FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Article Id 229320

This article explains how to avoid the 'Recipient Verification – Reject' error that occurs with an incorrect smtp-rcpt-verification configuration.


FortiMail v7.0+


When the smtp-rcpt-verification is enabled on protected domains, FortiMail will use the address configured in the mail-from-addr field in the mail-from: attribute to the recipient MTA server.

This verification will fail if the mail-from: field reports an invalid or expired domain.


Depending on the specific MTA receiving server, SMTP codes 5xx and 4xx can be received on FortiMail in these cases (by looking at 'Mail Event' Logs):


reject=550 5.1.8 <>: Sender address rejected: Domain not found

reject=450 4.1.8 <>: Sender address rejected: Domain not found


NOTE:  In the aforementioned example, configuring mailsetting smtp-rcpt-verification looks like this:


# config mailsetting smtp-rcpt-verification
  set mail-from-addr


As the domain example is invalid (or expired), the sender validation check failed when the recipient MTA server performed a sender validation check. As a result, it returned the 'Rejected' error with code 5xx or 4xx.


To avoid this specific issue, use a 'dummy' email address from a valid domain (i.e. as follows:


# config mailsetting smtp-rcpt-verification
  set mail-from-addr


In the above example, your-fml-instance-id = gw123456 is appropriate.


NOTE: is a dummy mail address, but the domain is a valid domain that will not cause 'Recipient Verification – Reject' on the recipient MTA server when smtp-rcpt-verification is enabled.