Hi guys,
I'm facing a big problem here with one FG60D (5.2.1). I had configure email filter as usual but it's not working. I don't know why cause it's an easy configuration.
My config email filter profile is:
config spamfilter profile
edit "EF_example"
set comment "Email Filter"
set flow-based enable
set spam-filtering enable
set options spambwl spamfsip spamfssubmit spamfschksum spamfsurl spamfsphish
config imap
set tag-msg "[FG-Spam]"
end
config pop3
set tag-msg "[FG-Spam]"
end
config smtp
set log enable
set action tag
set tag-msg "[FG-Spam]"
end
set spam-rbl-table 1
next
end
My config into the firewall rule is:
config firewall policy
edit 13
set uuid 5d9c181c-775b-51e4-44e4-592b7f50c004
set srcintf "dmz"
set dstintf "wan1"
set srcaddr "<VIP ADDRESS>"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set spamfilter-profile "EF_example"
set profile-protocol-options "default"
set ssl-ssh-profile "deep-inspection"
set nat enable
set ippool enable
set poolname "<IP POOL with my public IP>"
next
I really don't know what's wrong. Can someone enlighten me?
Sorry about language mistakes,
Thank you,
Carlos - Brazil
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
CarlosAlmeida wrote:I really don't know what's wrong. Can someone enlighten me?
Two things to keep in mind -- 1) traffic originally from the mail server -> out, and 2) traffic originally from outside -> mail server. Both types won't be using the same VIP. Although your VIP is configured for "any interface" it is expecting the ext IP (which is the trigger for the port forward) to be the "public IP" -- if the mail server initials the connection from its side of the DMZ, it's internal IP address will be the extip.
Your firewall policy rule#13 should work if you use the mail server's internal IP for src address (no VIP needed because you are already NATTing the source IP).
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
This looks like a firewall policy from your mail server out to the internet... <VIP ADDRESS> needs to be your internal mail server address.
Bromont wrote:This looks like a firewall policy from your mail server out to the internet... <VIP ADDRESS> needs to be your internal mail server address.
But it is, look:
edit "RULE NAME"
set uuid dcf567ea-5f6d-51e4-ac49-5695fb4831fb
set extip <OUR PUBLIC IP>
set extintf "any"
set portforward enable
set mappedip <INTERNAL IP>
set extport 25
set mappedport 25
next
Our mail server is at dmz behind Fortigate, I have to use VIP to route to internal address. It's working well but email filter option.
Thank you.
CarlosAlmeida wrote:I really don't know what's wrong. Can someone enlighten me?
Two things to keep in mind -- 1) traffic originally from the mail server -> out, and 2) traffic originally from outside -> mail server. Both types won't be using the same VIP. Although your VIP is configured for "any interface" it is expecting the ext IP (which is the trigger for the port forward) to be the "public IP" -- if the mail server initials the connection from its side of the DMZ, it's internal IP address will be the extip.
Your firewall policy rule#13 should work if you use the mail server's internal IP for src address (no VIP needed because you are already NATTing the source IP).
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Dave Hall wrote:CarlosAlmeida wrote:I really don't know what's wrong. Can someone enlighten me?
Two things to keep in mind -- 1) traffic originally from the mail server -> out, and 2) traffic originally from outside -> mail server. Both types won't be using the same VIP. Although your VIP is configured for "any interface" it is expecting the ext IP (which is the trigger for the port forward) to be the "public IP" -- if the mail server initials the connection from its side of the DMZ, it's internal IP address will be the extip.
Your firewall policy rule#13 should work if you use the mail server's internal IP for src address (no VIP needed because you are already NATTing the source IP).
Dave, thank you for your time. I will try later (no time next weeks) just reformulate all my MTA infrastructure.
I let all know soon.
Best regards,
Carlos - Brazil
Hello All.
I made some improvement at my firewall and seems to work to log mail traffic and some tag action too.
date=2015-03-30 time=14:46:11 logid=0508020503 type=utm subtype=emailfilter eventtype=smtp level=information vd="root" sessionid=83880258 srcip=42.156.225.16 srcport=53279 dstip=x.x.x.x dstport=25 proto=6 service=SMTP profile="EF_Example" action=tagged from="promotion@aliexpress.com" to="mail1@x.x" sender="promotion@aliexpress.com" recipient="mail1@x.x" sentbyte=80396 rcvdbyte=46 direction=outgoing msg="general email log" subject="Preparamos_uma_seleção_de_produtos_para_você" size="80387" attachment=yes
date=2015-03-30 time=14:42:11 logid=0508020503 type=utm subtype=emailfilter eventtype=smtp level=information vd="root" sessionid=83879670 srcip=12.130.136.122 srcport=48137 dstip=x.x.x.x dstport=25 proto=6 service=SMTP profile="EF_Example" action=log-only from="newsletterslatin@trendmicro.rsys1.com" to="mail2@x.x" sender="newsletterslatin@trendmicro.rsys1.com" recipient="mail2@x.x" sentbyte=15369 rcvdbyte=46 direction=outgoing msg="general email log" subject="Novos Treinamentos para Certificação Trend Micro" size="15360" attachment=no Not perfect yet but now it's working.
Thanks,
Good Morning, Carlos could teach me this command to view the logs and teach points to be analyzed in the log? I am brazilian too
Hi Jones, how are you?
Of course I can help you. It's better to us talk in portuguese, right? Send me an e-mail (www.c.almeida at gmail dot com) and we can talk there.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1011 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.