Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mauirixxx
New Contributor

block specific incoming e-mail address

Aloha, I' ve perused and searched the forums, but can' t seem to get around this. We have an employee that no longer works here from late 2006 that still receives a fair amount of spam, and well frankly I' m tired of the NDR' s generated by it, so I' ve tried configuring the firewall (An FT-60, firmware 3.00-b0564 (MR5 Patch 1)) to just drop all incoming mail to that account. This is what I' ve done so far, to no avail: AntiSpam -> Black/White List -> E-mail Address -> defined-emailbwl (edit) And added the following: E-mail Address: /mowens@mai-hawaii\.com/i Pattern Type: Regular Expression Action: Mark as Spam Enable: checked and hit " OK" In the Firewall -> Protection Profile -> filter_wizard (edit) I have under Spam Filtering " SMTP" checked (everything under SMTP is checked save for URL check), and in the E-mail address BWL check I have " defined-emailbwl" , and Spam Action set to " Discard" . Under Firewall -> Policy -> wan1->internal, I have a virtual IP forwarding all SMTP traffic to my e-mail server, and the protection profile is set to filter_wizard. I know it' s enabled and catching most of the spam, because I can see via my FortiAnalyzer all the spam that doesn' tget through to my personal account. What is the correct format of the Regular Expression (or should it be Wildcard?) of a specific e-mail address I want the firewall to block? I' ve tried mowens@mai-hawaii.com (Regular & Wildcard), /mowens@mai-hawaii.com/i (Regular) and the latest, /mowens@mai-hawaii\.com/i (Regular), was done via information I' ve taken from these forums. And nothing has given any definitive results. Is there a CLI only setting for this now that perhaps I haven' t come across? Mahalo for any and all help!
Rick Payton, IT Support Morikawa & Associates http://www.mai-hawaii.com/ FortiGate-60 build 726 (retired) FortiGate-60B v4.0 build 328 MR2 Patch 8 FortiAnalyzer-100B v4.0 build 513 MR3
Rick Payton, IT Support Morikawa & Associates http://www.mai-hawaii.com/ FortiGate-60 build 726 (retired) FortiGate-60B v4.0 build 328 MR2 Patch 8 FortiAnalyzer-100B v4.0 build 513 MR3
14 REPLIES 14
mauirixxx
New Contributor

When you say it' s not working now what exactly is it doing? Is the email getting through to your Exchange Server and hence an NDR is being sent?
yes, that' s exactly what is happening, and exactly what I' m trying to prevent. I' ll go over the settings again, to be sure though.
Rick Payton, IT Support Morikawa & Associates http://www.mai-hawaii.com/ FortiGate-60 build 726 (retired) FortiGate-60B v4.0 build 328 MR2 Patch 8 FortiAnalyzer-100B v4.0 build 513 MR3
Rick Payton, IT Support Morikawa & Associates http://www.mai-hawaii.com/ FortiGate-60 build 726 (retired) FortiGate-60B v4.0 build 328 MR2 Patch 8 FortiAnalyzer-100B v4.0 build 513 MR3
Jan_Scholten
Contributor

Isn' t the correct way to not create a ndr? I mean in every " normal" server non existent users should be denied 5XX in the smtp dialog therefore never create a ndr. accepting emails and bounce it afterwards is a very bad behavior as it creates backscatter to probably innocent (cause faked) users..
Schuler
New Contributor

Hi, why don' t You reject that email with Your internal mailserver? If You have a Exchange 2003 You can enable it with some tricks. See: [link]http://blogs.technet.com/dlemson/archive/2003/10/17/52019.aspx[/link] Regards Sebastian
kwik
New Contributor

Hi,

 

How to block everything from one domain example amazon.com, amazon.net, amazon.ru ?

 

Thank you,

Luk

rwpatterson
Valued Contributor III

It would help your situation if you open a new post instead of dredging up one that is 6.5 years old that isn't exactly what you're looking for...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Top Kudoed Authors