Spam Mails receiving in email server from internal local lan.

Forum|Forum|8 years ago
July 6, 2017
2 replies
6244 views

Dear Forum,

I am having an issue local lan. We are using fortinet 100D as the gateway 192.168.10.1/24. We having a mailserver in local lan (hosted in premise) at 192.168.10.230/24. once we hosted this email server we receiving lot of spam mails (lots means 1000's of spam emails receiving). while further research found that its from one of the internal pc's which might affected with adware/spamware. How can i find/monitor in fortinet to find from which IP spam mails sending to port 25. thank you.

Shamil

zaibm

New Member

Hi Shamil

Please look into the below link. I hope this will help you choose your stategy.

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Anti_Spam/Anti-Spam%20techniques.htm

Thanks

Malik

rwpatterson

New Member

Your best bet here would be to put the mail server on a separate interface. The FGT cannot intercept traffic on the local wire because that traffic doesn't pass through the unit. Another added benefit is that you could then use the FGT to firewall traffic from the LAN that should not be hitting the mail server. (Your mail server logs should be able to tell you where the SPAM is originating)

mvonhatten

New Member

Hi

One method would be to login to the web GUI and go to the Forward Traffic Log and filter by service tcp/587 tcp/25.

This should filter out to only show e-mail traffic and hopefully give you a source IP.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded