Here's another feature request around fortimail. It would be really helpful to be able to provide weights to DNSBL's so we could work with different lists, including some that have more false positives than others and still have a good chance of getting legitimate mail through.
Along these lines, I'd really like to be able to reject rather than quarantine this stuff, but I live in fear of one of the DNSBL's going rogue and wild-carding everything like one of them did many years ago and having all our mail get rejected. But if I could set up weights so that once two blacklists including something, then I'd feel comfortable rejecting it.
Another alternative along these lines would be to allow us to have separate actions for different RBL's, for example rejecting based upon the really safe ones but doing a quarantine for the ones with higher false positive rates.
Thanks!
Jeff
Jeff Roback
I second that and please include FortiGuard-IP as well. Just today I had to disable the REJECT action again because some of Google's mail servers are in FortiGuard's IP block list however, when I check the same IPs against dozens of other DNSBL, they all come up clean. Another possibility is to add a spamminess weighting and allow different actions based on different thresholds.
Mark
Mark,
Let me know the IPs and I will get that sorted immediately. We have protections in place for this so I can look into why this is the case.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Thanks for the quick reply, Carl.
This one actually turned out to be a configuration issue on my end. A quick call to Fortinet Support (and I mean quick, I got to speak with someone inside 5 minutes for a P4 case! - thanks, Jordan) pointed this out. The IP addresses that were triggering the FortiGuard AntiSpam-IP REJECT action were because I had the "Extract IP from Received Header" option selected. It was grabbing the client browser IP from the header and it was that IP that was in the FortiGuard AntiSpam-IP list.
Still, I might suggest including an option to handle these 2 cases differently with 2 different actions. Perhaps the client IP being in the FortiGuard AntiSpam-IP list could result in a REJECT while a bad IP in the header could result in a QUARANTINE action.
Cheers,
Mark
For what it's worth, I've had a number of occasions when (mostly google/gmail) IP's have been blocked outright by the Fortiguard IP Blocklist.
I would also like to see some ability to assign a weighting to RBL's (and other checks) and then determine an action based on the total weight. Unlike Mark, I do not have the "Extract IP from Received Header" option selected in my configuration.
It seems odd to me that fortimail does not already have a weighting system for RBL's since this to my understanding has always been the most recommended way to use RBL's (obviously not in the context of fortimail given its inability to be configured in this way).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.