Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Somashekara_Hanumant
Staff
Staff

Created on ‎09-10-2015 01:21 AM

Article Id 196928

Technical Note: Encrypting incoming/outgoing emails only for credit card number pattern

Description
This article provides an example of encrypting incoming/outgoing emails with credit card pattern.

Scope
Fortimail 5.0 onwards.  Article written using v5.2.2 build 425.

Solution
FortiMail is configured in Server Mode.

Protected Domains configured as below:
somu.local
test.local
Users configured under protected domains as below:
somu.local
user
user2

test.local
test
FortiMail IP address is 172.31.19.177.

Configuring Domains

shreddy_FD37093_tn_FD37093-1.jpg
Configuring Users

shreddy_FD37093_tn_FD37093-2_3.jpg

Enable the IBE encryption

shreddy_FD37093_tn_FD37093-4.jpg

Configuring the Dictionary Profile

shreddy_FD37093_tn_FD37093-5.jpg

Configuring the Content Profile

shreddy_FD37093_tn_FD37093-6.jpg

On the content profile the action should be configured as encrypt, under the action profile the encrypt profile should be IBE_Pull, and under Content Monitor and Filtering need to select the Dictionary Profile which was created earlier.

Configure the IP policy and Outgoing Recipient policy

shreddy_FD37093_tn_FD37093-7.jpg

Authenticate with user password, then the real contents can be viewed.

Domain configuration
get sys status
Version:            FortiMail-400C v5.2,build425,141127 (5.2.2 GA)

config domain
  edit somu.local
    config profile authentication radius
    end
    config user mail
      edit user
        set type local
        set password ENC FOpyx2PNXG6zMv96Ljd3h8mSfvcGPbxQ7NRHDRTVSjfvZzrqXNQyIcVrHV7bTMo+R6DdHGMvUAkrH3WXaaj+g+mNtI8BpZtFXeCGHULMEAg2TmzL
      next
      edit user2
        set type local
        set password ENC pUFm+E0TZHTSivLlGGhAk6NcQze6Waskn8aLCbTNVYG+ox/HitlmfBNKHJDXQPCUdahJGIOz5342+PdI3BVWcmJKmR0zM302OKLI04t/wR8Fv6uw
      next
    end
    config user group
    end
    config  customized-message
      edit report-quarantine-summary
        config  variable
        end
        config  email-template
        end
      next
    end
    config profile antivirus-action
    end
    config profile antivirus
    end
    config profile antispam-action
    end
    config profile antispam
    end
    config profile content-action
    end
    config profile content
    end
    config profile resource
    end
    config policy recipient
    end
    config  domain-setting
      config  sender-addr-rate-ctrl-exempt
      end
    end
    config cal resource
    end
  next
  edit test.local
    config profile authentication radius
    end
    config user mail
      edit test
        set type local
        set password ENC TvDIWJ9rfOGyBQyyZ2xmer41BPPNSkZ8LhrFHTphIH8xG48U4panUOgwFozpfK/TPB9LiuJ1HTGmilOF3qIHzQLH4gUMCXX/ZiYefuaW5RaSRSZ/
      next
    end
    config user group
    end
    config  customized-message
      edit report-quarantine-summary
        config  variable
        end
        config  email-template
        end
      next
    end
    config profile antivirus-action
    end
    config profile antivirus
    end
    config profile antispam-action
    end
    config profile antispam
    end
    config profile content-action
    end
    config profile content
    end
    config profile resource
    end
    config policy recipient
    end
    config  domain-setting
      config  sender-addr-rate-ctrl-exempt
      end
    end
    config cal resource
    end
  next
end

Configuring users
config domain
edit somu.local
config user mail
  edit user
    set type local
set password ENC viTAVSbDK14ejJZIkiVNupemg4gcSTn3c7txZKTpAvcOvUPK87kpMTh3TZ/lL68kl4nTgdsusSnX47em0qOrJIqiqLj3dLY0yCsoUwYWTOJAiYxL
  next
  edit user2
    set type local
set password ENC LzbgcChFMz1iV6t3D0fHiy+2xIcNqpPaG2vBgXpVA0fxrdvMh+iqn8v0/SY3qyF8BGloVegjBHlubLy0ExuX0jK09vRO37Qq+srm6Q/YoexEHz/i
  next
end

For test.local
config domain
edit test.local
config user mail
  edit test
    set type local
 set password ENC hSTTadsBtS8SA6x0v5pSAfTAz9mYfVhbj+Iqk8ugqZf8H+DvBf9I4MSLgs6DbWScL+cfg+duF5FH4/57h3pza8kvbdAZIUMnzPeRSr1fj8mqvCVk
  next
end

Configuring Content action Profile
config profile content-action
edit encrypt
    set direction outgoing
    set action encryption
    set encryption-profile IBE_Pull
  next
end

Configuring Content profile
config profile content
  edit outbound_credit_card
    set direction outgoing
    config  attachment-name
      edit *.bat
      next
      edit *.com
      next
      edit *.dll
      next
      edit *.doc
      next
      edit *.exe
      next
      edit *.gz
      next
      edit *.hta
      next
      edit *.ppt
      next
      edit *.rar
      next
      edit *.scr
      next
      edit *.tar
      next
      edit *.tgz
      next
      edit *.vb?
      next
      edit *.wps
      next
      edit *.xl?
      next
      edit *.zip
      next
      edit *.pif
      next
    end
    set action-default encrypt
    config  monitor
      edit 1
        set dictionary-profile credit_card_dictionary
        set action Encrypt_Pull_Outbound
        set scan-pdf enable
        set scan-msoffice enable
        set scan-archive enable
      next
    end
  next
end

Configuring Dictionary Profile
config profile dictionary
  edit credit_card_dictionary
    config  item
      edit 1
        set pattern-type CANSIN
        set pattern-max-limit enable
        set pattern-status disable
      next
      edit 2
        set pattern-type USSSN
        set pattern-max-limit enable
        set pattern-status disable
      next
      edit 3
        set pattern-type CreditCard
        set pattern-max-limit enable
      next
      edit 4
        set pattern-type ABAROUTING
        set pattern-max-limit enable
        set pattern-status disable
      next
      edit 5
        set pattern-type CUSIP
        set pattern-max-limit enable
        set pattern-status disable
      next
      edit 6
        set pattern-type ISIN
        set pattern-max-limit enable
        set pattern-status disable
      next
    end
  next
end

Configuring IP Policy
config policy ip
  edit 1
    set profile-session Inbound_Session
    set profile-content outbound_credit_card
  next
end

Configuring Outgoing recipient policy
config policy recipient
  edit 1
    set direction outgoing
    set profile-content outbound_credit_card
  next
end

Now try to send a mail from user@somu.local to test@test.local with a credit card (fake) 4539665237127925 number in body of the email, when the logs are verified on the FortiMail the email can be seen to be encrypted.

 shreddy_FD37093_tn_FD37093-8.jpg

If tested with .docx or zip/rar file with .docx inside, it should encrypt the emails.

To open the encrypted email click on https://172.31.19.177, and a similar authentication prompt to the one shown below should be seen.

shreddy_FD37093_tn_FD37093-9.jpg

 

796
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.