Scope |
All FortiOS |
Steps or Commands | Sometimes, when an email comes in, the email address displayed by the software will be different then the email that sent it.
Looking at the MIME headers shows that this is not the same as the sending email information
The FortiGate Email BWL list operates on the Envelope From information (The Return-Path). So if the details needed are located in the From but not the return path, MIME scanning must be used.
This option can only be enabled from and configured from the CLI. Example in Fortis 4.0MR2 and above : FGT# sho spamfilter mheader config spamfilter mheader edit 2 set comment "block from user1" config entries edit 1 set fieldbody "/viagra/i" set fieldname "/^from$/i" set pattern-type regexp next end set name "user1" next end FGT# sho spamfilter profile mail config spamfilter profile edit "mail" set spam-log enable config smtp set options spamhdrcheck end set spam-mheader-table 2 next end FGT# sho firewall policy 2 config firewall policy edit 2 set srcintf "wan2" set dstintf "internal" set srcaddr "all" set dstaddr "all" set action accept set utm-status enable set schedule "always" set service "ANY" set spamfilter-profile "mail" set profile-protocol-options "default" set nat enable next end Example in Fortis 3.0, 4.0, 4.0MR1 : config spamfilter mheader edit 1 config entries edit 1 set action clear set fieldbody /viagra/i set fieldname /^from$/i set pattern-type regexp next end set name mheader_table next end config firewall profile edit Scan set smtp scan bannedword fragmail spamemailbwl spamfssubmit spamfsurl spamipbwl spamhdrcheck splice set spammheadertable 1 next end The command set smtp does not have to contain all these options. These can be selected by the administrator. The one key option that can only be added by CLI, and needs to be added to enable the check, is spamhdrcheck. If the email has been encrypted using StartTLS, then MIME header checking will fail because encrypted traffic can not be scanned for content unless the unit is running 4.0 and has 'Deep Scanning' enabled (not available on all models). |
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.