This article explains how to block the email of a known threat.Scope
For example, if a user on your network has recently downloaded a virus onto their computer and they are now sending out emails that contain harmful malware to other people in the office, until you solve the infection, you need a way to temporarily prevent the infected computer from sending out emails within the network.
FortiMail 5.2.0, FortiMail 5.2.1 , FortiMail 5.2.2, FortiMail 5.2.3.Solution
FortiMail supports customizable access controls that can automatically reject emails from sources that are known to be infected.
Access control rules, or the access control list (ACL), controls how the FortiMail unit processes email messages. When an SMTP client attempts to deliver email through the FortiMail unit, the FortiMail unit compares each access control rule to the commands used by the SMTP client during the SMTP session. So, to prevent a known infected source from sending you email you would set your FortiMail unit to reject emails from that source.
To view and configure your access control rules.
Configuring Access Controls.
1. Navigate to Policy > Access Control > Receiving.
2. Select New to add an access control rule or double-click an existing access control rule to modify the rule.
3. Select the Enabled checkbox.
4. Select User Defined from the Sender pattern dropdown menu.
5. Enter the user’s email address in the text field.
6. Select User Defined in the Sender IP/netmask dropdown menu.
7. Enter the user’s IP address.
Note: If you want to allow the user to send emails from their email address on a different, non infected computer, block only their IP address and not their email address.
8. Select REJECT from the Action dropdown menu.
9. Select the Create button.
Since it is possible for an individual to intentionally send an infected email by changing the sender’s email address, you must disable Allow different SMTP sender identify for authenticated user in the relevant recipient based policies.
1. Navigate to Policy > Policies > Recipient Policies.
2. Select the recently created policy.
3. Select the Edit button.
4. Uncheck the allow different SMTP sender identify for authenticated user checkbox under Advanced Settings.
5. Select OK.