Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
VladaFBiH
New Contributor II

Block all emails sent from our domain for certain time frame

Hi All, I have a fortimail 900f and we've noticed that when users emails are compromised the malicious actors use said email accounts to send mass spam between 1 am and 5 am. 

 

From what we can see no users are sending emails during that period so we'd like to implement a rule that blocks all traffic for a specific time period, is something like this possible with the fortimail 900f? 

1 Solution
AEK
SuperUser
SuperUser

Hello Viada

I don't know such functionality on FML, but you can still enable spam filtering for outgoing emails, this should block the outgoing spams.

However, here as your mail server is hacked I think the priority is to changes mailbox passwords, then clean up and harden your mail server.

AEK

View solution in original post

AEK
7 REPLIES 7
AEK
SuperUser
SuperUser

Hello Viada

I don't know such functionality on FML, but you can still enable spam filtering for outgoing emails, this should block the outgoing spams.

However, here as your mail server is hacked I think the priority is to changes mailbox passwords, then clean up and harden your mail server.

AEK
AEK
VladaFBiH
New Contributor II

Sorry I accedentaly accepted this. We do have spam filtering enabled and it blocks a lot but our users are generally older and fall prey to spam emails asking for passwords which causes most of our headaches. Thats why I'm looking for additional restrictions I can add that will improve things at least a little bit.

AEK

Then additionally to reset the passwords and sanitize your mail server and users, you need to educate the users not to share their credentials + basic security awareness.

AEK
AEK
abelio
SuperUser
SuperUser

Hello,

I agree with AEK in try to find a more permanent fix for the scenario.

But in the meantime you could play a bit with 'deferred message delivery' setting under mailsetting > mailserver setting.

The idea behind this feature is solve another kind of problems, but nothing impede play with it in conjunction with a specific content profile delivery on policy match.
I'm only try to implement your idea, i'm not sure that could be sustainable in the long time.

 

hope it helps

 

 

regards




/ Abel

regards / Abel
flamer
New Contributor II

Your mail server must currently have a rule allowing it out to the Internet on port 25 (among other ports potentially). Just add a schedule to that rule. ie 05:01-00:59 its enabled. 

AEK

I think that will just delay the spam e-mails since they will stay in the mail queue until it is released at 5 am.

AEK
AEK
abelio
SuperUser
SuperUser

Hello,
I understood from the original post that Vlada wanted to check queued mail and decide if those are legit or not, before release it. It's clear that it's no a sustainable solution to the original problem, just an idea around his question.

regards




/ Abel

regards / Abel
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors