FortiOS Carrier and MMS content scanning

FortiOS Carrier and MMS content scanning

The following section applies to MMS content scanning, including virus scanning, file filtering, content spam filtering, carrier endpoint filtering, and MMS content checksum filtering.

MM1 Content Scanning

During MM1 content scanning a message is first transmitted from the sender, establishing a connection with the MMSC. FortiOS Carrier intercepts this connection and acts as the endpoint. FortiOS Carrier then establishes its own connection to the MMSC. Once connected, the client transmits its m-send.req HTTP post request to FortiOS Carrier which scans it according to the MMS protection profile settings. If the content is clean, the message is forwarded to the MMSC. The MMSC returns m-send.conf HTTP response through FortiOS Carrier to the sender.

If FortiOS Carrier blocks the message (for example because a virus was found, see the figure below), FortiOS Carrier resets the connection to the MMSC and sends m-send.conf HTTP response back to the sender. The response message can be customized using replacement messages. FortiOS Carrier then terminates the connection. Sending back an m-send.conf message prevents the sender from trying to send the message again.

MM1 MMS scanning of message sent by sender (blocking m.send.req messages)
Sender FortiOS Carrier

MMSC

1. Open TCP session

2. Open TCP session

3. m-send.req

4. Content blocked

6. m-send.conf replacement message

5. Reset TCP session

7. Close TCP Session

8. m-send.rec notification message to sender
(MM1 or MM7/SOAP payload, by configuration)

Sent once per notification period, regardless of how many messages are blocked

9. Notification message to administrators (various protocols)

Sent once per notification period, regardless of how many messages are blocked

FortiOS Carrier also sends m-send.rec notifications messages to the MMSC that are then forwarded to the sender to notify them of blocked messages.

Filtering message retrieval

FortiOS Carrier intercepts the connection to the MMSC, and the m-retrieve.conf HTTP response from the MMSC is scanned according to the MMS content scanning settings. If the content is clean, the response is forwarded back to the client. If the content is blocked, FortiOS Carrier drops the connection to the MMSC. It then builds an m-retrieve.conf message from the associated replacement message and transmits this back to the client.

FortiOS Carrier also sends m-send.rec notifications messages to the MMSC that are then forwarded to the receiver to notify them of blocked messages.

MM1 MMS scanning of messages received by receiver (blocking m.retrieve.conf messages)
MMSC

FortiOS Carrier

Receiver
1. GET request for message

2. GET request for message
3. m-retrieve.conf mesage

4. Content blocked

6. m-send.rec notification message to sender
(MM1 or MM7/SOAP payload, by configuration)

5. m-retrieve.conf replacement message

Sent once per notification period, regardless of how many messages are blocked

7. Notification message to administrators (various protocols)

Sent once per notification period, regardless of how many messages are blocked

Filtering MM3 and MM4 messages works in an similar way to MM1 (see the figures below). FortiOS Carrier intercepts connections to the MMSC, and scans messages as configured. When messages are blocked, FortiOS Carrier closes sessions as required, sends confirmation messages to the sender, notifies administrators, and notifies senders and receivers of messages.

MM3 MMS scanning of messages sent from a sender on the Internet to an MMSC

Internet

Sender on the Internet

1. Open TCP session

FortiOS Carrier

2. Open TCP session

MMSC
3. Send full email message
3. m-retrieve.conf mesage

4. Send full email message

Without ‘.’ on single line
5. Content blocked
7. Send 550 Error and replacement message

6. Reset TCP session
8. Close TCP session
9. MM3 notification message

Sent once per notification period, regardless of how many messages are blocked
10. Notification message to administrators (various protocols)

Sent once per notification period, regardless of how many messages are blocked

MM4 MMS scanning of messages sent between operator MMSCs
Sending Operator
MMSC

FortiOS Carrier

Receiving Operator
MMSC
1. Open TCP session
2. Open TCP session

3. Send full MM4-forward.req message
5. m-retrieve.conf mesage

4. Send full MM4-forward.req message

Without ‘.’ on single line

6. Content blocked
8. Send 250 response

7. Reset TCP session
9. Close TCP session
10. Open new TCP session

11. Send MM4-forward.res message

12. Close TCP session
10, 11, 12 Only initiated if the MM4-forward.req message requested a response

13. MM4-forward.req notification

Sent once per notification period, regardless of how many messages are blocked

14. Notification message to administrators (various protocols)

Sent once per notification period, regardless of how many messages are blocked

MM7 MMS scanning of messages sent between a VASP and an MMSC
Sending
VASP

FortiOS Carrier

Receiving
MMSC
1. Open TCP session
2. Open TCP session
3. submit.req or delivery.req

4. Content blocked

6. submit.resp/delivery.resp replacement message

5. Reset TCP session
7. Close TCP session
8. submit.req/delivery.req notification message

Sent once per notification period, regardless of how many messages are blocked

9. Notification message to administrators (various protocols)

Sent once per notification period, regardless of how many messages are blocked


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.