Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tokcum
New Contributor II

Add header to all mails received from Internet

Hi,

 

I would like to add a customer header to all mails received from Internet. Originally, I thought to add this as an action to my Content Profile. However, this does not work. I assume this is because the action does not "fire".

 

Another approach which works is to enable domain specific disclaimers and then use "advanced options" > disclaimer on the domain configuration to set the header for all incoming mails. An ugly side effect of this approach is, that in the logs the Classifier is set to Disclaimer and the Disposition is set to Disclaimer Header.

 

Are there other options to add a header to all incoming mail?

 

Any advice appreciated. Thanks.

1 Solution
tokcum
New Contributor II

Hi everyone,

 

I'm happy to share my solution with the community.

  1. Create a Content Action Profile: Profile > Content > Action. I named the action H_X-SecCtx. It is configured to insert a header "X-SecCtx" with a value of "Internet".
  2. Create a DLP Rule. You find this in "Data Loss Prevention > Rule & Profile". I named this rule SENDER_IS_ANY and it matches the sender via a regex set to ".*".
  3. Create a DLP Profile: Data Loss Prevention > Rule & Profile > Profile. I named this DLP_Inbound_from_Internet. Use the SENDER_IS_ANY as scan rule and set the action to H_X-SecCtx.
  4. Create an IP Policy which matches all SMTP sessions received from the Internet. The match is done by source and destination. However, also consider preceding IP Policies to ensure that this policy is at the right position within the sequence. Use the DLP Profile DLP_Inbound_from_Internet in the IP Policy.

 

This works great and allows us to reliably mark mails received from Internet by Exchange / Exchange Online.

 

Cheers.

View solution in original post

2 REPLIES 2
AEK
SuperUser
SuperUser

Hi

Never tried it before but it seems the right place to do so is in  content profile as you said

https://docs.fortinet.com/document/fortimail/7.4.2/administration-guide/921588/configuring-content-p...

I guess you can force the action to fire by creating a file filter like "*" with a custom action to insert the header. This way it should run in all cases, right?

AEK
AEK
tokcum
New Contributor II

Hi everyone,

 

I'm happy to share my solution with the community.

  1. Create a Content Action Profile: Profile > Content > Action. I named the action H_X-SecCtx. It is configured to insert a header "X-SecCtx" with a value of "Internet".
  2. Create a DLP Rule. You find this in "Data Loss Prevention > Rule & Profile". I named this rule SENDER_IS_ANY and it matches the sender via a regex set to ".*".
  3. Create a DLP Profile: Data Loss Prevention > Rule & Profile > Profile. I named this DLP_Inbound_from_Internet. Use the SENDER_IS_ANY as scan rule and set the action to H_X-SecCtx.
  4. Create an IP Policy which matches all SMTP sessions received from the Internet. The match is done by source and destination. However, also consider preceding IP Policies to ensure that this policy is at the right position within the sequence. Use the DLP Profile DLP_Inbound_from_Internet in the IP Policy.

 

This works great and allows us to reliably mark mails received from Internet by Exchange / Exchange Online.

 

Cheers.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors