smtp logs

Forum|Forum|10 years ago
June 16, 2015
2 replies
9947 views

Hi, just wondering if it's posisble to track smtp traffic in Fortigate 200B? We have a web server MS IIS in this network and has an smtp service, the website has a feature of forgot password and if user has click this, the program will use the smtp via iis to send a reset password link.

Is there a way to monitor if the smtp traffic has successfully go out of the firewall so that we are confident that the request was successful since the traffic really went out of the fortigate?

Thanks

Jeff

emnoc

New Member

Suggestion;

Qs:

If the request went out via the MS server can't you just check the logs on the server?

I'm sure the reset link is being sent to an 3rd party email-address correct?

technicianAuthor

New Member

Yes, actually, I've activated smtp logs in MS IIS SMTP and I can see the source and destination of that sent request via smtp. I'm just curious if there are logs like these in Fortigate.

Thanks

Jeff

emnoc

New Member

No really, but you can enable logging for traffic on the fortigate, but if you have logging enabled on the server than it sounds redundant imho.

Also logging on the firewall policy would log ALL smtp traffic and not really the request only. YMMV

(alternative)

So I'm guessing the user is trying to login in thru the OWA via https and than click a password reset/recover and your sending the reset/recover via SMTP to a 3rd party email address? Right ?

if that is correct, you could write a IPS rule with allow+log to trigger a security event based on the request/recover . You would have to do some investigating to see what it would take. Than apply the IPS rule only on that policy.

technicianAuthor

New Member

Yes, correct.

Ok, i"ll try to play around the IPS policy and see if what I can get from there.

Thanks

Jeff

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded