As per your query, I got advice from the expert to first check some basics like:
- check fml-session log and mailheader of undetected spam - make sure FML is first instance to receive email and it is not placed behind another relay - check for any backup-MX which will relay to FML - use ACL to block common Dynamic ISP Dial-Up Rages by either IP Fange oder RevDNS - finetune session profile, e.g. allowed errors, delay on error etc. - use Dictionary to search for common mass-mailing-frameworks (sendgrid, javamailer, etc) - use sender reputation - check antispam profile for IP reputation settings - activate recipient verification if not done yet
Please also check if the spam is coming from Gmail or Hotmail. Sometimes there can be a lot of undetected spam in plain text (no HTML, no attachments, no links, just curious text spam) coming from their servers who have a good reputation and it can be hard to block this kind of spam. Also, do you use Fortinet's IP reputation database (RBL)? If yes, can you confirm if you have
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.