Scribd Logo
Upload

Welcome to Scribd!

  • Example - Access Control Rules With Regular Expressions

    Uploaded by

    Cater Aid
    190 views2 pages

    Original Title

    Example_ Access Control Rules With Regular Expressions

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    190 views2 pages

    Example - Access Control Rules With Regular Expressions

    Uploaded by

    Cater Aid

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    8/4/2015

    Example:Accesscontrolruleswithregularexpressions

    Conceptsandworkflow

    AboutFortiMailwebUI

    Aboutbasicmanagement
    mode

    Monitoringthesystem

    Maintainingthesystem

    Configuringsystemsettings

    Configuringmailsettings

    Managingusers

    Configuringpolicies

    Whatisapolicy?

    Howtousepolicies
    WhethertouseIPbased
    orrecipientbased
    policies
    Orderofexecutionof
    policies
    Whichpolicy/profileis
    appliedwhenanemail
    hasmultiplerecipients?

    ControllingSMTPaccess
    anddelivery

    Configuringaccess
    controlrules
    Usingwildcardsand
    regularexpressions
    Example:Access
    controlruleswithwild
    cards
    Example:Access
    controlruleswith
    regularexpressions

    Configuringdeliveryrules

    Controllingemailbased
    onrecipientaddresses

    Controllingemailbased
    onIPaddresses

    Configuringprofiles

    Configuringantispam
    settings

    Archivingemail

    Logs,reportsandalerts

    Installingfirmware

    Bestpracticesandfine
    tuning

    Troubleshooting

    Setupforemailusers

    FortinetproductsEndUser
    LicenseAgreement

    http://docslegacy.fortinet.com/fmail/fortimailadmin/index.html#page/FortiMail%2520Online%2520Help/policy.09.13.html#ww1132901

    1/2

    8/4/2015

    Example:Accesscontrolruleswithregularexpressions

    Configuringpolicies:ControllingSMTPaccessanddelivery:Configuringaccesscontrolrules:Example:Accesscontrolruleswithregularexpressions

    Example:Accesscontrolruleswithregularexpressions

    ExampleCorporationusesaFortiMailunitoperatingingatewaymode,andthathasbeenconfiguredwithonlyoneprotecteddomain:example.com.TheFortiMai
    controlrulesillustratedinTable111.

    Table111:Alistofexampleaccesscontrolrules
    Enabled

    ID

    SenderPattern

    RecipientPattern

    SenderIP/Netmask

    ReverseDNSPattern

    Authentication

    Yes

    /*

    /user932@example.com

    0.0.0.0/0

    /*

    Any

    Yes

    R/^\s*$

    /*

    0.0.0.0/0

    /*

    Any

    Yes

    /*

    /*@example.com

    172.20.120.0/24

    /mail.example.org

    Any

    Yes

    /*@example.org

    /*

    0.0.0.0/0

    /*

    Any

    Yes

    /*

    R/^user\d*@example\.com$

    0.0.0.0/0

    /*

    Any

    Rule1

    Theemailaccountofformeremployeeuser932receivesalargeamountofspam.Sincethisemployeeisnolongerwiththecompanyandalltheusersexternalc
    ExampleCorporationemployeecontacts,messagesaddressedtotheformeremployeesaddressmustbespam.
    Rule1usesonlytherecipientpattern.Allotheraccesscontrolruleattributesareconfiguredtomatchanyvalue.Thisrulerejectsallmessagessenttotheuser932
    address.Rejectionattheaccesscontrolstagepreventsthesemessagesfrombeingscannedforspamandviruses,savingFortiMailsystemresources.

    Thisruleisplacedfirstbecauseitisthemostspecificaccesscontrolruleinthelist.ItappliesonlytoSMTPsessionsforthatsinglerecipientaddress.SMTPsess
    recipientdonotmatchit.Ifarulethatmatchedallmessageswereplacedatthetopofthelist,noruleafterthefirstwouldeverbecheckedforamatch,becauset
    SMTPsessionsnotmatchingthisrulearecheckedagainstthenextrule.
    Rule2

    MuchofthespamreceivedbytheExampleCorporationhasnosenderspecifiedinthemessageenvelope.Mostvalidemailmessageswillhaveasenderemaila

    Rule2usesonlythesenderpattern.Theregularexpression^\s*$willmatchasenderstringthatcontainsoneormorespaces,orisempty.Ifanynonspacech
    thisruledoesnotmatch.Thisrulewillrejectallmessageswithanosender,orasendercontainingonlyspaces.

    Notallemailmessageswithoutasenderarespam,however.Deliverystatusnotification(DSN)messagesoftenhavenospecifiedsender.Bouncenotificationsar
    messages.TheFortiMailadministratorsattheExampleCorporationdecidedthattheadvantagesofthisruleoutweighthedisadvantages.
    Messagesnotmatchingthisrulearecheckedagainstthenextrule.
    Rules3and4

    Recently,theExampleCorporationhasbeenreceivingspamthatappearstobesentbyexample.org.TheFortiMaillogfilesrevealedthatthesenderaddressisb
    sentfromserversoperatedbyspammers.BecausespamserversoftenchangeIPaddressestoavoidbeingblocked,theFortiMailadministratorsdecidedtouset
    example.orgunlessdeliveredfromaserverwiththeproperaddressandhostname.

    Whenlegitimate,emailmessagesfromexample.orgaresentfromoneofmultiplemailservers.AlltheseservershaveIPaddresseswithinthe172.20.120.0/24su
    mail.example.orgthatcanbeverifiedusingareverseDNSquery.
    Rule3usestherecipientpattern,thesenderIP,andthereverseDNSpattern.Thisrulewillrelaymessagestoemailusersofexample.comsentfromaclientwho
    andIPaddressisbetween172.20.120.1and172.20.120.255.
    Messagesnotmatchingthisrulearecheckedagainstthenextrule.

    Rule4worksinconjunctionwithrule3.Itusesonlythesenderpattern.Rule4rejectsallmessagesfromexample.org.Butbecauseitispositionedafterrule3int
    thatwerenotalreadyproventobelegitimatebyrule3,therebyrejectingonlyemailmessageswithafakesender.

    Rules3and4mustappearintheordershown.Iftheywerereversed,allmailfromexample.orgwouldberejected.Themorespecificrule3(acceptvalidmailfro
    themoregeneralrule4(rejectallmailfromexample.org)follows.
    Messagesnotmatchingtheserulesarecheckedagainstthenextrule.
    Rules5

    Theadministratorofexample.comhasnoticedthatduringpeaktraffic,afloodofspamusingrandomusernamescausestheFortiMailunittodevoteasignificant
    verification.VerificationisperformedwiththeaidofanLDAPserverwhichalsoexpendssignificantresourcesservicingtheserequests.ExampleCorporationema
    bytheusersemployeenumber,andendwith@example.com.
    Rule5usesonlytherecipientpattern.Therecipientpatternisaregularexpressionthatwillmatchallemailaddressesthatstartwithuser,endwith@example.c
    inbetween.Emailmessagesmatchingthisrulearerelayed.
    Defaultimplicitrules

    Formessagesnotmatchinganyoftheaboverules,theFortiMailunitwillperformthedefaultaction,whichvariesbywhetherornottherecipientemailaddressin
    memberofaprotecteddomain.
    Forprotecteddomains,thedefaultactionisRELAY.
    Forunprotecteddomains,thedefaultactionisREJECT.
    Seealso

    Configuringaccesscontrolrules
    Example:Accesscontrolruleswithwildcards
    ControllingSMTPaccessanddelivery

    http://docslegacy.fortinet.com/fmail/fortimailadmin/index.html#page/FortiMail%2520Online%2520Help/policy.09.13.html#ww1132901

    2/2

    You might also like