpam check: Select Enable to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for anti-spam scanning to complete.
Lists	Select this option to configure the sender and recipient block lists and safe lists, to use with the session profile. Block and safe lists are separate for each session profile and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Enable Sender Safe List: Select Enable to check the sender addresses in the email envelope (`MAILFROM:`) and email header (`From:`) against the safe list in the SMTP sessions to which this profile is applied. Enable Sender Blocklist: Select Enable to check the sender addresses in the email envelope (`MAIL FROM:`) and email header (`From:`) against the block list in the SMTP sessions to which this profile is applied Allow Recipients on this list: Select Enable to check the recipient addresses in the email envelope (`RCPT TO:`) against the safe list in the SMTP sessions to which this profile is applied. Disallow Recipients on this list: Select Enable to check the recipient addresses in the email envelope (`RCPT TO:`) against the block list in the SMTP sessions to which this profile is applied.

Output

The output contains the following populated JSON schema:

{
    "spf": "",
    "dkim": "",
    "mkey": "",
    "queue": "",
    "route": "",
    "action": "",
    "eom_ack": "",
    "comment": "",
    "rewrite": "",
    "objectID": "",
    "conn_hide": "",
    "domainkey": "",
    "reqAction": "",
    "error_free": "",
    "remote_log": "",
    "bounce_rule": "",
    "error_total": "",
    "helo_custom": "",
    "hide_header": "",
    "limit_NOOPs": "",
    "limit_RSETs": "",
    "limit_helos": "",
    "splice_what": "",
    "dkim_signing": "",
    "limit_emails": "",
    "rewrite_helo": "",
    "splice_after": "",
    "hide_received": "",
    "splice_enable": "",
    "access_control": "",
    "nodePermission": "",
    "sender_rewrite": "",
    "block_encrypted": "",
    "check_client_ip": "",
    "conn_concurrent": "",
    "error_increment": "",
    "allow_pipelining": "",
    "blacklist_enable": "",
    "check_open_relay": "",
    "command_checking": "",
    "conn_blacklisted": "",
    "limit_recipients": "",
    "whitelist_enable": "",
    "check_helo_domain": "",
    "conn_idle_timeout": "",
    "limit_header_size": "",
    "recipient_rewrite": "",
    "sender_reputation": "",
    "check_domain_chars": "",
    "check_mason_effect": "",
    "conn_rate_how_many": "",
    "disallow_encrypted": "",
    "limit_message_size": "",
    "number_of_messages": "",
    "check_sender_domain": "",
    "error_initial_delay": "",
    "rewrite_helo_custom": "",
    "sender_verification": "",
    "to_blacklist_enable": "",
    "to_whitelist_enable": "",
    "bypass_bounce_verify": "",
    "number_of_recipients": "",
    "check_recipient_domain": "",
    "disallow_empty_domains": "",
    "remove_current_headers": "",
    "session_action_msg_type": "",
    "sender_reputation_reject": "",
    "sender_reputation_tempfail": "",
    "sender_reputation_throttle": "",
    "sender_addr_rate_ctrl_state": "",
    "sender_verification_profile": "",
    "sender_addr_rate_ctrl_action": "",
    "dkim_signing_authenticated_only": "",
    "msisdn_sender_reputation_action": "",
    "msisdn_sender_reputation_status": "",
    "msisdn_sender_reputation_trigger": "",
    "sender_reputation_throttle_number": "",
    "sender_reputation_throttle_percent": "",
    "sender_addr_rate_ctrl_max_recipients": "",
    "msisdn_sender_reputation_blacklist_duration": ""
}

operation: Update AntiSpam Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the anti-spam profile that you want to update on Fortinet FortiMail.
Default Action	Select the default action that this operation should take when the policy matches. You can choose from the following actions: None Default Discard Reject System Quarantine User Quarantine Tag Subject
Scan Configurations	Select this option to configure the scan on Fortinet FortiMail. Greylist: Select Enable to apply grey-listing. SPF: If the sender domain DNS record lists SPF authorized IP addresses, select Enable in this option to compare the client IP address to the IP addresses of authorized senders in the DNS record. SPF Options: Select this checkbox to enable specifying different actions towards different SPF check results. SPF Fail Status: Select Enable to indicate that host is not authorized to send messages. SPF Fail Action: Select the actions to be performed if host is not authorized to send messages. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Soft Fail Status: Select Enable to indicate that the host is not authorized to send messages but not a strong statement. SPF Soft Fail Action: Select the actions to be performed if the host is not authorized to send messages but not a strong statement. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Sender Alignment Status: Select Enable to indicate Header From and authorization domain mismatch. SPF Sender Alignment Action: Select the actions to be performed if Header From and authorization domain mismatch. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Permanent Error Status: Select Enable to indicate that the SPF records are invalid. SPF Permanent Error Action: Select the actions to be performed if the SPF records are invalid. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Temporary Error Status: Select Enable to indicate a processing error. SPF Temporary Error Action: Select the actions to be performed if there is a processing error. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Pass Status: Select Enable to indicate that the host is authorized to send messages. SPF Pass Action: Select the actions to be performed if the host is authorized to send messages. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF Neutral Status: Select Enable to indicate SPF record is found but no definitive assertion. SPF Neutral Action: Select the actions to be performed if SPF record is found but no definitive assertion.You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject SPF None Status: Select Enable to indicate there is no SPF record. SPF None Action: Select the actions to be performed if there is no SPF record. You can choose from the following options: DMARC Status: Select to enable Domain-based Message Authentication, Reporting & Conformance(DMARC) to perform email authentication with SPF and DKIM checking. DMARC passes when either SPF or DKIM check passes. If both of them fail, DMARC check fails. DMARC Action: Select the actions to be performed for DMARC. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Behavior Analysis Status: Select to enable Behavior analysis (BA) to analyze the similarities between an uncertain email and a known spam email in the BA database and determine if the uncertain email is spam. Behavior Analysis Action: Select the actions to be performed for BA. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Header Analysis Status: Select to enable this option to examine the entire message header for spam characteristics. Header Analysis Action: Select the actions to be performed for Header analysis. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Image Spam: Select to enable Image spam in the AntiSpam Profile. Image Spam Action: Select the actions to be performed for Image spam in the AntiSpam Profile. You can choose from the following options: None Default Discard Reject System Quarantine User Quarantine Tag Subject Aggressive: Select to enable aggressive scan to inspect image file attachments in addition to embedded graphics.

Output

The output contains the following populated JSON schema:

{
    "mkey": "",
    "dnsbl": "",
    "surbl": "",
    "bayesian": "",
    "greylist": "",
    "objectID": "",
    "scan_pdf": "",
    "heuristic": "",
    "imagespam": "",
    "reqAction": "",
    "aggressive": "",
    "bannedword": "",
    "dictionary": "",
    "fortiguard": "",
    "scanner_rbl": "",
    "action_dmarc": "",
    "dmarc_status": "",
    "phishing_uri": "",
    "scan_maxsize": "",
    "spf_checking": "",
    "impersonation": "",
    "scanner_surbl": "",
    "spam_outbreak": "",
    "whitelistword": "",
    "nodePermission": "",
    "action_spf_fail": "",
    "action_spf_none": "",
    "action_spf_pass": "",
    "dictionary_type": "",
    "heuristic_lower": "",
    "heuristic_upper": "",
    "scanner_default": "",
    "spf_fail_status": "",
    "spf_none_status": "",
    "spf_pass_status": "",
    "bayesian_user_db": "",
    "scanner_bayesian": "",
    "action_newsletter": "",
    "behavior_analysis": "",
    "newsletter_status": "",
    "scanner_grey_list": "",
    "scanner_heuristic": "",
    "action_spf_neutral": "",
    "scanner_dictionary": "",
    "scanner_fortiguard": "",
    "scanner_image_spam": "",
    "spf_neutral_status": "",
    "deepheader_analysis": "",
    "deepheader_check_ip": "",
    "dictionary_group_id": "",
    "fortiguard_check_ip": "",
    "scan_bypass_on_auth": "",
    "scanner_banned_word": "",
    "scanner_deep_header": "",
    "action_spf_soft_fail": "",
    "apply_action_default": "",
    "scanner_phishing_uri": "",
    "spf_soft_fail_status": "",
    "uri_filter_secondary": "",
    "action_spf_perm_error": "",
    "action_spf_temp_error": "",
    "bayesian_autotraining": "",
    "bayesian_usertraining": "",
    "spf_perm_error_status": "",
    "spf_temp_error_status": "",
    "uri_filter_fortiguard": "",
    "impersonation_analysis": "",
    "heuristic_rules_percent": "",
    "action_behavior_analysis": "",
    "minimum_dictionary_score": "",
    "dictionary_profile_id_new": "",
    "scanner_fortiguard_blackip": "",
    "action_ip_reputation_level1": "",
    "action_ip_reputation_level2": "",
    "action_ip_reputation_level3": "",
    "action_spf_sender_alignment": "",
    "action_uri_filter_secondary": "",
    "ip_reputation_level1_status": "",
    "ip_reputation_level2_status": "",
    "ip_reputation_level3_status": "",
    "spf_sender_alignment_status": "",
    "uri_filter_secondary_status": "",
    "action_suspicious_newsletter": "",
    "suspicious_newsletter_status": "",
    "action_impersonation_analysis": "",
    "dkim_status": "",
    "arc_status": "",
    "action_arc": "",
    "arc_override_option": "",
    "impersonation_status": "",
    "cousin_domain": "",
    "cousin_domain_scan_option": "",
    "cousin_domain_profile": "",
    "action_dkim": "",
    "action_cousin_domain": "",
    "comment": ""
}

operation: Delete Session Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the session profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "errorMsg": "",
    "reqAction": "",
    "errorType": ""
}

operation: Delete AntiSpam Profile

Input parameters

Parameter	Description
Profile Name	Specify the name of the anti-spam profile that you want to delete from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "objectID": "",
    "errorMsg": "",
    "reqAction": "",
    "errorType": ""
}

operation: Display Quarantine Mail List

Input parameters

Parameter	Description
Type	Select the type of quarantine mail list to retrieve from Fortinet FortiMail. You can select from the following options: System: Specify the name of folder in the Folder Name field from which to retrieve system quarantine mail list. Personal: Specify the email of user in the Account Email field whose mail list to retrieve from personal quarantine.
Start Index	Specify the start index of quarantine mail list you want to retrieve from Fortinet FortiMail. By default it is set as `0`.
Size	Specify the page size of quarantine mail list you want to retrieve from Fortinet FortiMail. By default it is set as `50`.

Output

The output contains the following populated JSON schema:

{
    "collection": [
        {
            "basename": "",
            "date": "",
            "env_from": "",
            "env_to": "",
            "folder": "",
            "from": "",
            "log_domain": "",
            "mkey": "",
            "rec_date": "",
            "session_id": "",
            "size": "",
            "status": "",
            "subject": "",
            "to": ""
        }
    ],
    "countInfo": "",
    "nextPage": "",
    "nodeAccessDetails": "",
    "nodePermission": "",
    "objectID": "",
    "remoteSorting": "",
    "reqAction": "",
    "subCount": "",
    "totalRemoteCount": ""
}

operation: View All Emails in Quarantine

Input parameters

Parameter	Description
Account Type	Specify the type of quarantine emails you want to retrieve from Fortinet FortiMail. You can select from the following options: System Quarantine: Specify the name of folder in the Folder Name field from which to retrieve system quarantine mail list. Personal Quarantine: Specify the email of user in the Email ID field whose mail list to retrieve from personal quarantine.
UID Scope	Specify the `mkey` of message of quarantine email whose details to retrieve.

Output

The output contains the following populated JSON schema:

Output schema when the UID Scope is specified:

{
    "objectID": "",
    "reqAction": "",
    "nodePermission": "",
    "mkey": "",
    "status": "",
    "flag": "",
    "from": "",
    "subject": "",
    "received": "",
    "date": "",
    "size": "",
    "to": "",
    "importance": "",
    "attachments": "",
    "remain_time": "",
    "mailbox": "",
    "reply_to": "",
    "cc": "",
    "message_id": "",
    "references": "",
    "in_reply_to": "",
    "open_method": "",
    "readables": [
        {
            "mkey": "",
            "type": "",
            "content": ""
        }
    ],
    "parts": [
        {
            "mkey": "",
            "charset": "",
            "mediatype": "",
            "subtype": ""
        },
        {
            "mkey": "",
            "charset": "",
            "filename": "",
            "mediatype": "",
            "subtype": ""
        }
    ]
}

Output schema when the UID Scope is not specified:

{
    "objectID": "",
    "reqAction": "",
    "totalRemoteCount": "",
    "subCount": "",
    "remoteSorting": "",
    "nextPage": "",
    "nodePermission": "",
    "nodeAccessDetails": "",
    "collection": [
        {
            "mkey": "",
            "status": "",
            "flag": "",
            "from": "",
            "subject": "",
            "received": "",
            "date": "",
            "size": "",
            "to": "",
            "importance": "",
            "attachments": "",
            "remain_time": ""
        }
    ]
}

operation: Release Quarantine Emails

Input parameters

Parameter	Description
Account Type	Specify the type of quarantine emails you want to release from Fortinet FortiMail. You can select from the following options: System Quarantine: Specify the name of folder in the Folder Name field from which to release system quarantine mail list. Personal Quarantine: Specify the email of user in the Email ID field whose mail list to release from personal quarantine.
Message IDs	Specify the message IDs(basenames) of quarantine emails you want to release from Fortinet FortiMail. You can specify multiple comma-separated message IDs. You can get message IDs(basename) from Display Quarantine Mail List action. For example: `1632943937.1321_675428_894122.D00001#Q#18TJWDLZ0022120000,1632943932.1321_675069_681493.D00001#Q#18TJW9aF002210000`
Release To Others	Select to release quarantine emails to other recipients. By default it is set as `false`. Release Recipients: Specify the emails of other recipient(s),to whom you want to release quarantine emails from Fortinet FortiMail. You can specify multiple comma-separated recipients(do not add whitespace).

Output

The output contains the following populated JSON schema:

{
    "errorType": "",
    "errorMsg": "",
    "objectID": "",
    "reqAction": ""
}

operation: Batch Release System Quarantine Emails

Input parameters

Parameter	Description
Folder Name	Specify the name of folder from which quarantine email you want to release. For Example, Bulk or user@domain.com
Start Date	Specify the start date for the system quarantine batch you want to release from Fortinet FortiMail.
End Date	Specify the end date for the system quarantine batch you want to release from Fortinet FortiMail.
Message Type	Specify the type of messages you want to release from system quarantine. You can choose from following: All Messages, Unreleased Only. By default it will release Unreleased Only.
Release To Original Recipients	Specify you want to release messages to original recipients or not. By default it is set to true.
Release To Others	Select to release system quarantine emails to other recipients. By default it is set as `false`. Release Recipients: Specify the emails of other recipient(s) to whom to release quarantine emails from Fortinet FortiMail.

Output

The output contains the following populated JSON schema:

{
    "errorType": "",
    "errorMsg": "",
    "objectID": "",
    "reqAction": ""
}

Included playbooks

Batch Release System Quarantine Emails
Block Recipient Address
Block Sender Address
Create AntiSpam Profile
Create Session Profile
Delete AntiSpam Profile
Delete Session Profile
Display Quarantine Mail List
Get AntiSpam Profiles for Domain
Get AntiSpam Profile Details
Get Auto Exempt GreyList
Get Configured Domains
Get GreyList
Get Profile Names Based on Profile Type
Get Recipient Policies for Domain
Get Sender Blacklist for Session Profile
Get Sender Whitelist For Session Profile
Get Session Profile Details
Release Quarantine Emails
Unblock Recipient Address
Unblock Sender Address
Update AntiSpam Profile
Update Block List
Update Safe List
Update Session Profile
View All Emails in Quarantine

Enabling FortiMail REST API Support

To gain access to the FortiMail REST API and perform operations, you must enable the REST API on FortiMail, which by default is disabled.

To enable the REST API, for FortiMail releases 6.4.x and 7.0.x, use the following CLI command:

config system global
    set rest-api enable
end

To enable the REST API, for FortiMail releases 7.2.x, use the following CLI command:

config system web-service

    set rest-api enable

end

Additionally, to perform operations using the REST API users must also have the Access Mode REST API enabled.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions