Configuring the personal black lists and white lists
AntiSpam > Black/White List > Personal lets you add or modify email users’ personal black or white lists in order to block or allow email by sender. It also lets you back up and restore the per-user black lists and white lists.
In addition to FortiMail administrators configuring per-user black lists and white lists, email users can configure their own per-user black list and white list by going to the Preferences tab in FortiMail webmail. For more information, see the online help for FortiMail webmail.
Use black and white lists with caution. They are simple and efficient tools for fighting spam and enhancing performance, but can also cause false positives and false negatives if not used carefully. For example, a white list entry of *.edu would allow all email from the .edu top level domain to bypass the FortiMail unit’s other antispam scans.
To access this part of the web UI, your administrator account’s access profile must have Read or Read-Write permission to the Black/White List category. For details, see “About administrator account permissions and domains” on page 290.
To view and add to personal black lists or white lists
- Go to AntiSpam > Black/White List > Personal.
Figure 273:Accessing the personal black lists and white lists
Search User icon
- Select the name of the protected domain for the user in Domain. For more information on protected domains, see “Configuring protected domains” on page 380
- Enter a user name and click the Search User
Two additional options appear: .
GUI item | Description |
Add outgoing email addresses to White list | Click On to automatically add the recipient email addresses of outgoing email messages to this email user’s per-user white list. For more information on directionality, see “Incoming versus outgoing email messages” on page 454. |
BlackWhite lists | Click Black to display, modify, back up, or restore the black list for this email user.
Click White to display, modify, back up, or restore the white list for this email user. |
- To edit a list, do one of the following:
- To block email by sender, click Black. • To allow email by sender, click White.
The dialogs that appear are identical except for the single line of description.
Figure 274: Configuring a personal black list
- In the field to the left of the Add button, type the email address, domain name, or IP address of the sender. For information on valid formats, see “About black list and white list address formats” on page 615.
- Click Add.
The entry appears in the text area below the Add button.
- Click the window close button (X) to close the dialog.
If you add the user’s email address to the same user’s personal white list, the FortiMail unit will ignore this entry. This is a precautious measure taken to guard against spammers from sending spam in disguise of that user’s email address as the sender address.
To delete an entry from a per-user black list or white list
- Go to AntiSpam > Black/White List > Personal.
- From Domain, select the name of the protected domain to which the email user belongs.
- In User name, type the user name of the email user whose per-user black list or white list you want to modify.
- Click the Search User
If the email user exists, options appear allowing you to configure the user’s per-user black list and white list.
If the email user does not exist, a dialog appears, asking you if you want to create one and proceed. Click OK.
- Click either Black or White .
- In the text area below the Add button, select the entry that you want to remove.
- Click Remove Selected.
To back up a per-user black list or white list
- Go to AntiSpam > Black/White List > Personal.
- From Domain, select the name of the protected domain to which the email user belongs.
- In User name, type the user name of the email user whose per-user black list or white list you want to back up.
- Click the Search User
If the email user exists, options appear allowing you to back up the user’s per-user black list and white list.
- Click either Black or White .
- Click Backup.
- If your web browser prompts you for a location, select the folder where you want to save the file.
- Go to AntiSpam > Black/White List > Personal.
- From Domain, select the name of the protected domain to which the email user belongs.
- In User name, type the user name of the email user whose per-user black list or white list you want to restore.
- Click the Search User
If the email user exists, options appear allowing you to restore the user’s per-user black list and white list.
- Click either Black or White .
- Click Browse, locate and select the file that you want to restore, then click OK.
- Click Restore.
Configuring the black list action
The Blacklist Action tab lets you configure the action to take if an email message arrives from a blacklisted domain name, email address, or IP address.
The FortiMail unit will apply this action to email matching system-wide, per-domain, and per-session profile black lists.
To access this part of the web UI, your administrator account’s access profile must have Read or Read-Write permission to the Black/White List category. For details, see “About administrator account permissions and domains” on page 290.
Domain administrators can configure the black list action, and therefore could affect domains other than their own. If you do not want to permit this, do not provide Read-Write permission to the Black/White List category in domain administrators’ access profile.
To configure black list actions
- Go to AntiSpam > Black/White List > Blacklist Action.
Figure 275:Configuring the black list action
- Select one of the following:
- Reject: Reject delivery of the email and respond to the SMTP client with SMTP reply code 550 (Relaying denied).
- Discard: Accept the email, but silently delete it and do not deliver it. Do not inform the SMTP client.
- Use AntiSpam profile setting: Use the actions configured in the antispam profile that you selected in the policy that matches the email message. For more information on actions, see “Configuring antispam action profiles” on page 516.
- Click Apply.
Emails from at least one customer are still going to quarantine after being added to personal AND system safe list. What am I missing?