Description
This article describes the AntiSpam or/and Content filter check bypass for a sender by the new Recipient policy that does not have the AntiSpam or/and Content filter applied.
It should be noted that the safelist does not cancel antivirus and content filter checking. This is expected behavior. The safelist cancels only antispam checks against the received email, antivirus and content filtering will still take place.
It should be noted that the safelist does not cancel antivirus and content filter checking. This is expected behavior. The safelist cancels only antispam checks against the received email, antivirus and content filtering will still take place.
Scope
FortiMail 7.6.x, 7.4.x, 7.2.x.
Solution
It is possible to skip antivirus/content filtering for specific users/domains by creating specific recipient policies (Policy -> Policies -> Recipient Policies) with those users/domains in the sender pattern.
GUI configuration:
Go to Policy -> Policies -> Recipient Policies and select 'New'.
GUI configuration:
Go to Policy -> Policies -> Recipient Policies and select 'New'.
Configure the sender, then set 'antivirus' and 'content' to 'None', indicating that no profiles are assigned.
Switch to the Domain. Select the policy and use Move and Up (or other) to move the new, specific, policy on top of the rulebase.
The result should be similar to the following screenshot:
Configuration CLI:
config domain
edit <domain_name>
config policy recipient
edit <domain_name>
config policy recipient
edit 0
set status enable
set sender-name no-AV
set sender-domain out.lab
set profile-antispam AS_Inbound
set profile-resource Res_Default
next
end
(recipient) # get
== [ 1 ] 2024-10-25 12:45:10
status: enable direction: incoming sender-type: user sender-name: * sender-domain: * recipient-type: user recipient-name: * recipient-domain: in.lab profile-antispam: AS_Inbound profile-content: CF_Inbound profile-dlp: test profile-antivirus: AV_Discard profile-resource: Res_Default profile-auth-type: none pkiauth: disable pkiuser: comment:
== [ 2 ] 2024-10-23 13:23:23
status: enable direction: incoming sender-type: user sender-name: no-AV sender-domain: out.lab recipient-type: user recipient-name: * recipient-domain: in.lab profile-antispam: AS_Inbound profile-content: profile-dlp: profile-antivirus: profile-resource: Res_Default profile-auth-type: none pkiauth: disable pkiuser: comment:Technical Tip: How to bypass antivirus and content filter check for specific senders
move 2 before 1 #<-- 2 and 1 needs to be changed according to the get output
(recipient) # get
== [ 2 ] 2024-10-23 13:23:23
status: enable direction: incoming sender-type: user sender-name: no-AV sender-domain: out.lab recipient-type: user recipient-name: * recipient-domain: in.lab profile-antispam: AS_Inbound profile-content: profile-dlp: profile-antivirus: profile-resource: Res_Default profile-auth-type: none pkiauth: disable pkiuser: comment:
== [ 1 ] 2024-10-25 12:45:10
status: enable direction: incoming sender-type: user sender-name: * sender-domain: * recipient-type: user recipient-name: * recipient-domain: in.lab profile-antispam: AS_Inbound profile-content: CF_Inbound profile-dlp: test profile-antivirus: AV_Discard profile-resource: Res_Default profile-auth-type: none pkiauth: disable pkiuser: comment:
Verification of Configuration and Troubleshooting:
Send an email, which was previously blocked by the antivirus/content profile, from the user that has been specified and checks if the email is delivered.
It should also be possible to verify that the correct policy id is matched:
The 'Policy IDs' are in the format Access Control: IP Policy: Recipient Policy.
In the screenshot, the recipient policy id is 2, which is the specific policy created in the example.
Related article:
