FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
This article explains how to capture the traffic on FortiMail by using sniffer command on CLI or Traffic Capture on GUI.

1) Capture the traffic via CLI mode:
- Log the SSH session and output.
- Enable the logs for the other SSH clients (Putty, Secure CRT, Tera Term, MobaXterm…)
- Refer to the article in the field 'Related articles' to save the logs via Putty
# diagnose sniffer packet any ‘host and port 25' 6 0 a         <----- Capture on any interface
# diagnose sniffer packet port1 ‘host and port 25' 6 0 a       <----- Capture on interface port1
Note : This is required for troubleshooting to send to TAC team to convert to pcap format

2) Capture the traffic from GUI:  Go to System -> Network -> Traffic Capture
- Set  Interface to capture
- Set IP address of SMTP host needs to capture
- Set Protocol and port number to filter
- It will be running automatically after click Create

Note: Stop to run capture after getting the logs to utilize FortiMail performance. Export to pcap format to investigate

Related Articles

Technical Note: How to create a log file of a session using PuTTY