Hi all,
Lately some emails containing URLs seem to skip the URL filter and rewrite that is configured.
Nothing concerning the URLs show up in the logs, so it seems that they just go undetected.
Yet, they hit exactly the same policies as emails that are getting processed.
I suspect it might have something to do with "Content-Transfer-Encoding: quoted-printable" that is used in at least two of the cases I've been able to track down.
Has anybody seen this behaviour? Is this expected?
We are running Fortimail v7.4.1 on a VM. Not sure if the behaviour was the same in older versions.
Many thanks,
Imre
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
So, it seems that I've been a bit confused by the FortiGuard categories changing between the email passing through the unit and me manually checking.
Additionally, not all categories are currently enabled for URL rewrite. So, we'll have to revisit that as well.
And the URLs are only logged when either the filter or the URL redirect triggers on them, not all URLs as I mistakenly expected.
Have you configured antispam settings for URL check?
config antispam settings
set url-checking {aggressive | strict}
end
Follow this link for more info:
Configuring the FortiGuard URL filter | FortiMail 7.4.1 | Fortinet Document Library
Regards,
No, this option is not configured. I see that it defaults to "strict" mode, so that's what we are using.
And that definitely works for most of the emails, containing similar URLs.
I checked one of the sample emails, and the URLs are written as absolute links.
However, due to the quoted-printable encoding, the HTML turns out a little different:
<a href=3D"https://example.com"></a>
So, it seems that I've been a bit confused by the FortiGuard categories changing between the email passing through the unit and me manually checking.
Additionally, not all categories are currently enabled for URL rewrite. So, we'll have to revisit that as well.
And the URLs are only logged when either the filter or the URL redirect triggers on them, not all URLs as I mistakenly expected.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.