Fortinet Community

Jjchen_FTNT · 03-12-2021

I think DLP rule is also a good way to check env-From and header-From, you can choose "Sender matches regex" for env-From, and "Header matches regex" for header-From

Jjchen_FTNT · 03-12-2021

FortiMail will check message/rfc822 content-type attachment which cannot be disabled. The best way to detect forged header-from is to use Impersonation Analysis feature, you can let TAC guide you through to configure the feature.

Jjchen_FTNT · 03-10-2021

Hi Jeff,I checked your email sample, it's the email attachment in bounce email that triggers regex header search. The attachment is an email, so its header is checked.

Jjchen_FTNT · 03-10-2021

In FortiMail 7.0, there will be option to not bypass SPF/DMARC/DKIM for safelist

Jjchen_FTNT · 03-10-2021

Yes, that's correct, BTW, the latest 6.0 GA is 6.0.10

Fortinet Community

User Statistics

User Activity

Re: Content scanning of added headers doesn't work?

Re: Content Dictionary with Regular Expressions not working for Header Only?

Re: Content Dictionary with Regular Expressions not working for Header Only?

Re: FORGED but still delivered

Re: fortimail update 6.0.3 to 6.0.7

Re: FORGED but still delivered

News & Articles

Security Research

Company

Contact Us