• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1727
  • Last Modified:

Fortimail 100C - Unusally Large Amount of Outgoing Spam

Hey there,

We have a Fortimail 100c spam appliance installed in front of our exchange server (100-200 users). I have no knowledge of how to use or configure this system but I have noticed in the main dashboard a huge amount of outgoing spam emails. Any idea how to fix this? I'm pretty sure my mail server has been now blacklisted on a lot of spam awareness sites, doesn't sound like any good can come out of that. I've attached a picture to show how much outgoing spam there is.

Thanks for the help.
0
britzj
Asked:
britzj
  • 6
  • 4
1 Solution
 
Andrew DavisManagerCommented:
No picture.

The spam can originate either from
internal, :- one of you internal computers has been infected and is generating the spam.
External:- Your system is forwarding email for an external party. This could be Open relay, check with http://www.dnsgoodies.com/index.htm and use the open relay test.

If you are Open Relay then fix it.
If you are not then it may still be coming from an external source but they may have brute forced and found a way to authenticate themselves.

Start with Open relay test and then let us know how you go.

Cheers
Andrew
0
 
britzjAuthor Commented:
Ok, here is a link to the picture I originally wanted to post:

http://i.imgur.com/MpRCb.jpg

Also here is the results for the open relay:

Good News!
All tests for an open relay on your mail server failed.
Your mail server does not allow open relay.
0
 
Andrew DavisManagerCommented:
Ok.
Well the fortigate maust be getting the spam from somewher internal to your network.

Personally i would be getting on the phone and calling fortigate support and getting instruction on how to find location of source. Then FIX it. The longer you leave it the more blacklists you are going to end on, and you risk your ISP cutting you off.

I am not familiar with the fortimail appliances, and am having trouble findin any sort of configuration manual.

Regards
Andrew.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
Andrew DavisManagerCommented:
it appears these are the manuals, but i dont know what MR version you have.
http://docs.fortinet.com/fmail_hw.html

Also what configuration your network is in?

Do you have an internal mail server or are you using the fortimail in server mode?

If you do have an internal mail server, what is it? (eg. Exchange 2010)

Cheers
0
 
britzjAuthor Commented:
We are running Windows Server 2008 R2 Enterprise/Exchange Server 2010. The spam filter is Fortimail 100C v4.0,build0495,120418 (MR3 Patch 1).
0
 
Andrew DavisManagerCommented:
Have you looked at the outgoing logs of your exchange server to see if it is going through the exchange server?
0
 
britzjAuthor Commented:
I just checked and the mail is not going through my exchange server. As far as I can see anyways, I checked the tracking log explorer and didn't notice anything amiss.
0
 
britzjAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for britzj's comment #a38778726

for the following reason:

No one helped me, so I chose my answer as the correct one.
0
 
Andrew DavisManagerCommented:
Please tell us what the answer was. It may assist someone else who comes along with the same issue.

Not sure how my assistance didnt help.
1. I told you how to identify that you are not open relay.
2. I led you to discover that the source was not your Exchange server.
3. I recomended that you contact Fortigate, to assist in identifying the local source of your spam.

Regards
Andrew.
0
 
Andrew DavisManagerCommented:
Without further input from asker, recommend 3 award to http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Q_27990353.html#a38761544

cheers
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now