Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: Problem to config email filter
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problem to config email filter
Hi guys,
I'm facing a big problem here with one FG60D (5.2.1). I had configure email filter as usual but it's not working. I don't know why cause it's an easy configuration.
My config email filter profile is:
config spamfilter profile
edit "EF_example"
set comment "Email Filter"
set flow-based enable
set spam-filtering enable
set options spambwl spamfsip spamfssubmit spamfschksum spamfsurl spamfsphish
config imap
set tag-msg "[FG-Spam]"
end
config pop3
set tag-msg "[FG-Spam]"
end
config smtp
set log enable
set action tag
set tag-msg "[FG-Spam]"
end
set spam-rbl-table 1
next
end
My config into the firewall rule is:
config firewall policy
edit 13
set uuid 5d9c181c-775b-51e4-44e4-592b7f50c004
set srcintf "dmz"
set dstintf "wan1"
set srcaddr "<VIP ADDRESS>"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set spamfilter-profile "EF_example"
set profile-protocol-options "default"
set ssl-ssh-profile "deep-inspection"
set nat enable
set ippool enable
set poolname "<IP POOL with my public IP>"
next
I really don't know what's wrong. Can someone enlighten me?
Sorry about language mistakes,
Thank you,
Carlos - Brazil
Solved! Go to Solution.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CarlosAlmeida wrote:I really don't know what's wrong. Can someone enlighten me?
Two things to keep in mind -- 1) traffic originally from the mail server -> out, and 2) traffic originally from outside -> mail server. Both types won't be using the same VIP. Although your VIP is configured for "any interface" it is expecting the ext IP (which is the trigger for the port forward) to be the "public IP" -- if the mail server initials the connection from its side of the DMZ, it's internal IP address will be the extip.
Your firewall policy rule#13 should work if you use the mail server's internal IP for src address (no VIP needed because you are already NATTing the source IP).
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This looks like a firewall policy from your mail server out to the internet... <VIP ADDRESS> needs to be your internal mail server address.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bromont wrote:This looks like a firewall policy from your mail server out to the internet... <VIP ADDRESS> needs to be your internal mail server address.
But it is, look:
edit "RULE NAME"
set uuid dcf567ea-5f6d-51e4-ac49-5695fb4831fb
set extip <OUR PUBLIC IP>
set extintf "any"
set portforward enable
set mappedip <INTERNAL IP>
set extport 25
set mappedport 25
next
Our mail server is at dmz behind Fortigate, I have to use VIP to route to internal address. It's working well but email filter option.
Thank you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CarlosAlmeida wrote:I really don't know what's wrong. Can someone enlighten me?
Two things to keep in mind -- 1) traffic originally from the mail server -> out, and 2) traffic originally from outside -> mail server. Both types won't be using the same VIP. Although your VIP is configured for "any interface" it is expecting the ext IP (which is the trigger for the port forward) to be the "public IP" -- if the mail server initials the connection from its side of the DMZ, it's internal IP address will be the extip.
Your firewall policy rule#13 should work if you use the mail server's internal IP for src address (no VIP needed because you are already NATTing the source IP).
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dave Hall wrote:CarlosAlmeida wrote:I really don't know what's wrong. Can someone enlighten me?
Two things to keep in mind -- 1) traffic originally from the mail server -> out, and 2) traffic originally from outside -> mail server. Both types won't be using the same VIP. Although your VIP is configured for "any interface" it is expecting the ext IP (which is the trigger for the port forward) to be the "public IP" -- if the mail server initials the connection from its side of the DMZ, it's internal IP address will be the extip.
Your firewall policy rule#13 should work if you use the mail server's internal IP for src address (no VIP needed because you are already NATTing the source IP).
Dave, thank you for your time. I will try later (no time next weeks) just reformulate all my MTA infrastructure.
I let all know soon.
Best regards,
Carlos - Brazil
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello All.
I made some improvement at my firewall and seems to work to log mail traffic and some tag action too.
date=2015-03-30 time=14:46:11 logid=0508020503 type=utm subtype=emailfilter eventtype=smtp level=information vd="root" sessionid=83880258 srcip=42.156.225.16 srcport=53279 dstip=x.x.x.x dstport=25 proto=6 service=SMTP profile="EF_Example" action=tagged from="promotion@aliexpress.com" to="mail1@x.x" sender="promotion@aliexpress.com" recipient="mail1@x.x" sentbyte=80396 rcvdbyte=46 direction=outgoing msg="general email log" subject="Preparamos_uma_seleção_de_produtos_para_você" size="80387" attachment=yes
date=2015-03-30 time=14:42:11 logid=0508020503 type=utm subtype=emailfilter eventtype=smtp level=information vd="root" sessionid=83879670 srcip=12.130.136.122 srcport=48137 dstip=x.x.x.x dstport=25 proto=6 service=SMTP profile="EF_Example" action=log-only from="newsletterslatin@trendmicro.rsys1.com" to="mail2@x.x" sender="newsletterslatin@trendmicro.rsys1.com" recipient="mail2@x.x" sentbyte=15369 rcvdbyte=46 direction=outgoing msg="general email log" subject="Novos Treinamentos para Certificação Trend Micro" size="15360" attachment=no Not perfect yet but now it's working.
Thanks,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good Morning, Carlos could teach me this command to view the logs and teach points to be analyzed in the log? I am brazilian too
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jones, how are you?
Of course I can help you. It's better to us talk in portuguese, right? Send me an e-mail (www.c.almeida at gmail dot com) and we can talk there.
Regards,
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,698 -
FortiClient
1,763 -
5.2
801 -
FortiManager
729 -
5.4
639 -
FortiAnalyzer
558 -
FortiSwitch
475 -
FortiAP
471 -
FortiClient EMS
432 -
6.0
416 -
5.6
362 -
FortiMail
318 -
6.2
251 -
SSL-VPN
245 -
FortiAuthenticator v5.5
234 -
IPsec
209 -
FortiWeb
205 -
5.0
196 -
FortiNAC
189 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
103 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
96 -
FortiToken
92 -
Firewall policy
82 -
Customer Service
79 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
51 -
ZTNA
49 -
Routing
46 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
41 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
Certificate
34 -
SSO
33 -
Interface
31 -
VDOM
30 -
FortiConnect
29 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
Virtual IP
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
FortiGate-VM
13 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
Fortinet Engage Partner Program
6 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
API
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1713 | |
| 1093 | |
| 752 | |
| 447 | |
| 231 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.