Enable to return SMTP reply code 501, and reject the SMTP command, if the domain name accompanying the SMTP greeting is not a domain name that exists in either MX or A records.

The following example shows the invalid command in bold italics:

Enable to return SMTP reply code 421, and reject the SMTP command, if the domain name portion of the sender address is not a domain name that exists in either MX or A records.

The following example shows the invalid command in bold italics:

Enable to return SMTP reply code 550, and reject the SMTP command, if the domain name portion of the recipient address is not a domain name that exists in either MX or A records.

The following example shows the invalid command in bold italics:

Enable to return SMTP reply code 553, and reject the SMTP command, if the HELO/EHLO greeting does not have a domain, or the sender address (MAIL FROM:) is empty.

The following example shows the invalid command in bold italics:

(transparent mode only)

Enable to prevent clients from using open relays to send email by blocking sessions that are unauthenticated. (Unauthenticated sessions are assumed to be occurring to an open relay.)

If you permit SMTP clients to use open relays to send email, email from your domain could be blocklisted by other SMTP servers.

This option is effective only if you have enabled “Use client-specified SMTP server to send email” for outgoing mail. Otherwise, the FortiMail unit forces clients to use the gateway you have defined as a relay server (see ““Configuring SMTP relay hosts”), if any, or the MTA of the domain name in the recipient email address (RCPT TO:), as determined using an MX lookup, so it is not possible for them to use an open relay.

Enable to reject the email if the domain name in the SMTP greeting (HELO/EHLO) and recipient email address (RCPT TO:) match, but the domain name in the sender email address (MAIL FROM:) does not.

Mismatching domain names is sometimes used by spammers to mask the true identity of their SMTP client.