This article provides a general best practice tip when having SMTP traffic entering your network and you have intermittences on the email service.
Sometimes email service (SMTP) show intermittences like incoming connections not being established with internal email servers. One of the reason for this is that email servers currently use severals spam control mechanisms that block or limit the connections to IP addresses from where spam messages were injected previously. This cause email servers to reject SMTP connections when they detect high volume injection of spam messages from one source (IP address). This situation sometimes affects the FortiGate operation when NAT is enabled on firewall policies that allow incoming SMTP traffic and email server has one of these mechanisms enabled, then intermittences can happen because the server start to reject connections from the FortiGate (internal) IP address because server cannot differentiate one Internet source from another because it only sees the FortiGate (internal) IP address.
In this case NAT needs to be disabled in the firewall policy for the incoming SMTP traffic to allow email servers to differentiate the source from each connection.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.