Skip to main content
Jeroen
Jeroen
New Member
March 11, 2015
Solved

Spam check & antivirus check failes after starttls is negotiated between server and client

  • March 11, 2015
  • 2 replies
  • 9678 views

Hello,

I have a problem with a fortigate 100D model. I have configured a policy with a VIP for relaying mail. Only SMTP (port 25)

The policy has Antivirus enabled in Proxy - Block mode and a Email filter in Proxy mode and Discard mode for SMTP.

 

When there is a normal mail I can see in the Fortigate logging that it has been scanned by the fortigate and then allowed or blocked. But when the client and the Exchange server negotiate a secure TLS connection the mail transported during this session is not being scanned. So the problem is that spam mail send during such a session is forwarded without any problem.

 

What am I doing wrong? Has anybody else this same problem?

 

Fortigate: 100D

Version: 5.2.1

 

Thanks in advance

Best answer by Bromont_FTNT

If you enable deep inspection for SMTPS it will also scan TLS on 25.

2 replies

Dave_Hall
Dave_Hall
New Member
March 18, 2015

As far as I am aware encrypted sessions can not be scanned by the Fortigate unless deep inspection is enable.

Jeroen
JeroenAuthor
New Member
March 20, 2015

Dave Hall wrote:

As far as I am aware encrypted sessions can not be scanned by the Fortigate unless deep inspection is enable.

But the inspection mode is only for Certificate based SMTPS on port 465. Not for TLS port 25 SMTP. As far is i know. So if I am wrong please let me know.

Bromont_FTNT
Staff
Bromont_FTNTAnswer
Staff
March 23, 2015

If you enable deep inspection for SMTPS it will also scan TLS on 25.

Jeroen
JeroenAuthor
New Member
March 24, 2015

I have just implemented it. So i will wait for a day to see if your advice really works.

Terms & ConditionsAccessibility statement