Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Troubleshooter_73
New Contributor III

Mails Quarantined without Profile?

I'm running into a strange behavior.

My customer want's to sandbox and quarantine all suspicious mails to the User Quarantine. Fine, Fortimail and Sandbox Appliance configured and everything works as expected.

Yesterday he told me, there were mails in the System Quarantine, which should be in the User Quarantine and now he have to release these mails manually, which is not the best way.

So I researched for a specific email and yes, many mails were delivered to the sSystem Quarantine Folder and all these mails have an attachement, but I don't have configured a System Quarantine Action? I double checked all the possibilities:

[ul]
  • IP policies
  • Receipient Policies (for all Domains, including System Domain)
  • Access Policies
  • Outbound / Inbound Policies
  • Content Actions and -profiles
  • AntiSpam Actions and -profiles
  • AntiVirus Profiles and -profiles[/ul]

    So I'm stucking now, because there's nothing related to the System Quarantine.

    So the Question is now, is there any "System Default" Action or any CLI Option that I can check, to prevent Emails to deliver to the System Qurantine?



  • FCNSA 5, FCNSP 5, NSE 4

    FCNSA 5, FCNSP 5, NSE 4
    1 REPLY 1
    khassan_FTNT
    Staff
    Staff

    Take one of these email and search for it in the logs. Verify that the Disposition says System Quarantine, check which Profile was triggered (AS, AV, Content). Then looking at 'policy id' columns you should see which Recipient Policy was applied (third number from the policy id), you will find the action configured under this Policy and Profile.

     

    Khaled.

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors