Description
This article describes how to troubleshoot the unable resolve DNS to the mail server from FortiAnalyzer.
Scope
FortiManager / FortiAnalyzer.
Solution
FromCLI:
Test the connectivity of ForiAnalyzer with the mail server with the CLI command below:
# diagnose test connection mailserver <server-name> <mail-from> <mail-to>
Example:
The test results will provide the error highlighted in red below:
FAZ # diagnose test connection mailserver test test@hotmail.com test2@hotmail.com
Testing SMTP server test, please wait...
* Could not resolve host: test
* Closing connection 0
Failed to send a test email to test2@hotmail.com through test.
Please check your configuration.
Command fail. Return code 6
From GUI:
1) Go to System Setting -> Advanced -> Mail Server, 'Right-click' the mail server and test.
2) Enter the email address used to test in 'from' and 'to', and select 'OK'.
Note.
Diagnose with the CLI command will provide an error message to ease the troubleshooting process as shown in example below:
Troubleshoot Steps.
Section 1:
Ensure FortiAnalyzer is able to connect to the DNS server.
Example:
FAZ # exe ping 8.8.8.8
exe ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=118 time=1.584 ms
64 bytes from 8.8.8.8: seq=1 ttl=118 time=2.905 ms
64 bytes from 8.8.8.8: seq=2 ttl=118 time=2.846 ms
64 bytes from 8.8.8.8: seq=3 ttl=118 time=2.738 ms
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.584/2.518/2.905 ms
If the Internet is down, check the hardware and routing of FortiAnalyzer
Section 2:
Ensure FortiAnalyzer able to resolve DNS to the mail server.
Example:
FAZ # exe ping google.com
ping: bad address 'google.com'
If FortiAnalyzer is unable to resolve DNS, make the configuration to a working DNS server as shown below:
# config sys dns
set primary <Primary DNS Server>
set secondary <Secondary DNS Server>
end
Section 3:
If both methods are working, ping the mail server and ensure the mail server is up.
Example:
FAZ # exe ping smtp@gmail.com
PING google.com (216.58.221.206): 56 data bytes
64 bytes from 216.58.221.206: seq=0 ttl=118 time=3.115 ms
64 bytes from 216.58.221.206: seq=1 ttl=118 time=2.519 ms
64 bytes from 216.58.221.206: seq=2 ttl=118 time=2.988 ms
64 bytes from 216.58.221.206: seq=3 ttl=118 time=2.467 ms
Section 4:
Check the port configuration for the mail server. By default, port TCP/25 is configured for SMTP.
If port TCP/587 (SMTPS) are configured, make sure the following configuration is done as well:
# config system mail
edit <id>
set secure-option smtps
end
Section 5:
Ensure the upstream firewall has allowed ports TCP/25 & port TCP/587.
Section 6:
If none of the methods above resolve the issue, run the debug flow below and collect information for TAC support.
# diagnose debug application fazmaild 255
# diagnose debug enable
To stop the debug flow:
# diagnose debug disable
# diagnose debug reset
