Forti Mail Overview Dedicated email security solution Last
- Slides: 85
Forti. Mail Overview Dedicated email security solution Last Update: March 2008 Nathalie Rivat
Agenda • • • Introducing Forti. Mail deployment scenarios Forti. Mail product line Differentiated services: policies and profiles Antispam techniques Virus detection Forti. Mail HA Email archiving Reporting
Email Security Challenges • Action is needed to secure mail inbound and outbound
Introducing Forti. Mail Maximum detection accuracy of blended email-based threats: Multi-layered email security –Antispam, antivirus, antispyware and antimalware detection platforms –Relies on Fortinet Forti. Guard™ services that are powered by a worldwide 24 x 7 Global Threat Research organization Inbound & Outbound Email Unlike other messaging security products, Forti. Mail secures Messaging Security inbound and outbound mail inspection with only one system The only email security solution that can be deployed in: –Transparent mode Flexible deployment options –Gateway mode –Email server mode Integrated Message Transfer Specialized MTA engine for peak capacity Agent (MTA) Intelligent routing, Qo. S, virtualization No user or mailbox restrictions Cost effective solution Large product range to fit performance requirements No third-party agreement – 100% Fortinet technology Email Archiving Facilitates regulatory compliance for content archiving High availability Forti. Mail redundancy with automatic failover
Agenda • • • Introducing Forti. Mail deployment scenarios Forti. Mail product line Differentiated services: policies and profiles Antispam techniques Virus detection Forti. Mail HA Email archiving Reporting
Forti. Mail Operating Modes • The only solution that can be deployed in 3 modes and fits: – Any deployment scenarios § DMZ or inline deployments, one-arm or dual-arm attachment, etc. – Any IP requirements § Bridge mode, Route mode, NAT IP addresses – Any SMTP requirements § Explicit or transparent proxy, visible or invisible in headers and envelop Gateway Mode Proxy MTA services for existing email gateways (relay mode) DNS MX record redirects email to Forti. Mail Intercept SMTP traffic that is not explicitly destined to itself –Forti. Mail does not need to be the SMTP or IP endpoint –Seamless integration into existing network environments Transparent –Requires no IP or SMTP changes Mode It can also simulate an explicit relay (#VIP) –Forti. Mail is the SMTP/IP endpoint Forti. Mail can bridge or route traffic Server Mode Full email server functionality
Gateway mode deployment – Traditional scenario USERS MAIL SERVERS OUTGOING SMTP INTERNET INCOMING SMTP • • Forti. Mail is a mail relay Involves changes to the existing network topology – DNS server is configured to ensure that incoming SMTP traffic is sent to Forti. Mail before reaching the back end mail server • Forti. Mail supports outgoing antispam filtering – In addition to virus and content filtering for policy compliancy – The back end mail server relay outgoing mail to Forti. Mail for improved security § Zombies and botnet protection – Antispam techniques for outgoing traffic are different than for incoming mail
Transparent mode deployment option 1 – Large Enterprise USERS BOTH INTERFACES ARE IN BRIDGE MODE OUTGOING SMTP MTAs INTERNET INCOMING SMTP • Forti. Mail is inline - in front of mail servers – Although not explicitly destined to Forti. Mail, SMTP traffic is transparently proxied and inspected • Seamless integration into existing network, no network reconfiguration – IP-layer transparency § Forti. Mail acts as a bridge for SMTP and non SMTP traffic § No need to change the IP addressing scheme or mail server default gateway – SMTP-layer transparency: § No change in existing MX records and MUA/MTA setup § Forti. Mail can be transparent in envelop & mail headers
Transparent mode deployment option 2 – ISPs ONE-ARM or DUAL-ARM ATTACHEMENT (OPTIONALY: 3 rd INTERFACE FOR OOB MANAGEMENT) TRANSPARENT MODE POLICY-BASED ROUTING: SMTP TRAFFIC --> FORTIMAIL MTAs OUTGOING SMTP INTERNAL NETWORK INTERNET MUAs SESSIONS INITIATED FROM THE INTERNET TO THE ISP INTERNAL NETWORK ARE NOT SCANNED • Forti. Mail is not inline – The network redirects SMTP traffic to Forti. Mail – Policy based routing or load-balancers • Smooth integration into existing network environments – No need to change IP addressing scheme or SMTP setup on MUA/MTA – Although not explicitly destined to Forti. Mail, SMTP traffic is intercepted by Forti. Mail inspected, and clean traffic delivered to destination MTAs
ISP scenario • ISP and Mobile Operators are concerned about filtering outgoing spam to protect their IP addresses from blacklisting – Spammers cause ISP addresses to be black-listed by DNSBL servers – Outgoing SMTP connections = any SMTP session initiated from the internal network and destined to MTAs on the Internet – Outgoing mail flow are NATed behind the Service Provider public IP addresses
ISP scenario – NAT impact • Many-to-one NAT – All users are NATed behind the same IP address – If the public IP address is black-listed ALL internal users are blocked and can’t send mail – A single source of spam is enough to black-list the ISP address • One to one NAT – Private IP addresses are dynamically assigned to users – Each private IP address is NATed behind a public IP address – If a public IP address is backlisted because it has been used by a spammer, the next user that receives this IP address is blacklisted too
ISP scenario – Requirements • Antispam solution needs: – To be transparent § No MTA or MUA modification – To protect unknown domains § Not realistic to list & maintain the customer domains – To support an unlimited number of domains – To support antispam for outgoing mail flow and implement efficient filters that fit outgoing traffic type § Different techniques are involved for outgoing flows than for incoming flows § For instance: IP reputation is unadapted • Forti. Mail can do all of that
Server mode deployment USERS OUTGOING SMTP INTERNET INCOMING SMTP • Mail server functionalities: – Webmail, SMTP, POP 3 and IMAP client support – Secure (SSL) Web. Mail client access – Disk quota policy for user accounts – Bulk Folder for spam mail
Mail routing decision • Intelligent MTA • Forti. Mail can take mail routing decision based on: – The original destination IP address (transparent mode) – Its own calculation of the destination MTA (transparent or gateway mode) which can be done is various ways: § If the recipient domain is not explicitly defined in the Forti. Mail config: – DNS-MX resolution – Default relay (IP address or DNS-A resolution for load-balancing) § If the recipient domain is explicitly defined in Forti. Mail config: – – DNS-MX resolution DNS-A resolution Static IP address LDAP lookup
Agenda • • • Introducing Forti. Mail deployment scenarios Forti. Mail product line Differentiated services: policies and profiles Antispam techniques Virus detection Forti. Mail HA Email archiving Reporting
Forti. Mail product line • SMALL ENTERPRISE MEDIUM ENTERPRISE FORTIMAIL 100 FORTIMAIL 400 (FULL INSPECTION) RAID SUPPORT LARGE ENTERPRISE SERVICE PROVIDER FORTIMAIL 2000 A / 4000 A (FULL INSPECTION) RAID SUPPORT REDUNDANT FANs & IPS Dedicated appliance – Integrated hardware and software – Purpose build and hardened operating system • Fit the need of any company size – From SMB market to High-End Enterprise & Service Providers • Deliver the same protection level and features through the range
Forti. Mail 100 • SOHO or branch office use • Hardware specs: – 4 x 10/100 Ethernet ports – Single 1. 0 GHz CPU – 512 MB RAM – 1 x 250 GB 3. 5” IDE drive
Forti. Mail 400 • Medium to large enterprise • Hardware specs: – 4 x 10/100 ports – 2 x 10/1000 ports – Single 3. 0 GHz CPU – 1 GB RAM – 2 x 250 GB 3. 5” IDE drives – Software RAID (0 or 1)
Forti. Mail 2000 A / 4000 A • • Large enterprise and Service Providers Hardware specs: – 4 x 10/1000 Ethernet ports – Single / Dual Xeon 3. 0 GHz CPUs – 2 GB of RAM – 6 x / 12 x 250 GB 3. 5” SATA drives – Hardware RAID (0, 1, 5, 10 or 50) – Redundant power supplies – Hot-swappable fans
Agenda • • • Introducing Forti. Mail deployment scenarios Forti. Mail product line Differentiated services: policies and profiles Antispam techniques Virus detection Forti. Mail HA Email archiving Reporting
Policies • Policies determine – How incoming & outgoing email is scanned for spam, viruses, and attachment – What to do with spam or email messages containing viruses • Policies: – Identify a mail flow based on the: § Source IP address § Destination IP address (transparent mode specific) § Recipient mail address – And define which security check should apply to this mail flow § Assign protection profiles to the identified mail flow § Can also be retrieved from LDAP lookup • Benefit: – Allow granular definition of services that should apply on specific type of traffic – For instance, identify flows that should receive: § maximum security (strict AS profile) § or maximum QOS (such as high session rate)
Recipient based policies • Recipient based policies catch traffic based on mail addresses: – Explicit user mail address – User groups (incoming policies) – Or wildcard asterisk (*)
IP based policies • IP policies capture traffic based on IP addresses – Src and/or dst IP addresses (transparent mode) – Src IP address (in gateway and server mode)
Policy check – How it works • Forti. Mail first looks for an IP policy match – IP policies are checked in sequence – If there is an IP policy match: § Forti. Mail takes into account the session profile defined in the policy § Forti. Mail then search the recipient policies – except if the IP policy exclusive flag is set – Else, Forti. Mail looks for a recipient based policy match IP POLICY EXCLUSIVE FLAG
Protection profiles • • • Profile = a collection of Forti. Mail settings that control the email flow Profiles are selected in policies and run on any traffic the policy controls Several types of profile: – Session profile § Set session rate § Restrict the number of mail per session, of recipients per mail, of simultaneous session for the same client § Prevent session encryption, § Perform SMTP strict syntax check, domain check, etc. – Antispam profile – Antivirus profile – Content profile § Filter file type, file extensions, banned content § Defer large message – Authentication profile § Authenticate sessions using SMTP, POP 3, IMAP, or RADIUS servers
Comments • You do not have to define the protected domains – Mail Service Provider and Internet Service Provider environment – Differentiated services can still apply based on IP addresses or recipient mail addresses • Wildcard policies – IP=0. 0/0 – or recipient address=* • Antispam, antivirus, content and session profiles are available for incoming or outgoing mail flow
Agenda • • • Introducing Forti. Mail deployment scenarios Forti. Mail product line Differentiated services: policies and profiles Antispam techniques Virus detection Forti. Mail HA Email archiving Reporting
Forti. Mail Advanced Spam Detection • Forti. Guard-Antispam service – Forti. Mail queries a central database • Forti. Mail employs multiple sophisticated antispam technologies that complement the Forti. Guard-Antispam service: – Session-based inspection § Session level detection methods greatly reduce load – Avoid unnecessary mail processing and content scanning § Most of the session control parameters are configured in the session profile – Few of them in the antispam profile (grey listing & DNSBL) – Header and body inspection § Configured in the antispam profile
Forti. Guard-Antispam • Forti. Guard-Antispam uses a number of filtering techniques to detect and filter spam: – Forti. IP = Sender IP reputation database § IP address scoring – Forti. Sig 1 = Spamvertised URLs § Block messages that have spam hosts mentioned in message bodies § Detect spam based on the URIs (usually web sites) contained in the message body as opposed to the spam origin (used by RBL) – Forti. Sig 2 = Spamvertised email addresses § Lots of spam have an email address in the message body that prompts one to contact the spammers. Those email addresses are added to Forti. Sig – Forti. Sig 3 = Spam object checksums § Objects in spam are identified and a fuzzy checksum is calculated from each object which it then added top the Forti. Sig database – Objects can be part of the message body or an attachment • Forti. Rule – Forti. Guard also updates Forti. Mail local set of heuristics rules
Forti. IP – Sender IP reputation • Forti. Guard-Antispam maintains a global IP reputation database – The reputation of each IP is built and maintained based on tens of properties gathered from various sources – The properties include: § The whois information, geographical location, service provider, § Whether it is an open relay or hijacked host, etc. § One of the key properties is the email volume from this sender as gathered from our Forti. Guard service network • By comparing a sender's recent email volume with its historical pattern, Forti. Guard-Anti. Spam updates each IP's reputation in real-time and provides a highly effective sender IP address filter
Forti. Guard-Antispam overview • To achieve up-to-date real-time spam identification, Fortinet utilizes globally distributed spam probes that receive over one million spam messages per day • Each message is processed through multiple layers of identification processes to produce an up-to-date list of spam origins – To further enhance the service and streamline performance, each of the “known” identities in the list is continually re-tested to determine the state of the origin (active or inactive) – If a known spam origin has been decommissioned, the origin is then removed from the list, thus providing customers with both accuracy and performance
Forti. Mail Advanced Spam Detection • Session based inspection – SMTP syntax verification and RFC compliancy – SMTP checks (sender/recipient domain check, prevent open relay, etc. ) – SMTP rate limiting (simultaneous sessions, new sessions / period of time, etc. ) – SMTP error control – Recipient address check (valid mail address) – Greylist Filtering – Local Reputation Filtering – Etc.
Session level – Protocol check • Consider at least the two following options:
Session level – SMTP errors • Errors sometimes indicate attempts to misuse the server • You can impose delays or drop connections if there are errors
Session level – Unauth sessions • Check sender domain – Checks the existence of the sender domain by looking up both the MX record and A record – One successful query would pass the check – Enable it depending on deployment scenario § Useful for ISP outgoing antispam and MSP/Enterprise incoming mail • Check recipient domain – Checks the existence of the sender domain by looking up both the MX record and A record – One successful query would pass the check – Enable this depending on your deployment scenario § Useful for ISP/MSP/Enterprise outgoing antispam
Session level – Unauth sessions • Reject if recipient and helo domain match but sender domain is different – If the recipient (RCPT TO = toto@fortinet. com) and helo domain match (for instance, SMTP client host name = mailserver. fortinet. com), then it is expected that it is an internal mail (sender@fortinet. com in our example): the mail should be coming from Fortinet and destined to Fortinet. – That's why if the sender domain is not the same as the recipient domain, Forti. Mail would drop the connection § It is very unlikely that a well-configured mail server would make such a connection • Prevent open relaying: – Verifies that the RCPT TO domain matches the IP address given by MX lookup – but allow if authentication is used
Session level – Settings for unauth sessions
Session level – Recipient address check for incoming • mail Recipient address verification helps to detect incoming spam • Ensure that email with invalid recipients is rejected, not scanned, nor sent to the back end email server • Support SMTP server or LDAP database DEFINE THE APPROPRIATE METHOD FOR RECIPIENT CHECK
Session level – Session rate limiting • Adjust the quality of service • Control the number of simultaneous connections as well as the number of connections within a certain amount of time • Adjust this settings if you filter outgoing spam and you have a large internal source of mail
Session level – Sender Reputation • An anti-spam measure managed by Forti. Mail and requiring no maintenance or attention • Forti. Mail keeps track of SMTP client behavior – If a sender delivers mail including spam and/or viruses, or a large number of invalid users, the sender reputation feature will take measures against them • Those sending excessive spam messages, infected mail, or messages to invalid recipients will have their deliveries limited • Should clients continue delivering these types of messages, their connection attempts will be rejected entirely • To make it working efficiently, network must not hide the client IP addresses to Forti. Mail – Forti. Mail is not connected behind a NAT device – Forti. Mail is not receiving connections from a relay
Sender Reputation – Specifics • Forti. Mail records for each SMTP client (IP address): – Total number of messages delivered – Number of messages detected as spam – Number of messages infected with viruses or worms – Total number of recipients – Number of invalid recipients • Forti. Mail determines a sender’s reputation score using 2 ratios: – The amount of good email compared to the bad mail – The total number of recipients as compared to the number of bad recipients • Forti. Mail uses email information up to twelve hours old, and recent mail influences the score calculation more than older mail – Score from 0 to 100, (0= a very well behaved sender, 100 = the type of sender you’d rather avoid) – After 12 hours without a mail delivery from a client, client records are deleted • The sender reputation score is compared to 3 thresholds (customizable): – Above the 1 st value, Forti. Mail limits the number of messages accepted per hour – Above the 2 nd value, Forti. Mail rejects the connection returning a temporary fail error – Above third value, Forti. Mail refuses the connection returning a reject message
Sender Reputation configuration • Sender reputation is configured and enabled in the session profile • It can be used with the following default settings:
Session level – IP black listing • DNSBL – DNS Blacklist – List of IP addresses that are known to originate spam • Configure a public DNSBL server – such as: sbl-xbl. spamhaus. org
Session level – Greylisting • A mean of reducing spam in a relatively low maintenance manner – No IP address lists, email lists, or word lists to keep up to date – The only required list is automatically maintained by the Forti. Mail unit • Block spam based on the behavior of the sending server, rather than the content of the messages – When receiving an email from an unknown server, the Forti. Mail temporarily rejects the email – If the mail is legitimate, the originating server will try again later, at which time the Forti. Mail unit will accept it – Spam servers will very unlikely attempt a retry • Grey listing is enabled in the antispam incoming/outgoing profiles
Session level – Greylisting • TTL The time to live setting – How long the to/from/IP data will be retained in the Forti. Mail greylist – When the entry expires, it is removed and new messages are again rejected until the sending server attempts to deliver the message again • Grey listing period – Length of time the Forti. Mail will continue to reject messages with an unknown to/from/IP – After this time expires, any resend attempts will have the to/from/IP data added to the greylist and subsequent messages will be delivered immediately
Greylisting – Specifics • Greylist routine looks at the envelop and extract 3 values: – Sender address (Mail From: ) – Recipient address (Rctp to: ) – IP address of the mail server delivering the message • If the greylist routine doesn’t have a record of a message with these three values: – Message is refused – Temporary error is reported to the server attempting delivery • The delivering server should later attempt to send the mail again – Mail servers following specifications (RFC 821) will attempt to retry deliveries that fail with expected error codes § Most spam mail is not delivered by standard mail servers, but rather by applications designed specifically for spam distribution – If another delivery is attempted, the message is accepted § Forti. Mail has stored the 3 attributes so any subsequent messages with these same three values is immediately accepted
Grey listing – Comments • Grey listing is a very efficient method that is destined to MTA sessions • Grey listing should not apply to MUA sessions – If it is not possible for Forti. Mail to distinguish MUA sessions from MTA sessions, do not enable grey listing – Example: ISP deployment for outgoing antispam • Forti. Mail automatically bypass grey listing for SMTP sessions it authenticates
Header and body inspection • Header and body inspection – Deep header scanning – Image Analysis Filtering – Heuristics Rules (several thousands) – dynamic update § Maintained by Fortinet’s antispam research team § Automatic upload through Forti. Guard services – Public SURBL – Attachment filtering (PDF scan) – Per User / Domain Bayesian Filtering – Locally administered black/white list of domains and users – Banned words / dictionnary scanning
Header inspection • Black IP checking looks at the “Received” fields of the email header – Extracts hostnames and IP addresses of mail servers the email has gone through – Pass them to the Forti. Guard. Antispam service, DNSBL, or SURBL servers • Header analysis examines the entire message header for spam characteristics – Leverages Fortinet’s extensive known-spam library to add intelligent analysis to email header content; ultimately improving detection of image spam that attempts to evade antispam filters
Content inspection – SURBL • SURBL = Spam URI Realtime Block. List – List of spamvertised sites § Also called spammy URL – Allows to block mail that have spam hosts mentioned in bodies § web servers, sites, domains • Configure a public SURBL server – Such as multi. surbl. org
Content inspection – Image scanning • An increasingly common tactic used by spammers is to replace the message body with an image file – This image file displays a graphic of the desired text • Image spam are difficult to detect since spammers slightly change the image – To avoid signature based detection methods (such as Forti. Sig 3 = Spam object checksums) • Forti. Mail’s image scan detects spam where the message body includes an image – Examines and identifies GIF, JPEG, and PNG graphics – Detects spam based on email header and body analysis, and image processing • Process is locally achieved by Forti. Mail and does not use OCR (optical character recognition) – Our testing has shown this method is not effective enough
Content level – PDF scan • Enable PDF scanning • All content filters will apply: – SURBL – Black IP scan – Image scan – Banned words – Etc.
Antispam actions • Configure on a per profile basis antispam actions: • Each antispam filter can have its own action – For instance: choose Discard for DNSBL, while choose quarantine for image scanning
Quarantine • Spam messages can be stored locally on Forti. Mail – Forti. Mail hard disk size scales up to terabytes. • User can release mail by web or by mail • Mail can be automatically deleted after a specified amount of time
Spam report • • Set the time for the Forti. Mail unit to send spam reports to email users Customize the report message and HTML appearance as you wish
Spam quarantine • Access the quarantine SELECT A DOMAIN OPEN A USER MAILBOX
Spam quarantine • Review the content of a quarantine mailbox CLICK HERE TO VIEW A MAIL
Spam quarantine • Read quarantined mail CLICK HERE TO VIEW WHY A MAIL IS IN THE QUARANTINE
Spam quarantine • Review why an email is in the quarantine
Spam report • You can force a spam report to be generated to selected users or all users • Select the amount of time for which the user will receive spam information
User quarantine • Allow users to access their quarantine by web mail
Quarantine – User preferences • Language customization • User BWL settings • Etc.
Agenda • • • Introducing Forti. Mail deployment scenarios Forti. Mail product line Differentiated services: policies and profiles Antispam techniques Virus detection Forti. Mail HA Email archiving Reporting
Antivirus check • Forti. Mail detects viruses and spyware embedded in SMTP email messages and removes them – Provides both Wildlist and Zoolist/legacy virus protection against more than 300, 000 viruses and variants – Leverage the award winning Fortinet Antivirus engine § ICSA certified • Forti. Mail inserts replacement messages to notify the recipient, or silently block infected email or warn sender of failed delivery • Automatic antivirus engine and signature files update • Do NOT charge per user mailbox
Agenda • • • Introducing Forti. Mail deployment scenarios Forti. Mail product line Differentiated services: policies and profiles Antispam techniques Virus detection Forti. Mail HA Email archiving Reporting
Forti. Mail clustering • Supported in transparent/gateway/server mode • Supports 2 HA modes • Config-only HA mode: – Up to 25 Forti. Mail units share a common configuration, but operate as separate Forti. Mail units – Usually implemented with external load sharing: § load-balancers, DNS round robin, etc.
Forti. Mail clustering • HA Active-passive mode – Two Forti. Mail units provide failover protection – HA synchronization § Configuration synchronization – Except few parameters that should not be synchronized: Forti. Mail hostname, SNMP information, some HA settings § Mail data synchronization – Include and selectively synchronize: System mail directory, user home directories, and MTA spool directories – HA health check § Interface monitoring § Service monitoring (SMTP, POP 3, etc. ) – Supports redundant HA interfaces – Choose behaviour after recovery: preemption ON/OFF, offline state, etc.
Forti. Mail clustering DEFINE FORTIMAIL BEHAVIOUR AFTER RECOVERY (PREEMPT, OFFLINE, ETC. SUPPORTS REDUNDANT HA INTERFACE DEFINE FAILURE DETECTION SETTINGS
Agenda • • • Introducing Forti. Mail deployment scenarios Forti. Mail product line Differentiated services: policies and profiles Antispam techniques Virus detection Forti. Mail HA Email archiving Reporting
Archival – Meet regulatory requirements • Selectively archive mails based on: – Sender – Recipient – Content Pattern § Keywords in subject § Keywords in body – Attachment type • Storage: – Forti. Mail HD § scheduled SFTP/FTP upload – Or External NAS storage
Agenda • • • Introducing Forti. Mail deployment scenarios Forti. Mail product line Differentiated services: policies and profiles Antispam techniques Virus detection Forti. Mail HA Email archiving Management / Logging / Reporting
Logging • Logs – On device local logging – Syslog/Forti. Analyzer output • Alerts and resources usage – SNMP traps and MIB polling – CPU Usage, Memory Usage, Log Disk Usage, Mailbox Disk Usage, Deferred queue, Detected virus, Detected spam, etc.
Logs CHOOSE WHERE TO LOG
Logs SPECIFY THE EVENTS YOU WANT TO LOG • Antispam logs – sample:
Management • Easy management that answers SMB and High End need – Wizard option for fast and easy deployment • Configuration tasks – Through Intuitive GUI (basic and advanced modes) – Though CLI mode
Wizard for fast & easy deployment • Provides a way to quickly have the Forti. Mail unit up and running • Administrator does not have to know & choose antispam techniques • Involves only 6 steps – Step 1: Admin pwd – Step 2: IP/DNS/Time info
Wizard for fast & easy deployment • Step 3: Local domain • Step 4: Protected domain
Wizard for fast & easy deployment • Step 5: Incoming protection – Antispam level (high/medium/low) – Antivirus service ON/OFF • Step 6: Outgoing protection – Antispam level (high/medium/low) – Antivirus service ON/OFF – Access control for relay permission
Wizard for fast & easy deployment • Review, save • It’s done!
Reporting • Provide full visibility about the mail usage – Over 240 embedded HTML or PDF reports – Mail stats, virus stats, spam stats, etc. • The Forti. Mail unit comprehensive reporting with over 240 reports in nine categories. • Reports can be run : – on demand or scheduled – on a specific period of time – for all domains or a specific set of domains – for incoming or outgoing mail
Report setup CHOOSE THE PERIOD OF TIME TO COVER SCHEDULE THE REPORT CHOOSE A LIST OF DOMAINS OR ALL DOMAINS SELECT INCOMING OR OUTGOING TRAFFIC CHOOSE THE OUTPUT
Reports – Query selection • • • Mail Statistics – Mail Stat Messages – Mail Stat Viruses – Mail Stat Actions Total Summary – Total Sent And Received – Total Spam And Nonspam – Top Ten Viruses High Level Breakdown – Top Client IP – Top Local User – Top Remote Address – Spam Filter – Action – Top Virus – Virus BY DATE, HOUR OF DAY, System User DAY OF –WEEK, DAY OF MONTH, BY WEEK OF YEAR, Top Client MSISDN OR – BY MONTH • Spam by Recipient – – – Top Spam Recipient Top Local Spam Recipient Top Remote Spam Recipient • Virus by Sender Top Sender – – – – Top Virus Sender Top Virus Domain Top Virus IP Top Local Virus Sender Top Local Virus Domain Top Remote Virus Sender Top Remote Virus Domain Top Virus MSISDN Top Sender IP • Virus by Recipient Top Local Sender – – – Top Virus Recipient Top Local Virus Recipient Top Remote Virus Recipient By Month • Spam by Sender – – – – Top Spam Sender • Mail by Sender – – – • Mail by Recipient – – – Top Recipient Top Spam Domain Top Spam IP Top Local Spam Sender Top Local Spam Domain Top Remote Spam Sender Top Remote Spam Domain Top Spam MSISDN Top Remote Sender Top Sender MSISDN Top Local Recipient Top Remote Recipient
Report sample
Forti. Mail key points Fit any deployment scenario and network requirement (explicit or transparent proxy, route or bridge packets, visible or unvisible in the headers, etc). No OEM agreement, 100% Fortinet technology, no user licences Support advanced HA with network and service check, mail data synchronization, etc. Supports outgoing spam filtering Includes extended reports and large quarantine server Administration that fits SMB, Enterprises and Service Providers
Thank you ! Questions ?
- Sender reputation fortimail
- Fortimail matrix
- Electronic mail security in network security
- Dedicated analytical solution
- Privat security
- Don would always open the mail throw away the junk mail and
- Priority mail vs priority mail express
- Google docshttps://mail.google.com/mail/u/0/#inbox
- Equazioni ioniche
- Forti auth
- Acidi e basi si scambiano protoni zanichelli
- Nabz vision
- Kw= ka x kb
- Acidi e basi forti e deboli
- Forti ips
- Iato
- Forti et fideli nihil difficile
- Forti tester
- Forti nac
- Pronomi personali complemento forma forte e debole
- Chimica analitica
- La solitudine è come una lente di ingrandimento
- Alessandra forti
- Alessandra forti
- E mail email
- Email or e-mail
- Owasp asvs
- Android security overview
- Formal vs informal email example
- Electronic mail security
- Electronic mail security
- Nsbe monthly reports
- Email about last summer holiday
- Dell sonicwall email security
- Email security system
- Memo vs email
- Introduction to email security
- Email security assessment
- Immiscible
- Miss c.o. y r
- Romeo and juliet cast of characters
- Dedicated processor assignment
- Dedicated computers
- Dedicated fulfillment
- Dedicated project team structure
- What is att dedicated internet
- Antonios vlassis
- Vodafone cloud server
- Wan transport technologies
- Enterprise dedicated network
- Contoh dedicated it system di atas kapal
- Contoh general purpose it system
- Sel manufaktur
- Insurance dedicated fund
- Dedicated defined benefit services
- What is april dedicated to
- What are hardware interrupts
- The state or quality of being dedicated to a cause
- Osi standard for security architecture is
- Security guide to network security fundamentals
- Wireless security in cryptography
- Visa international security model diagram
- Cnss model
- Security policy and integrated security in e-commerce
- Software security touchpoints
- Security guide to network security fundamentals
- Security guide to network security fundamentals
- Www overview
- Maximo overview
- Universal modeling language
- Uml
- Vertical retailer
- Figure 12-1 provides an overview of the lymphatic vessels
- Veins and arteries
- Texas recapture districts
- Walmart operations management
- Stylistic overview of painting
- Sa/sd and jsd
- Spring framework overview
- Nagios tactical overview
- Market overview managed file transfer solutions
- Nfv vs sdn
- Sbic program overview
- Sap consignment process
- Ariba overview
- Safe overview