Spam Mails receiving in email server from internal local lan.

shamilsystems · ‎07-06-2017

Dear Forum,

I am having an issue local lan. We are using fortinet 100D as the gateway 192.168.10.1/24. We having a mailserver in local lan (hosted in premise) at 192.168.10.230/24. once we hosted this email server we receiving lot of spam mails (lots means 1000's of spam emails receiving). while further research found that its from one of the internal pc's which might affected with adware/spamware. How can i find/monitor in fortinet to find from which IP spam mails sending to port 25. thank you.

Shamil

zaibm · ‎07-31-2017

Hi Shamil

Please look into the below link. I hope this will help you choose your stategy.

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Anti_Spam/Anti-S...

Thanks

Malik

Fortinet NSE 4, 5, 7 Certified

rwpatterson · ‎07-31-2017

Your best bet here would be to put the mail server on a separate interface. The FGT cannot intercept traffic on the local wire because that traffic doesn't pass through the unit. Another added benefit is that you could then use the FGT to firewall traffic from the LAN that should not be hitting the mail server. (Your mail server logs should be able to tell you where the SPAM is originating)

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

mvonhatten · ‎08-04-2017

Hi

One method would be to login to the web GUI and go to the Forward Traffic Log and filter by service tcp/587 tcp/25.

This should filter out to only show e-mail traffic and hopefully give you a source IP.

Spam Mails receiving in email server from internal local lan.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website