FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpalli
Staff
Staff
Article Id 214136
Description This article demonstrates the use of regular expression on FortiGate to block an email sourced from a specific domain like .co while allowing emails from .com domain.
Scope FortiGate.
Solution

Configure a regular expression pattern '.*(co)\b' to match emails belonging to only .co domain.

# config emailfilter block-allow-list

edit 1

set name "dotco-bal"
config entries

edit 1

set type email-from
set pattern-type regexp
set pattern ".*(co)\\b"  > It is expected to see two backward slashes when you run #show emailfilter block-allow-list

next

end

next

end

 

Map the block-allow-list to an antispam profile.

 

# config emailfilter profile

edit "BlockDotCO"

set comment ''
set feature-set proxy
set replacemsg-group ''
set spam-log enable
set spam-filtering disable
set external disable
set options spambal
config imap

set log-all disable

end
config pop3

set log-all disable

end
config smtp

set log-all disable

end
config mapi

set log-all disable

end
config msn-hotmail

set log-all disable

end
config gmail

set log-all disable

end
set spam-bword-threshold 10
unset spam-bword-table
set spam-bal-table 1
unset spam-mheader-table
unset spam-rbl-table
unset spam-iptrust-table
set spam-log-fortiguard-response disable

next

end

 

Now, apply this antispam profile to a PROXY-BASED Firewall policy. 
As of FortiOS v7.2.0, new filter types {ip | email-to | email-from | subject} 

are currently not supported in flow inspection mode.

For more information about the block-allow-list feature on FortiGate,  refer to
https://docs.fortinet.com/document/fortigate/7.2.0/new-features/386433/add-email-filters-for-block-a...

To learn more about wildcards and regular expressions, refer to
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/571833/wildcards-and-perl-regular-expres...

Contributors