New Member

Question

Anti spam log detection

Forum|Forum|6 years ago
April 6, 2020
2 replies
4255 views

Hi, everyone

i have Fortigate 600C version 5.4

on log & report anti spam, the log not detect all traffic mail. is the anti spam log just detect the email which had spam signature or all traffic mail get through the firewall should be detect by log anti spam?

thanks

abelio

SuperUser

Hi,

it depends actually

Could you share please the output of cli command: show full spamfilter profile <your_profile> ?

asep_khoerismanAuthor

New Member

hi Abelio,

here is the result of configuration spam filter

JKTSDM102070 $ show full-configuration spamfilter profile default

config spamfilter profile

edit "default"

set comment "malware and phishing URL filtering"

set flow-based disable

set replacemsg-group ''

set spam-log enable

set spam-filtering disable

set external disable

unset options

config imap

set log disable

end

config pop3

set log disable

end

config smtp

set log disable

end

config mapi

set log disable

end

config msn-hotmail

set log disable

end

--More-- config yahoo-mail

set log disable

end

config gmail

set log disable

end

set spam-bword-threshold 10

unset spam-bword-table

unset spam-bwl-table

unset spam-mheader-table

unset spam-rbl-table

unset spam-iptrust-table

set spam-log-fortiguard-response disable

next

end

JKTSDM102070 $

is any missing command of something wrong with that configuration?

abelio

SuperUser

hi,

nothing wrong, but you talked about lack of logs related with antispam activity.

Your spamfilter profile is the default one, so it needs enable spam-filtering service, logging and another cli based features.

I.e:

config spamfilter profile edit "default" set comment "Malware and phishing URL filtering." set flow-based disable set replacemsg-group '' set spam-log enable set spam-filtering enable // to enable features including fortiguard and non-licensed ones set external disable set options spambwl spamfsip spamfssubmit spamfschksum spamfsurl spamhelodns spamraddrdns spamfsphish // features like blacklists, helo, reverse-check, etc config imap set log enable //enable logging for this protocol set action tag set tag-type subject spaminfo set tag-msg "Spam" end config pop3 set log enable set action tag set tag-type subject spaminfo set tag-msg "Spam" end config smtp set log enable set action discard set tag-type subject spaminfo set tag-msg "Spam" set hdrip disable // enable-disable possibility set local-override disable end config mapi set log enable set action discard end config msn-hotmail set log enable end config yahoo-mail set log enable end config gmail set log enable end set spam-bword-threshold 10 unset spam-bword-table unset spam-bwl-table unset spam-mheader-table set spam-rbl-table 1 unset spam-iptrust-table set spam-log-fortiguard-response enable next end

///

Also, if you set another tables to check for example RBLs, banned word or IP, etc, you need to enable it within profile.

example:

Using public relay-black-lists:

config spamfilter dnsbl edit 1 set name "public rbls" config entries edit 1 set server "cbl.abuseat.org" next end next end

and you must enable "set spam-rbl-table 1" in your spamfilter profile

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded