Using wildcards and Perl regular expressions Email filtering
FortiGate Version 4.0 MR1 Administration Guide
578 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
MIME headers are added to email to describe content type and content encoding, such as
the type of text in the email body or the program that generated the email. Some examples
of MIME headers include:
• X-mailer: outgluck
• X-Distribution: bulk
• Content_Type: text/html
• Content_Type: image/jpg
The first part of the MIME header is called the header or header key. The second part is
called the value. Spammers often insert comments into header values or leave them
blank. These malformed headers can fool some spam and virus filters.
Use the MIME headers list to mark email from certain bulk mail programs or with certain
types of content that are common in spam messages. Mark the email as spam or clear for
each header configured.
config spamfilter dnsbl
Use this command to configure email filtering using DNS-based Blackhole List (DNSBL),
and Open Relay Database List (ORDBL) servers. DNSBL and ORDBL filtering is enabled
within each protection profile.
The FortiGate unit compares the IP address or domain name of the sender to any
database lists configured, in sequence. If a match is found, the corresponding action is
taken. If no match is found, the email is passed on to the next spam filter.
Some spammers use unsecured third party SMTP or SMTPS servers to send unsolicited
bulk email. Using DNSBLs and ORDBLs is an effective way to tag or reject spam as it
enters the network. These lists act as domain name servers that match the domain of
incoming email to a list of IP addresses known to send spam or allow spam to pass
through.
There are several free and subscription servers available that provide reliable access to
continually updated DNSBLs and ORDBLs. Check with the service you are using to
confirm the correct domain name for connecting to the server.
Using wildcards and Perl regular expressions
Email address list, MIME headers list, and banned word list entries can include wildcards
or Perl regular expressions.
See http://perldoc.perl.org/perlretut.html for detailed information about using Perl regular
expressions.
Regular expression vs. wildcard match pattern
A wildcard character is a special character that represents one or more other characters.
The most commonly used wildcard characters are the asterisk (*), which typically
represents zero or more characters in a string of characters, and the question mark (?),
which typically represents any one character.
In Perl regular expressions, the ‘.’ character refers to any single character. It is similar to
the ‘?’ character in wildcard match pattern. As a result:
Note: Because the FortiGate unit uses the server domain name to connect to the DNSBL
or ORDBL server, it must be able to look up this name on the DNS server. For information
on configuring DNS, see “Configuring Networking Options” on page 204.
To Next Page
Loading...
Need help?
General
