Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiMail 90% Access Control (OUTBOUND)
Hi,
I have an FML that seems to be working fine for receiving email but when looking at the graph for outbound ermail it shows 80+ % if emails are blocked by Access Control - Relay denied. Some emails get out.
When looking at the log I don' t see internal (Protected) email addresses in the from field. I also see on the status page that AV and VMWare are green checks but the AntiSpam is orange. I' ve changed the port from 53 to 8888 and 8889 but it makes no difference. I can resolve the service.fortiguard.net and can ping the IP that it resolves to.
The FML is using only one interface which is connected to an FGT and the FGT allows all traffic from the FML to the internet and SMTP traffic to the Exchange server.
Thanks for any help.
Matt.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regular outbound mail from your mail server (Exchange etc) is working ok?
Sounds like spammers are trying to relay through you and the Fortimail is doing it' s job blocking all that.
Next issue is your Fortiguard AS problem... Can you post a screenshot of the AS status as well as what' s under Maintenance --> Fortiguard
What do you get with an IP query to Fortiguard?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regular outbound mail from your mail server (Exchange etc) is working ok? Sounds like spammers are trying to relay through you and the Fortimail is doing it' s job blocking all that. Next issue is your Fortiguard AS problem... Can you post a screenshot of the AS status as well as what' s under Maintenance --> Fortiguard What do you get with an IP query to Fortiguard?Hi, not all email from exchange is finding it' s way out but all incoming is fine. Screenshots attached. Thanks !
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Connected
DAONDUB-FML #
DAONDUB-FML # exec nslookup name service.fortiguard.net
Non-authoritative answer:
service.fortiguard.net canonical name = guard.fortinet.net.
Name: guard.fortinet.net
Address: 208.91.112.196
Name: guard.fortinet.net
Address: 208.91.112.198
DAONDUB-FML # exec ping 208.91.112.196
PING 208.91.112.196 (208.91.112.196): 56 data bytes
64 bytes from 208.91.112.196: icmp_seq=0 ttl=44 time=156.1 ms
64 bytes from 208.91.112.196: icmp_seq=1 ttl=44 time=156.0 ms
64 bytes from 208.91.112.196: icmp_seq=2 ttl=44 time=156.1 ms
64 bytes from 208.91.112.196: icmp_seq=3 ttl=44 time=156.0 ms
64 bytes from 208.91.112.196: icmp_seq=4 ttl=44 time=156.0 ms
--- 208.91.112.196 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 156.0/156.0/156.1 ms
DAONDUB-FML #
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Licence info
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That first screenshot didn' t seem to make it through... For outbound mail from your mail server, are you able to find those messages that don' t make it out in the logs?
try the following at CLI to get AS kickstarted again:
#exec update now
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That first screenshot didn' t seem to make it through... For outbound mail from your mail server, are you able to find those messages that don' t make it out in the logs? try the following at CLI to get AS kickstarted again: #exec update nowI can' t see the emails that didn' t make it through in the log. I ran the CLI update and it kicked off an update but made no difference to the A/S unfortunately.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
E-mails that don' t make it through...they never make it through? Or they are delayed? Is your timezone correct?