Fortimail prevention against mail bombs

Forum|Forum|1 year ago
December 12, 2024
1 reply
1080 views

Hi Community,

I've got a FortiMail cluster on customers side where a SPAM-Attack as Newsletterbombs running agains employees mailboxes. There are nearly thousand's of Newsletters (Nearly all from valid senders all over the world). So the mailboxes are full of non-sense mails day by day.

What i've done so far is:

* SPF, DKIM and DMARC Checks enabled
* AntiSpam Profile with Newsletter and suspicious Newsletters in UserQaurantine

* additionally add a content filter in mailheader based on dictionary "list-unsubscribe"

Session settings:
* Restrict numbers of conn/client/30min : 120

* Restrict numbers of msg/client/30min: 150

* Restrict numbers of recips/client/30min: 50

* Max concurrent connections/client: 2

* Timeout idle: 30

---------

* Sender reputiation: enabled

* Throttle client: 0

* Restrict number of mail/hour: 5

* Restrice mail to 1 % of prev. hour

* Temp. fail client: 50

* Reject client: 80

* FortiGuard IP reputation check: when client connects

Did some has an idea to save the mailboxes agains this "mail bombs"?

Thanks very much in advanced!

FortiMail

AEK

SuperUser

Hello

I've also seen something similar, where the mails are from legitimate source, without any link inside (no category to filter), and the content is quite sober.

In that case I think there is nothing on FortiGuard (yet) or on FortiMail itself that classifies this mail as spam for any reason.

The solution for my case was to block-list the sending domain(s).

Hope it helps.

AEK

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded