Spam filter
FortiShield
FortiGate-60M Administration Guide
01-28007-0144-20041217
327
Order of spam filter operations
Generally, incoming email is passed through the spam filters in the order the filters
appear in the spam filtering options list in a firewall protection profile (and in
Table 29
):
FortiShield, IP address, RBL & ORDBL, HELO DNS lookup, email address, return
email DNS check, MIME header, and banned word (content block). Each filter passes
the email to the next if no matches or problems are found. If the action in the filter is
Mark as Spam, the FortiGate unit will tag or discard (SMTP only) the email according
to the settings in the protection profile. If the action in the filter is Mark as Clear, the
email is exempt from any remaining filters. If the action in the filter is Mark as Reject,
the email session is dropped. Rejected SMTP email messages are substituted with a
configurable replacement message. See
“Replacement messages” on page 108
.
The order of spam filter operations may vary between SMTP and IMAP or POP3 traffic
because some filters only apply to SMTP traffic (IP address and HELO DNS lookup).
Also, filters that require a query to a server and a reply (FortiShield and RBL/ORDBL)
are run simultaneously. To avoid delays, queries are sent while other filters are
running. The first reply to trigger a spam action will take effect as soon as the reply is
received.
This chapter describes:
•
FortiShield
•
IP address
•
RBL & ORDBL
•
Email address
•
MIME headers
•
Banned word
•
Using Perl regular expressions
FortiShield
FortiShield is an antispam system from Fortinet that uses an IP address black list and
spam filtering tools. FortiShield compiles the IP address list from email captured by
spam probes located around the world. Spam probes are email addresses purposely
configured to attract spam and identify known spam sources to create the antispam IP
address list. FortiShield combines IP address checks with other spam filter techniques
in a two-pass process.
On the first pass, FortiShield checks the SMTP mail server source address against the
antispam IP address list. If the source address matches the list of known spammers,
FortiShield terminates the session. If FortiShield does not find a match, the mail server
sends the email to the recipient.
As each email is received, FortiShield performs the second antispam pass by
checking the header, subject, and body of the email for common spam content. If
FortiShield finds spam content, the email is tagged or dropped according to the
configuration in the firewall protection profile.
Summary of Contents for FortiGate FortiGate-60M
Page 12: ...Contents 12 01 28007 0144 20041217 Fortinet Inc Index 369 ...
Page 44: ...44 01 28007 0144 20041217 Fortinet Inc Changing the FortiGate firmware System status ...
Page 74: ...74 01 28007 0144 20041217 Fortinet Inc FortiGate IPv6 support System network ...
Page 82: ...82 01 28007 0144 20041217 Fortinet Inc Dynamic IP System DHCP ...
Page 116: ...116 01 28007 0144 20041217 Fortinet Inc Access profiles System administration ...
Page 234: ...234 01 28007 0144 20041217 Fortinet Inc Protection profile Firewall ...
Page 246: ...246 01 28007 0144 20041217 Fortinet Inc CLI configuration Users and authentication ...
Page 278: ...278 01 28007 0144 20041217 Fortinet Inc CLI configuration VPN ...
Page 340: ...340 01 28007 0144 20041217 Fortinet Inc Using Perl regular expressions Spam filter ...
Page 358: ...358 01 28007 0144 20041217 Fortinet Inc CLI configuration Log Report ...
Page 376: ...376 01 28007 0144 20041217 Fortinet Inc Index ...