Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PKH
New Contributor

Problem with Freemailer and DNSBL

Hi there

We have another problem: when i activate the Profile -> AntiSpam ->  DNSBL with zen.spamhaus.org and bl.spamcop.net all Freemailer als GMX, Gmail, Chello ect will be rejected.

How can i activate the DNSBL with action reject but let the clients with "good freemail accounts" untouched? Because we hav many clients with freemail adresses...

 

thanks

Tom

 


Fortimail 200D V5.4

FortiGate 100D V5.6 // Fortimail 200D V5.4

3 REPLIES 3
Carl_Windsor_FTNT

The Spamhaus Zen feed includes ISP lists of dynamic IPs which will mean a lot of false positives if the authenticated client IP is not removed by the sending mailserver.  There is no way for FortiMail to know what is a good freemail account and override when the third party BLs is blocking.  I would recommend you disable these DNSBLs and use the native FortiMail/FortiGuard features.

Is there any reason why you wanted them enabled in the first place?   Did you see some spam coming through without?  If so I would look at  tweaking the config first before enabling DNSBLs.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

PKH

Hi Carl

no there is no reason, i thought it is a good point to enable DNSBL... but you'r right, in our case DNSBL made many flase positive errors, i disabled it.

FortiGate 100D V5.6 // Fortimail 200D V5.4

Carl_Windsor_FTNT

The FortiGuard services covers what the xBLs do but in a way better supported by Fortinet and with less risk of False Positive.  You shouldn't see any real benefit by enabling the third party BLs any more.

I will look at removing this from the GUI in the future to avoid confusion.

   

Dr. Carl Windsor Field Chief Technology Officer Fortinet