Working with Dictionary Profiles in FortiMail


Your FortiMail unit can use a dictionary profile  to determine if an email is likely to be spam, based on predefined or user-defined patterns, like a Canadian SIN pattern. While the process sounds similar to banned words scanning, dictionary terms are UTF-8 encoded, which means they can include characters other than US-ASCII characters, such as é or ñ.g

In this recipe, we’ll guide you through the process of creating a dictionary profile and then we’ll configure the dictionary options.

Caution: Unlike banned word scans, dictionary profile scans are more resource intensive.

 Creating a Dictionary Profile

First we’ll need to create a dictionary profile

  1. Go to Profile Dictionary Dictionary.
  2. Select New to create a new profile or edit an existing profile by selecting a profile and selecting Edit.
  3. Enter the name for the profile.
  4. Double click an existing predefined pattern and then select Enable and then OK.
  5. If you wish to create your own pattern, select New in the Dictionary Entries section.
  6. Enable the pattern and enter a word or phrase that you want the dictionary to match. Matches are case insensitive.
  7. Select Regex or Wildcard from the Pattern type dropdown menu.
  8. Enter the pattern weight and maximum pattern weight.
  9. Enable whether to match occurrences of the pattern when it is located in an email’s header or body. 
  10. Select Create and Create once more.

Configuring Dictionary Options

With the dictionary profile created, we can now move on to configuring the dictionary scan options.

To configure dictionary scan options

  1. Go to Profile AntiSpam AntiSpam.
  2. Double-click an existing profile.
  3. Expand the Scan Configuration section and then the Dictionary section.
  4. Enable Dictionary.
  5. Select the Action profile you want the FortiMail unit to use if the heuristic scan finds spam email.
  6. Select the previously created profile from the dictionary profile dropdown menu.
  7. Enter the minimum dictionary score. This is the number of dictionary term matches above which the email will be considered spam. 
  8. Select OK