FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
adavila
Staff
Staff
Article Id 194658
Description
Email spoofing is the creation of email messages with a forged sender address, fake or not, pretending to be from the mail server domain (replace the sender's identity).

This article explains how to avoid email spoofing by creating 2 access control policies in an environment with FortiMail, either Gateway Mode or Server Mode.   

Solution
To avoid email spoofing it is necessary to create Access Control Policies.  The first one will verify if the sender has supplied their credentials (user and password), if so, the email will be sent; if not, the email will be evaluated by the second policy, and it will reject the email if not supplied the credentials (no authenticated). The Policies required are:

    Create a Policy for accounts with credentials (user and password):
        Sender pattern: Internal
        Recipient pattern: User Defined (*)
        Sender IP/netmask: User Defined (0.0.0.0/0)
        Reverse DNS pattern: *
        Authentication status: Authenticated
        TLS profile: --None--
        Action: RELAY

    Create a Policy for accounts with no credentials:
        Sender pattern: Internal
        Recipient pattern: User Defined (*)
        Sender IP/netmask: User Defined (0.0.0.0/0)
        Reverse DNS pattern: *
        Authentication status: Not Authenticated
        TLS profile: --None--
        Action: REJECT

The script code is then as follows:
edit 1
set sender-pattern [int>
set authenticated authenticated
set action relay
next
edit 2
set sender-pattern [int>
set authenticated not-authenticated
next
end
The numbers (1 and 2) are for reference only and should be changed according to the end customer configuration.

Related Articles

Email users are spammed by DSN for email they did not actually send

Technical Note: Spammer trying to use FortiMail as relay - INTERNAL

Contributors