Fortimail 100C - Unusally Large Amount of Outgoing Spam

Hey there,

We have a Fortimail 100c spam appliance installed in front of our exchange server (100-200 users). I have no knowledge of how to use or configure this system but I have noticed in the main dashboard a huge amount of outgoing spam emails. Any idea how to fix this? I'm pretty sure my mail server has been now blacklisted on a lot of spam awareness sites, doesn't sound like any good can come out of that. I've attached a picture to show how much outgoing spam there is.

Thanks for the help.
britzjAsked:
Who is Participating?
 
Andrew DavisConnect With a Mentor ManagerCommented:
No picture.

The spam can originate either from
internal, :- one of you internal computers has been infected and is generating the spam.
External:- Your system is forwarding email for an external party. This could be Open relay, check with http://www.dnsgoodies.com/index.htm and use the open relay test.

If you are Open Relay then fix it.
If you are not then it may still be coming from an external source but they may have brute forced and found a way to authenticate themselves.

Start with Open relay test and then let us know how you go.

Cheers
Andrew
0
 
britzjAuthor Commented:
Ok, here is a link to the picture I originally wanted to post:

http://i.imgur.com/MpRCb.jpg

Also here is the results for the open relay:

Good News!
All tests for an open relay on your mail server failed.
Your mail server does not allow open relay.
0
 
Andrew DavisManagerCommented:
Ok.
Well the fortigate maust be getting the spam from somewher internal to your network.

Personally i would be getting on the phone and calling fortigate support and getting instruction on how to find location of source. Then FIX it. The longer you leave it the more blacklists you are going to end on, and you risk your ISP cutting you off.

I am not familiar with the fortimail appliances, and am having trouble findin any sort of configuration manual.

Regards
Andrew.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Andrew DavisManagerCommented:
it appears these are the manuals, but i dont know what MR version you have.
http://docs.fortinet.com/fmail_hw.html

Also what configuration your network is in?

Do you have an internal mail server or are you using the fortimail in server mode?

If you do have an internal mail server, what is it? (eg. Exchange 2010)

Cheers
0
 
britzjAuthor Commented:
We are running Windows Server 2008 R2 Enterprise/Exchange Server 2010. The spam filter is Fortimail 100C v4.0,build0495,120418 (MR3 Patch 1).
0
 
Andrew DavisManagerCommented:
Have you looked at the outgoing logs of your exchange server to see if it is going through the exchange server?
0
 
britzjAuthor Commented:
I just checked and the mail is not going through my exchange server. As far as I can see anyways, I checked the tracking log explorer and didn't notice anything amiss.
0
 
britzjAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for britzj's comment #a38778726

for the following reason:

No one helped me, so I chose my answer as the correct one.
0
 
Andrew DavisManagerCommented:
Please tell us what the answer was. It may assist someone else who comes along with the same issue.

Not sure how my assistance didnt help.
1. I told you how to identify that you are not open relay.
2. I led you to discover that the source was not your Exchange server.
3. I recomended that you contact Fortigate, to assist in identifying the local source of your spam.

Regards
Andrew.
0
 
Andrew DavisManagerCommented:
Without further input from asker, recommend 3 award to http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Q_27990353.html#a38761544

cheers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.