?
Solved

Fortimail 100C - Unusally Large Amount of Outgoing Spam

Posted on 2013-01-09
12
Medium Priority
?
1,691 Views
Last Modified: 2013-03-12
Hey there,

We have a Fortimail 100c spam appliance installed in front of our exchange server (100-200 users). I have no knowledge of how to use or configure this system but I have noticed in the main dashboard a huge amount of outgoing spam emails. Any idea how to fix this? I'm pretty sure my mail server has been now blacklisted on a lot of spam awareness sites, doesn't sound like any good can come out of that. I've attached a picture to show how much outgoing spam there is.

Thanks for the help.
0
Comment
Question by:britzj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
12 Comments
 
LVL 18

Accepted Solution

by:
Andrew Davis earned 2000 total points
ID: 38761544
No picture.

The spam can originate either from
internal, :- one of you internal computers has been infected and is generating the spam.
External:- Your system is forwarding email for an external party. This could be Open relay, check with http://www.dnsgoodies.com/index.htm and use the open relay test.

If you are Open Relay then fix it.
If you are not then it may still be coming from an external source but they may have brute forced and found a way to authenticate themselves.

Start with Open relay test and then let us know how you go.

Cheers
Andrew
0
 

Author Comment

by:britzj
ID: 38762992
Ok, here is a link to the picture I originally wanted to post:

http://i.imgur.com/MpRCb.jpg

Also here is the results for the open relay:

Good News!
All tests for an open relay on your mail server failed.
Your mail server does not allow open relay.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38765999
Ok.
Well the fortigate maust be getting the spam from somewher internal to your network.

Personally i would be getting on the phone and calling fortigate support and getting instruction on how to find location of source. Then FIX it. The longer you leave it the more blacklists you are going to end on, and you risk your ISP cutting you off.

I am not familiar with the fortimail appliances, and am having trouble findin any sort of configuration manual.

Regards
Andrew.
0
Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38766020
it appears these are the manuals, but i dont know what MR version you have.
http://docs.fortinet.com/fmail_hw.html

Also what configuration your network is in?

Do you have an internal mail server or are you using the fortimail in server mode?

If you do have an internal mail server, what is it? (eg. Exchange 2010)

Cheers
0
 

Author Comment

by:britzj
ID: 38767159
We are running Windows Server 2008 R2 Enterprise/Exchange Server 2010. The spam filter is Fortimail 100C v4.0,build0495,120418 (MR3 Patch 1).
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38769191
Have you looked at the outgoing logs of your exchange server to see if it is going through the exchange server?
0
 

Author Comment

by:britzj
ID: 38778726
I just checked and the mail is not going through my exchange server. As far as I can see anyways, I checked the tracking log explorer and didn't notice anything amiss.
0
 

Author Comment

by:britzj
ID: 38960091
I've requested that this question be closed as follows:

Accepted answer: 0 points for britzj's comment #a38778726

for the following reason:

No one helped me, so I chose my answer as the correct one.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38960092
Please tell us what the answer was. It may assist someone else who comes along with the same issue.

Not sure how my assistance didnt help.
1. I told you how to identify that you are not open relay.
2. I led you to discover that the source was not your Exchange server.
3. I recomended that you contact Fortigate, to assist in identifying the local source of your spam.

Regards
Andrew.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38970630
Without further input from asker, recommend 3 award to http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Q_27990353.html#a38761544

cheers
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question