Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Exchange email getting blocked
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 04-12-2004 07:49 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Exchange email getting blocked
I' m just starting my attempts to solve this one, but perhaps somebody else on the forum has seen this or has some ideas:
I setup the Fortigate 50a with the default policies. We are running Windows Small Business Server 2003. Our main application of note is Exchange Server 2003. We have the MX records for the domain pointed in and the Fortigate forwarding the ports to the server.
With no policies in effect, everything works perfectly. When we use the default policy or normal policies, most of the email is being blocked--even if the size is small (ie text saying " test" ). My short term fix was to open the floodgates and let everything in.
Now I want to figure out what/why these outside emails addressed to our users were being blocked. Any ideas? Any guesses as what to try next?
Thanks,
Jeremy
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
11 REPLIES 11
Not applicable
Created on 04-13-2004 03:06 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jeremy!
Did you check the Email Filter menu? I think may be your messages which contains some format can be blocked by these features.
And would you pls review the Antivirus rules in your default Policy?
Hope u fix the problem and share it to the Forum,pls!
Brgds
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We are running a Fortigate 60 box, and like Jeremy in this thread, have the default settings in place. We are using an outside hosting provider for Exchange (which we connect to using a VPN session). The staff running Outlook XP are not having problems, but the folks on Outlook 2003 are having a problem where the connection to the server seems to be lost during spell-check/send. Otherwise, everything is passing normally and email is working fine.
I checked the email filter settings again, per your idea, and they are also default/nothing.
Any ideas? I' m about to call the Fortinet folks now to see what settings I might need to tweak.
Kenan
Not applicable
Created on 04-22-2004 02:35 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try check your Exchange Server Event Log, you might be able to find something there. For my case, I found that my Exchange server refuse to Relay for my firewall IP (I enable NAT in the policies, which is wrong)
I using Fortigate 100, NAT mode. You will need to configure the following: -
1. Virtual IP to map External IP -> Server IP (exchange server private IP).
2. Policies, Ext -> Int, make sure you don' t select any of the option.
Have a try..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Exchange 2003 port fowarding & FW SettingsFortigate 50A, configured (NON-transparent mode) to Scan/File Block all outbound SMTP traffic, and same on incoming SMTP traffic. The device is configured to TCP Port-Forward (port 25) to our Exchange server address (192.168.1.3). We have an Exchange 2003 sever. It sends (and receives) email immediately to most addresses. However we found that any email to Hotmail, rgm.com.au and a few others, gets delayed and not sent. As soon as I turn off Antivirus Scanning on outbound email....all email goes immediately. Note: On incoming Hotmail emails...there is upto a 5 minute delay on receiving emails with Inbound virus scanning turned on, but no delay with the scanning turned off. Sorry this is not a solution, but perhaps helps build a better picture of the problem. Jason.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why use Port-Fwd' ing at all? Why not just use Static NAT? If you specifically have a policy for Ext->Int for SMTP to your exchange server, then you don' t need Port-Fwd' ing enabled. i don' t and email come sin just fine.
Just my .02.
Travis.
Not applicable
Created on 04-26-2004 04:45 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You have described problems similar to the ones i have been experience with several revisions of the 2.50 code. I have websites that simply will not display with AV turned on. As soon as I disable AV, all starts working well.
I know this isn' t really and option as this will disable your AV scanning, but its worth a try; add the domains in question to the URL exempt list. This should cause the fortigate to exclude them from any file block procedures or AV scanning when the see the smtp header in the email.
I' ll be glad when they get the AV weirdness straightened out too.
Not applicable
Created on 05-17-2004 06:51 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I experienced the same problem :
after my fortigate power supply died I had to use a temporary fortigate lended, this had the firmware v2.50
as soon as I enabled the AV filtering I started getting bugged by " lusers" with problems sending/receiving from (r)hotmail :) (but also a couple of other domains)
problems that vanished as the old fortigate (with v2.36) was reinstated
now I' m quite puzzled if is the case to upgrade ....
also I doubt that disabling av checks for rotmail is a good idea given the fact that a huge pile of crap arrives from it (or with spoofed " from" fields in that domain)
let' s hope that 2.50 gets a fix!
Max
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We' ve seen something slightly related to this on one large site with 2000 users behind an 800. Hotmail broke for all IE6 users but the guys on Mozilla had no issues. Weirdest thing is it is intermittent. Fortinet are investigating but no solution at present. BTW, it has 2.5 build 264.
Not applicable
Created on 06-28-2004 01:23 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it the entire mail or simply attachments?
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- What happens if one Fortigate device... 82 Views
- FortiNAC-F - Validate Credentials Fails on... 77 Views
- Access Blocked 114 Views
- Reconnaissance block - why? 110 Views
- Webpage access blocked 116 Views
Labels
-
FortiGate
8,428 -
FortiClient
1,701 -
5.2
801 -
FortiManager
708 -
5.4
639 -
FortiAnalyzer
542 -
FortiSwitch
456 -
FortiAP
456 -
6.0
416 -
FortiClient EMS
404 -
5.6
362 -
FortiMail
308 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
211 -
FortiWeb
198 -
5.0
196 -
IPsec
183 -
FortiNAC
175 -
FortiGuard
134 -
6.4
128 -
SD-WAN
109 -
FortiGateCloud
100 -
FortiSIEM
98 -
FortiCloud Products
95 -
FortiToken
89 -
FortiAuthenticator
83 -
Customer Service
77 -
Wireless Controller
75 -
Firewall policy
70 -
4.0MR3
64 -
FortiProxy
59 -
FortiADC
53 -
Fortivoice
52 -
High Availability
51 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiSandbox
43 -
FortiExtender
43 -
FortiDNS
42 -
Routing
39 -
BGP
38 -
DNS
38 -
LDAP
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
32 -
Certificate
32 -
Authentication
31 -
Interface
31 -
SSO
30 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
VDOM
24 -
Logging
24 -
Web profile
23 -
Virtual IP
22 -
FortiPAM
21 -
Fortigate Cloud
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
FortiMonitor
18 -
SSL SSH inspection
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
IP address management - IPAM
14 -
FortiSOAR
13 -
SSID
13 -
Static route
13 -
System settings
13 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Traffic shaping policy
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Traffic shaping profile
5 -
Email filter profile
5 -
Web rating
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Service
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1645 | |
| 1070 | |
| 751 | |
| 443 | |
| 210 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.