Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Sending MTA IP Address in Email Headers

Greetings. Apologies if this is the wrong subforum in which to post this particular question. We have a Fortigate 60B in place as an edge firewall+router. For some reason it replaces the IP address of the sending MTA in every email header with the IP address assigned to the " Internal 1" port. Is there a way to make this behavior stop so that when someone checks an email header in Outlook from behind the firewall they can actually see the originating MTA' s IP address? I did not see anything in the Admin manual discussing this " feature" . If there is info in there, please let me know where and I will be glad to read through it. TIA!
4 REPLIES 4
Not applicable

Look at the policy that is set up to port forward SMTP to your mail server. NAT is probably enabled. I' m not 100% sure if it' s safe to disable it. Maybe try it and test to make sure incoming emails still work after?
Not applicable

Winner winner chicken dinner! Dunno why I didn' t think of that. Thanks so much for the assist :D I wasn' t sure if Spamhaus Zen, setup in Exchange System Manager -> Global Settings -> Message Delivery -> Connection Filtering was being compromised by that or not. It did not seem so, we did not see a huge increase in spam I would expect, but spam had increased a little bit. I wish there was an easier way of seeing what Exchange sees coming in. There probably is via logging, or at least one would hope so.
Not applicable

Check that... I just found the same setup on my firewall... turned off NAT on the policy that port forwards SMTP to my email server and emails are still coming in and I see sessions from external IPs on the SMTP server... so it looks good. That will probably help my anti-spam filter as well. Not the one on the firewall but the one I have set up on the server to catch the few items that slip past the firewall.
Not applicable

I would guess that the Connection Filter would look up the IP in the message header as it would still show up properly in there. I think that there is a way to get the firewall to use Spamhause as an RBL, then the traffic doesn' t have to hit your exchange server and bounce.
Labels
Top Kudoed Authors