Clearing the LDAP profile cache
You can clear the FortiMail unit’s cache of query results for any LDAP profile.
This may be useful after, for example, you have updated parts of your LDAP directory that are used by that LDAP profile, and you want the FortiMail unit to discard outdated cached query results and reflect changes to the LDAP directory. After the cache is emptied, any subsequent request for information from that LDAP profile causes the FortiMail unit to query the updated LDAP server, refreshing the cache.
To clear the LDAP query cache 1. Go to Profile > LDAP > LDAP.
- Double-click the LDAP profile whose query cache you want to clear.
- Click Test LDAP Query.
- From Select query type, select Clear Cache.
A warning appears at the bottom of the window, notifying you that the cache for this LDAP profile will be cleared if you proceed. All queries will therefore be new again, resulting in decreased performance until the query results are again cached.
- Click Ok.
The FortiMail unit empties cached LDAP query responses associated with that LDAP profile.
Configuring dictionary profiles
The Profiles tab lets you configure dictionary profiles.
Unlike banned words, dictionary terms are UTF-8 encoded, and may include characters other than US-ASCII characters, such as é or ñ.
Dictionary profiles can be grouped or used individually by antispam or content profiles to detect spam, banned content, or content that requires encryption to be applied. For more information on content profiles and antispam profiles, see “Configuring antispam profiles and antispam action profiles” on page 503 and “Configuring content profiles and content action profiles” on page 526.
A dictionary can contain predefined and/or user-defined patterns.
The FortiMail unit comes with the following six predefined patterns. You can edit a predefined pattern and edit or delete a user-defined pattern by selecting it and then clicking the Edit or Delete icon.
If a pattern is enabled, the FortiMail unit will look for the template/format defined in a pattern. For example, if you enable the Canadian SIN predefined pattern, the FortiMail unit looks for the three groups of three digits defined in this pattern. This is useful when you want to use IBE to encrypt an email based on its content. In such cases, the dictionary profile can be used in a content profile which is included in a policy to apply to the email. For more information about IBE, see “Configuring IBE encryption” on page 357.
Table 56:Predefined patterns
Canadian SIN | Canadian Social Insurance Number. The format is three groups of three digits, such as 649 242 666. |
US SSN | United States Social Security number. The format is a nine digit number, such as 078051111. |
Credit Card | Major credit card number formats. |
ABA Routing | A routing transit number (RTN) is a nine digit bank code, used in the United States, which appears on the bottom of negotiable instruments such as checks identifying the financial institution on which it was drawn. |
CUSIP | CUSIP typically refers to both the Committee on Uniform Security
Identification Procedures and the 9-character alphanumeric security identifiers that they distribute for all North American securities for the purposes of facilitating clearing and settlement of trades. |
ISIN | An International Securities Identification Number (ISIN) uniquely identifies a security. Securities for which ISINs are issued include bonds, commercial paper, equities and warrants. The ISIN code is a 12-character alpha-numerical code that does not contain information characterizing financial instruments but serves for uniform identification of a security at trading and settlement. |
To access this part of the web UI, your administrator account’s access profile must have Read or Read-Write permission to the Policy category. For details, see “About administrator account permissions and domains” on page 290.
To view the list of dictionary profiles
- Go to Profile > Dictionary > Dictionary.
Figure 251:Dictionary tab
GUI item | Description |
Export
(button) |
Select one dictionary check box and click Export. Follow the prompts to save the dictionary file.
Note that you can only export one dictionary at a time. |
Import
(button) |
Select one dictionary check box and then click the import button to import dictionary entries into the existing dictionary. In the dialog, click Browse to locate a dictionary in text format. Click OK to upload the file.
Note that you can only select one dictionary at a time and you can only import dictionary entries into an existing dictionary. |
Name | Displays the dictionary name. |
- Click New to create a new profile or double-click a profile to modify it.
A two-part page appears.
Figure 252:Viewing the patterns in a dictionary profile
- For a new profile, type its name.
- To enable or edit a predefined pattern:
- Double-click a pattern in Smart Identifiers.
- dialog appears.
- Double-click a pattern in Smart Identifiers.
Figure 253:Enabling a predefined pattern
- Select Enable to add the pattern to the dictionary profile.
- To edit a predefined pattern, do the same as for a user-defined pattern in Step 5.
- Click OK.
- To add or edit a user-defined pattern:
- Click New under Dictionary Entries to add an entry or double click an entry to modify it.
- dialog appears.
- Click New under Dictionary Entries to add an entry or double click an entry to modify it.
Figure 254:Adding a new pattern
- Configure a custom entry.
GUI item | Description | |||
Enable | Select to enable a pattern. | |||
Pattern | Type a word or phrase that you want the dictionary to match, expressed either verbatim, with wild cards, or as a regular expression.
Regular expressions do not require slash ( / ) boundaries. For example, enter: v[i1]agr?a Matches are case insensitive and can occur over multiple lines as if the word were on a single line. (That is, Perl-style match modifier options i and s are in effect.) The FortiMail unit will convert the encoding and character set into UTF-8, the same encoding in which dictionary patterns are stored, before evaluating an email for a match with the pattern. Because of this, your pattern must match the UTF-8 string, not the originally encoded string. For example, if the original encoded string is: =?iso-8859-1?B?U2UgdHJhdGEgZGVsIHNwYW0uCg==?= the pattern must match: Se trata del spam. Entering the pattern *iso-8859-1* would not match. This option is not editable for predefined patterns. |
|||
Pattern type | For a new dictionary entry, select either:
• Wildcard: Pattern is verbatim or uses only simple wild cards (? or *). • Regex: Pattern is a Perl-style regular expression. This option is not editable for predefined patterns. |
|||
Comments | Enter any descriptions for the pattern. | |||
Pattern weight | Enter a number by which an email’s dictionary match score will be incremented for each word or phrase it contains that matches this pattern.
The dictionary match score may be used by content monitor profiles and antispam profiles to determine whether or not to apply the content action. For more information about antispam profiles, see “Configuring dictionary options” on page 512. For more information about content monitor profiles, see “Configuring content monitor and filtering” on page 533. |
|||
Pattern max weight | Enter the maximum by which matches of this pattern can contribute to an email’s dictionary match score.
This option applies only if Enable pattern max weight limit is enabled. |
|||
Enable pattern max weight limit | Enable if the pattern must not increase an email’s dictionary match score more than the amount configured in Pattern max weight. | |||
GUI item | Description | |||
Search header | Enable to match occurrences of the pattern when it is located in an email’s message headers, including the subject line.
The FortiMail unit uses the full header string, including the header name and value, to match the pattern. Therefore, when you define the pattern, you can specify both the header name and value. For example, such a pattern entry as from: .*@example.com.* will block all email messages with the From header as xxx@example.com. |
|||
Search body | Enable to match occurrences of the pattern when it is located in an email’s message body. | |||
To apply a dictionary, in an antispam profile or content profile, either select it individually or select a dictionary group that contains it. For more information, see “Configuring dictionary groups” on page 590, “Managing antispam profiles” on page 503, and “Configuring content profiles” on page 526.
Hi, on these instructions it states “personal black lists and white lists” on page 620.”
Where can i get the book to view page 620??
https://docs.fortinet.com/d/fortimail-5.4.0-administration-guide
That is a PDF version of the FortiMail documentation. 620 is referenced there.
Hello,
What about the confidence degree of Header Analysis (also called Deepheader Analysis)? The default value is 95.0, and statisticaly on dozen of emails, all the values are always within range 95,03- 95,09. What is really checked in headers ? In our organization (government – 5000 users) we have lots of SPAM catched but also lots of false positive catched by this feature…
Unfortunately the defaults are just “broad strokes”. A lot of tweaking is necessary to get things to where you are in your organization’s happy range of false positives vs missed spam.
Hello,
Do we have some addtional info regarding heuristic filter ? It is quite tricky to proceed with fine tuning with this light description. In my case, default settings just catch anything (around 10 emails out of 150’000… Now I have decreased threshold value to 3.0 and increased percentage of rules to 50% and now it catches around 200 emails out of 750’000 … still no false-positive.
Hello,
Is there a way to clear only one entry in the LDAP cache ? Since we have over 10’000 users and that there are multiple routers and FW between the SMTP Gateway and the LDAP servers we do not want to clear the whole cache.