Configuring Profiles

Configuring dictionary options

The Dictionary section of antispam profiles lets you configure the FortiMail unit to use dictionary profiles to determine if the email is likely to be spam. If the FortiMail unit considers email to be spam, it performs the associated action.

Before you can use this feature, you must have existing dictionary profiles. For information on creating dictionary profiles, see “Configuring dictionary profiles” on page 586.

When dictionary scanning is enabled and an email is found to contain a dictionary word, FortiMail units add X-FEAS-DICTIONARY: to the message header, followed by the dictionary word or pattern found in the email. The header may be useful for troubleshooting purposes, when determining which dictionary word or pattern caused an email to be blocked.

Unlike banned word scans, dictionary scans are more resource-intensive. If you do not require dictionary features such as regular expressions, consider using a banned word scan instead.

To configure dictionary scan options

  1. When configuring an antispam profile, enable Dictionary in the AntiSpam Profile dialog.
  2. Click the arrow to expand
  3. From Action, select the action profile that you want the FortiMail unit to use if the heuristic scan finds spam email.

For more information, see ““Configuring antispam action profiles” on page 516.

  1. From the With dictionary group drop-down list, select the name of a group of dictionary profiles to use with the dictionary scan. Or, from the With dictionary profile drop-down list, select the name of a dictionary profile to use with the dictionary scan.
  2. In the Minimum dictionary score field, enter the number of dictionary term matches above which the email will be considered to be spam. Note that the score value is based on individual dictionary profile matches, not the dictionary group matches.
  3. Continue to the next section, or click Create or OK to save the antispam profile.

Configuring banned word options

The Banned word section of antispam profiles lets you configure the FortiMail unit to consider email messages as spam if the subject line and/or message body contain a prohibited word. When a banned word is found, the FortiMail unit treats the email as spam and performs the associated action.

When banned word scanning is enabled and an email is found to contain a banned word, the FortiMail unit adds X-FEAS-BANNEDWORD: to the message header, followed by the banned word found in the email. The header may be useful for troubleshooting purposes, when determining which banned word or phrase caused an email to be blocked.

Unlike dictionary scans, banned word scans do not support regular expressions. .

To configure banned word scan options

  1. When configuring an antispam profile, enable Banned word in the AntiSpam Profile
  2. From Action, select the action profile that you want the FortiMail unit to use if the banned word scan finds spam email.

For more information, see “Configuring antispam action profiles” on page 516.

  1. Next to Banned word, click Configuration.

A pop-up window appears, showing the words or phrases that will be prohibited by this profile. You can add or delete words on this window.

Figure 208:Banned word list

  1. Click New, then enter the banned word in the field that appears.
  2. Select Subject to have the subject line inspected for the banned word. If the check box is clear, the subject line is not inspected.
  3. Select Body to have the message body inspected for the banned word. If the check box is clear, the message body is not inspected.
  4. Click OK.
  5. Continue to the next section, or click Create or OK to save the antispam profile.

6 thoughts on “Configuring Profiles

  1. Steve

    Hi, on these instructions it states “personal black lists and white lists” on page 620.”

    Where can i get the book to view page 620??

    Reply
  2. Laurent

    Hello,
    What about the confidence degree of Header Analysis (also called Deepheader Analysis)? The default value is 95.0, and statisticaly on dozen of emails, all the values are always within range 95,03- 95,09. What is really checked in headers ? In our organization (government – 5000 users) we have lots of SPAM catched but also lots of false positive catched by this feature…

    Reply
    1. Mike Post author

      Unfortunately the defaults are just “broad strokes”. A lot of tweaking is necessary to get things to where you are in your organization’s happy range of false positives vs missed spam.

      Reply
  3. Dormond

    Hello,
    Do we have some addtional info regarding heuristic filter ? It is quite tricky to proceed with fine tuning with this light description. In my case, default settings just catch anything (around 10 emails out of 150’000… Now I have decreased threshold value to 3.0 and increased percentage of rules to 50% and now it catches around 200 emails out of 750’000 … still no false-positive.

    Reply
  4. Laurent

    Hello,

    Is there a way to clear only one entry in the LDAP cache ? Since we have over 10’000 users and that there are multiple routers and FW between the SMTP Gateway and the LDAP servers we do not want to clear the whole cache.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.