GUI item | Description |
Check HELO/EHLO domain | Enable to return SMTP reply code 501, and reject the SMTP command, if the domain name accompanying the SMTP greeting is not a domain name that exists in either MX or A records. The following example shows the invalid command in bold italics: 220 FortiMail-400.localdomain ESMTP Smtpd; Wed, 20 Nov 2013 10:42:07 -0500 ehlo abc.qq 250-FortiMail-400.localdomain Hello [172.20.140.195], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 10485760 250-DSN 250-AUTH LOGIN PLAIN 250-STARTTLS 250-DELIVERBY 250 HELP mail from:aaa@333 550 5.5.0 Invalid EHLO/HELO domain. quit 221 2.0.0 FortiMail-400.localdomain closing connection Connection closed by foreign host. |
Check sender domain | Enable to return SMTP reply code 421, and reject the SMTP command, if the domain name portion of the sender address is not a domain name that exists in either MX or A records. The following example shows the invalid command in bold italics: 220 FortiMail-400.localdomain ESMTP Smtpd; Wed, 14 Feb 2008 14:32:51 GMT EHLO 250-FortiMail-400.localdomain Hello [192.168.1.1], pleased to meet you MAIL FROM:<user1@example.com> 421 4.3.0 Could not resolve sender domain. |
Check recipient domain | Enable to return SMTP reply code 550, and reject the SMTP command, if the domain name portion of the recipient address is not a domain name that exists in either MX or A records. The following example shows the invalid command in bold italics: 220 FortiMail-400.localdomain ESMTP Smtpd; Wed, 14 Feb 2008 14:48:32 GMT EHLO example.com 250-FortiMail-400.localdomain Hello [192.168.1.1], pleased to meet you MAIL FROM:<user1@fortinet.com> 250 2.1.0 <user1@fortinet.com>... Sender ok RCPT TO:<user2@example.com> 550 5.7.1 <user2@example.com>... Relaying denied. IP name lookup failed [192.168.1.1] |
Reject empty domains | Enable to return SMTP reply code 553, and reject the SMTP command, if the HELO/EHLO greeting does not have a domain, or the sender address (MAIL FROM:) is empty. The following example shows the invalid command in bold italics: 220 FortiMail-400.localdomain ESMTP Smtpd; Wed, 20 Nov 2013 10:42:07 -0500 ehlo 250-FortiMail-400.localdomain Hello [172.20.140.195], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 10485760 250-DSN 250-AUTH LOGIN PLAIN 250-STARTTLS 250-DELIVERBY 250 HELP mail from:aaa@333 550 5.5.0 Empty EHLO/HELO domain. quit 221 2.0.0 FortiMail-400.localdomain closing connection |
Prevent open relaying (transparent mode only) | Enable to prevent clients from using open relays to send email by blocking sessions that are unauthenticated. (Unauthenticated sessions are assumed to be occurring to an open relay.) If you permit SMTP clients to use open relays to send email, email from your domain could be blocklisted by other SMTP servers. This option is effective only if you have enabled “Use client-specified SMTP server to send email” for outgoing mail. Otherwise, the FortiMail unit forces clients to use the gateway you have defined as a relay server (see ““Configuring SMTP relay hosts”), if any, or the MTA of the domain name in the recipient email address (RCPT TO:), as determined using an MX lookup, so it is not possible for them to use an open relay. |
Reject if recipient and helo domain match but sender domain is different | Enable to reject the email if the domain name in the SMTP greeting (HELO/EHLO) and recipient email address (RCPT TO:) match, but the domain name in the sender email address (MAIL FROM:) does not. Mismatching domain names is sometimes used by spammers to mask the true identity of their SMTP client. |