Skip to main content
Jeff_Roback
Jeff_Roback
New Member
February 22, 2017
Question

Fortimail request re: DNSBL

  • February 22, 2017
  • 1 reply
  • 10368 views

Here's another feature request around fortimail.  It would be really helpful to be able to provide weights to DNSBL's so we could work with different lists, including some that have more false positives than others and still have a good chance of getting legitimate mail through.     

 

Along these lines, I'd really like to be able to reject rather than quarantine this stuff, but I live in fear of one of the DNSBL's going rogue and wild-carding everything like one of them did many years ago and having all our mail get rejected.  But if I could set up weights so that once two blacklists including something, then I'd feel comfortable rejecting it.

 

Another alternative along these lines would be to allow us to have separate actions for different RBL's, for example rejecting based upon the really safe ones but doing a quarantine for the ones with higher false positive rates.

 

Thanks!

 

Jeff

 

 

    1 reply

    mbasco
    mbasco
    New Member
    March 9, 2017

    I second that and please include FortiGuard-IP as well. Just today I had to disable the REJECT action again because some of Google's mail servers are in FortiGuard's IP block list however, when I check the same IPs against dozens of other DNSBL, they all come up clean. Another possibility is to add a spamminess weighting and allow different actions based on different thresholds.

     

    Mark

    Carl_Windsor_FTNT
    Staff
    Carl_Windsor_FTNT
    Staff
    March 9, 2017

    Mark,

            Let me know the IPs and I will get that sorted immediately.  We have protections in place for this so I can look into why this is the case.

    mbasco
    mbasco
    New Member
    March 9, 2017

    Thanks for the quick reply, Carl.

     

    This one actually turned out to be a configuration issue on my end. A quick call to Fortinet Support (and I mean quick, I got to speak with someone inside 5 minutes for a P4 case! - thanks, Jordan) pointed this out. The IP addresses that were triggering the FortiGuard AntiSpam-IP REJECT action were because I had the "Extract IP from Received Header" option selected. It was grabbing the client browser IP from the header and it was that IP that was in the FortiGuard AntiSpam-IP list. 

     

    Still, I might suggest including an option to handle these 2 cases differently with 2 different actions. Perhaps the client IP being in the FortiGuard AntiSpam-IP list could result in a REJECT while a bad IP in the header could result in a QUARANTINE action.

     

    Cheers,

     

    Mark

    Terms & ConditionsAccessibility statement