Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ReMad
New Contributor

Best Exchange Settings Configuration !?

Hello I keep checking the New installed server with Exchange 2003 with Symantec Antivirus it got listed last week and this week as Spam to some websites I have the following settings And the users arent allowed to access the SMTP port only the mail server What is the best possible settings ? Shall I change the IPS settings ? since Fortinet doesnt check the out mails what software do you suggest to install to scan out mails ? ( seems that Symantec Solutions are not enough ! )
ReMad
ReMad
5 REPLIES 5
abelio
Valued Contributor

it got listed last week and this week as Spam to some websites
How did you define the incoming WAN->internal or dmz firewall policy for that exchange? Is it NATed for instance? Don' t do that; it could transform your mailserver into an open relay one.
And the users arent allowed to access the SMTP port only the mail server
ok!
Shall I change the IPS settings ?
if your main concern is spam, changing IPS settings could be not helpful.
since Fortinet doesnt check the out mails what software do you suggest to install to scan out mails ?
why not? apply a AS profile to the SMTP traffic outgoing policy; do it carefully if you' re listed in some spam database or your IPs has poor smtp reputation, you could be smtp-blocking yourself. hope it helps

regards




/ Abel

regards / Abel
ReMad
New Contributor

ok what tools do you recommend ?
ReMad
ReMad
IPMAN
New Contributor

You shouldn' t need any other solution. The Fortigate can handle everything you need. It sounds like a configuration issue. If the public ip address your exchange server uses does not have reverse dns properly setup, spam filters could be blocking you on third party mail servers. Also, as abelio mentioned, you absolutely must NOT check the NAT box on your inbound smtp policy that is used to receive emails as this will cause an open relay and you will be very popular with spammers who will use your exchange server for their dirty work. If smtp is the only protocol being used for inbound, then check all of the boxes under smtp except for HELO DNS Lookup. This will block most spam and make false positives fairly nonexistent. I recommend using a seperate protection profile for your outgoing emails. As long as your inbound policy is not using NAT, then you should not need any email filtering on your outbound protection profile(assuming you are only using your exchange server for your own internal purposes and not providng email relay services to third parties). I do however recommend you configure the antivirus settings in the outbound protection profile so that you screen outbound emails for viruses. This is a good practice and can prevent the spread of malicious code to other people and organizations. I am also a fan of using the IPS sensor for both inbound and outbound policies (especially the inbound policies). For your inbound IPS sensor, create an IPS sensor with a filter that specifies high and critical signatures, specifies Server, specifies protocol as SMTP, specifies OS as windows and Other and specifies application as MSEXCHANGE, WINDOWS and IIS (for good measure). Then set the action to ENABLE ALL, Log ALL and Block ALL. If you want you can add another filter to the same profile that specifies low and medium as the severity along with the other settings just mentioned except instead of setting the action to Block All, set it to Default. Good luck.
Dustin Niglio Payment Logistics Limited pcidss@paymentlogistics.com www.pcilogistics.com
Dustin Niglio Payment Logistics Limited pcidss@paymentlogistics.com www.pcilogistics.com
Jshaw
New Contributor

make sure your mail server is not being an open relay... http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
laf
New Contributor II

You might have got listed because other host spammed using the same public IP as your Exchange. Also please note that no Fortigate offers outbound Antispam protection, so there is a possibility your users have sent some kind of SPAM, too.

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.
Labels
Top Kudoed Authors