Spam filter

Order of spam filter operations

Generally, incoming email is passed through the spam filters in the order the filters appear in the spam filtering options list in a firewall protection profile (and in Table 29): FortiShield, IP address, RBL & ORDBL, HELO DNS lookup, email address, return email DNS check, MIME header, and banned word (content block). Each filter passes the email to the next if no matches or problems are found. If the action in the filter is Mark as Spam, the FortiGate unit will tag or discard (SMTP only) the email according to the settings in the protection profile. If the action in the filter is Mark as Clear, the email is exempt from any remaining filters. If the action in the filter is Mark as Reject, the email session is dropped. Rejected SMTP email messages are substituted with a configurable replacement message. See “Replacement messages” on page 106.

The order of spam filter operations may vary between SMTP and IMAP or POP3 traffic because some filters only apply to SMTP traffic (IP address and HELO DNS lookup). Also, filters that require a query to a server and a reply (FortiShield and RBL/ORDBL) are run simultaneously. To avoid delays, queries are sent while other filters are running. The first reply to trigger a spam action will take effect as soon as the reply is received.

This chapter describes:

FortiShield

IP address

RBL & ORDBL

Email address

MIME headers

Banned word

Using Perl regular expressions

FortiShield

FortiShield is an antispam system from Fortinet that uses an IP address black list and spam filtering tools. FortiShield compiles the IP address list from email captured by spam probes located around the world. Spam probes are email addresses purposely configured to attract spam and identify known spam sources to create the antispam IP address list. FortiShield combines IP address checks with other spam filter techniques in a two-pass process.

On the first pass, FortiShield checks the SMTP mail server source address against the antispam IP address list. If the source address matches the list of known spammers, FortiShield terminates the session. If FortiShield does not find a match, the mail server sends the email to the recipient.

As each email is received, FortiShield performs the second antispam pass by checking the header, subject, and body of the email for common spam content. If FortiShield finds spam content, the email is tagged or dropped according to the configuration in the firewall protection profile.

FortiGate-100A Administration Guide

01-28007-0068-20041203

325

Page 324 Page 326
Page 325
Image 325
Fortinet 100A manual FortiShield, Order of spam filter operations, 325
Page 324 Page 326

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.
Top Page Image Contents