PurposeThis article provides an example of how to restrict the distribution of quarantine reports to a reduced number of users. This may be useful where the administrator does not want all users to be able to potentially release quarantined mails.
ScopeFortiMail.
DiagramN/A.
Expectations, RequirementsRequirements:
FortiMail is configured in Server Mode with domain somu.local and externaldomain.local
The following users are created under User > Users > for somu.local domain
user1
user2
user3
user4
user5
For externaldomain.local
extuser
ConfigurationDomain Creation:
User Group Creation:Create a group of users under User > User > User Group > grp1 > include
user1, user2 and
user3
Configuration from CLIconfig domain
edit somu.local
config user mail
edit user1
set type local
set password 123456
next
edit user2
set type local
set password 123456
next
edit user3
set type local
set password 123456
next
edit user4
set type local
set password 123456
next
edit user5
set type local
set password 123456
next
end
Configure Groupconfig domain
edit somu.local
config user group
edit grp1
set member user1,user2,user3
next
end
Configure two Antispam profiles, one with Send quarantine report enabled and one without:config domain
edit somu.local
config profile antispam
edit grp1_antispam_profile
config dnsbl-server
end
config surbl-server
end
set banned-word enable
config bannedwords
edit fortinet
set subject enable
set body enable
next
end
config whitelistwords
end
set action-default grp1_action_quarantine
next
edit other_group_profile
config dnsbl-server
end
config surbl-server
end
set banned-word enable
config bannedwords
edit fortinet1
set subject enable
set body enable
next
end
config whitelistwords
end
set action-default otherGroup_action
next
end
Antispam action configuration:config domain
edit somu.local
config profile antispam-action
edit otherGroup_action
set action quarantine
set release-through-web disable
set release-auto-whitelist disable
next
edit grp1_action_quarantine
set action quarantine
set quarantine-report enable
next
end
Configure recipient policies with respective Antispam profiles:
config domain
edit somu.local
config policy recipient
edit 1
set recipient-name grp1
set recipient-type local-group
set profile-antispam grp1_antispam_profile
next
edit 2
set profile-antispam other_group_profile
next
end
VerificationSend a mail from extuser@externaldomain.local to user1@somu.local or grp1@somu.local with banned word 'fortinet'. The mail should get caught as quarantine and the user 'user1@somu.local' should get a quarantine report.
TroubleshootingChecking logs group users:The logs can be seen under Monitor > Log > History > Column Content
Log Type AntiSpam
Date 2015-05-18
Time 03:21:23
From extuser@externaldomain.local
To grp1@somu.local
Session ID t4IALNPw001886-t4IALNPx001886
Client [127.0.0.1]
Message Expanding alias grp1@somu.local to 3 entries. Including user1@somu.local, user2@somu.local, user3@somu.local
Level information
Type spam
Destination IP 127.0.0.1
Log ID 0300001887
Column Content
Log Type AntiSpam
Date 2015-05-18
Time 03:21:23
From extuser@externaldomain.local
To grp1@somu.local
Subject testing for bannedword + quarantine
Session ID t4IALNPw001886-t4IALNPx001886
Client [127.0.0.1]
Message Detected by BannedWord fortinet
Level information
Type spam
Destination IP 127.0.0.1
Log ID 0300001887
After generating the quarantine report (Monitor > Quarantine >
select the user1@somu.local > Send Quarantine report to "), check the
event logsColumn Content
# 2
Date 2015-05-18
Time 05:11:43
Subtype smtp
Message Spamreport: found 2 Messages for User: user1@somu.local to (user1@somu.local)
Log ID 0008002378
Action NONE
Level information
Status N/A
Type event
UI spamreport
User user1@somu.local
Length 0
Column Content
Log Type Event
Date 2015-05-18
Time 05:11:50
Session ID t4ICBh1t0023789172
Message to=user1@somu.local, mailer=local, stat=Sent
Action NONE
Level information
Type event
UI mail
User mail
Log ID 0008001297
Send a mail to other users (other than grp1 members), with
the banned word and the mail is put in quarantine and
the quarantine report is not sent to user4@somu.local
Column Content
# 7
Date 2015-05-18
Time 04:44:44
Subtype smtp
Message Spamreport: spam report is disabled for User: user4@somu.local
Log ID 0008002245
Action NONE
Level information
Status N/A
Type event
UI spamreport
User user4@somu.local
Length 0