Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dread
New Contributor

Created on ‎05-14-2018 02:14 AM

SMTP Tracker

MOrning Team. 

I am new to this fortigate thing. Im using FTG300D. I have the following issues and i cannot have my Fortigate give me statistics. My fortigate is the last hop to the internet on a load balanced WAN links. My issues are as follows:

[ol]
  • Often both my public IPs are blacklisted because they feel there is a computer inside my LAN spamming. My thinking is that spam in most cases come out as SMTP service. I am failing to pin down that computer from my fortigate because forward reports are not easy to understand. Is there a way in which we can easily pick any computer that is spamming from my LAN. When i try to use filters to check SMTP, the service is not in the drop down list and it returns nothing.
  • Regards[/ol]

    • ______

    Dread

    ______ Dread
    4838
    0 Kudos
    2 REPLIES 2
    Toshi_Esumi
    SuperUser
    SuperUser

    Created on ‎05-14-2018 08:00 AM

    I would just sniff traffic with port 25 and 587. If spamming is concerned, likely you would see many matches from specific sources within 5-10 min.

    2102
    0 Kudos
    Dave_Hall
    Honored Contributor

    Created on ‎05-14-2018 08:44 AM

    Create a simple firewall policy from lan to wan connection, set service to 25 (and ports 465, 587 if needed) - move this firewall rule up the firewall chain so it is triggered - note the Policy ID for this policy and use the Policy monitor to drill down to the sessions using this policy. 

     

    Alternately, on the CLI, you can try something like:

     

    diag sniffer packet any 'port 25' 4 0 a

     

    Press Control+C to stop.

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    2109
    0 Kudos
    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2024 Fortinet, Inc. All Rights Reserved.