Configuring mail settings : Configuring proxies (transparent mode only) : About the transparent mode proxies : Transparency of the proxies and built-in MTA
Transparency of the proxies and built-in MTA
A FortiMail unit ‘s built-in MTA and proxies are not necessarily fully transparent, even if the FortiMail unit is operating in transparent mode.
If you want the FortiMail unit to behave truly transparently, you must:
select the “Hide this box from the mail server” option in each session profile
select “Hide the transparent box” in each protected domain
Otherwise, the source IP address of connection initiations, the destination IP address of reply traffic, and the SMTP greeting (HELO/EHLO) will contain either:
the management IP address (for connections occurring through bridged network interfaces), or
the network interface’s IP address (for connections through out-of-bridge network interfaces)
In addition to preserving the original IP addresses and domain names, for connections to unprotected domains, to be hidden with regards to authentication, the FortiMail unit must pass SMTP AUTH commands through to the SMTP server instead of applying an authentication profile. To do this, you must enable “Use client-specified SMTP server to send email” in order to use the outgoing proxy instead of the built-in MTA. The outgoing proxy will transmit SMTP AUTH commands to the server, instead of applying the IP-based policy’s authentication profile on behalf of the server.