Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chrissmt
New Contributor

Fortimail Feature

Dear All, We already try fortimail, we have question about fortimail feature, anyone have experience for this : 1. Can we modify what fortiguard do with deep header analysis, what is the confidence degree, can we know under what method fortiguard give this value. 2. If we using DNSBL, there is valid email from yahoo that being block, can we still use DNSBL, but fortiguard can detect valid email even the ip address of yahoo server is in DNSBL (without create any whitelist for yahoo domain, or personal yahoo account) 3. User valid email is being blocked because of hash check method, it is identified as spam, can we disable this feature? or are there any execption? 4. Can we change the method of fortimail policy checking, what user want is email receive is not block directly by one scanning method, instead of go trough another scanning which will increase the score. For now is when email being check to DNSBL and the ip address is listed, the email is give action reject or quarantine, we cannot set to go to another checking. 5. For trial license is it true that will cause a lot of false positive compare to full license? Please advice. Thank you for your help. Regards, Chris
3 REPLIES 3
emnoc
Esteemed Contributor III

Q1: Yes, the option exist for more detailed inspection. Not sure I would rate confidence degree and you would need to try and test it. There’s a split risk of enabling this do to other concerns and issues, so you might want to proceed with caution Q2: Can you provide clarity; “How is this email being blocked?” If DNSBL is not blocking it what detection method blocked it. DNSBL can be enable or not per policy and on what you want. Q3 I ‘m pretty sure it’s not an automated feature and you have to enable it and can disable it Q4 Can you clarify; Why do you think you need multiple reputation scoring? You should trust one or not trust it. And what trigger would determine pass it along to be re-evaluated and scored? Also this link comes in handy on the order of execution. http://docs.fortinet.com/fmail/fortimail-admin/index.html#page/FortiMail%2520Online%2520Help/overview.01.24.html You might want to read it.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
chrissmt
New Contributor

Hi Emnoc, Thank you for your reply q2. what the user want is when email block by dnsbl, there is option to go to another checking instead of directly do action block or quarantine There are emails that being block by spam hash check, although the email is valid email not spam. Please advice. Thank you for your help. Regards, Chris
emnoc
Esteemed Contributor III

q2. what the user want is when email block by dnsbl, there is option to go to another checking instead of directly do action block or quarantine
So you don' t trust DNSBL? So why enabled? Also the unit will execute whatever profile that you created & for the DNSBL check. See the attached file and this is where you would disable the " deep header" check btw. ( I overlaid the fortinet flow chart and a snippet of my profile) So you have controls available in your hands, if you don' t trust DNSBL than don' t enable it. The unit is only going act upon what you have enabled per policies and for AS detection. When DNSBL is check, it will follow whatever action you have , and regardless if that action is to " reject" or " not" .

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors