Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
R_F
Contributor

FML spam low catch rate

Hi,

Anyone experience or notice FML has a low catch rate of dubious spam messages?

ACL and Recipient Policy with Session and AS Profile were in placed already. FortiMail uses private DNS for better resolution. SPF in Public DNS defined already.

 

Any possible workaround to enhance its catch rate?

 

FML 7.0.2 GA as GW Mode

 

4 REPLIES 4
Anonymous
Not applicable

Hello @R_F ,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Thanks,

Anonymous
Not applicable

Hello @R_F ,

 

As per your query, I got advice from the expert to first check some basics like:

- check fml-session log and mailheader of undetected spam
- make sure FML is first instance to receive email and it is not placed behind another relay
- check for any backup-MX which will relay to FML
- use ACL to block common Dynamic ISP Dial-Up Rages by either IP Fange oder RevDNS
- finetune session profile, e.g. allowed errors, delay on error etc.
- use Dictionary to search for common mass-mailing-frameworks (sendgrid, javamailer, etc)
- use sender reputation
- check antispam profile for IP reputation settings
- activate recipient verification if not done yet

 

Please also check if the spam is coming from Gmail or Hotmail. Sometimes there can be a lot of undetected spam in plain text (no HTML, no attachments, no links, just curious text spam) coming from their servers who have a good reputation and it can be hard to block this kind of spam.
Also, do you use Fortinet's IP reputation database (RBL)? If yes, can you confirm if you have  
a FortiGuard License.
 
R_F

hi, apology for late revert. I will take a look on this and let you know the outcome.

jpretli2
Staff
Staff

Hello R_F,

did this solve your problem and increase the catch rate?

 

Thanks

Jochen