Tag Archives: fortigate Anti-Spam examples

Anti-Spam examples

AntiSpam examples

 

Configuring simple Anti-Spam protection

Small offices, whether they are small companies, home offices, or satellite offices, often have very simple needs. This example details how to enable Anti-Spam protection on a FortiGate unit located in a satellite office.

 

Creating an email filter profile

Most Anti-Spam settings are configured in an Anti-Spam profile. Anti-Spam profiles are selected in firewall policies. This way, you can create multiple Anti-Spam profiles, and tailor them to the traffic controlled by the security policy in which they are selected. In this example, you will create one Anti-Spam profile.

 

To create an Anti-Spam profile — web-based manager

1. Go to Security Profiles > Anti-Spam.

2. Select the Create New icon in the Edit Anti-Spam Profile window title.

3. In the Name field, enter basic_anti-spam

4. Select Enable Spam Detection and Filtering.

5. Ensure that IMAP, POP3, and SMTP are selected in the header row.

These header row selections enable or disable examination of each Anti-Spam type. When disabled, the email traffic of that type is ignored by the FortiGate unit and no Anti-Spam options are available.

6. Under FortiGuard Spam Filtering, enable IP Address Check.

7. Under FortiGuard Spam Filtering, enable URL Check.

8. Under FortiGuard Spam Filtering, enable Email Checksum Check.

9. Select OK to save the email filter profile.

 

To create an Anti-Spam profile — CLI

config spamfilter profile edit basic_anti-spam

set options spamfsip spamfsurl spamfschksum end

 

Selecting the Anti-Spam profile in a security policy

An Anti-Spam profile directs the FortiGate unit to scan network traffic only when it is selected in a security policy. When an Anti-Spam profile is selected in a security policy, its settings are applied to all the traffic the security policy handles.

 

To select the Anti-Spam profile in a security policy — web-based manager

1. Go to Policy & Objects > IPv4 Policy.

2. Create a new or edit a policy.

3. Turn on Anti-Spam.

4. Select the basic_anti-spam profile from the list.

5. Select OK to save the security policy.

 

To select the Anti-Spam profile in a security policy — CLI

config firewall policy edit 1

set utm-status enable

set profile-protocol-options default set spamfilter-profile basic_anti-spam

end

IMAP, POP3, and SMTP email traffic handled by the security policy you modified will be scanned for spam. Spam messages have the text “Spam” added to their subject lines. A small office may have only one security policy configured. If you have multiple policies, consider enabling spam scanning for all of them.

 

Blocking email from a user

Employees of the Example.com corporation have been receiving unwanted email messages from a former client at a company called example.net. The client’s email address is client@example.net. All ties between the company and the client have been severed, but the messages continue. The FortiGate unit can be configured to prevent these messages from being delivered.

 

To enable Anti-Spam

1. Go to Security Profiles > Anti-Spam.

2. Select the Anti-Spam profile that is used by the firewall policies handling email traffic from the Anti-Spam profile drop down list.

3. In the row Tag Location, select Subject for all three mail protocols.

4. In the row Tag Format, enter SPAM: in all three fields.

This means that normal spam will be tagged in the subject line.

5. Select Enable Spam Detection and Filtering.

6. Under Local Spam Filtering, enable Black White List and select Create New.

7. In the Black White List widget, select Create New.

8. Select Email Address Wildcard.

9. Enter client@example.net in the Pattern field.

 

  • If you wanted to prevent everyone’s email from the client’s company from getting through you could have used *@example.net instead.

10. Set the Action as Mark as Reject.

11. Set the Status to Enable.

12. Select OK.

Now that the email address list is created, you must enable the email filter in the Anti-Spam profile.

When this Anti-Spam profile is selected in a security policy, the FortiGate unit will reject any email message from an address ending with @example.net for all email traffic handled by the security policy.