Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
tinkpen_FTNT
Staff
Staff

Created on ‎08-01-2016 01:40 AM Edited on ‎09-21-2024 08:06 AM By Staff

Article Id 197179

Technical Tip: Limitations of getting all email from a single source

Description

 
This article describes that in some cases there is a device in front of a FortiMail which is forwarding all emails to the FortiMail.
If so, there will be issues with SPF checks, since any domain with a hard fail (-all) in their SPF/TXT record will fail since the IP of the incoming device is not in their SPF/TXT records.  
 
Scope
 
FortiMail.


Solution

 

It is possible to overcome that either by disabling SPF checking, safelisting trusted domains, creating a recipient policy for trusted domains with an antispam policy with SPF checking disabled, or adding the IP/mask of the previous MTA as trusted IP using the below CLI commands:
 

config antispam trusted {mta | antispam-mta}

    edit <smtp_ipv4/mask>

end

Labels:
1117
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.