Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
arunmws
New Contributor

fortinet is black listing IP outgoing mail not going thorugh outlook

I have a firewall of Fortigate it is blocking outgoing mails when users are using outlook 

when user are using WEB MAIL they are able to send mails. 

ISP have changed wan IP several times

can anyone tell where is the problem ?

ITs Fortigate black listing IPS 

solution is required

8 REPLIES 8
arunmws
New Contributor

hi anyone can help to solve the issue 

 

emnoc
Esteemed Contributor III

We need more information but for starters;

 

 

What address? Did you look  at any RBLS to see if others are blacklisting it? What security profile do you have apply for email and the firewall?

 

Can you change and add a specific policy for those address  mail domain/ipv4-ranges etc....?

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
arunmws
New Contributor

i am not able to get pings from my SMTP server 

when i try to ping within from LAN or Wan it is unreachable

smtp.gglonline.net - 162.222.225.58

is it not pinging . and from where  mail server is taken not giving logs for SMT

emnoc
Esteemed Contributor III

Okay from the top can you execute the following from cli

 

 

execute ping 162.222.225.58

execute traceroute 162.222.225.58

 

diag debug reset

diag debug enable

diag debug flow  fil addr 162.222.225.58

diag debug flow show console enable

diag debug flow trace start 10

 

now from the  server try a new ping and  tracert

 

After it has completed   upload any diag debug flow output.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
arunmws
New Contributor

execute the cmds that u mentioned 

but no success since mail server is hosted on reseller host so no access to it , logs have been attached for reference.

i have executed the commands but no success from firewall 

ping & traceroute are working 

C:\>ping 162.222.225.58

Pinging 162.222.225.58 with 32 bytes of data: Reply from 162.222.225.58: bytes=32 time=290ms TTL=41 Reply from 162.222.225.58: bytes=32 time=289ms TTL=41 Reply from 162.222.225.58: bytes=32 time=290ms TTL=41 Reply from 162.222.225.58: bytes=32 time=290ms TTL=41

==========================================

===========================================

C:\>ping smtp.gglonline.net

Pinging smtp.mailhostbox.com [162.222.225.58] with 32 bytes of data: Reply from 162.222.225.58: bytes=32 time=289ms TTL=41 Reply from 162.222.225.58: bytes=32 time=289ms TTL=41 Reply from 162.222.225.58: bytes=32 time=290ms TTL=41 Reply from 162.222.225.58: bytes=32 time=289ms TTL=41

Ping statistics for 162.222.225.58: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 289ms, Maximum = 290ms, Average = 289ms

==================================================

 

C:\>

C:\>tracert -d 162.222.225.58

Tracing route to 162.222.225.58 over a maximum of 30 hops

1 16 ms 11 ms 13 ms 180.233.123.178 2 8 ms 10 ms 8 ms 180.233.123.178 3 14 ms 8 ms 6 ms 180.233.120.1 4 23 ms 25 ms * 182.19.13.6 5 158 ms 163 ms 163 ms 182.19.115.233 6 166 ms 165 ms 164 ms 195.50.122.237 7 * * * Request timed out. 8 277 ms 305 ms 276 ms 4.35.207.70 9 * * * Request timed out. 10 289 ms 293 ms 306 ms 162.222.225.58

===================================

 

 

emnoc
Esteemed Contributor III

Maybe I wasn't clear but the cli meant from the  fortigate. So based on your logs is the problem your email connections to "gglonline.net"? If so have you asked them for assistance? It looks like relay is being denied by the mail server logs.

 

 

If the problem is the other way ( your mail server ) ?

 

I looked up the  162.222.225.58 and do NOT see it in any RBLS listing btw.

 

Ken

 

 

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Bromont_FTNT

 

Can you provide more info?  The problem is that users using Outlook behind the Fortigate  can't send mail out to the hosted smtp server? What ports are they using? 25, 465, 587? Is the ISP blocking port 25? Are you able to do a packet sniff on the Fortigate?

 

emnoc
Esteemed Contributor III

Depending on how  you look at the logs ,  the  sender { 122.163.215.117 } is his mail gateway. if that's true it's listed on a few BLs.

 

The message clearly shows "no relay allowed" 500 messages. I don't believe the  firewall is the issue. He either need to further diagnose, fix his reason as to why he's blacklisted or  have the  remote  "whitelist" his address until he fixes the  local issues.

 

 

Here's a few tips to avoid being listed

 

http://socpuppet.blogspot.com/2014/02/10-tips-to-avoid-being-blocked-on-rbl.html

 

 

 

Ken

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors