I just got finished setting up FortiMail Cloud for Office 365 (setup as gateway for inbound traffic only) and had a question I am having trouble getting definitive answers on. I am sending and receiving email just fine; however, I know I have some tuning and tweaking still to do. Also, I know I am asking this question from a O365 guidance side of things, but as it relates to the new integration with FortiMail, I'm hoping someone can share some guidance on what worked best for them advice.
One setting I put into place was defining the IPs of my FortiMail Cloud instance into the Anti-Spam Connection Filter Policy at O365. I did this as it seemed O365 was declaring an inordinate amount of SPAM from FortiMail Cloud. According to Microsoft, the IP Allow List skips spam filtering but still scans for malware and high-confidence phishing. I am getting more email alerts from O365 about "Phish delivered due to an IP allow policy" (I assume due to the Connection Filter Policy and since it's no longer scanning for spam). Is there something else I needed to do or not do from the O365 side of things with FortiMail Cloud... I guess I am just looking for some O365 settings guidance I need to look out for or address with this kind of setup?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
So just an update to this, I finally got through a Microsoft ticket to get this answered and was told that me adding the FML Cloud IPs to the Connection filter policy was redundant (and thus technically not necessary) to my enabling the Enhanced Filtering for Connectors since those FML Cloud IPs were specified there and is again, the recommended best practice approach according to Microsoft. Thanks for responses.
If I understand well you are receiving on your O365 many spam mails through your FML. If so then you probably didn't configure well you spam filtering on your FML.
Using the default antispam profile usually provides good results. If you share your antispam profile config maybe we can help.
Created on 03-08-2024 12:32 PM Edited on 03-08-2024 12:33 PM
Sure I can supply that; however, I feel I have a good grasp of that side of things, it's just on the O365 side of things, before I declared the FortiMail IPs in the connection filter policy, O365 was declaring way more spam than normal. Once I added those IPs in, O365 now just gives me occasional daily notifications of the Phish due to IP allowed policy. I was just wondering if I did things correctly on the O365 side of things and was looking for guidance there in case there was something I needed to do more on that side.
In regards to the FortiMail spam profile, I pretty much followed the tuning that was mentioned in this link https://www.reddit.com/r/fortinet/comments/awn1kz/initial_fortimail_configuration_and_tuning/
From mail server side don't add FML's IP in the allow list, you need to declare it as MTA for incoming mails and add connector for outgoing mails (if needed).
Those FML Cloud IPs were added to the Enhanced Filtering for Connectors as per Microsoft recommendation
I guess the only other thing I did was add those IPs to my default Connection filter policy (under the Anti-Spam policies), which looks to be, after more reading and research, the only thing in question as I don't see where in the flow of things, this comes into play with that Enhanced filtering turned on. Again, not using FML Cloud for outgoing mail and I was "throwing things at it" during a time of when I seem to be getting O365 to be flagging a lot of typically legitimate email as SPAM, thus my hesitation to remove those IPs from the Connection filter policy as of yet until I do more research.
So just an update to this, I finally got through a Microsoft ticket to get this answered and was told that me adding the FML Cloud IPs to the Connection filter policy was redundant (and thus technically not necessary) to my enabling the Enhanced Filtering for Connectors since those FML Cloud IPs were specified there and is again, the recommended best practice approach according to Microsoft. Thanks for responses.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.