Manually Blocking Endpoints in FortiMail

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin

What if you’re having difficulties with spam coming from non static IP addresses, like an email sent from a cellular phone? Relying on sender reputation score may not be effective. That device could continue sending spam with a clean reputation score simply by rejoining the network and obtaining another IP address. Additionally, an innocent device could be accidentally blacklisted.

Thankfully, we can control spam from SMTP clients with dynamic addresses by using endpoint reputation. This recipe guides you through the process of configuring endpoint reputation in FortiMail.

 Endpoint reputation doesn’t use the usual IP address identifier, instead it uses subscriber ID, login ID, MSISDN, or a SIM card on a cell phone to identify the sender.

 Creating a Notification Profile

First we’ll need to enable the endpoint reputation feature

  1. Go the CLI and enter the command
    config antispam setting
        set carrier-endpoint-status enable

    end

  2. Go to Profile > Session > Session. Enable Endpoint Reputation and select Reject or Monitor from the Action dropdown menu.
  3. Select an existing session profile and select Edit.
  4. Expand the Endpoint Reputation list.
  5. Enable Endpoint Reputation and select your desired Action from the dropdown list.
  6. Go to Policy > IP Policy > IP Policy.
  7. Select an existing policy and select Edit.
  8. Select the session profile from the dropdown menu and select OK.
 

 Manually Blocking Endpoints

You can manually block carrier end points by subscriber ID, MSISDN, or other identifier.

To edit a manual carrier endpoint block list

  1. Go to Security > Endpoint Reputation > Blocklist.
  2. Select New to add an entry.
  3. Enter MSIDN, subscriber ID, or any other identifier in the Endpoint Id section 
  4. Select Create.
 
Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin