Hi everyone.. I'm new here to the forum.. So, my question could be an old one, but I didn't see it in the submitted messages..
I have an issue concerning my protected domains that I need your help with.. I have a Fortimail 200F, with two protected domains. I can see the incoming and outgoing emails to each of the protected domains in the logs, but I can't see any emails that are sent between those domains (i.e. From protected domain1 to protected domain2, and vice versa), although the emails reach their destination successfully, but no logs for them at all.. Is this a common issue that can be modified in the configuration? If so, could you help me with the steps to resolve this issue..
Hello @The40ITGuy
I guess on the protected domains are on same mail server, right? In that case the mail server recognizes its hosted domains and doesn't send the internal-to-internal mail through the SMTP gateway, but the mail actually never leaves the server.
Yes they are on the same server but as virtual machines. They are hosted on an ESXI server, and they are on the same port group and virtual switch. In this case, I think that they will behave in the way you mentioned (internal to internal without passing through the gateway), especially that their IPs are also in the same subnet.
In this case, do you think I have to host them on different servers to make them pass through the SMTP gateway (Fortimail in this case, taking into consideration that fortimail is working in transparent mode)?
If FML is in transparent mode I don't think I can help.
However if it was in GW mode I think the solution is to add FML IP as MX records on your internal DNS. Didn't test it before but I think this can be the solution, as this will force your mail servers to send mails to each others via FML.
Thanks a lot @AEK
Unfortunately, I can't go for the gateway solution right now. As you said, we need to modify our mx records, and this isn't applicable for us during this period.
So, I still have to search for other way around, as this issue is essential for us.
On second thought, as it is transparent, I think there should be a way to put the FML transparently between the two servers. I don't have a clear idea on how to do it in virtual environment but I think it is feasible.
Try ask your VMware admin, he should know how to achieve it with virtual switches and so.
I think you are right @AEK . I believe there is some way to allow the logs between the two domains, through configurations, either on Fortimail or VMware. You gave me some insights about the first step to look at.
Thaaaaaaaaaaaaaanx a lot....
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.