Spam filter
FortiGate-3000 Administration Guide 01-28006-0010-20041105 345
Order of spam filter operations
Incoming email is passed through the spam filters in the order the filters appear in the
spam filtering options list in a firewall protection profile (and in Table 34): IP address,
RBL & ORDBL, FortiShield, HELO DNS lookup, email address, return email DNS
check, MIME header, and banned word (content block). Each filter passes the email
to the next if no matches or problems are found. If the action in the filter is Mark as
Spam, the FortiGate unit will tag or discard (SMTP only) the email according to the
settings in the protection profile. If the action in the filter is Mark as Clear, the email is
exempt from any remaining filters. If the action in the filter is Mark as Reject, the email
session is dropped. Rejected SMTP email messages are substituted with a
configurable replacement message. See “Replacement messages” on page 112.
FortiShield IP address black list and spam filter
FortiShield is an antispam system that uses an IP address black list and spam filtering
tools. FortiShield compiles the IP address list from email captured by spam probes
located around the world. Spam probes are email addresses purposely configured to
attract spam and identify known spam sources to create the antispam IP address list.
FortiShield combines IP address checks with other spam filter techniques in a two-
pass process.
On the first pass, FortiShield checks the SMTP mail server source address against the
antispam IP address list. If the source address matches the list of known spammers,
FortiShield terminates the session. If FortiShield does not find a match, the mail server
sends the email to the recipient.
As each email is received, FortiShield performs the second antispam pass by
checking the header, subject, and body of the email for common spam content. If
FortiShield finds spam content, the email is tagged or dropped according to the
configuration in the firewall protection profile.
Both FortiShield antispam processes are completely automated and configured by
Fortinet. With constant monitoring and dynamic updates, FortiShield is always current.
You can enable or disable FortiShield in a firewall protection profile. See “Configuring
spam filtering options” on page 234.
This chapter describes:
• IP address
• RBL & ORDBL
• Email address
• MIME headers
• Banned word
• Using Perl regular expressions
To Next Page
Loading...
Need help?
General