Hot!FortiMail 200E Inbound Email Sender Reputation

Author
nwillia09
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/12/08 05:31:04
  • Status: offline
2017/03/17 12:21:24 (permalink)
0

FortiMail 200E Inbound Email Sender Reputation

I am slowly migrating from a Barracuda 300 to the FortiMail 200E. I am looking at the logs on the FortiMail 200E and noticed that all of the inbound emails show the same client IP address which happens to be the gateway address of the DMZ network in which the fortimail is installed in. The fortimail is in gateway mode and behind NAT.
 
I had Sender Reputation enabled until my client IP was getting scored high which delayed all inbound email. Is this normal behavior when installed behind NAT?
 
Could this also be related to the "Extract IP from Received Header" option that I enabled under my AntiSpam Profile?
#1
emnoc
Expert Member
  • Total Posts : 3905
  • Scores: 211
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Status: offline
Re: FortiMail 200E Inbound Email Sender Reputation 2017/03/17 12:49:57 (permalink)
0
Most likely not.
 
The upstream firewall is probably SNAT'ing the clients behind that one-single address which as you  indicated is defeating reputation scoring ;)
 
Flow trace the  sessions and remove the SNAT.

PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
#2
nwillia09
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/12/08 05:31:04
  • Status: offline
Re: FortiMail 200E Inbound Email Sender Reputation 2017/03/20 07:04:37 (permalink)
0
Indeed removing the source NAT from my firewall policy resolved the issue. My logs are no longer masqueraded.
#3
Jump to:
© 2017 APG vNext Commercial Version 5.5