Skip to main content
cash5150
cash5150
New Member
January 6, 2018
Question

Inbound EMails being proxied

  • January 6, 2018
  • 2 replies
  • 11500 views

Hey Guys, 

I just setup this Fortigate 60C. I upgraded the os to 5.2. I created a VIP and then created a policy. This is for Port 25 and is being used to simply forward port 25 traffic to my mail filter. 

 

I noticed in my message tracking logs that External Emails Office 365 (And other senders) are being proxied by the fortigate instead of just being NAT'd. 

 

I was not expecting the Fortigate to Proxy SMTP Traffic inbound (or outbound). How can I disable this? The reason why this is bad is because my Symantec Messaging Gateway thinks inbound emails are now all of the sudden outbound emails which causes freaky policy issues. 

 

Thanks, 

Robert 

    2 replies

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    January 7, 2018

    Hi,

     

    and welcome to the forums.

    A VIP only changes the destination address. You probably have enabled 'NAT' in the incoming policy which causes the FGT to NAT the source address as well. Please check this first.

    cash5150
    cash5150Author
    New Member
    January 7, 2018

    I do have NAT Enabled but that shouldn't cause the Source IP address to change from an External IP to the Firewall's IP. That sounds like proxying to me. 

    cash5150
    cash5150Author
    New Member
    January 9, 2018

    Guys

     

    Any help here? I discovered today that my mail relay has been being used as an open relay because the IP address 192.168.1.225 FG firewall is listed as an internal IP (due to it being internal). This caused my relay to think all inbound emails were coming from inside my network. 

     

    I then locked down SMTP from anything but my networks external IP address, this also didn't work, due to the firewall once again proxying all traffic from the WAN to >> Port 25 internally. 

     

    I cant be the first person to have had this problem so I am clearly doing something wrong. Can anyone provide assistance here?

     

    Robert 

    cash5150
    cash5150Author
    New Member
    January 7, 2018

    Any suggestions here? the email in the screenshot is from office 365, the message was sent from EOP to my environment, the source IP address should have been a publicly routable address and the 192.168.1.225 which is the internal IP of the firewall. 

    Terms & ConditionsAccessibility statement