FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jtorres1
Staff
Staff
Article Id 197172
Description

This article provides a general best practice tip when having SMTP traffic entering your network and you have intermittences on the email service.

Sometimes email service (SMTP) show intermittences like incoming connections not being established with internal email servers. One of the reason for this is that email servers currently use severals spam control mechanisms that block or limit the connections to IP addresses from where spam messages were injected previously. This cause email servers to reject SMTP connections when they detect high volume injection of spam messages from one source (IP address). This situation sometimes affects the FortiGate operation when NAT is enabled on firewall policies that allow incoming SMTP traffic and email server has one of these mechanisms enabled, then intermittences can happen because the server start to reject connections from the FortiGate (internal) IP address because server cannot differentiate one Internet source from another because it only sees the FortiGate (internal) IP address.


Solution

In this case NAT needs to be disabled in the firewall policy for the incoming SMTP traffic to allow email servers to differentiate the source from each connection.


Contributors