- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to block SMTP sessions from HUGE spambot
Hello
We are using FM since years but we are stuck to resolve a problem with a large spambot in taiwan
We implemented sender reputation, some SMTP limits but the spammers always adapts their methods
We were used to handle +/- 400K sessions per month but since december, we are receiving more than 2,5M SMTP sessions
Stats were about 50% of spam before and reach 98% of spam now
Log files are not readable due to millions of rejects and log files are created more than once a day
Complaints to abuse mailbox stay
Are you aware about some other technics to block this ?
We have some other hosted services like Web servers and some of our clients are trading with taiwan so blocking IP prefixes with fortigate policies is not possible
thanks in advance
NSE6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you post a sample email with the headers?
I block most foreign countries with my fortigate. I know you said that would not work, but maybe you build a list of your partners, get their SMTP IP addresses, then block all SMTP traffic from Taiwan IP prefixes EXCEPT if they are in your allowed_partners_group.
I basically do something like that now and it works pretty well. The only spam I struggle with is spam that is sent via a major email provider (outlook.com, gmail.com, etc...) because I cannot block the IP or the domain. I've started using keyword blocking for them.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
GEOIP blocking should be your friend but have you also engage fortiguard to see if they can help with the intelligence?
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all
thanks for answers
GeoIP and objects creation are not usable solutions as i work for an little ISP in a little country ( we have hundreds clients who are trading with many financial places all over the world )
i'll check with fortinet to find a solution
thanks again for suggestions
NSE6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Be sure to submit the spam so that Fortiguard can improve their detection:
submitspam@service.fortinet.com
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am noticing the same issue.
I switched the Anti-Spam filter from "discard" to "tag" and added "Fortinet" to the subject line.
After 14 hours, I am not seeing any spam tagged. If I am not seeing any tagged spam then I would not be discarding any either.
On call with Tech support now to get problem resolved.
You might want to test yours.
