I have a firewall of Fortigate it is blocking outgoing mails when users are using outlook
when user are using WEB MAIL they are able to send mails.
ISP have changed wan IP several times
can anyone tell where is the problem ?
ITs Fortigate black listing IPS
solution is required
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hi anyone can help to solve the issue
We need more information but for starters;
What address? Did you look at any RBLS to see if others are blacklisting it? What security profile do you have apply for email and the firewall?
Can you change and add a specific policy for those address mail domain/ipv4-ranges etc....?
PCNSE
NSE
StrongSwan
i am not able to get pings from my SMTP server
when i try to ping within from LAN or Wan it is unreachable
smtp.gglonline.net - 162.222.225.58
is it not pinging . and from where mail server is taken not giving logs for SMT
Okay from the top can you execute the following from cli
execute ping 162.222.225.58
execute traceroute 162.222.225.58
diag debug reset
diag debug enable
diag debug flow fil addr 162.222.225.58
diag debug flow show console enable
diag debug flow trace start 10
now from the server try a new ping and tracert
After it has completed upload any diag debug flow output.
Ken
PCNSE
NSE
StrongSwan
execute the cmds that u mentioned
but no success since mail server is hosted on reseller host so no access to it , logs have been attached for reference.
i have executed the commands but no success from firewall
ping & traceroute are working
C:\>ping 162.222.225.58
Pinging 162.222.225.58 with 32 bytes of data: Reply from 162.222.225.58: bytes=32 time=290ms TTL=41 Reply from 162.222.225.58: bytes=32 time=289ms TTL=41 Reply from 162.222.225.58: bytes=32 time=290ms TTL=41 Reply from 162.222.225.58: bytes=32 time=290ms TTL=41
==========================================
===========================================
C:\>ping smtp.gglonline.net
Pinging smtp.mailhostbox.com [162.222.225.58] with 32 bytes of data: Reply from 162.222.225.58: bytes=32 time=289ms TTL=41 Reply from 162.222.225.58: bytes=32 time=289ms TTL=41 Reply from 162.222.225.58: bytes=32 time=290ms TTL=41 Reply from 162.222.225.58: bytes=32 time=289ms TTL=41
Ping statistics for 162.222.225.58: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 289ms, Maximum = 290ms, Average = 289ms
==================================================
C:\>
C:\>tracert -d 162.222.225.58
Tracing route to 162.222.225.58 over a maximum of 30 hops
1 16 ms 11 ms 13 ms 180.233.123.178 2 8 ms 10 ms 8 ms 180.233.123.178 3 14 ms 8 ms 6 ms 180.233.120.1 4 23 ms 25 ms * 182.19.13.6 5 158 ms 163 ms 163 ms 182.19.115.233 6 166 ms 165 ms 164 ms 195.50.122.237 7 * * * Request timed out. 8 277 ms 305 ms 276 ms 4.35.207.70 9 * * * Request timed out. 10 289 ms 293 ms 306 ms 162.222.225.58
===================================
Maybe I wasn't clear but the cli meant from the fortigate. So based on your logs is the problem your email connections to "gglonline.net"? If so have you asked them for assistance? It looks like relay is being denied by the mail server logs.
If the problem is the other way ( your mail server ) ?
I looked up the 162.222.225.58 and do NOT see it in any RBLS listing btw.
Ken
PCNSE
NSE
StrongSwan
Can you provide more info? The problem is that users using Outlook behind the Fortigate can't send mail out to the hosted smtp server? What ports are they using? 25, 465, 587? Is the ISP blocking port 25? Are you able to do a packet sniff on the Fortigate?
Depending on how you look at the logs , the sender { 122.163.215.117 } is his mail gateway. if that's true it's listed on a few BLs.
The message clearly shows "no relay allowed" 500 messages. I don't believe the firewall is the issue. He either need to further diagnose, fix his reason as to why he's blacklisted or have the remote "whitelist" his address until he fixes the local issues.
Here's a few tips to avoid being listed
http://socpuppet.blogspot.com/2014/02/10-tips-to-avoid-being-blocked-on-rbl.html
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.