|
When the smtp-rcpt-verification is enabled on protected domains, FortiMail will use the address configured in the mail-from-addr field in the mail-from: attribute to the recipient MTA server.
This verification will fail if the mail-from: field reports an invalid or expired domain.
Depending on the specific MTA receiving server, SMTP codes 5xx and 4xx can be received on FortiMail in these cases (by looking at 'Mail Event' Logs):
reject=550 5.1.8 <username@invalid-or-expired-domain.com>: Sender address rejected: Domain not found
reject=450 4.1.8 <username@invalid-or-expired-domain.com>: Sender address rejected: Domain not found
Note: In the aforementioned example, configuring mailsetting smtp-rcpt-verification looks like this:
config mailsetting smtp-rcpt-verification
set mail-from-addr username@invalid-or-expired-domain.com
end
As the domain example, @invalid-or-expired-domain.com is invalid (or expired), the sender validation check failed when the recipient MTA server performed a sender validation check. As a result, it returned the 'Rejected' error with code 5xx or 4xx.
To avoid this specific issue, use a 'dummy' email address from a valid domain (i.e. your-fml-instance-id@fortimail.com) as follows:
config mailsetting smtp-rcpt-verification
set mail-from-addr gw123456@fortimail.com
end
In the above example, your-fml-instance-id = gw123456 is appropriate.
Note: gw123456@fortimail.com is a dummy mail address, but the domain @fortimail.com is a valid domain that will not cause 'Recipient Verification – Reject' on the recipient MTA server when smtp-rcpt-verification is enabled.
|
