Skip to main content
ideait
ideait
Explorer
September 22, 2022
Solved

Fortimail SMTP AUTH Failure From clients that do not use web mail (ex: printers, mobile client)

  • September 22, 2022
  • 5 replies
  • 10665 views

Hi, I have this problem related to my Fortimail unit.

I have installed the fortimail unit in front of a zimbra mail server in transparent mode, on the same DMZ subnet and obviously behind the fortigate.

Incoming connections are coming from port 1 configured for smtp proxy are inbound and enabling local connections

While the server is enabled on port 3 and is in pass trought both incoming and outgoing.

On the fortimail unit only one domain "example.com" is configured and the relay type is set as HOST by specifying the IP address of the mail server behind the fortimail unit, making the conection rest on relay host, everything works.

I can send mails and receive them without any problems, again from webmail.

On the other hand, when I try to connect with a client from an external network such as a mobile device or from an internal network such as a printer that sends scans via mail.

I get the error SMTP AUTH Failure.

Conversely, if the relay type on the domain is set as MX record and no longer specifying the mail server host, the error no longer occurs

But the fortimail unit no longer collects the logs, as if it engorges to protect that domain by being completely transparent and not performing any kind of control over the mail traffic in transit.

What could the SMTP AUTH failure error be due to?
I have also tried creating an SMTP authentication profile and associating it with an IP policy that allows traffic from any ip address to any address ip

 

Best answer by ideait

I solved the issue, basically I had to enable the proxy even for outbound sessions which are handled by a separate entry in system->mail setting->proxy
Next I created an SMTP authentication profile that would send back to my server on port 465 enabling SSL and STARTTLS.
This profile was associated with an Ip-policy and enabled SMTP authentication, as well as baypassed the spam check for authenticated SMTP connections.

5 replies

Anthony_E
Staff
Anthony_E
Staff
September 26, 2022

Hello Miguel,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
September 29, 2022

Hello Miguel,

 

I have found this KB article which explain how to disable SMTP Auth failure:

 

https://community.fortinet.com/t5/FortiMail/Technical-Tip-How-to-disable-SMTP-Auth-Failure-log/ta-p/196245

 

Could you please tell me if it helped?

 

Regards,

Best Regards
ideait
ideaitAuthor
Explorer
September 29, 2022

Hi, I had found this article as well, but it eliminates the log related to this error, in any case I keep having connection problems from internal network printers (which send scans via email with an account stampante@exemple.com)
and with connection from client (outlook, mail on smartphone or similar software) while webmail works regularly.

Regards

Miguel Sotomayor Gonzalez

Markus_M
Staff & Editor
Markus_M
Staff & Editor
October 2, 2022

Hi Miguel,

 

check first what the SMTP failure shows up for in the logs (Monitor > logs). Then you may be able to guess more on why this fails?

Do you have clients that work fine and are not using the webmail?

 

Best regards,

 

Markus

Anthony_E
Staff
Anthony_E
Staff
September 29, 2022

Hello,

 

Thank s a lot and we will contine to look for a solution.

 

Regards,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
October 2, 2022

Hello,

 

I have found this document:

 

https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial#configure-fortigate-ssl-vpn-sso

 

Could you please tell me if it helped?

 

Regards,

Best Regards
ideait
ideaitAuthorAnswer
Explorer
October 8, 2022

I solved the issue, basically I had to enable the proxy even for outbound sessions which are handled by a separate entry in system->mail setting->proxy
Next I created an SMTP authentication profile that would send back to my server on port 465 enabling SSL and STARTTLS.
This profile was associated with an Ip-policy and enabled SMTP authentication, as well as baypassed the spam check for authenticated SMTP connections.

Terms & ConditionsAccessibility statement