Solved

Fortimail 100C - Unusally Large Amount of Outgoing Spam

Posted on 2013-01-09
12
1,613 Views
Last Modified: 2013-03-12
Hey there,

We have a Fortimail 100c spam appliance installed in front of our exchange server (100-200 users). I have no knowledge of how to use or configure this system but I have noticed in the main dashboard a huge amount of outgoing spam emails. Any idea how to fix this? I'm pretty sure my mail server has been now blacklisted on a lot of spam awareness sites, doesn't sound like any good can come out of that. I've attached a picture to show how much outgoing spam there is.

Thanks for the help.
0
Comment
Question by:britzj
  • 6
  • 4
12 Comments
 
LVL 18

Accepted Solution

by:
Andrew Davis earned 500 total points
ID: 38761544
No picture.

The spam can originate either from
internal, :- one of you internal computers has been infected and is generating the spam.
External:- Your system is forwarding email for an external party. This could be Open relay, check with http://www.dnsgoodies.com/index.htm and use the open relay test.

If you are Open Relay then fix it.
If you are not then it may still be coming from an external source but they may have brute forced and found a way to authenticate themselves.

Start with Open relay test and then let us know how you go.

Cheers
Andrew
0
 

Author Comment

by:britzj
ID: 38762992
Ok, here is a link to the picture I originally wanted to post:

http://i.imgur.com/MpRCb.jpg

Also here is the results for the open relay:

Good News!
All tests for an open relay on your mail server failed.
Your mail server does not allow open relay.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38765999
Ok.
Well the fortigate maust be getting the spam from somewher internal to your network.

Personally i would be getting on the phone and calling fortigate support and getting instruction on how to find location of source. Then FIX it. The longer you leave it the more blacklists you are going to end on, and you risk your ISP cutting you off.

I am not familiar with the fortimail appliances, and am having trouble findin any sort of configuration manual.

Regards
Andrew.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38766020
it appears these are the manuals, but i dont know what MR version you have.
http://docs.fortinet.com/fmail_hw.html

Also what configuration your network is in?

Do you have an internal mail server or are you using the fortimail in server mode?

If you do have an internal mail server, what is it? (eg. Exchange 2010)

Cheers
0
 

Author Comment

by:britzj
ID: 38767159
We are running Windows Server 2008 R2 Enterprise/Exchange Server 2010. The spam filter is Fortimail 100C v4.0,build0495,120418 (MR3 Patch 1).
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38769191
Have you looked at the outgoing logs of your exchange server to see if it is going through the exchange server?
0
 

Author Comment

by:britzj
ID: 38778726
I just checked and the mail is not going through my exchange server. As far as I can see anyways, I checked the tracking log explorer and didn't notice anything amiss.
0
 

Author Comment

by:britzj
ID: 38960091
I've requested that this question be closed as follows:

Accepted answer: 0 points for britzj's comment #a38778726

for the following reason:

No one helped me, so I chose my answer as the correct one.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38960092
Please tell us what the answer was. It may assist someone else who comes along with the same issue.

Not sure how my assistance didnt help.
1. I told you how to identify that you are not open relay.
2. I led you to discover that the source was not your Exchange server.
3. I recomended that you contact Fortigate, to assist in identifying the local source of your spam.

Regards
Andrew.
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 38970630
Without further input from asker, recommend 3 award to http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Q_27990353.html#a38761544

cheers
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now