Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
gtreminio
Staff
Staff

Created on ‎09-26-2023 06:17 AM Edited on ‎10-01-2024 07:40 AM By Moderator

Article Id 276036

Troubleshooting Tip: Emails from personal quarantine are deleted upon being released by the end user when using Office 365 as a mail server

Description

This article describes how to avoid emails being deleted once they are released from quarantine.
Scope FortiMail v6.2.x, v6.4.x, v7.0.x, v7.2.x, v7.4.x, v7.6.x.
Solution

The end user typically receives a quarantine report:

 
rele1.JPG

As soon as the email is released through a web action, the email is deleted. The log will show the email has been released, followed by the web delete.

 

rele2.JPG 

This is caused by the ATP/Defender for Office, where a second rule must be included for incoming mail to include a second header with the value below:

 

'X-MS-Exchange-Organization-SkipSafeLinksProcessing' - set the value to '1'.

 

rele3.JPG

 

Once this is done, the deletion should not be performed from the Office 365 ATP end.
1937
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.