- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiMail issue ip reputation
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiMail issue ip reputation
Hi all. There is a problem with some MX servers from which we receive letters, for example magnit.ru, their IP address is replaced with the address of our fortigate, substituting the IP it disrupts the client reputation system by IP and we stop receiving letters from outside whose IP is resolved as our internal one. And the question is not how to enable IP reputation and set its restrictions. The problem is that when redirecting with nat turned off, the letter for fortimail receives the ip address of our fortigate, and not the sender’s source. In the case of nat enabled, all letters naturally take this form, which is incorrect from the point of view of ip reputation. If nat is turned off, only some (for example, magnit.ru). We also do not find a single way to clear the ip score for our fortigate IP address; the clear option is not functional in this case. It is necessary for #FortiMail to receive letters from the sender’s IP, and not the IP of our #FortiGate.
Vital4eg
Solved! Go to Solution.
Vital4eg
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello. The reason has been found. Briefly, the exhange server sends letters to one of our domains and resolves it as the IP address of our backup provider. Since we have SD-wan configured, the mail must go through the main provider, a masquerade is applied to it and it is sent to the backup one. Where it is redirected to FortiMail. All letters that Exchange sends to itself are service messages. Since there are a lot of such letters per unit of time and often, FortiMail adds the IP rating of our FortiGate until it blocks. Since the messages are service messages, it was decided to add IP FortiGate to the exception and not count its rating.
Thanks for the help.
Vital4eg
Vital4eg
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Vital4eg
Are your saying that even when you disable NAT in the inbound firewall policy on FortiGate (from WAN to FortiMail) the source IP seen by FML remains the IP of FortiGate?
On the other hand, when you need to bypass a sender IP from sender reputation check, I think the solution is to create a new IP policy at top, like this:
- Source IP: The IP you want to exonerate
- Session profile: An inbound session profile where sender reputation option is disabled
AEK
AEK
Created on 04-26-2024 01:11 AM Edited on 04-26-2024 01:12 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But the good solution is to fix the FortiGate's NAT issue. The original IP must reach FortiMail as source IP of the SMTP connection.
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@AEK The problem is that some (I emphasize some) counterparties send us mail.... and for some unknown reason our FG replaces the original IP with its own... And FM sees that a lot of letters are coming from our IP, it begins to increase the rating and cuts off receiving at 80. On FG, nat is turned off on ports 25,465... that is, access passes through without chanWe see 90 percent of original IPs and there are some exceptional cases.
Vital4eg
Vital4eg
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello. The reason has been found. Briefly, the exhange server sends letters to one of our domains and resolves it as the IP address of our backup provider. Since we have SD-wan configured, the mail must go through the main provider, a masquerade is applied to it and it is sent to the backup one. Where it is redirected to FortiMail. All letters that Exchange sends to itself are service messages. Since there are a lot of such letters per unit of time and often, FortiMail adds the IP rating of our FortiGate until it blocks. Since the messages are service messages, it was decided to add IP FortiGate to the exception and not count its rating.
Thanks for the help.
Vital4eg
Vital4eg
Related Posts
- Fortimail Cloud active mailbox accounts 231 Views
- Teams Group email address not populated... 226 Views
- FW Policy install failed - ISDB... 516 Views
- Statistics report for SPF, DKIM DMARK... 611 Views
Labels
-
FortiGate
6,622 -
FortiClient
1,319 -
5.2
801 -
5.4
639 -
FortiManager
573 -
FortiAnalyzer
418 -
6.0
416 -
5.6
362 -
FortiSwitch
340 -
FortiAP
337 -
FortiClient EMS
269 -
6.2
251 -
FortiMail
249 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
152 -
6.4
128 -
FortiNAC
108 -
FortiGuard
104 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
75 -
FortiToken
72 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
63 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
SD-WAN
29 -
Firewall policy
26 -
FortiConnect
24 -
High Availability
22 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiPortal
18 -
FortiAuthenticator
18 -
ZTNA
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.