| Description | This article describes the Configuration of an Access Control List (ACL) to block inbound spam email from the protected domains. |
|
Scope |
FortiMail All firmware versions including FortiMail Cloud. |
|
Solution |
A situation arises when FortiMail accepts emails from external public IPs using a Protected email domain.
from=<fortimail@demolab.local>, size=8723, class=0, nrcpts=1, msgid=<1057234045.3605.1727092540814@ip-10-0-0-175.eu-west-1.compute.internal>, proto=ESMTPS, daemon=SMTP_MTA, relay=10.200.200.10(mail.gmail.com) to==<internal@demolab.local>, delay=00:00:02(tries=1), xdelay=00:00:01, mailer=esmtp, pri=38723, relay=mail.demolab.local [10.100.100.10], dsn=2.6.0, stat=Sent (<1057234045.3605.1727092540814@ip-10-0-0-175.eu-west-1.compute.internal> [InternalId=184352881246249, Hostname=CNSMBX01DXB.demoLb.local] 11171 bytes in 0.199, 54.787 KB/sec Queued mail for delivery)
The provided logs show the email sender domain is correct, but the source is not the email server of the user. To block such an attempt, it is necessary to create an ACL.
ACL-1 to accept email:
Sender: @demolab.local. Recipient: -@demolab.local. Source: User email server IP /Range. Action: Allow.
ACL-2 to reject the email: Sender: @demolab.local. Recipient: - @demolab.local. Source: 0.0.0.0/0. Action: Reject.
The position of the ACL is very important as the incorrect positioning of the ACL can block the entire internal to internal domain email flow.
Result:
|
