Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nk22
New Contributor

Created on ‎02-18-2024 07:20 AM Edited on ‎02-18-2024 07:42 AM

FortiGate: Email Filter "Mark as reject" cannot be selected

FortiGate 200F v7.2.7:

Security Profiles -> Email Filter -> [Local Spam Filtering] Block/Allow List

 

Hello, I am new to the Fortigate world and currently struggling with creating a local blacklist to block email addresses. Unfortunately, I can only select 'Mark as Spam' and 'Mark as Clear' options. 'Mark as Reject' cannot be chosen. I would appreciate any assistance. 

 

Mail Filter.png

'Mark as Reject' can only be selected for the following types: 'IP/Netmask' and 'IPv6/Netmask' - which, however, is not suitable for my use case.

 

Mail Filter 2.png

Labels:
626
0 Kudos
6 REPLIES 6
AEK
SuperUser
SuperUser

Created on ‎02-18-2024 08:39 AM

There is no "reject" for Sender Address type, even from CLI. You can only select "spam" or "clear".

This makes sens because "reject" is intended to reject the connecting "IP address" once it tries to connect (if I'm not wrong), and this mechanism is at IP level.

AEK
AEK
609
0 Kudos
nk22
New Contributor
In response to AEK

Created on ‎02-18-2024 08:46 AM

Thank you for your valuable input!! But then this blacklist under Email Filtering makes no sense at all if it's not possible to block a specific sender, but only mark it as spam. Are there any options with Fortigate (without Fortimail) to block emails from specific senders (this is possible with both Sophos and Cisco)?

605
0 Kudos
abelio
SuperUser
SuperUser
In response to nk22

Created on ‎02-18-2024 10:07 AM

Hello nk22
Just mark your spam action as 'discard'
Is better than 'reject', no info back to the spammer; just silently drop.

regards




/ Abel

regards / Abel
591
0 Kudos
nk22
New Contributor
In response to abelio

Created on ‎02-18-2024 12:58 PM

Hi Abel, that sounds good. Unfortunately I don't know where I can select 'discard'…

570
0 Kudos
AEK
SuperUser
SuperUser
In response to nk22

Created on ‎02-18-2024 01:12 PM Edited on ‎02-18-2024 01:12 PM

Hello NK22

When you set action "Mark as Spam" in the allow/block list, that doesn't mean that the mail will reach your mail box as spam, but the Antispam profile that contains this allow/block list will perform the action that you set in "Spam Action" for SMTP protocol.

 

So for your case you need to do two action in order to get what you want:

 

  • in the allow/block list, set the action to "Mark as Spam" for the undesired sender

ab-list.png

  • in the Antispam profile containing the above/block list, set the "Spam Action" for SMTP Protocol to "Discard", not to "Tag"

spam.png

AEK
AEK
566
0 Kudos
abelio
SuperUser
SuperUser

Created on ‎02-18-2024 01:14 PM

Hi
within the email filter profile, open submenu 'Spam Detection by Protocol' , under spam action for SMTP you can choose 'discard' as an option to deal with the messages matching the profile

 

 

 

regards




/ Abel

regards / Abel
564
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.