Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Fortimail 100C - Unusally Large Amount of Outgoing Spam

Posted on 2013-01-09
12
Medium Priority
?
1,713 Views
Last Modified: 2013-03-12
Hey there,

We have a Fortimail 100c spam appliance installed in front of our exchange server (100-200 users). I have no knowledge of how to use or configure this system but I have noticed in the main dashboard a huge amount of outgoing spam emails. Any idea how to fix this? I'm pretty sure my mail server has been now blacklisted on a lot of spam awareness sites, doesn't sound like any good can come out of that. I've attached a picture to show how much outgoing spam there is.

Thanks for the help.
0
Comment
Question by:britzj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
12 Comments
 
LVL 19

Accepted Solution

by:
Andrew Davis earned 2000 total points
ID: 38761544
No picture.

The spam can originate either from
internal, :- one of you internal computers has been infected and is generating the spam.
External:- Your system is forwarding email for an external party. This could be Open relay, check with http://www.dnsgoodies.com/index.htm and use the open relay test.

If you are Open Relay then fix it.
If you are not then it may still be coming from an external source but they may have brute forced and found a way to authenticate themselves.

Start with Open relay test and then let us know how you go.

Cheers
Andrew
0
 

Author Comment

by:britzj
ID: 38762992
Ok, here is a link to the picture I originally wanted to post:

http://i.imgur.com/MpRCb.jpg

Also here is the results for the open relay:

Good News!
All tests for an open relay on your mail server failed.
Your mail server does not allow open relay.
0
 
LVL 19

Expert Comment

by:Andrew Davis
ID: 38765999
Ok.
Well the fortigate maust be getting the spam from somewher internal to your network.

Personally i would be getting on the phone and calling fortigate support and getting instruction on how to find location of source. Then FIX it. The longer you leave it the more blacklists you are going to end on, and you risk your ISP cutting you off.

I am not familiar with the fortimail appliances, and am having trouble findin any sort of configuration manual.

Regards
Andrew.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 19

Expert Comment

by:Andrew Davis
ID: 38766020
it appears these are the manuals, but i dont know what MR version you have.
http://docs.fortinet.com/fmail_hw.html

Also what configuration your network is in?

Do you have an internal mail server or are you using the fortimail in server mode?

If you do have an internal mail server, what is it? (eg. Exchange 2010)

Cheers
0
 

Author Comment

by:britzj
ID: 38767159
We are running Windows Server 2008 R2 Enterprise/Exchange Server 2010. The spam filter is Fortimail 100C v4.0,build0495,120418 (MR3 Patch 1).
0
 
LVL 19

Expert Comment

by:Andrew Davis
ID: 38769191
Have you looked at the outgoing logs of your exchange server to see if it is going through the exchange server?
0
 

Author Comment

by:britzj
ID: 38778726
I just checked and the mail is not going through my exchange server. As far as I can see anyways, I checked the tracking log explorer and didn't notice anything amiss.
0
 

Author Comment

by:britzj
ID: 38960091
I've requested that this question be closed as follows:

Accepted answer: 0 points for britzj's comment #a38778726

for the following reason:

No one helped me, so I chose my answer as the correct one.
0
 
LVL 19

Expert Comment

by:Andrew Davis
ID: 38960092
Please tell us what the answer was. It may assist someone else who comes along with the same issue.

Not sure how my assistance didnt help.
1. I told you how to identify that you are not open relay.
2. I led you to discover that the source was not your Exchange server.
3. I recomended that you contact Fortigate, to assist in identifying the local source of your spam.

Regards
Andrew.
0
 
LVL 19

Expert Comment

by:Andrew Davis
ID: 38970630
Without further input from asker, recommend 3 award to http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Q_27990353.html#a38761544

cheers
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question