• When using the Custom Email server for the 2FA MobileToken, the sender and receiver are the same. For example, 'smtp.fortinet.com Sender:test1@fortinet.com', Receiver 'test2@fortinet.com'.
• A custom Email Server configuration.

config system email-server

    (email-server) # show full-configuration
        config system email-server
            set type custom
            set server "smtp.fortinet.com"     <-----
            set port 25
            set source-ip 0.0.0.0
            set source-ip6 ::
            set authenticate disable
            set security none
            set interface-select-method auto
        end

• Test local user configuration.

config user local
    edit "Test1"
        Configure local user settings
        edit "test1"
            set type password
            set two-factor fortitoken
            set fortitoken "FTKMOB136B201789"
            set email-to "test1@fortinet.com" <<<<<<<<<<<<<<<
            set passwd-time 2025-01-30 01:03:11
            set passwd ENC 97tHpR63WIQ8a1RzU8wD0xEuhPQA3nz3x7J
        next
    end

• The email address that the user receives when the sender and receiver email addresses are the same.

-----Original Message-----
From: Test1 < test1@fortinet.com> <<<
Sent: Tuesday, January 21, 2025 1:55 PM
To:  Test1 < test1@fortinet.com> <<<
Subject: [Ext] FTM Activation on FortiGate

• Run the mail alert commands:

diagnose test application dnsproxy 2                        <-----Make sure that the firewall can reach the DNS server.

diagnose debug reset
diagnose debug console timestamp enable
diagnose debug application fnbamd -1
diagnose debug application alertmail -1
diagnose debug enable

2025-01-30 01:34:35 mail_info:
from:smtp.fortinet.com user:test1@fortinet.com
2025-01-30 01:34:35 mail_info:
reverse path:test1@fortinet.com
user name:test1
2025-01-30 01:34:35 to[0]:test1@fortinet.com
2025-01-30 01:34:35 <==_init_mail_info
2025-01-30 01:34:35 create session
2025-01-30 01:34:35 resolve smtp.fortinet.com to 1 IP
2025-01-30 01:34:35 ==> send mail
2025-01-30 01:34:35 connecting to 64.233.166.27 port 25
2025-01-30 01:34:35 send mail 0x10253d40 session 0x10254970
2025-01-30 01:35:44 failed to connect
2025-01-30 01:35:44 failed to connect
2025-01-30 01:35:44 session_io_event: creating ssl structure for session 0x10208950
2025-01-30 01:35:44 create_ssl: 0x7ff4c1d70000
2025-01-30 01:35:44 error in SSL_connect (null)
2025-01-30 01:35:44 _session_on_destroy
2025-01-30 01:35:44 <== send mail failed, m = 0x10268a70 s = 0x10208950

•  The expected behavior is:

1. In default email server settings, the 'MAIL FROM' is 'DoNotReply@fortinet-notifications.com'.
2. If a Username is configured in the Custom Email Server, MAIL FROM is the 'username' that is specified at the Email Server.
3. If the Username is not specified at the Custom Email Server, MAIL FROM is the value configured in 'mail to', which is specified at the Local User level.

Note:

Authentication should be enabled to specify the username.

config system email-server
    set server "snmp.fortinet.com"
    set authenticate enable
    set username "test2"
    set password ENC kINOPpLFGd0zVJj4ivB0woPvvCi
    set security smtps
end

• Output after the changes to the Email Server

from:smtp.fortinet.com user:test2@fortinet.com
2025-01-30 01:34:35 mail_info:
reverse path:test1@fortinet.com
user name:test2
2025-01-30 01:34:35 to[0]:test1@fortinet.com
2025-01-30 01:34:35 <==_init_mail_info