Configuring Anti-spam
FortiGuard email filtering techniques us FortiGuard services to detect the presence of spam among your email. A FortiGuard subscription is required to use the FortiGuard email filters. To enable email filtering an email filter needs to be created and then the filter needs to be associated with a security policy.
The Anti-Spam security profile is only available when operating the FortiGate in proxy-based inspection.
The filter can be created as follows:
- Go to Security Profiles > Anti-Spam.
- Select the Create New icon (a plus symbol in a circle in the upper right hand corner). l Select the List icon (a page symbol in the upper right hand corner) and in the new window select Create New.
An existing filter can be edited as follows:
- Go to Security Profiles > Anti-Spam.
- Select the filter that you wish to edit from the dropdown menu in the upper right corner.
- Select the List icon (a page symbol in the upper right hand corner) and select the filter that you wish to edit from the list.
Once you are in the proper Edit Anti-Spam Profile window, you can enter a name in the Name field if it’s a new filter.
The Comments field is for a description or other information that will assist in understanding the function or purpose of the this particular filter.
Configuring Anti-spam
Before any of the other features or options of the filter appear the checkbox next to Enable Spam Detection and Filtering must be checked.
Spam detection by protocol
This matrix includes three rows that represent the email protocols IMAP, POP3 and SMTP.
There are also columns for:
Spam Action
For the client protocols, IMAP and POP3 the options are:
- Tag – This action will insert a tag into the email somewhere so that when the recipients view the email they will be warned that it is likely a spam.
- Pass – This action will allow any emails marked as spam to pass through without change. If this option is chosen, the Tag comments will be greyed out. For the transfer protocol, SMTP, the options are:
- Tag – This action will insert a tag into the email somewhere so that when the recipients view the email they will be warned that it is likely a spam.
- Discard – The action will drop the email before it reaches its destination.
- Pass – This action will allow any emails marked as spam to pass through without change. If this option is chosen, the Tag comments will be greyed out. Tag Location
- Subject – The contents of the Tag Format will be inserted into the subject line. The subject line is the most commonly used. l MIME – The contents of the Tag Format will be inserted in with the MIME header header.
Tag Format
The contents of this field will be entered into the tag location specified. The most common tag is something along the lines of [Spam] or **SPAM**
FortiGuard spam filtering
The options in the section are ones that require a FortiGuard subscription.
The options available in this section, to be selected by checkbox are:
- IP Address Check l URL Check
- Detect Phishing URLs in Email l Email Checksum Check l Spam Submission
Order of spam filtering
Local spam filtering
The options in the section are ones can be managed on the local device without the need for a FortiGuard subscription.
The options available in this section, to be selected by checkbox are: l HELO DNS Lookup l Return Email DNS Check l Black White List – checking this option will produce a table that can be edited to create a number of black / white lists that can be separately configured and enabled.
Another local spam filter profile option that can only be configured in the CLI is the bannedword.check. To configure this, enter the following commands in the CLI:
config spamfilter profile edit <filter_name> set options bannedword set spam-bword-table 1
next
end
See the section on banned word checking for more information on how content is evaluated.