Email filtering FortiGuard Email Filtering (also called the FortiGuard Antispam Service)
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 567
http://docs.fortinet.com/ • Feedback
Email filtering
This chapter describes how to configure FortiGate email filtering for IMAP, POP3, and
SMTP email. If your FortiGate unit supports SSL content scanning and inspection you can
also configure email filtering for IMAPS, POP3S, and SMTPS email traffic. For information
about SSL content scanning and inspection, see “SSL content scanning and inspection”
on page 481.
If you enable virtual domains (VDOMs) on the FortiGate unit, Email filtering is configured
separately for each virtual domain. For details, see “Using virtual domains” on page 159.
This section provides an introduction to configuring email filtering. For more information
see the FortiGate UTM User Guide.
This section describes:
• FortiGuard Email Filtering (also called the FortiGuard Antispam Service)
• Banned word
• IP address and email address black/white lists
• Advanced Email Filter configuration
• Using wildcards and Perl regular expressions
FortiGuard Email Filtering (also called the FortiGuard Antispam
Service)
You can configure the FortiGate unit to manage unsolicited commercial email by detecting
and identifying spam messages from known or suspected spam servers.
The FortiGuard Antispam Service uses both a sender IP reputation database and a spam
signature database, along with sophisticated spam filtering tools, to detect and block a
wide range of spam messages. Using FortiGuard Email Filtering protection profile settings
you can enable IP address checking, URL checking, E-mail checksum checking, and
Spam submission. Updates to the IP reputation and spam signature databases are
provided continuously from the global FortiGuard distribution network.
From the FortiGuard Antispam Service page in the FortiGuard center you can use IP and
signature lookup to check whether an IP address is blacklisted in the FortiGuard antispam
IP reputation database, or whether a URL or email address is in the signature database.
Order of email filtering
FortiGate email filtering uses various filtering techniques. The order the FortiGate unit
uses these filters depends on the mail protocol used.
Filters requiring a query to a server and a reply (FortiGuard Antispam Service and
DNSBL/ORDBL) are run simultaneously. To avoid delays, queries are sent while other
filters are running. The first reply to trigger a spam action takes effect as soon as the reply
is received.
Each filter passes the email to the next if no matches or problems are found. If the action
in the filter is Mark as Spam, the FortiGate unit tags as spam the email according to the
settings in the protection profile.
For SMTP and SMTPS if the action is discard the email message is discarded or dropped.
To Next Page
Loading...
Need help?
General
