Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dread
New Contributor

SMTP Tracker

MOrning Team. 

I am new to this fortigate thing. Im using FTG300D. I have the following issues and i cannot have my Fortigate give me statistics. My fortigate is the last hop to the internet on a load balanced WAN links. My issues are as follows:

[ol]
  • Often both my public IPs are blacklisted because they feel there is a computer inside my LAN spamming. My thinking is that spam in most cases come out as SMTP service. I am failing to pin down that computer from my fortigate because forward reports are not easy to understand. Is there a way in which we can easily pick any computer that is spamming from my LAN. When i try to use filters to check SMTP, the service is not in the drop down list and it returns nothing.
  • Regards[/ol]
  • ______

    Dread

    ______ Dread
    2 REPLIES 2
    Toshi_Esumi
    SuperUser
    SuperUser

    I would just sniff traffic with port 25 and 587. If spamming is concerned, likely you would see many matches from specific sources within 5-10 min.

    Dave_Hall
    Honored Contributor

    Create a simple firewall policy from lan to wan connection, set service to 25 (and ports 465, 587 if needed) - move this firewall rule up the firewall chain so it is triggered - note the Policy ID for this policy and use the Policy monitor to drill down to the sessions using this policy. 

     

    Alternately, on the CLI, you can try something like:

     

    diag sniffer packet any 'port 25' 4 0 a

     

    Press Control+C to stop.

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors