Hello @R_F ,
As per your query, I got advice from the expert to first check some basics like:
- check fml-session log and mailheader of undetected spam
- make sure FML is first instance to receive email and it is not placed behind another relay
- check for any backup-MX which will relay to FML
- use ACL to block common Dynamic ISP Dial-Up Rages by either IP Fange oder RevDNS
- finetune session profile, e.g. allowed errors, delay on error etc.
- use Dictionary to search for common mass-mailing-frameworks (sendgrid, javamailer, etc)
- use sender reputation
- check antispam profile for IP reputation settings
- activate recipient verification if not done yet
Please also check if the spam is coming from Gmail or Hotmail. Sometimes there can be a lot of undetected spam in plain text (no HTML, no attachments, no links, just curious text spam) coming from their servers who have a good reputation and it can be hard to block this kind of spam.
Also, do you use Fortinet's
IP reputation database (RBL)? If yes, can you confirm if you have
a FortiGuard License.
