Skip to main content
itservices2
itservices2
New Member
January 19, 2015
Solved

Email gateway under attack

  • January 19, 2015
  • 3 replies
  • 3303 views

Have a fortigate 60D which pushes only smtp /https traffic to our email gateway. However seeing quite a lot of authentication failures on our barracuda the email firewall. IPS and AV is enabled for the UTM . Any way to check this out. Cant do block by ip isnce it is random ip on a daily basis. Running firmware 5.0.10

    Best answer by emnoc

    if it's pure auth failures you can write a custom signature

    http://socpuppet.blogspot.com/2014/07/example-fo-smpauth-protection-fortigate.html

     

     

    3 replies

    rwpatterson
    rwpatterson
    New Member
    January 20, 2015

    Can you spot a trend in the IP addresses by location (global location)? The Fortigates in newer versions support policies by region.

    emnoc
    emnocAnswer
    New Member
    January 20, 2015

    if it's pure auth failures you can write a custom signature

    http://socpuppet.blogspot.com/2014/07/example-fo-smpauth-protection-fortigate.html

     

     

    seadave
    seadave
    New Member
    January 23, 2015

    You might be able to use a DoS policy to drop by source or what I do is have all of my IPS rules setup to ban source IPs for 30 days once triggered.  Stops a lot of these guys in there tracks.  Make sure you aren't NAT'ing inbound by mistake.  I did this once a long time ago and it caused all sorts of problems.

    Terms & ConditionsAccessibility statement