Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alexander_Mueller
New Contributor

FortiMail, Spam Outbreak and Sandbox

HI,

 

i have a problem and i hope somebody can help me.

First: Fortimail 200E v6.4.3(GA), build437 Scan order : antispam-content-sandbox

Sandbox: 1000D v3.2.1,build0222 (GA)

Fortimail Antispam Config:

 

Now my problem is, i'm using Banned word and dictionary to filter special Words in the Emails and reject this,

now sometime he send first emails to the Spam Outbreak and after the period time the is checking for the banned words and after finding banned words, the send the emails to the System Quarantine.

This only happend after the Spam Outbreak, without Spam Outbreak he Reject the emails directly.

 

Why he send after Spam Outbreak Emails with banned word to the Quarantine and its possible to change it.

 

Thank you

 

5 REPLIES 5
Jjchen_FTNT
Staff
Staff

Hi Alexander, 

It's because after FortiMail accepted this email for outbreak defer, it no longer can reject it. To the remote MTA, the email has already been accepted by FortiMail. The Reject action will then fall back to System Quarantine.

Alexander_Mueller

HI,

 

yes, but how can i prevent that Fortimail accepted this emails, because with the others is working, only with a couple emails its not working

Jjchen_FTNT

Fortiguard spam outbreak happens before banned word, so in this case a suspicious email will be deferred first.

Alexander_Mueller

HI,

 

i understand, but in my attached image i have the config, that for this recipient pattern the suspicious emails should reject and i cannot not find why there are send to sandbox or i have a missunderstand in the config

Jjchen_FTNT

Because if the email triggers spam outbreak, and it can also trigger sandbox while you have sandbox configured, then the email will be put into spam outbreak queue and sandbox queue at the same time. This is to reduce the total defer time.

Labels
Top Kudoed Authors