Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NeoRant
Contributor

Fortimail 7.0 series Banned words

Hi community

 

Can someone kindly assisting in guiding me how to enter banned words in Fortimail via CLI - in a batch? Is it possible?

 

I have over 300 of them, clearly not to be entered one by one in the gui.

1 Solution
AEK
SuperUser
SuperUser

Hi NeoRant

Here is how to do with CLI, however it is still not feasible to do it manually, so either use a good text editor that helps you automatize creating your command file, or use a python script to generate your command file from a csv file containing your banned words.

 

config profile antispam
edit AS_Custom
config bannedwords

edit word1
set body enable
set subject enable
next

edit word2
set body enable
set subject enable
next

edit word3
set body enable
set subject enable
next

end
end

Hope it helps

AEK

View solution in original post

AEK
9 REPLIES 9
AEK
SuperUser
SuperUser

Hi NeoRant

Here is how to do with CLI, however it is still not feasible to do it manually, so either use a good text editor that helps you automatize creating your command file, or use a python script to generate your command file from a csv file containing your banned words.

 

config profile antispam
edit AS_Custom
config bannedwords

edit word1
set body enable
set subject enable
next

edit word2
set body enable
set subject enable
next

edit word3
set body enable
set subject enable
next

end
end

Hope it helps

AEK
AEK
NeoRant

Hello AEK,

 

You always save the day, thanks. I did this with some modification by using char(10) in excel to include multiple words imported from a txt file. However, when i run this script in fortimail cli, it creates a new AS system profile with the new inserted banned words. I would like to modify my existing domain wide profile, not create a new AS sys profile. Could you guide, is this possible to edit ur domain AS profile in cli?

AEK

Hi NeoRant

Happy to help.

Just replace "AS_Custom" above by your existing AS profile name.

AEK
AEK
NeoRant

Hi AEK,

 

I already did, but it keeps creating a new system AS profile of name i specified. I want to actually edit my existing domain AS profile. Strange indeed.

AEK

So after this operation you find two AS with same name?!

AEK
AEK
NeoRant

Hi AEK,

 

Yes indeed. I just want to edit an existing AS profile for my internal domain, not System.

NeoRant
Contributor

AEK,

 

The script works great but it does not edit an existing AS profile, it by default just creates a new system-domain profile with the banned words. Is there a way i could copy banned words from fortimail system domain to  the protected domain?

AEK

Hi NeoRant

I tested in my lab on FML 7.0.7.

I executed the commands that I provided above and it worked just fine, I mean it edited an existing (AS_Custom) profile and it did not add a new profile.

I'm listing the trace of the execution here below so you can see the steps and result.

FML # config profile antispam
FML (antispam) # show
config profile antispam
edit AS_Inbound
set uri-filter-status enable
config dnsbl-server
edit bl.spamcop.net
next
end
set behavior-analysis enable
config surbl-server
edit multi.surbl.org
next
end
set heuristic enable
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-deep-header TagSubjectSuspicious
set action-default UserQuarantine
set action-suspicious-newsletter TagSubjectSuspicious
set action-newsletter TagSubjectNewsletter
set action-uri-filter-secondary TagSubjectSuspiciousURI
set action-spf-sender-alignment TagSubjectSuspicious
next
edit AS_Inbound_High
set uri-filter-status enable
set uri-filter-secondary-status enable
set spam-outbreak-protection enable
set suspicious-newsletter-status enable
set newsletter-status enable
set greylist enable
config dnsbl-server
edit bl.spamcop.net
next
end
set behavior-analysis enable
config surbl-server
edit multi.surbl.org
next
end
set heuristic enable
set heuristic-rules-percent 50
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-deep-header TagSubjectSuspicious
set action-default UserQuarantine
set action-suspicious-newsletter TagSubjectSuspicious
set action-newsletter TagSubjectNewsletter
set action-uri-filter-secondary TagSubjectSuspiciousURI
set action-spf-sender-alignment TagSubjectSuspicious
next
edit AS_Outbound
set fortiguard-check-ip disable
set spf-checking disable
config dnsbl-server
end
config surbl-server
edit multi.surbl.org
next
end
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-default Reject
next
edit AS_Custom
set fortiguard-check-ip disable
set spf-checking disable
config dnsbl-server
end
config surbl-server
end
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-default Reject
next
end

FML (antispam) # edit AS_Custom
FML (AS_Custom) # config bannedwords

FML (bannedwords) # edit word1
FML (word1) # set body enable
FML (word1) # set subject enable
FML (word1) # next

FML (bannedwords) # edit word2
FML (word2) # set body enable
FML (word2) # set subject enable
FML (word2) # next

FML (bannedwords) # edit word3
FML (word3) # set body enable
FML (word3) # set subject enable
FML (word3) # next

FML (bannedwords) # end
FML (AS_Custom) # end

FML # config profile antispam
FML (antispam) # show
config profile antispam
edit AS_Inbound
set uri-filter-status enable
config dnsbl-server
edit bl.spamcop.net
next
end
set behavior-analysis enable
config surbl-server
edit multi.surbl.org
next
end
set heuristic enable
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-deep-header TagSubjectSuspicious
set action-default UserQuarantine
set action-suspicious-newsletter TagSubjectSuspicious
set action-newsletter TagSubjectNewsletter
set action-uri-filter-secondary TagSubjectSuspiciousURI
set action-spf-sender-alignment TagSubjectSuspicious
next
edit AS_Inbound_High
set uri-filter-status enable
set uri-filter-secondary-status enable
set spam-outbreak-protection enable
set suspicious-newsletter-status enable
set newsletter-status enable
set greylist enable
config dnsbl-server
edit bl.spamcop.net
next
end
set behavior-analysis enable
config surbl-server
edit multi.surbl.org
next
end
set heuristic enable
set heuristic-rules-percent 50
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-deep-header TagSubjectSuspicious
set action-default UserQuarantine
set action-suspicious-newsletter TagSubjectSuspicious
set action-newsletter TagSubjectNewsletter
set action-uri-filter-secondary TagSubjectSuspiciousURI
set action-spf-sender-alignment TagSubjectSuspicious
next
edit AS_Outbound
set fortiguard-check-ip disable
set spf-checking disable
config dnsbl-server
end
config surbl-server
edit multi.surbl.org
next
end
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-default Reject
next
edit AS_Custom
set fortiguard-check-ip disable
set spf-checking disable
config dnsbl-server
end
config surbl-server
end
config bannedwords
edit word1
set subject enable
set body enable
next
edit word2
set subject enable
set body enable
next
edit word3
set subject enable
set body enable
next
end
config safelistwords
end
set scan-max-size 1024
set action-default Reject
next
end

 

AEK
AEK
NeoRant

Hi AEK,

 

Thank you so much. You are one of the kindest persons I have ever met in my life. Knowledgeable and willing to educate others. You are cybersecurity god. I will review cli commands and apply to my existing protected domain AS profile and provide an update(of course i will omit other features, i am just interested in adding banned words)

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors