Created on 05-22-2017 12:53 PM Edited on 03-28-2024 12:49 AM By Anthony_E
Description
Scope
Solution:
In this example, a mail server is connected behind the FortiGate.
Part A: Configure/check the Email-Filter/Anti-Spam Profile. Ensure Logging is Enabled in the CLI
config emailfilter profile
edit <Name of Email Filter Profile>
set spam-log enable
config imap
set log-all enable
end
config pop3
set log-all enable
end
config smtp
set log-all enable
end
config msn-hotmail
set log-all enable
end
config gmail
set log-all enable
end
CLI:
config emailfilter profile
edit <name of Email Filter Profile>
set feature-set proxy
end
Part B: Some Inbound Email Still Not Being Logged or Inspected
If the CLI commands above have already been implemented, but all emails logged or inspected are still not visible, a common cause is that the email has been encrypted via SMTPS (generally over port 465) or using a mechanism called STARTTLS (generally over port 587 or the normal SMTP port of 25.)
To log and inspect this traffic, FortiGate must perform SSL Inspection on these connections to the mail server. To avoid certificate warnings, the following configuration is recommended.
Another option is to use the built-in certificate of the FortiGate 'Fortinet_SSL'.
On the ‘SSL Inspection Options’, Enable SSL inspection of ‘Protecting SSL Server’, select 'Fortinet_SSL' on the Server certificate, then enable ‘Inspect all ports’. Select 'OK' to save changes.
Related article:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.