Troubleshooting Tip: Invalid EHLO/HELO domain
| Description | This article describes how to troubleshoot an invalid EHLO/HELO domain. |
| Scope | FortiMail v7.6.x, v7.4.x, v7.2.x, v7.0.x. |
| Solution | If 'Check HELO/EHLO domain' is enabled in a session profile that is used in the IP policy, then the email may be rejected because this check fails:
  
When FortiMail performs the EHLO/HELO check, it makes an MX (first) or A query for the domain used by the sender in the EHLO/HELO command during session initialization. If the response matched the value in the EHLO/HELO command, the check is successful.
To perform the same check manually, run this command:
execute nslookup name <domain_from_ehlo/helo>
Or run this command:
execute nslookup name < domain_from_ehlo/helo > type mx
In the example above, the MX or A query failed. Because of this, the HELO/EHLO check failed.
To solve this, the sender should have either an MX or an A record published for the SMTP greeting name. |
