Hi community
Can someone kindly assisting in guiding me how to enter banned words in Fortimail via CLI - in a batch? Is it possible?
I have over 300 of them, clearly not to be entered one by one in the gui.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi NeoRant
Here is how to do with CLI, however it is still not feasible to do it manually, so either use a good text editor that helps you automatize creating your command file, or use a python script to generate your command file from a csv file containing your banned words.
config profile antispam
edit AS_Custom
config bannedwords
edit word1
set body enable
set subject enable
next
edit word2
set body enable
set subject enable
next
edit word3
set body enable
set subject enable
next
end
end
Hope it helps
Hi NeoRant
Here is how to do with CLI, however it is still not feasible to do it manually, so either use a good text editor that helps you automatize creating your command file, or use a python script to generate your command file from a csv file containing your banned words.
config profile antispam
edit AS_Custom
config bannedwords
edit word1
set body enable
set subject enable
next
edit word2
set body enable
set subject enable
next
edit word3
set body enable
set subject enable
next
end
end
Hope it helps
Hello AEK,
You always save the day, thanks. I did this with some modification by using char(10) in excel to include multiple words imported from a txt file. However, when i run this script in fortimail cli, it creates a new AS system profile with the new inserted banned words. I would like to modify my existing domain wide profile, not create a new AS sys profile. Could you guide, is this possible to edit ur domain AS profile in cli?
Hi NeoRant
Happy to help.
Just replace "AS_Custom" above by your existing AS profile name.
Hi AEK,
I already did, but it keeps creating a new system AS profile of name i specified. I want to actually edit my existing domain AS profile. Strange indeed.
So after this operation you find two AS with same name?!
Hi AEK,
Yes indeed. I just want to edit an existing AS profile for my internal domain, not System.
AEK,
The script works great but it does not edit an existing AS profile, it by default just creates a new system-domain profile with the banned words. Is there a way i could copy banned words from fortimail system domain to the protected domain?
Hi NeoRant
I tested in my lab on FML 7.0.7.
I executed the commands that I provided above and it worked just fine, I mean it edited an existing (AS_Custom) profile and it did not add a new profile.
I'm listing the trace of the execution here below so you can see the steps and result.
FML # config profile antispam
FML (antispam) # show
config profile antispam
edit AS_Inbound
set uri-filter-status enable
config dnsbl-server
edit bl.spamcop.net
next
end
set behavior-analysis enable
config surbl-server
edit multi.surbl.org
next
end
set heuristic enable
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-deep-header TagSubjectSuspicious
set action-default UserQuarantine
set action-suspicious-newsletter TagSubjectSuspicious
set action-newsletter TagSubjectNewsletter
set action-uri-filter-secondary TagSubjectSuspiciousURI
set action-spf-sender-alignment TagSubjectSuspicious
next
edit AS_Inbound_High
set uri-filter-status enable
set uri-filter-secondary-status enable
set spam-outbreak-protection enable
set suspicious-newsletter-status enable
set newsletter-status enable
set greylist enable
config dnsbl-server
edit bl.spamcop.net
next
end
set behavior-analysis enable
config surbl-server
edit multi.surbl.org
next
end
set heuristic enable
set heuristic-rules-percent 50
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-deep-header TagSubjectSuspicious
set action-default UserQuarantine
set action-suspicious-newsletter TagSubjectSuspicious
set action-newsletter TagSubjectNewsletter
set action-uri-filter-secondary TagSubjectSuspiciousURI
set action-spf-sender-alignment TagSubjectSuspicious
next
edit AS_Outbound
set fortiguard-check-ip disable
set spf-checking disable
config dnsbl-server
end
config surbl-server
edit multi.surbl.org
next
end
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-default Reject
next
edit AS_Custom
set fortiguard-check-ip disable
set spf-checking disable
config dnsbl-server
end
config surbl-server
end
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-default Reject
next
end
FML (antispam) # edit AS_Custom
FML (AS_Custom) # config bannedwords
FML (bannedwords) # edit word1
FML (word1) # set body enable
FML (word1) # set subject enable
FML (word1) # next
FML (bannedwords) # edit word2
FML (word2) # set body enable
FML (word2) # set subject enable
FML (word2) # next
FML (bannedwords) # edit word3
FML (word3) # set body enable
FML (word3) # set subject enable
FML (word3) # next
FML (bannedwords) # end
FML (AS_Custom) # end
FML # config profile antispam
FML (antispam) # show
config profile antispam
edit AS_Inbound
set uri-filter-status enable
config dnsbl-server
edit bl.spamcop.net
next
end
set behavior-analysis enable
config surbl-server
edit multi.surbl.org
next
end
set heuristic enable
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-deep-header TagSubjectSuspicious
set action-default UserQuarantine
set action-suspicious-newsletter TagSubjectSuspicious
set action-newsletter TagSubjectNewsletter
set action-uri-filter-secondary TagSubjectSuspiciousURI
set action-spf-sender-alignment TagSubjectSuspicious
next
edit AS_Inbound_High
set uri-filter-status enable
set uri-filter-secondary-status enable
set spam-outbreak-protection enable
set suspicious-newsletter-status enable
set newsletter-status enable
set greylist enable
config dnsbl-server
edit bl.spamcop.net
next
end
set behavior-analysis enable
config surbl-server
edit multi.surbl.org
next
end
set heuristic enable
set heuristic-rules-percent 50
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-deep-header TagSubjectSuspicious
set action-default UserQuarantine
set action-suspicious-newsletter TagSubjectSuspicious
set action-newsletter TagSubjectNewsletter
set action-uri-filter-secondary TagSubjectSuspiciousURI
set action-spf-sender-alignment TagSubjectSuspicious
next
edit AS_Outbound
set fortiguard-check-ip disable
set spf-checking disable
config dnsbl-server
end
config surbl-server
edit multi.surbl.org
next
end
config bannedwords
end
config safelistwords
end
set scan-max-size 1024
set action-default Reject
next
edit AS_Custom
set fortiguard-check-ip disable
set spf-checking disable
config dnsbl-server
end
config surbl-server
end
config bannedwords
edit word1
set subject enable
set body enable
next
edit word2
set subject enable
set body enable
next
edit word3
set subject enable
set body enable
next
end
config safelistwords
end
set scan-max-size 1024
set action-default Reject
next
end
Hi AEK,
Thank you so much. You are one of the kindest persons I have ever met in my life. Knowledgeable and willing to educate others. You are cybersecurity god. I will review cli commands and apply to my existing protected domain AS profile and provide an update(of course i will omit other features, i am just interested in adding banned words)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.