Enable to return SMTP reply code 501, and to reject the SMTP greeting, if the client or server uses a greeting that contains a domain name with invalid characters.

To avoid disclosure of a real domain name, spammers sometimes spoof an SMTP greeting domain name with random characters, rather than using a valid domain name.

The following example shows invalid command in bold italics:

Valid characters for domain names include:

(transparent mode only)

Enable to rewrite the domain name in the SMTP greeting (HELO/EHLO) to the IP address of the client to prevent domain name spoofing.

(transparent mode only)

Enable to rewrite the domain name in the SMTP greeting (HELO/EHLO) to the specified value.

(transparent mode only)

Enable to block STARTTLS/MD5 commands so that email connections cannot be TLS-encrypted.

Caution: Disable this option only if you trust that SMTP clients connecting using TLS through the FortiMail unit will not be sources of viruses or spam. FortiMail units operating in transparent mode cannot scan encrypted connections traveling through them. Disabling this option could thereby permit viruses and spam to travel through the FortiMail unit.

(transparent mode only)

Enable to allow SMTP command pipelining. This lets multiple SMTP commands to be accepted and processed simultaneously, improving performance for high-latency connections.

Disable to allow the SMTP client to send only a single command at a time during an SMTP session.

(transparent mode only)

Enable to limit pipelining support to strict compliance with RFC 2920, SMTP Service Extension for Command Pipelining.

This option is effective only if Allow pipelining for the session is enabled.

Enable to return SMTP reply code 503, and to reject a SMTP command, if the client or server uses SMTP commands that are syntactically incorrect.

EHLO or HELO, MAIL FROM:, RCPT TO: (can be multiple), and DATA commands must be in that order. AUTH, STARTTLS, RSET, or NOOP commands can arrive at any time. Other commands, or commands in an unacceptable order, return a syntax error.

The following example shows invalid command in bold italics:

(transparent mode only)

Enable to use splice mode. Enter threshold value based on time (seconds) or data size (kilobytes).

Splice mode lets the FortiMail unit simultaneously scan an email and relay it to the SMTP server. This increases throughput and reduces the risk of server timeout. If it detects spam or a virus, it terminates the server connection and returns an error message to the sender, listing the spam or virus name and infected file name.

Enable to acknowledge the end of message (EOM) signal immediately after receiving the carriage return and line feed (CRLF) characters that indicate the EOM, rather than waiting for antispam scanning to complete.

If the FortiMail unit does not completed antispam scanning within 4 minutes, it returns SMTP reply code 451(Try again later), resulting in no permanent problems, since according to RFC 2821, the minimum timeout value should be 10 minutes. However, in rare cases where the server or client’s timeout is shorter than 4 minutes, the sending client or server could time-out while waiting for the FortiMail unit to acknowledge the EOM command. Enabling this option prevents those rare cases.