Hot!Anti spam log detection

Author
asep khoerisman
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/04/06 03:34:39
  • Status: offline
2020/04/06 03:53:22 (permalink)
0

Anti spam log detection

Hi, everyone
 
i have Fortigate 600C version 5.4
on log & report anti spam, the log not detect all traffic mail. is the anti spam log just detect the email which had spam signature or all traffic mail get through the firewall should be detect by log anti spam?
 
thanks
#1

3 Replies Related Threads

    abelio
    Expert Member
    • Total Posts : 3658
    • Scores: 57
    • Reward points: 0
    • Joined: 2005/03/31 13:28:59
    • Location: Buenos Aires, Argentina
    • Status: offline
    Re: Anti spam log detection 2020/04/06 06:44:55 (permalink)
    0
    Hi,
    it depends actually
     
    Could you share please the output of cli command:  show full spamfilter profile <your_profile>  ?
     
     

    regards
    --
    Abel
    #2
    asep khoerisman
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/04/06 03:34:39
    • Status: offline
    Re: Anti spam log detection 2020/04/06 21:28:28 (permalink)
    0
    hi Abelio, 
    here is the result of configuration spam filter
     
    JKTSDM102070 $ show full-configuration spamfilter profile default
    config spamfilter profile
    edit "default"
    set comment "malware and phishing URL filtering"
    set flow-based disable
    set replacemsg-group ''
    set spam-log enable
    set spam-filtering disable
    set external disable
    unset options
    config imap
    set log disable
    end
    config pop3
    set log disable
    end
    config smtp
    set log disable
    end
    config mapi
    set log disable
    end
    config msn-hotmail
    set log disable
    end
    --More-- config yahoo-mail
    set log disable
    end
    config gmail
    set log disable
    end
    set spam-bword-threshold 10
    unset spam-bword-table
    unset spam-bwl-table
    unset spam-mheader-table
    unset spam-rbl-table
    unset spam-iptrust-table
    set spam-log-fortiguard-response disable
    next
    end
     
    JKTSDM102070 $
     
    is any missing command of something wrong with that configuration?
    #3
    abelio
    Expert Member
    • Total Posts : 3658
    • Scores: 57
    • Reward points: 0
    • Joined: 2005/03/31 13:28:59
    • Location: Buenos Aires, Argentina
    • Status: offline
    Re: Anti spam log detection 2020/04/07 06:10:07 (permalink)
    0
    hi,
    nothing wrong, but you talked about lack of logs related with antispam activity.
     
    Your spamfilter profile is the default one, so it needs enable spam-filtering service, logging and another cli based features.
     
    I.e:
    config spamfilter profile
        edit "default"
            set comment "Malware and phishing URL filtering."
            set flow-based disable
            set replacemsg-group ''
            set spam-log enable
            set spam-filtering enable        // to enable features including fortiguard and non-licensed ones
            set external disable
            set options spambwl spamfsip spamfssubmit spamfschksum spamfsurl spamhelodns spamraddrdns spamfsphish        // features like blacklists, helo, reverse-check, etc
            config imap
                set log enable                  //enable logging for this protocol
                set action tag
                set tag-type subject spaminfo
                set tag-msg "Spam"
            end
            config pop3
                set log enable
                set action tag
                set tag-type subject spaminfo
                set tag-msg "Spam"
            end
            config smtp
                set log enable
                set action discard
                set tag-type subject spaminfo
                set tag-msg "Spam"
                set hdrip disable                             // enable-disable possibility
                set local-override disable
            end
            config mapi
                set log enable
                set action discard
            end
            config msn-hotmail
                set log enable
            end
            config yahoo-mail
                set log enable
            end
            config gmail
                set log enable
            end
            set spam-bword-threshold 10
            unset spam-bword-table
            unset spam-bwl-table
            unset spam-mheader-table
            set spam-rbl-table  1
            unset spam-iptrust-table
            set spam-log-fortiguard-response enable
        next
    end
          

     
    ///
    Also, if you set another tables to check for example RBLs, banned word or IP, etc, you need to enable it within profile.
    example:
    Using public relay-black-lists:
     
    config spamfilter dnsbl
        edit 1
            set name "public rbls"
            config entries
                edit 1
                    set server "cbl.abuseat.org"
                next
            end
        next
    end
     
    and you must enable "set spam-rbl-table  1"    in your spamfilter profile
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    regards
    --
    Abel
    #4
    Jump to:
    © 2020 APG vNext Commercial Version 5.5