FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpalli
Staff
Staff
Description This article demonstrates the use of regular expression on FortiGate to block an email sourced from a specific domain like .co while allowing emails from .com domain.
Scope FortiGate.
Solution

Configure a regular expression pattern '.*(co)\b' to match emails belonging to only .co domain.

# config emailfilter block-allow-list

edit 1

set name "dotco-bal"
config entries

edit 1

set type email-from
set pattern-type regexp
set pattern ".*(co)\\b"  > It is expected to see two backward slashes when you run #show emailfilter block-allow-list

next

end

next

end

 

Map the block-allow-list to an antispam profile.

 

# config emailfilter profile

edit "BlockDotCO"

set comment ''
set feature-set proxy
set replacemsg-group ''
set spam-log enable
set spam-filtering disable
set external disable
set options spambal
config imap

set log-all disable

end
config pop3

set log-all disable

end
config smtp

set log-all disable

end
config mapi

set log-all disable

end
config msn-hotmail

set log-all disable

end
config gmail

set log-all disable

end
set spam-bword-threshold 10
unset spam-bword-table
set spam-bal-table 1
unset spam-mheader-table
unset spam-rbl-table
unset spam-iptrust-table
set spam-log-fortiguard-response disable

next

end

 

Now, apply this antispam profile to a PROXY-BASED Firewall policy. 
As of FortiOS v7.2.0, new filter types {ip | email-to | email-from | subject} 

are currently not supported in flow inspection mode.

For more information about the block-allow-list feature on FortiGate,  refer to
https://docs.fortinet.com/document/fortigate/7.2.0/new-features/386433/add-email-filters-for-block-a...

To learn more about wildcards and regular expressions, refer to
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/571833/wildcards-and-perl-regular-expres...

Contributors