Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sul_fortinet
New Contributor II

bword doesn't work in FortiGate 7.4.1 ??

Hi people!
We've recently set the anti-spam filter in FG 7.4.1 and it seems to be working well, at least the FortiGuard Spam Filtering procedures :)

But we are unable to get the banned words working. It looks like to be completely ignored :(
We have the bword table configured:
config emailfilter bword
edit 1
  set name "Our banned words"
  config entries
  edit 1
    set pattern "Notification*budget*requested"

    set where subject
    set score 11
  next

   (some more entries here)

end.....

And we've also set the profile to consider the banned-word-table:
config emailfilter profile

  edit "SPAM filter"

    set spam-filtering enable
    set options bannedword spambal spamfsip spamfssubmit spamfschksum spamfsurl spamhelodns spamraddrdns spamfsphish

    set spam-bword-table 1

    set spam-bal-table 1

  end.....

 

We can see at the GUI that banned word are enabled and using "Our banned words" table!
With a threshold of 10 (the default value). That's why we've tried to set the score value to 11 in each table entry, but with no luck.

 

We've also tried changing the local-override parameter to enable and disable within the config smtp block in the profile.....with no luck neither  :(
The incoming emails (port 25) keep passing through freely :(

What else can we do to make this feature work properly?
Regards and thanks!!

 

1 Solution
abarushka
Staff
Staff

Hello,

 

I would recommend to check whether deep inspection is applied in case traffic is encrypted.

 

Banned word feature should work in proxy and flow inspection mode.

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/329341/inspection-mode-differences-for-...

 

FortiGate

View solution in original post

3 REPLIES 3
haung38
New Contributor

If you're running more recent versions of FortiOS, especially if you're doing Wi-Fi/switch controller, UTM and other functions it makes sense that Security Fabric root on top is going to need a little more RAM to cater for it, when you consider it's pulling all that data from fabric members in, doing Security Rating and Topology views, syncing objects, etc.

10.0.0.0.1 192.168.1.254
abarushka
Staff
Staff

Hello,

 

I would recommend to check whether deep inspection is applied in case traffic is encrypted.

 

Banned word feature should work in proxy and flow inspection mode.

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/329341/inspection-mode-differences-for-...

 

FortiGate
sul_fortinet

Thank you @abarushka !! 

The key was at the deep inspection setting. We had the certificate-inspection option selected!  :D

 

Now we realize that to setting up a banned-word-table is the same than adding those words in the block/allow list. We thought emails detected by the banned-word list, would be rejected instead of being treated as spam :(
Thanks again! :)

Top Kudoed Authors