Tuesday, July 15, 2008

Fortimail - A Basic Setup

The Fortimail appliance is a great tool for combatting spam. Here is a basic setup that will eliminate most spam even without the latest and greatest anti-spam updates from Fortinet.

  • Configure the domains you want to receive email for under Mail Settings -> Domains
  • Enable Verify Recipient Address. If your mail server responds to unknown recipients with a "User not found" message you can utilize the Use SMTP Server option. If your mail server discards invalid recipient addresses without notifying the sender you have the alternative of defining an LDAP server which lists all valid email accounts. The setup of an LDAP server is beyond the scope of this introduction. The advantage of verifying the recipient address is that anti-spam tests don't ever need to be performed on invalid addresses and invalid emails can be quickly discarded this way.
  • Under Profile - Antispam click the copy button next to the antispam_basic_predefined_medium profile to create a copy. Name it something like medium_strength_profile. This process creates a copy of the default system scan profile which you can edit.
Enable the following options in your scan profile
  • FortiGuard-Antispam scan - If you have purchased a Fortinet support contract for your Fortimail unit. You can leave Black IP scan disabled.
  • Greylist scan - This option tells every unknown sender to wait and try again later. Most spammers won't try again but any RFC compliant mail server will attempt to redeliver the mail every few hours at least. When the remote email server tries to deliver the same message again they are put on the passthrough list. This means that in the future they will not be challenged again. This is a very effective option and is highly recommended. The only slight drawback is that the initial email delivery can be delayed by a short while. Don't use greylisting if you require every email to always be delivered in real time.
  • DNSBL scan - Allows the FortiMail unit to communicate with DNSBL (DNS Block List) servers to check the IP address of the mail server that delivered the message. If a match is found, the FortiMail unit treats the message as spam. Under config you can use the defaults of bl.spamcop.net and sbl-xbl.spamhaus.org.
  • SURBL scan - Complementing the DNSBL component, which blocks messages based on spam origin, SURBL technology blocks messages that have spam hosts mentioned in message bodies. By scanning the message body, SURBL is able to determine if the message is a known spam message regardless of origin. Under config you can use the default of multi.surbl.org.
  • Heuristic scan - Allows the FortiMail unit to examine messages for patterns common to spam messages. The heuristic scores are based on rules. For example, if the email header contains "As seen on national TV!", it gets a certain score toward being likely a spam email. The heuristic rules require no administrator modification or updating. A default rule set is provided and it is updated through the FortiGuard service as needed. New rules are added and rule scores are adjusted for maximum advantage.
Using these basic settings should be pretty effective to reduce most spam. You should of course use settings that work for you but this should be a pretty good starting point.

4 comments:

Hazard said...

Would love to see an A-Z config guide on how to set up user profile configurations. The documentation is rather confusing.

MERAJ AHAMED said...

I am new to fortimail , i have configured. But it is open relay .How can i setup ldap authentication and i have domain controller how to ldap server for fortimail? could u please guide

MERAJ AHAMED said...

I am new to fortimail,I have already configured in gateway mode it is working but it is an open relay can any one guide ldap authentication setup step by step?

Sebastian said...

You should post config questions like that to the user support forums:

http://support.fortinet.com/forum