Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
bkarl
Staff
Staff

Created on ‎10-16-2024 10:21 AM Edited on ‎11-21-2024 09:40 PM By Community Manager

Article Id 349686

Technical Tip: How to work with FortiMail Technical Support

Description

This article describes which information should be provided to Technical Support when opening a FortiMail technical support ticket.
Scope

FortiMail.
Solution
  1. For tenant FortiMail Cloud, just provide the instance name, such as labtacme-cloud.com (The complete URL).
  2. The cross-search log is very helpful information. Follow these documents:

Technical Tip: Best way to search a mail event log in FortiMail 

Technical Tip: Cross searching log messages 

 

  1. Screenshots of Access, IP, and recipient policy or policies for inbound and outbound.
  2. Backup configuration file: Technical Tip: How to get backup configuration, download trace log and email logs from FortiMail
  1. Internet Header of the mail that was involved for inbound or outbound.

 

This is an example of a complete Internet Header for Email:

Received: from FGT-LAB_TEST.bank.com (192.168.2.33) by

 FGT-LAB_TEST.bank.com (192.168.221.31) with Microsoft SMTP Server

 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

 15.1.2507.39 via Mailbox Transport; Sun, 6 Oct 2024 02:45:58 -0700

Received: from FGT-LAB_TEST.bank.com (192.168.2.119) by

 FGT-LAB_TEST.bank.com (192.168.221.33) with Microsoft SMTP Server

 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

 15.1.2507.39; Sun, 6 Oct 2024 02:45:57 -0700

Received: from smtp.fortinet.com (192.168.221.162) by

 FGT-LAB_TEST.bank.com (192.168.221.119) with Microsoft SMTP Server

 id 15.1.2507.39 via Frontend Transport; Sun, 6 Oct 2024 02:45:57 -0700

Authentication-Results: smtp.fortinet.com;

              spf=pass (fortinet.com: domain of 17281539702881925-181976-1-fortinet.com@delivery.inmuebles24.com designates 38.123.151.184 as permitted sender) smtp.mailfrom=17281539702881925-181976-1-fortinet.com@delivery.inmuebles24.com;

              dkim=pass header.i=@am.netcorecloud.net

              dkim=pass header.i=@inmuebles24.com;

              dmarc=pass header.from=inmuebles24.com;

Received: from mta-151-184.am.ncdelivery06.com (mta-151-184.am.ncdelivery06.com [38.123.151.184])

              by smtp.fortinet.com  with ESMTPS id 4969juXN033352-4969juXP033352

              (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO)

              for <cbonilla@fortinet.com>; Sun, 6 Oct 2024 02:45:56 -0700

DKIM-Signature: a=rsa-sha256; bh=UBe/a1x8/4LtXzOvWtKDnQRV6WYlxX4GyvhEYmyNb/s=;

 c=relaxed/relaxed; d=inmuebles24.com;

 h=DKIM-Signature:Received:Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:scheduleTime:emailAddress:templateName:campaignId:mailId:advertisments:userId:applicationName:List-Unsubscribe:X-SMTPAPI:X-JOB:X-InjTime:Feedback-ID:X-HDELIVERY:X-Abuse-Reports-To:X-FNCID:X-Mta-Source:X-Traffic-Type:X-Mailer;

 s=nc2048; t=1728207955; v=1;

 b=MbfyoqFLMA5ZdQZ4kUv6tMwmWTcOJ7yIAO1tNNxvGc/i7zCzi3ameolScXToGRGjr/iMWRtH

 shFBG38N0nNR4ySQGMom2Rrse2BZuRxuEd/9rlCrpBz/5aZ+LxpSk2jV3VN1T+9NWATfgnM9G8g

 7t752lQ8CbmxSfsaX7hmSaDB9sUUyH3WhoFJn12r4Jp0rLYyn/k8E3IkkSJ2pVrBQ5wKVaKKATp

 h3mG2wjhbHvX1o73yWE1sg+jNj2UvC9qxyTJtTQRRsgNoGkXHjahSypD+zns9kkVNDg8DEZYmHe

 FjucMNV/y+VDffY532VrKinQMoozFtwUP/7DNTprmZ1oQ==

DKIM-Signature: a=rsa-sha256; bh=UBe/a1x8/4LtXzOvWtKDnQRV6WYlxX4GyvhEYmyNb/s=;

 c=relaxed/relaxed; d=am.netcorecloud.net;

 h=Received:Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:scheduleTime:emailAddress:templateName:campaignId:mailId:advertisments:userId:applicationName:List-Unsubscribe:X-SMTPAPI:X-JOB:X-InjTime:Feedback-ID:X-HDELIVERY:X-Abuse-Reports-To:X-FNCID:X-Mta-Source:X-Traffic-Type:X-Mailer;

 s=nc2048; t=1728207955; v=1;

 b=l9DuvsTGkUWaNJYDrViy2lGHNJdxLWloSW6LCPkdxc7lXC/wXK7/eOHtuS/prh6hsCvLwltG

 nDixD011CefpvVAcueQSBK7wuJ0/QijzqaSA2fzzLymixljtMpi0Qeav1kgAmZepUfe81VsYN46

 ETCdiMgAFZl3r1uE+0PZkVwaSZG81jqrnL94Qa0sZNkNGeqlm/LnRKdiFIHwXnn3xH8/wQyYxMb

 smxCV3X9zFJn1JKZWYbVPb6cbl1XhIrK2ril99D0hgnxonxSNCpCThSPfP5SZinhj8K4oFI7GO+

 rgUG2pWALadW20qm7zF/QEOKvXyClVRzKFABP3JjCF2NA==

Received: from bts-sender-prd-netcore-inactivec-arbrmx-s-28802340-pm6dr (55.48.231.35.bc.googleusercontent.com [35.231.48.55])

(Authenticated sender: ncrebtsi24)

              by smtpgcus14.falconide.com (Postfix) with ESMTPA id 7D939E1879B5

              for <user1@labtac.com>; Sun,  6 Oct 2024 15:15:55 +0530 (IST)

Date: Sun, 6 Oct 2024 09:45:54 +0000 (UTC)

From: Inmuebles24 <no_reply@inmuebles24.com>

To: user1@labtac.com

Message-ID: <1612500570.978200.1728207955370.JavaMail.root@bts-sender-prd-netcore-inactivec-arbrmx-s-28802340-pm6dr>

Subject: [Newsletter] =?UTF-8?Q?=F0=9F=8F=A0_Estas_propiedades_te_van_a?=

 =?UTF-8?Q?_dar_ganas_de_volver_a_buscar?=

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

scheduleTime: 2024-10-05T21:15

emailAddress: user1@labtac.com

templateName: template-bts35-option-e.html-LABSRE-13-endpoint-v4_rec_v2

campaignId: mexicoInactiveC

mailId: rela-354134634-2024-10-05T21:15

advertisments: [144689816, 144383506, 143554460, 64762560, 142929569, 144595509, 91342793, 144272605]

userId: 354134634

applicationName: rela

List-Unsubscribe: <http://www.inmuebles24.com/home.bum?redirect=/panel/configuracion/correo&token_auto=222a2028373e0203...>

X-JOB: ncrebtsi24:181976:20241006

X-InjTime: 1728207955

Feedback-ID: MTgxOTc2OjIwMjQxMDA2XzE1Om1leGljb0luYWN0aXZlQw==:pepipostE

X-HDELIVERY: 181976_0

X-Abuse-Reports-To: abuse@pepipost.com

X-FNCID: 181976-17281539702881925-0

X-Mta-Source: ncrebtsi24_181976

X-Traffic-Type: 181976-2

X-Mailer: NetcoreCloud Mailer

X-FEAS-SPF-smtp.fortinet.com: spf-result=pass, ip=38.123.151.184, helo=mta-151-184.am.ncdelivery06.com, mailFrom=17281539702881925-181976-1-fortinet.com@delivery.mobiler24.com

X-FEAS-DKIM-smtp.fortinet.com: Valid

X-FE-Last-Public-Client-IP: 38.123.151.184

X-FE-Envelope-From: 17281539702881925-181976-1-fortinet.com@delivery.mobiler24.com

X-FE-Spam-Sample-Account: spam-sample@fortinet.com

X-FE-Ham-Sample-Account: ham-sample@fortinet.com

X-FEAS-Newsletter: newsletter

X-other-smtp.fortinet.com: newsletter

X-FE-Policy-ID-smtp.fortinet.com: 0:28:15:fortinet.com

Return-Path: 17281539702881925-181976-1-fortinet.com@delivery.inmuebles24.com

X-MS-Exchange-Organization-Network-Message-Id: 9c3a96d3-c35d-40fe-96e0-08dce5ebadcc

X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0

X-MS-Exchange-Organization-SCL: 6

X-MS-Exchange-Organization-AuthSource: FGT-LAB_TEST.bank.com

X-MS-Exchange-Organization-AuthAs: Anonymous

X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.8582299

X-MS-Exchange-Processed-By-BccFoldering: 15.01.2507.039

 

  1. Debug outputs are required by the TAC engineers, depending on the issue.
  2. Include any other details that may be helpful, such as:
  • A network topology or network diagram.
  • Information from related tickets (provide ticket number) or previous tickets.
  1. Packet capture (run a packet capture at the same time as when the email is forwarded, via SMTP test).

    Packet capture will help confirm whether mail is passing through FortiMail.

 

​​Note:

To perform some changes on FortiMail Cloud instances required to submit a ticket with TAC Support.

 

911
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.