FortiOS 6 – Anti-spam filter

Spam actions

When spam is detected, the FortiGate unit will deal with it according to the Spam Action setting in the antispam profile. Note that POP3S, IMAPS and SMTPS spam filtering is available only on FortiGate units that support SSL content scanning and inspection. POP3, IMAP, POP3S and IMAPS mail can only be tagged. SMTP and SMTPS mail can be set to Discard or Tagged:

Discard

When the spam action is set to Discard, messages detected as spam are deleted. No notification is sent to the sender or recipient.

Pass

When the spam action is set to Pass, the spam filter is disabled for the related protocol.

Tag

When the spam action is set to Tag, messages detected as spam are labeled and delivered normally. The text used for the label is set in the Tag Format field and the label is placed in the subject or the message header, as set with the Tag Location option.

Anti-spam examples

Configuring simple Anti-spam protection

Small offices, whether they are small companies, home offices, or satellite offices, often have very simple needs. This example details how to enable Anti-Spam protection on a FortiGate unit located in a satellite office.

Creating an email filter profile

Most Anti-Spam settings are configured in an Anti-Spam profile. Anti-Spam profiles are selected in firewall policies. This way, you can create multiple Anti-Spam profiles, and tailor them to the traffic controlled by the security policy in which they are selected. In this example, you will create one Anti-Spam profile.

To create an Anti-Spam profile — web-based manager

  1. Go to Security Profiles > Anti-Spam.
  2. Select the Create New icon in the Edit Anti-Spam Profile window title.
  3. In the Name field, enter basic_anti-spam
  4. Select Enable Spam Detection and Filtering.
  5. Ensure that IMAP, POP3, and SMTP are selected in the header row.

These header row selections enable or disable examination of each Anti-Spam type. When disabled, the email traffic of that type is ignored by the FortiGate unit and no Anti-Spam options are available.

 

examples

  1. Under FortiGuard Spam Filtering, enable IP Address Check.
  2. Under FortiGuard Spam Filtering, enable URL Check.
  3. Under FortiGuard Spam Filtering, enable E-mail Checksum Check.
  4. Select OK to save the email filter profile.

To create an Anti-spam profile — CLI

config spamfilter profile edit basic_anti-spam set options spamfsip spamfsurl spamfschksum

end

Selecting the Anti-spam profile in a security policy

An Anti-Spam profile directs the FortiGate unit to scan network traffic only when it is selected in a security policy. When an Anti-Spam profile is selected in a security policy, its settings are applied to all the traffic the security policy handles.

To select the Anti-Spam profile in a security policy — web-based manager

  1. Go to Policy & Objects > IPv4 Policy.
  2. Create a new or edit a policy.
  3. Turn on Anti-Spam.
  4. Select the basic_anti-spam profile from the list.
  5. Select OK to save the security policy.

To select the Anti-spam profile in a security policy — CLI

config firewall policy edit 1 set utm-status enable set profile-protocol-options default set spamfilter-profile basic_anti-spam

end

IMAP, POP3, and SMTP email traffic handled by the security policy you modified will be scanned for spam. Spam messages have the text “Spam” added to their subject lines. A small office may have only one security policy configured. If you have multiple policies, consider enabling spam scanning for all of them.

Blocking email from a user

Employees of the Example.com corporation have been receiving unwanted email messages from a former client at a company called example.net. The client’s email address is client@example.net. All ties between the company and the client have been severed, but the messages continue. The FortiGate unit can be configured to prevent these messages from being delivered.

To enable Anti-Spam

  1. Go to Security Profiles > Anti-Spam.
  2. Select the Anti-Spam profile that is used by the firewall policies handling email traffic from the Anti-Spam profile drop down list.
  3. In the row Tag Location, select Subject for all three mail protocols.

Anti-spam examples

  1. In the row Tag Format, enter SPAM: in all three fields.

This means that normal spam will be tagged in the subject line.

  1. Select Enable Spam Detection and Filtering.
  2. Under Local Spam Filtering, enable Black White List and select Create New.
  3. In the Black White List widget, select Create New.
  4. Select Email Address Wildcard.
  5. Enter client@example.net in the Pattern

l If you wanted to prevent everyone’s email from the client’s company from getting through you could have used *@example.net instead.

  1. Set the Action as Mark as Spam.
  2. Set the Status to Enable.
  3. Confirm that the SMTP protocol action is set to Discard.
  4. Select OK.

Now that the email address list is created, you must enable the email filter in the Anti-Spam profile.

When this Anti-Spam profile is selected in a security policy, the FortiGate unit will reject any email message from an address ending with @example.net for all email traffic handled by the security policy.

This entry was posted in Administration Guides, FortiOS 6 and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.