Skip to main content
Ivanildo_Galvao
Ivanildo_Galvao
New Member
March 30, 2019
Question

Fortigate AntiSpam stopped working

  • March 30, 2019
  • 1 reply
  • 5908 views

Hello Sirs, I have in my environment, two Fortigate 800D clustered, I enabled antispam two months ago, the antispam security profile applied in the NAT entry rule where my mail server receives the messages. Many spam was blocked, I needed to change the internet link, due to the change of provider, I recreated all VIPs, including the NAT of the email server. Since then, the antispam has stopped working, it is active, okay, but it just does not work, I've seen everything and I could not solve it, nor does Fortinet support know what it is. Does anyone here have an idea? Have you ever had a problem like this?

 

I appreciate if anyone here can help me.

    1 reply

    abelio
    SuperUser
    abelio
    SuperUser
    March 30, 2019

    ivanildogalvao wrote:

     I recreated all VIPs, including the NAT of the email server.

    Hi,

    are you saying that you're applying NAT to incoming internet->vip policy?

    If so, remove it please urgently, because you're turning your email server in an open relay.  (and that could explain your issue)

     

    If I misunderstood your post, please attach a screenshot of your relevant firewall policy to clarify.

     

     

     

    Ivanildo_Galvao
    Ivanildo_GalvaoAuthor
    New Member
    March 31, 2019

    No, the mail server goes out to the internet on a regular internet browsing rule, without VIP. Only with the SMTP port, so that it is able to send the messages. When I referred to VIP, I was talking about the input, where the packets arriving at the SMTP port on a public ip, are directed to the mail server on the internal network and it is in this rule that I applied the antispam security profile, which is no longer working, has stopped filtering and blocking spam. I have other incoming NATs, using VIP, in separate rules, for web servers and ftp.

    abelio
    SuperUser
    abelio
    SuperUser
    March 31, 2019

    Ivanildo,

    ivanildogalvao wrote:

    When I referred to VIP, I was talking about the input, where the packets arriving at the SMTP port on a public ip, are directed to the mail server on the internal network and it is in this rule that I applied the antispam security profile, which is no longer working,

    if that rule is NATTed, is wrong. Remove it asap.

    Terms & ConditionsAccessibility statement