Description
This article describes how to block the email of a known threat.
For example, if a user on the network has recently downloaded a virus onto the computer and now sending out emails that contain harmful malware to other people in the office until it solves the infection, it is necessary to have a way to temporarily prevent the infected computer from sending out emails within the network.
For example, if a user on the network has recently downloaded a virus onto the computer and now sending out emails that contain harmful malware to other people in the office until it solves the infection, it is necessary to have a way to temporarily prevent the infected computer from sending out emails within the network.
Scope
FortiMail v6.x.x, v7.x.x.
Solution
FortiMail supports customizable access controls that can automatically reject emails from sources that are known to be infected.
Access control rules, or the access control list (ACL), control how the FortiMail unit processes email messages. When an SMTP client attempts to deliver email through the FortiMail unit, the FortiMail unit compares each access control rule to the commands used by the SMTP client during the SMTP session. So, to prevent a known infected source from sending the email potentially set the FortiMail unit to reject emails from that source.
To view and configure your access control rules.
Configuring Access Controls.
Access control rules, or the access control list (ACL), control how the FortiMail unit processes email messages. When an SMTP client attempts to deliver email through the FortiMail unit, the FortiMail unit compares each access control rule to the commands used by the SMTP client during the SMTP session. So, to prevent a known infected source from sending the email potentially set the FortiMail unit to reject emails from that source.
To view and configure your access control rules.
Configuring Access Controls.
- Navigate to Policy -> Access Control -> Receiving.
- Select New to add an access control rule or select an existing access control rule to modify the rule.
- Select the Enabled checkbox.
- Select User Defined from the Sender pattern dropdown menu.
- Enter the user’s email address in the text field.
- Select User Defined in the Sender IP/netmask dropdown menu.
- Enter the user’s IP address.
Note: To allow the user to send emails from the email address on a different, non-infected computer, block only the IP address and not the email address. - Select REJECT from the Action dropdown menu.
- Select the Create button.
Configuring Policies.
Since it is possible for an individual to intentionally send an infected email by changing the sender’s email address, it is necessary to enable Reject different SMTP sender identities for authenticated users in the relevant recipient-based policies.
- Navigate to Policy -> Policies -> Recipient Policies.
- Select the recently created policy.
- Select the Edit button.
- Check Reject different SMTP sender identities for authenticated user checkbox under Advanced Settings.
-
Select OK.
