Create a virtual cloud network and public-facing subnets

February 14, 2018, 4:47 am

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

Create a virtual cloud network and public-facing subnets
Create a security list
Create a route table for the internal network
Create internal network subnet
Obtain the deployment image file and place it in your bucket
Import the image
Launch the FortiGate instance
Attach a storage to FortiGate (required)
Access the FortiGate
Create the second vNIC
Configure the second vNIC on the FortiGate
Change the protected network’s default route
[Connectivity test] Configure FortiGate firewall policies and virtual IPs

In OCI, click Create Virtual Cloud Network.
In the NAME field, enter the VCN name. Then, select CREATE VIRTUAL CLOUD NETWORK PLUS RELATED RESOURCES. This allows you to create the Internet gateway, routing table, and subnet all together using Oracle default settings. If you intend to create each resource separately by specifying your own inputs, click CREATE VIRTUAL CLOUD NETWORK ONLY. In this example, the first choice is used.
Click Create Virtual Cloud Network at the bottom of the screen.

This configures the related resources. There are three subnets, each of which will belong to an availability domain. They can be defined as public-facing networks (connecting to the Internet). In this example, (1) is 10.0.x.x/24. You can access the FortiGate over the Internet once it is deployed via HTTPS through the GUI management screen or via SSH.

Was this helpful?
Yes No

The post Create a virtual cloud network and public-facing subnets appeared first on Fortinet Cookbook.

↧

Create a security list

February 14, 2018, 4:48 am

≫ Next: Create a route table for the internal network

≪ Previous: Create a virtual cloud network and public-facing subnets

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

Click Default Security List for the 10.0.0.0/24, which you defined as the public side of the network.
Note that by default, port 22 is allowed.
Click Edit all Rules > Add Rule. Manually add a rule to allow TCP port 443.
Click Save Security List Rules.

Was this helpful?
Yes No

The post Create a security list appeared first on Fortinet Cookbook.

↧

Create a route table for the internal network

February 14, 2018, 4:49 am

≫ Next: Obtain the deployment image file and place it in your bucket

≪ Previous: Create a security list

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

Now let’s change the default gateway for the protected network and point it to the FortiGate’s second network interface. Go to Route Tables > Create Route Table.
For all destinations, choose the Internet Gateway for now. You will change the configuration later. Click Create Route Table.

A new route table has been created.

Was this helpful?
Yes No

The post Create a route table for the internal network appeared first on Fortinet Cookbook.

↧

Obtain the deployment image file and place it in your bucket

February 14, 2018, 4:57 am

≫ Next: Import the image

≪ Previous: Create a route table for the internal network

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

Create a virtual cloud network and public-facing subnets
Create a security list
Create a route table for the internal network
Create internal network subnet
Obtain the deployment image file and place it in your bucket
Import the image
Launch the FortiGate instance
Attach a storage to FortiGate (required)
Access the FortiGate
Create the second vNIC
Configure the second vNIC on the FortiGate
Change the protected network’s default route
[Connectivity test] Configure FortiGate firewall policies and virtual IPs

Go to https://support.fortinet.com. Navigate to Download > VM Images in the top menu.
In the Select Product dropdown list, select FortiGate.
In the Select Platform dropdown list, select Oracle.
Obtain the FGT_VM64_OPC-v5-buildXXXX-FORTINET.out.OpenXen.zip file. XXXX is the build number. Ensure the file name includes OpenXen.
After downloading, unzip the file. You will find the forties.qcow2 file, which is needed to deploy the FortiGate on OCI.
In OCI, go to Storage > Object Storage, then click Create Bucket to create a standard storage bucket.
Select the bucket, then upload the deployment image file forties.qcow2.
Click Upload Object. The dialog shows the upload progress.
Once uploaded, the following screen appears. Click Create Pre-Authenticated Requests from the left or right menu.
Note down this URL. It will be needed in further steps.

Was this helpful?
Yes No

The post Obtain the deployment image file and place it in your bucket appeared first on Fortinet Cookbook.

↧

Import the image

February 14, 2018, 4:58 am

≫ Next: Launch the FortiGate instance

≪ Previous: Obtain the deployment image file and place it in your bucket

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

Navigate to Compute > Custom Images.
Click Import Image. Complete the fields. In the OBJECT STORAGE URL field, enter the URL link obtained in Obtain the deployment image file and place it in your bucket.
Under IMAGE TYPE, select QCOW2.
Under LAUNCH MODE, select EMULATED MODE. Native mode is not supported.
You have now imported the image. Wait until the Importing... status changes to Available. After the change, navigate to the image.

Was this helpful?
Yes No

The post Import the image appeared first on Fortinet Cookbook.

↧

Launch the FortiGate instance

February 14, 2018, 4:58 am

≫ Next: Attach a storage to FortiGate (required)

≪ Previous: Import the image

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

Click Launch Instance.
In the NAME field, enter the desired name to identify the instance by.
In the AVAILABILITY DOMAIN field, select the desired domain.
Under IMAGE SOURCE, select CUSTOM IMAGE.
Under SHAPE TYPE, select VIRTUAL MACHINE.
In the SHAPE FIELD, select one of the following supported instance shapes. Other instance shapes are not supported:
1. VM.Standard1.1
2. VM.Standard1.2
3. VM.Standard1.4
4. VM.Standard1.8
5. VM.Standard1.16
In the VIRTUAL CLOUD NETWORK field, select a network to launch the instance.
In the SUBNET field, select a subnet on the Internet-facing side of the network.
In the PRIVATE IP ADDRESS field, specify a static IP address within the selected subnet.
Ensure Assign public IP address is selected so you can access the FortiGate over the Internet. This can be disabled once everything has been configured as desired.
In the HOSTNAME field, enter the desired name.
Click Launch Instance. Wait until the PROVISIONING… status changes to RUNNING. You can also check the FortiGate’s public IP address in this screen once it becomes available.

At this stage, FortiGate deployment is not complete. You must also add a storage volume and attach it to the FortiGate instance. Otherwise, the instance does not boot properly. You must also add another virtual network interface and attach it to the FortiGate instance so it can sit between two subnets.

Was this helpful?
Yes No

The post Launch the FortiGate instance appeared first on Fortinet Cookbook.

↧

Attach a storage to FortiGate (required)

February 14, 2018, 4:58 am

≫ Next: Access the FortiGate

≪ Previous: Launch the FortiGate instance

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

Navigate to Storage > Block Volumes > Create Block Volume.
Enter a unique name, choose the availability domain, then specify the size to around 50 GB. Click Create Block Volume. This provisions the volume.
Once provisioned, return to the FortiGate instance. Click Attach Block Volume.
Under Choose how you want to attach your block volume, select ISCSI.
After attaching the block volume, ensure you reboot the FortiGate instance.

Was this helpful?
Yes No

The post Attach a storage to FortiGate (required) appeared first on Fortinet Cookbook.

↧

Access the FortiGate

February 14, 2018, 4:59 am

≫ Next: Create the second vNIC

≪ Previous: Attach a storage to FortiGate (required)

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

In the FortiGate instance, find the public IP address. Your IP address will be different than the example screenshot.
In a browser, navigate to https://<public_IP_address>.

The default username is opc. The default password is the OCID.
You can find the OCID as shown below.
Once logged in, FortiOS prompts for a license file. Licenses can be obtained through any Fortinet partner. If you don’t have a partner, contact Fortinet for assistance in purchasing a license. After you purchase a license or obtain an evaluation license (60-day term), you will receive a PDF with an activation code. Go to https://support.fortinet.com/ and create a new account or log in with an existing account.
Go to Asset > Register/Renew to start the registration process. In the Specify Registration Code field, enter your license activation code and select Next to continue registering the product. Enter your details in the other fields.
At the end of the registration process, download the license (.lic) file to your computer. You will upload this license to activate the FortiGate.
After registering a license, Fortinet servers may take 30-45 minutes to fully recognize the new license. When you upload the license (.lic) file to activate the FortiGate, if you get an error that the license is invalid, wait 30 minutes and try again. You should now be able to see the FortiGate GUI console.

Was this helpful?
Yes No

The post Access the FortiGate appeared first on Fortinet Cookbook.

↧

Create the second vNIC

February 14, 2018, 5:00 am

≫ Next: Configure the second vNIC on the FortiGate

≪ Previous: Access the FortiGate

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

In the FortiGate instance, click Attached VNICs > Create VNIC.
Create the virtual network interface by specifying the name, VNC, and internal subnet created earlier. Ensure Skip Source/Destination Check is selected.. Enter an IP address and click Create VNIC.

You now have the second network interface attached to the FortiGate.

Was this helpful?
Yes No

The post Create the second vNIC appeared first on Fortinet Cookbook.

↧

Configure the second vNIC on the FortiGate

February 14, 2018, 6:58 am

≫ Next: Change the protected network’s default route

≪ Previous: Create the second vNIC

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

After attaching the second vNIC to the FortiGate, ensure you reboot, then log into the FortiGate. Log into the GUI console and navigate to Network > Interfaces. You now see two ports, but the second port is not configured with an IP address. Manually configure the same IP address specified on OCI.
Select port2, then click Edit. Manually enter the IP address and netmask. Allow administrative access to PING, SSH, and so on as desired. Click OK.

You now have two network interfaces configured.

Was this helpful?
Yes No

The post Configure the second vNIC on the FortiGate appeared first on Fortinet Cookbook.

↧

Change the protected network’s default route

February 14, 2018, 6:59 am

≫ Next: (Connectivity test) Configure FortiGate firewall policies and virtual IPs

≪ Previous: Configure the second vNIC on the FortiGate

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

Once the vNIC is created with the private IP address, it is available to be selected to as the default gateway in the route table configuration. Go to the route tables and edit the route rules for the internal network subnet. For all destinations, select Private IP as the Target Type, and enter the FortiGate second vNIC’s private IP address.

Was this helpful?
Yes No

The post Change the protected network’s default route appeared first on Fortinet Cookbook.

↧

(Connectivity test) Configure FortiGate firewall policies and virtual IPs

February 14, 2018, 6:59 am

≫ Next: Certificate errors with authentication

≪ Previous: Change the protected network’s default route

This recipe is part of the process of deploying FortiGate for OCI. Note OCI is only supported by FortiOS 5.4.8. See below for the rest of the recipes in this process:

Create a virtual cloud network and public-facing subnets
Create a security list
Create a route table for the internal network
Create internal network subnet
Obtain the deployment image file and place it in your bucket
Import the image
Launch the FortiGate instance
Attach a storage to FortiGate (required)
Access the FortiGate
Create the second vNIC
Configure the second vNIC on the FortiGate
Change the protected network’s default route
[Connectivity test] Configure FortiGate firewall policies and virtual IPs

You can create one server instance, such as Windows Server 2012, on the internal protected network. Then create incoming and outgoing firewall policies on the FortiGate and test connectivity.

Create an instance from Oracle-provided images as desired and locate them in the internal protected network.
Configure incoming and outgoing firewall policies on the FortiGate. Refer to Configure FortiGate firewall policies and virtual IPs. When using OCI, add required ports in the Security List as explained earlier.

Was this helpful?
Yes No

The post (Connectivity test) Configure FortiGate firewall policies and virtual IPs appeared first on Fortinet Cookbook.

↧

Certificate errors with authentication

February 15, 2018, 2:30 pm

≫ Next: Deploying FortiGate for GCP

≪ Previous: (Connectivity test) Configure FortiGate firewall policies and virtual IPs

When full SSL inspection is used, a number of certificate errors can appear when your browser notices that the certificate being used to encrypt the traffic is not the expected certificate. Some of these errors occur when user authentication is enabled and the FortiGate attempts to redirect traffic to the login page, which your browser interprets as evidence that your connection is not private.

One error that can occur happens when the site you attempt to connect to uses HTTP Strict Transport Security (HSTS). If this is the case, you may get an error message that is impossible to override:

If this message appears, the best thing to do is browse to a different site and re-attempt user authentication. Once your user credentials have been accepted by the FortiGate, you can access the site that was previously blocked (unless that site is blocked by web filtering).

Browsers sometimes recognize that authentication is required and will display a different HSTS error message that allows you access the login page:

If this error appears, you have the option to open the login page and enter your credentials.

Another error can occur when the common name of the certificate used for HTTPS encryption not matching the URL of the site you are attempting to access:

Was this helpful?
Yes No

The post Certificate errors with authentication appeared first on Fortinet Cookbook.

↧

Deploying FortiGate for GCP

February 21, 2018, 7:46 am

≫ Next: Connect to the FortiGate

≪ Previous: Certificate errors with authentication

This recipe introduces the process of deploying FortiGate for the Google Cloud Platform (GCP). See below for recipes in this process:

Note FortiGate-VM for GCP supports the bring your own license (BYOL) licensing model.

Was this helpful?
Yes No

The post Deploying FortiGate for GCP appeared first on Fortinet Cookbook.

↧

Connect to the FortiGate

February 21, 2018, 7:51 am

≫ Next: Configuring Alert Emails in FortiMail

≪ Previous: Deploying FortiGate for GCP

This recipe is part of the process of deploying FortiGate for GCP. See below for the rest of the recipes in this process:

Register and download your licenses
Connect to the FortiGate

To connect to the FortiGate VM, you need your login credentials and its public DNS address.

The default username is admin and the default password is the GCP instance ID, which is represented as a number.

Do one of the following to get the instance ID:
1. Log into the FortiGate through the console on the VM Instance page on GCP. The first time you access the console, you can see the instance ID as seen below.
2. Open the gcloud command line (Cloud Shell) on the VM instance details page or from a computer with Google Cloud SDK installed. Run the following command:
  $gcloud compute instances describe <instance_name> |grep id
  
  You will see a line starting with id: ‘<number>’. This is the FortiGate initial login password.
Open an HTTPS session using the public DNS address of the FortiGate VM in your browser (https://<public_DNS>). The public IP address is found on the same page.
Access the FortiGate in your browser.
You will see a certificate error message from the browser. This is expected since the default FortiGate certificate is self-signed and is not recognized by browsers. Proceed past the error message.
Log into the FortiGate VM with the username admin and the password.
Upload your license (.lic) file to activate the FortiGate VM. The FortiGate VM automatically restarts. After it restarts, wait about 30 minutes until the license is fully registered at Fortinet, and log in again.

You now see the FortiGate dashboard. The information in the main dashboard varies depending on the instance type.

Was this helpful?
Yes No

The post Connect to the FortiGate appeared first on Fortinet Cookbook.

↧

Configuring Alert Emails in FortiMail

February 26, 2018, 6:21 am

≫ Next: Preventing Data Loss in FortiMail

≪ Previous: Connect to the FortiGate

You might want your FortiMail unit to let you know when it has detected something. The Alert Email submenu lets you configure the FortiMail unit to email you when a specific type of event occurs. For example, you could have the unit alert you when it detects a virus.

To set up alerts we will have to configure both the alert email recipients and the events that trigger the unit to send a message.

Configuring Alert Recipients
Before the FortiMail unit can send alert email messages, we have to create a recipient list. To configure recipients of alert email messages Go to Log and Report > Alert Email > Configuration. Select New and add the email address of a recipient. Enter the email address of the individual you wish to receive the alert. Select Create. You can repeat that process to add a variety of email addresses.
Configuring Alert Categories
Now we will need to specify what events will cause your FortiMail unit to send an alert email message to the individuals you placed on the list previously. To select event that trigger an alert email message Go to Log and Report > Alert Email > Category. Enable whatever settings you desire. Select Apply.

Was this helpful?
Yes No

The post Configuring Alert Emails in FortiMail appeared first on Fortinet Cookbook.

↧

Preventing Data Loss in FortiMail

February 26, 2018, 6:53 am

≫ Next: Remote Logging in FortiMail Using FortiAnalyzer

≪ Previous: Configuring Alert Emails in FortiMail

One of the biggest fears you’ll likely have is the thought of your sensitive data leaving the network. Thankfully, FortiMail has data leak prevention (DLP).

This recipe guides you through the process of enabling DLP, defining sensitive data, and then configuring DLP rules and profiles.

First we will need to enable the DLP feature. Go to the CLI console and enter:
config system global
set data-loss prevention enable
end

Defining the Sensitive Data

We will need to configure manual document fingerprints. Document fingerprinting relies on you providing a characteristic of a file that you want to detect. The FortiMail unit generates a checksum fingerprint and stores it. The unit generates a fingerprint for all email attachments and compares them to all the fingerprints stored in the database.

To configure manual document fingerprints:

Go to Data Loss Prevention > Sensitive Data > Fingerprint.
Select New.
Enter a name for the fingerprint
Select New in the File list section and select the file to generate a fingerprint for it.
Select Create.

You can also configure a fingerprint document source

Go to Data Loss Prevention > Sensitive Data > Fingerprint Source.
Select New.
Enter a descriptive name and description.
Select the server type that is being accessed and enter the IP address of the server.
Enter your user name and password.
Enter the path to the document folder.
Select Create.

Configuring DLP Rules

Now we’ll configure DLP rules. We’ll essentially be telling the unit what to look for when emails. For example, we could scan for sensitive data in email bodies and attachments.

To configure DLP rules

Go to Data Loss Prevention > Rule and Profile > Rule.
Enter a descriptive name for the rule and a description.
Select the condition you want to apply to the rule.

Configuring DLP Profiles

After you configure the scan rules/conditions you can add them to DLP profiles. The profile specifies the action to take.

To configure a DLP profile

Go to Data Loss Prevention > Rule and Profile > Profile.
Select New.
Enter a name for the profile.
Select the action to use when the specified scan rules match the email.
Select New in the content scan settings area.
Enable the setting.
Select your previously created scan rule from the dropdown menu.
Select the action profile form the dropdown menu.
Select OK and then OK once more.

Implementing into a Policy

With the profile created, the last thing you`ll need to do is implement the profile into a new or existing policy. The steps are the same, regardless of what type of policy you implement your profile, but for these steps we will use Recipient policies as an example.

To implement your profile

Go to Policy > Recipient Policy > Outbound.
Select an existing policy and select Edit or select New to create a new policy.
Expand the Profiles section.
Select your DLP profile in the DLP dropdown menu.
Select OK.

Was this helpful?
Yes No

The post Preventing Data Loss in FortiMail appeared first on Fortinet Cookbook.

↧

Remote Logging in FortiMail Using FortiAnalyzer

February 26, 2018, 6:59 am

≫ Next: Manually Blocking Endpoints in FortiMail

≪ Previous: Preventing Data Loss in FortiMail

You may not want to store your FortiMail log information to your local hard disk. Thankfully, you can also store your log messages remotely on your FortiAnalyzer unit.

Enabling Logging
Before we can log remotely, we will first need to enable logging. Go to Log and Report > Log Settings > Remote Log Settings. Toggle Enable for your preferred profile. Select Yes.
Configuring Remote Logging
With logging enabled, we can no focus on configuring logging a FortiAnalyzer unit. Go to Log and Report > Log Setting > Remote. Select New to create a new entry or double-click an existing entry to modify it. Select Enable to allow logging to a remote host. Enter a profile name and the IP address of the FortiAnalyzer unit. This is where the FortiMail unit will store its logs. Enter the 514 in the port section. Select the severity level that a log message must equal or exceed in order to be recorded and stored from the Level dropdown menu. Select the facility identifier that the FortiMail unit uses to identify itself from the Facility dropdown menu. Expand the Logging Policy Configuration and enable the types of logs you want to record to FortiAnalyzer. Select Create.

Was this helpful?
Yes No

The post Remote Logging in FortiMail Using FortiAnalyzer appeared first on Fortinet Cookbook.

↧

Manually Blocking Endpoints in FortiMail

February 26, 2018, 8:49 am

≫ Next: Configuring Greylisting in FortiMail

≪ Previous: Remote Logging in FortiMail Using FortiAnalyzer

What if you’re having difficulties with spam coming from non static IP addresses, like an email sent from a cellular phone? Relying on sender reputation score may not be effective. That device could continue sending spam with a clean reputation score simply by rejoining the network and obtaining another IP address. Additionally, an innocent device could be accidentally blacklisted.

Thankfully, we can control spam from SMTP clients with dynamic addresses by using endpoint reputation. This recipe guides you through the process of configuring endpoint reputation in FortiMail.

Endpoint reputation doesn’t use the usual IP address identifier, instead it uses subscriber ID, login ID, MSISDN, or a SIM card on a cell phone to identify the sender.

Creating a Notification Profile
First we’ll need to enable the endpoint reputation feature Go the CLI and enter the command `config antispam setting` `set carrier-endpoint-status enable` `end` Go to Profile > Session > Session. Enable Endpoint Reputation and select Reject or Monitor from the Action dropdown menu. Select an existing session profile and select Edit. Expand the Endpoint Reputation list. Enable Endpoint Reputation and select your desired Action from the dropdown list. Go to Policy > IP Policy > IP Policy. Select an existing policy and select Edit. Select the session profile from the dropdown menu and select OK.
Manually Blocking Endpoints
You can manually block carrier end points by subscriber ID, MSISDN, or other identifier. To edit a manual carrier endpoint block list Go to Security > Endpoint Reputation > Blocklist. Select New to add an entry. Enter MSIDN, subscriber ID, or any other identifier in the Endpoint Id section Select Create.

Was this helpful?
Yes No

The post Manually Blocking Endpoints in FortiMail appeared first on Fortinet Cookbook.

↧

Configuring Greylisting in FortiMail

February 27, 2018, 10:26 am

≫ Next: Configuration Notifications in FortiMail

≪ Previous: Manually Blocking Endpoints in FortiMail

Greylisting in FortiMail scans spam based on the behavior of the sending server rather than the individual message. So, let’s say you receive email from an unknown source. The unit will temporarily reject the message and then resend it later.

This recipe will go over configuring the grey list and then provide a brief tutorial on how to add exemptions to the list.

Configuring the Greylist

First we’ll need to configure the time intervals used during the automatic greylisting process.

Go to Security > Greylist > Settings.
Enter the Greylisting TTL that determines the maximum amount of time that unused automatic greylist entries will be retained.
Enter the Greylisting period. If no manual greylist entry (exemption) matches the email message, the FortiMail unit creates a pending automatic grelylist entry and replies with a temporary failure code.
Select Apply.

Creating Manual Exemptions

You may want to make some addresses exempt from the greylisting check so you can get those messages faster.

To view and configure manual greylist entries

Go to Security > Greylist > Exempt.
Select New.
Enter the Sender pattern that defines a matching sender email address. You can match any sender by using an asterix.
Enable Regular expression if you entered a pattern using regular expression syntax.
Enter the Recipient pattern that defines a matching recipient address. For example, if we enter *@example.com, all messages sent to that address will be exempt.
Enter the IP address and netmask that defines SMTP clients that match this entry. For example, if we enter 10.10.10.10/25, we will match the 24-bit subnet of ip addresses starting with 10.10.10.
Enter the pattern that defines valid host names for the IP address of the SMTP client. For example, entering mail*.com will match messages delivered by an SMTP client whose host name starts with “mail” and ends with “.com”.
Select Create.

Was this helpful?
Yes No

The post Configuring Greylisting in FortiMail appeared first on Fortinet Cookbook.

↧

Configuring Alert Recipients

Configuring Alert Categories

Defining the Sensitive Data

Configuring DLP Rules

Configuring DLP Profiles

Implementing into a Policy

Enabling Logging

Configuring Remote Logging

Creating a Notification Profile

Manually Blocking Endpoints

Configuring the Greylist

Creating Manual Exemptions