Configuring system settings : Configuring mail settings : Configuring mail server settings : Configuring domain check options
Configuring domain check options
Use this section for LDAP compatibility.
If the domain lookup option is also enabled in the LDAP profile (see “Configuring domain lookup options”), the parent domain from the domain lookup query is used to hold domain association.
 
GUI item
Description
Perform LDAP domain verification for unknown domains
Enable to verify the existence of domains that are not configured as protected domains. Also configure “LDAP profile for domain check”.
To verify the existence of unknown domains, the FortiMail unit queries an LDAP server for a user object that contains the email address. If the user object exists, the verification is successful, and:
If “Automatically create domain association for verified domain” is enabled, the FortiMail unit automatically adds the unknown domain as a domain associated of the protected domain selected in Internal domain to hold association.
If “Automatically create domain association for verified domain” is disabled, and the LDAP domain name lookup of the unknown domain name is successful, the FortiMail unit routes the email to the IP address resolved for the domain name during the lookup. Because the domain is not formally defined as a protected domain, the email is considered to be outgoing, and outgoing recipient-based policies are used to scan the email. For more information, see “Controlling email based on sender and recipient addresses”.
LDAP profile for domain check
Select the LDAP profile to use when verifying existence of unknown domains. The LDAP query is configured under User Query Options in an LDAP profile. If you also enable the domain lookup option in the LDAP profile, the option must be enabled for the domain.
This option is available only if “Perform LDAP domain verification for unknown domains” is enabled.
Automatically create domain association for verified domain
Enable to automatically add unknown domains as domain associations if they are successfully verified by the LDAP query. See “Configuring domain lookup options”.
For more information about domain association, see “Domain Association”.
This option is available only if Perform LDAP domain verification for unknown domains is enabled.
Internal domain to hold domain association
Select the name of a protected domain with which to associate unknown domains, if they pass domain verification. However, if the domain lookup query (see “Configuring domain lookup options”) returned its own parent domain, that parent domain is used.
This option is available only if “Automatically create domain association for verified domain” is enabled.