Hi people!
We've recently set the anti-spam filter in FG 7.4.1 and it seems to be working well, at least the FortiGuard Spam Filtering procedures :)
But we are unable to get the banned words working. It looks like to be completely ignored :(
We have the bword table configured:
config emailfilter bword
edit 1
set name "Our banned words"
config entries
edit 1
set pattern "Notification*budget*requested"
set where subject
set score 11
next
(some more entries here)
end.....
And we've also set the profile to consider the banned-word-table:
config emailfilter profile
edit "SPAM filter"
set spam-filtering enable
set options bannedword spambal spamfsip spamfssubmit spamfschksum spamfsurl spamhelodns spamraddrdns spamfsphish
set spam-bword-table 1
set spam-bal-table 1
end.....
We can see at the GUI that banned word are enabled and using "Our banned words" table!
With a threshold of 10 (the default value). That's why we've tried to set the score value to 11 in each table entry, but with no luck.
We've also tried changing the local-override parameter to enable and disable within the config smtp block in the profile.....with no luck neither :(
The incoming emails (port 25) keep passing through freely :(
What else can we do to make this feature work properly?
Regards and thanks!!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
I would recommend to check whether deep inspection is applied in case traffic is encrypted.
Banned word feature should work in proxy and flow inspection mode.
If you're running more recent versions of FortiOS, especially if you're doing Wi-Fi/switch controller, UTM and other functions it makes sense that Security Fabric root on top is going to need a little more RAM to cater for it, when you consider it's pulling all that data from fabric members in, doing Security Rating and Topology views, syncing objects, etc.
Hello,
I would recommend to check whether deep inspection is applied in case traffic is encrypted.
Banned word feature should work in proxy and flow inspection mode.
Thank you @abarushka !!
The key was at the deep inspection setting. We had the certificate-inspection option selected! :D
Now we realize that to setting up a banned-word-table is the same than adding those words in the block/allow list. We thought emails detected by the banned-word list, would be rejected instead of being treated as spam :(
Thanks again! :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1548 | |
1032 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.