|
If an incoming mail (RCPT TO: user on a protected domain) reaches FortiMail the following log is observed under Monitor -> Log -> History:
42809,"2024-03-08","13:03:03.378","smtp","to=<user@example.es>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=174092, relay=mail.example.com [100.1.0.254], dsn=5.0.0, stat=Service unavailable(Reason from remote:550 5.7.23 SPF validation failed. : Reason: mechanism)","22EC30PH027244-22EC30PJ027244","information","0003027286",,"event",,"NONE","mail","mail"
An external domain is trying to send emails to the protected domain @example.com.
Since FortiMail is acting in Gateway mode, these mails are forwarded to the destination MX server: protected domain Mail Server (100.1.0.254) with the FortiMail IP address.
Once the Destination MX server receives this example mail, the destination MX Server that has DNS checks enabled on it will check if the FortiMail IP address is authorized to send emails on behalf of the sender domain.
This will not succeed since FortiMail IP is not offered to the external Sender domain and DNS checks, on Destination MX, will fail.
The solution for these cases would be to remove these DNS checks (both SPF and DMARC) on the Destination SMTP server (protected domain Mail Server) and let FortiMail perform it.
Related document:
Enabling DMARC checking for incoming email
|
