Description This article provides information on URL/IP exempt list.
Solution FortiMail has authentication mechanism to block IP addresses if failed login attempts from that IP address reach the threshold.
The FortiMail access can be control with: - CLI: access via SSH. - Mail: mail access via SMTP(S), IMAP(S), POP3(S). - Web: admin and webmail access via HTTP(S).
The blocking duration is based on the login history of the IP address.
The maximum time an IP address can be blocked is 45 days.
Example. 1) if the initial block period is set to 10 minutes, depending on the user’s number of violations, the actual maximum block time can be up to 2 hours. 2) If it is set to 30 minutes, the actual block time can be up to 12 hours. 3) If it is to more than 70 minutes, the actual block time can be up to 45 days.
So, to avoid false positives, it is not recommended to use longer initial block time setting. The recommended setting is less than 30 minutes(default = 10 minutes). If a user has logins continuously within a period of time, then user’s IP will be automatically added to an auto/dynamic exempt list.
To monitor the blocked IP address information, go to Monitor -> Reputation -> Authentication Reputation.
To configure authentication reputation settings.
1) Go to Security -> Authentication Reputation -> Settings. 2) Configure below settings. - Status : Select Enable, Disable, or Monitor only. Monitor only means that failed login attempts will be counted and scored but will not be blocked. - Access tracking : Enable or disable what types of login access will be tracked: CLI, Mail or Web. - Initial block period : Specify how long the IP will be block after its failed login attempts reach the threshold for first time. The actual block time will be increased for repeated IP’s.
To manually exempt IP addresses from authentication reputation tracking.
1) Go to Security -> Authentication Reputation -> Exempt. 2) Select 'New'. 3) Enter the IP address and netmask. 4) Select 'Create'.
For 6.2 and later.
To manage the auto exempt list.
1) Go to Security -> Authentication Reputation -> Auto Exempt. 2) The exempted IP addresses are displayed. 3) To remove an IP address from the list, select the IP address and select 'Delete'.
