Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Somashekara_Hanumant
Staff
Staff

Created on ‎07-26-2017 04:18 AM

Article Id 192867

Technical Note: Append subject with specific keyword after matching internal domain

Description
This article explains how to tag all incoming messages for internal protected domains with a specific keyword.

In order to segregate mails which are coming from external domain to internal protected domain, all the inbound messages can be tagged with some specific keyword.

Scope
Version v5.2 and above.

Inbound email tag, using dictionary profile.

Solution
The mail administrator may want to differentiate inbound messages with a tag added to subject, then using dictionary profile each message should match the keyword and then add the tag.

Requirements

1) Protected domains to be configured on FortiMail.

2) On Incoming recipient policy enable the content profile by selecting respective dictionary profile.

If there are more than one domain, repeat these steps for other domains and apply on respective incoming recipient policies.

Configuration

Content action profile

shreddy_FD40585_tn_FD40585-1.jpg

 config profile content-action
  edit new_action
    set tagging-type tag-subject
    set subject-tagging-text [External]
  next
end

Dictionary Profile

shreddy_FD40585_tn_FD40585-2.jpg

 config profile dictionary
  edit new_incoming
    config  item
      edit 1
        set pattern-type CANSIN
        set pattern-max-limit enable
        set pattern-status disable
      next
      edit 2
        set pattern-type USSSN
        set pattern-max-limit enable
        set pattern-status disable
      next
      edit 3
        set pattern-type CreditCard
        set pattern-max-limit enable
        set pattern-status disable
      next
      edit 4
        set pattern-type ABAROUTING
        set pattern-max-limit enable
        set pattern-status disable
      next
      edit 5
        set pattern-type CUSIP
        set pattern-max-limit enable
        set pattern-status disable
      next
      edit 6
        set pattern-type ISIN
        set pattern-max-limit enable
        set pattern-status disable
      next
      edit 7
        set pattern /^[Tt][Oo]:.*.@somu.local.*/
      next
    end
  next
end

Content Profile

shreddy_FD40585_tn_FD40585-3.jpg

 config profile content
  edit incoming_contenet
    config  attachment-scan
      edit 1
        set status disable
        set patterns executable_windows
      next
      edit 2
        set status disable
        set patterns video
      next
      edit 3
        set status disable
        set patterns audio
      next
      edit 4
        set status disable
        set patterns image
      next
      edit 5
        set status disable
        set patterns archive
      next
      edit 6
        set status disable
        set patterns encrypted
      next
    end
    set action-default new_action
    config  monitor
      edit 1
        set dictionary-profile new_incoming
      next
    end
  next
end

Incoming recipient policy

shreddy_FD40585_tn_FD40585-4.jpg

 config policy recipient
  edit 1
    set profile-content incoming_contenet
  next
end

Logs


shreddy_FD40585_tn_FD40585-5.jpg
After tagging the [External] keyword on the subject.
shreddy_FD40585_tn_FD40585-6.jpg


3733
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.