Dear Forum,
I am having an issue local lan. We are using fortinet 100D as the gateway 192.168.10.1/24. We having a mailserver in local lan (hosted in premise) at 192.168.10.230/24. once we hosted this email server we receiving lot of spam mails (lots means 1000's of spam emails receiving). while further research found that its from one of the internal pc's which might affected with adware/spamware. How can i find/monitor in fortinet to find from which IP spam mails sending to port 25. thank you.
Shamil
Hi Shamil
Please look into the below link. I hope this will help you choose your stategy.
Thanks
Malik
Fortinet NSE 4, 5, 7 Certified
Your best bet here would be to put the mail server on a separate interface. The FGT cannot intercept traffic on the local wire because that traffic doesn't pass through the unit. Another added benefit is that you could then use the FGT to firewall traffic from the LAN that should not be hitting the mail server. (Your mail server logs should be able to tell you where the SPAM is originating)
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Hi
One method would be to login to the web GUI and go to the Forward Traffic Log and filter by service tcp/587 tcp/25.
This should filter out to only show e-mail traffic and hopefully give you a source IP.
User | Count |
---|---|
2674 | |
1410 | |
810 | |
702 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.