Configuring whitelist word options
The Whitelist word section of antispam profiles lets you configure the FortiMail unit to consider email messages whose subject line and/or message body contain a whitelisted word to be indisputably not spam. If the email message contains a whitelisted word, the FortiMail unit does not consider the email to be spam.
To configure white list scan options
- When configuring an antispam profile, enable Whitelist word in the AntiSpam Profile
- Next to Whitelist word, click Configuration.
A pop-up window appears, showing the words or phrases that are allowed by this profile. You can add or delete words on this window.
Figure 209:Whitelist word list
- Click New, then enter the allowed word in the field that appears.
- Select Subject to have the subject line inspected for the allowed word. If the check box is clear, the subject line is not inspected.
- Select Body to have the message body inspected for the allowed word. If the check box is clear, the message body is not inspected.
- Click OK.
- Continue to the next section, or click Create or OK to save the antispam profile.
Configuring image spam options
The Image spam section of antispam profiles lets you configure the FortiMail unit to analyze the contents of GIF, JPG, and PNG graphics to determine if the email is spam. If the email message contains a spam image, the FortiMail unit treats the email as spam and performs the associated action.
Image spam scanning may be useful when, for example, the message body of an email contains graphics but no text, and text-based antispam scans are therefore unable to determine whether or not an email is spam.
To configure image scan options
- When configuring an antispam profile, enable Image spam in the AntiSpam Profile
- From Action, select the action profile that you want the FortiMail unit to use if the banned word scan finds spam email.
For more information, see “Configuring antispam action profiles” on page 516.
- Enable Aggressive scan to inspect image file attachments in addition to embedded graphics.
Enabling this option increases workload when scanning email messages that contain image file attachments. If you do not require this feature, disable this option to improve performance.
This Aggressive scan option applies only if you enable PDF scanning. For more information, see “Configuring scan conditions” on page 515.
- Continue to the next section, or click Create or OK to save the antispam profile.
Configuring scan conditions
The Scan Conditions section of antispam profiles lets you configure conditions that cause the FortiMail unit to omit antispam scans, or to apply some antispam scans to PDF attachments.
To configure scan condition options
- When configuring an antispam profile, click the arrow to expand Scan Conditions in the AntiSpam Profile dialog.
Figure 210:Scan Conditions
- Configure the following:
GUI item | Description |
Max message size to scan | Enter the maximum size of email messages, in bytes, that the FortiMail unit will scan for spam. Messages larger than the set size are not scanned for spam.
To disable the size limit, causing all messages to be scanned, regardless of size, enter 0. Note: Resource requirements for scanning messages increase with the size of the email message. If the spam you receive tends not to be smaller than a certain size, consider limiting antispam scanning to messages under this size to improve performance. |
Bypass scan on SMTP
authentication |
Enable to bypass spam scanning for authenticated SMTP connections.
Note: If you can trust that authenticating SMTP clients are not a source of spam, consider enabling this option to improve performance. |
Scan PDF attachment | Spammers may attach a PDF file to an otherwise empty message to get their email messages past spam safeguards. The PDF file contains the spam information. Since the message body contains no text, antispam scanners cannot determine if the message is spam.
Enable this option to use the heuristic, banned word, and image spam scans to inspect the first page of PDF attachments. This option applies only if you have enabled and configured heuristic, banned word, and/or image spam scans. For information on configuring those scans, see “Configuring heuristic options” on page 511, “Configuring banned word options” on page 512, and “Configuring image spam options” on page 514. |
Apply default Select this option to take the default antispam action right away without action without applying other antispam filters if the email matches the relevant IP or scan upon policy recipient policy. match
Configuring other antispam settings
This section appears only for incoming profiles.
- When configuring an antispam profile, click the arrow to expand the section.
- Select Automatically update user’s personal whitelist to allow the FortiMail unit to add the recipient email addresses from an email user’s outgoing email to their personal white list, if the option is also enabled in the email user’s preferences.
Email users’ preferences can be configured by email users from the Preferences tab of FortiMail webmail or by FortiMail system administrators from the web UI. For more information, see “Configuring user preferences” on page 428.
Performing a batch edit
You can apply changes to multiple profiles at once.
- Go to Profile > AntiSpam > AntiSpam.
- In the row corresponding to existing profiles whose settings you want to modify, mark their check boxes.
The ability to batch edit antispam profiles does not apply to predefined profiles.
- Click Batch Edit.
The AntiSpam Profile dialog appears.
- Modify the profile, as explained in “Managing antispam profiles” on page 503, changing only those settings that you want to apply to all selected profiles.
- Click Apply To All to save the changes and remain on the dialog, or click OK to save the changes and return to the AntiSpam
Hi, on these instructions it states “personal black lists and white lists” on page 620.”
Where can i get the book to view page 620??
https://docs.fortinet.com/d/fortimail-5.4.0-administration-guide
That is a PDF version of the FortiMail documentation. 620 is referenced there.
Hello,
What about the confidence degree of Header Analysis (also called Deepheader Analysis)? The default value is 95.0, and statisticaly on dozen of emails, all the values are always within range 95,03- 95,09. What is really checked in headers ? In our organization (government – 5000 users) we have lots of SPAM catched but also lots of false positive catched by this feature…
Unfortunately the defaults are just “broad strokes”. A lot of tweaking is necessary to get things to where you are in your organization’s happy range of false positives vs missed spam.
Hello,
Do we have some addtional info regarding heuristic filter ? It is quite tricky to proceed with fine tuning with this light description. In my case, default settings just catch anything (around 10 emails out of 150’000… Now I have decreased threshold value to 3.0 and increased percentage of rules to 50% and now it catches around 200 emails out of 750’000 … still no false-positive.
Hello,
Is there a way to clear only one entry in the LDAP cache ? Since we have over 10’000 users and that there are multiple routers and FW between the SMTP Gateway and the LDAP servers we do not want to clear the whole cache.