Hello Jeff
Jeff Roback wrote:1) Does anyone have any experience with tuning the Fortimail heuristic settings that they could share? I know that everyone will have different results, but it would be helpful to have some baseline suggestions from others. The FORTIMAIL Configuration For Enterprise Deployment PDF suggests starting with 100% of rules at 3.50, so we've started there, but since this is from 2010, I was wondering if this is still the best starting point, and if we should be increasing/decreasing by .01, .1, or 1 at a time....
Well, disable it at all...
Source of false positives; nothing to gain with heuristic layer;
you have more powerful and manageable filters in your FML
2) Do you find it's necessary to use public DNSBL lists in addition to the Fortiguard and Hueristic rulesets? We're currently use b.barracudacentral.org, bl.spamcop.net and zen.spamhaus.org. But I'm wondering if there are others we should consider.
There are a lot of free dnsbls out there. You can choose one or another; but fortiguard service layer (if active) is doing the job very well and applies before those dnsbls.
3) How has your experience been with using SURBL? We have experimented with multi.surbl.org, but have seen a fair number of false positives from this.
Interesting; my experience with multi.surbl.org is very good and I'll recommend it in the base setup, but your comment goes in the opposite direction 
I have looked at the Fortimail documentation; this is very comprehensive, but a bit light on real world recommendations. I have also read through the Fortimail cookbooks, but those are unfortunately far to general to be of much help.
agree.
I know there was some discussion of an updated best practices guide a while back, does anyone know if that ever got written?
Fortinet's official Fortimail 201 course afaik.
