Hi All, I have a fortimail 900f and we've noticed that when users emails are compromised the malicious actors use said email accounts to send mass spam between 1 am and 5 am.
From what we can see no users are sending emails during that period so we'd like to implement a rule that blocks all traffic for a specific time period, is something like this possible with the fortimail 900f?
Solved! Go to Solution.
Hello Viada
I don't know such functionality on FML, but you can still enable spam filtering for outgoing emails, this should block the outgoing spams.
However, here as your mail server is hacked I think the priority is to changes mailbox passwords, then clean up and harden your mail server.
Hello Viada
I don't know such functionality on FML, but you can still enable spam filtering for outgoing emails, this should block the outgoing spams.
However, here as your mail server is hacked I think the priority is to changes mailbox passwords, then clean up and harden your mail server.
Sorry I accedentaly accepted this. We do have spam filtering enabled and it blocks a lot but our users are generally older and fall prey to spam emails asking for passwords which causes most of our headaches. Thats why I'm looking for additional restrictions I can add that will improve things at least a little bit.
Then additionally to reset the passwords and sanitize your mail server and users, you need to educate the users not to share their credentials + basic security awareness.
Hello,
I agree with AEK in try to find a more permanent fix for the scenario.
But in the meantime you could play a bit with 'deferred message delivery' setting under mailsetting > mailserver setting.
The idea behind this feature is solve another kind of problems, but nothing impede play with it in conjunction with a specific content profile delivery on policy match.
I'm only try to implement your idea, i'm not sure that could be sustainable in the long time.
hope it helps
regards
/ Abel
Your mail server must currently have a rule allowing it out to the Internet on port 25 (among other ports potentially). Just add a schedule to that rule. ie 05:01-00:59 its enabled.
I think that will just delay the spam e-mails since they will stay in the mail queue until it is released at 5 am.
Hello,
I understood from the original post that Vlada wanted to check queued mail and decide if those are legit or not, before release it. It's clear that it's no a sustainable solution to the original problem, just an idea around his question.
regards
/ Abel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.