Created on 04-07-2009 08:58 AM Edited on 05-26-2022 11:32 AM By Anonymous
Description
The discussion that follows comes from a commonly asked question. Users of FortiGate appliances running FortiOS wish to to enable only one mail server, 192.168.16.1 for example, to be able to use port 25. Must also restrict other computers to limit spam email from infected computers.
Scope
This article references a very specific case, and is only relevant for a FortiGate running in NAT mode.
Solution
RESTRICT MAIL FROM IP OF MAIL SERVER
After Being Blacklisted:
Find out which IP in the network is sending SMTP traffic on port 25. This can be done by examining the session table (system->status page select [Details] beside the session count) Setup filtering by destination port 25. This will show a list of all active SMTP sessions.
To block unwanted SMTP traffic you will need two firewall policies. The first one to allow specific SMTP traffic and the second one to block unwanted SMTP traffic.
For an external mail server(s):
Create a policy allowing all permitted internal hosts to send traffic to external mail server(s) IP address. Source all, destination of specific IPs, service of SMTP and an action of ACCEPT (again an appropriate protection profile with NAT enabled).
In both cases the second firewall policy will be an an ALL-ALL-SMTP-DENY policy. Efficiently traffic that does not match the IP address source/destination for the first policy on port 25 will hit this second policy and be dropped.
Firewall Policy Order:
1) Firewall policy order is important
2) The first policy should be located above the “generic” INTERNET access policy
3) The second policy should be located directly below the SMTP allow policy
To submit your IP to be reviewed (if blacklisted):
http://www.fortiguardcenter.com/antispam/antispam.html
Related Articles
Technical Tip : Troubleshoot and verify if traffic is hitting a Firewall Policy
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.