Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Patrick3
New Contributor

Created on ‎07-24-2014 07:57 AM

personal whitelist being ignored

Hello, I' m running firmware version 5.1.3 (happened with 5.1.1 as well) and I' ve been getting lots of complaints from end users that email is going into their quarantine despite the sending addresses being in the personal whitelist. Upon investigation I have verified this to be true. This happens with anything flagged by the DNSBL as well as IP addresses listed in the Fortiguard anti-spam IP service. I have a ticket open with Fortinet support but so far they aren' t sure. Just wondering if anyone else is seeing this. Kind regards,
6562
0 Kudos
14 REPLIES 14
Patrick3
New Contributor
In response to emnoc

Created on ‎07-25-2014 06:43 AM

ORIGINAL: emnoc So you have someone sending you a message from comcast? And your okay with this? or was this a test only? Now to your problem, in the ASprofile & the DNSBL setting action, I guess you have a policy set to quarantine if it matches the AS/DNSBL. Now do you have multiple recipient-policies? If so make sure they all have send quarantine reports enabled. You can also look at the logs to determine what recipient-policy-# that was matched.
A couple comments here. 1) I happen to know plenty of small businesses who run their own Exchange server on a Comcast business line and I don' t think they should be blocked for the simple fact they are coming from a Comcast net block. 2) The fact it is Comcast is irrelevant. The issue is that the sender is in my clients personal whitelist but getting quarantined regardless. I have a single AS policy per domain. All users receive quarantine reports but that doesn' t solve the problem. When my users release something from quarantine it whitelists the sender address. The users need to be able to trust that emails from those people will come in. According to Fortinet support they should be.
803
0 Kudos
Bromont_FTNT
Staff
Staff

Created on ‎07-25-2014 06:50 AM

Patrick, I would say there is an issue there... push for escalation of your ticket
803
0 Kudos
Patrick3
New Contributor
In response to Bromont_FTNT

Created on ‎07-25-2014 06:56 AM

ORIGINAL: Bromont Patrick, I would say there is an issue there... push for escalation of your ticket
I' m on it. Was hoping someone else was having a similar issue and might be able to share the solution but it isn' t looking that way. Thanks,
803
0 Kudos
Bromont_FTNT
Staff
Staff

Created on ‎07-25-2014 01:02 PM

Patrick, BTW what' s your system load/throughput when the issue happens?
803
0 Kudos
Patrick3
New Contributor
In response to Bromont_FTNT

Created on ‎07-25-2014 01:09 PM

ORIGINAL: Bromont Patrick, BTW what' s your system load/throughput when the issue happens?
It happens constantly and consistently throughout the day to hundreds of users. Any user who receives email from someone who is on the DNSBL, or fails deep header inspection, etc, has the email go to the quarantine despite being whitelisted. I received a new response from Fortinet support earlier and they suspect the issue is tied to a corrupted mail data db. The CPU utilization hovers around 5% and memory about 20-25%. The overall system load avg' s about 6%. The box is hardly working.
803
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.