Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- 60E 6.0.4 - email alerts to custom SMTP server giv...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
60E 6.0.4 - email alerts to custom SMTP server giving "illegal syntax" error
The 60E device is configured to use an internal SMTP server. The server has IP address 192.168.220.2 is running Postfix on Linux. The Fortigate is 192.168.220.1. Here is the output of "config system email-server":
config system email-server
set reply-to "user@domain.com"
set server "192.168.220.2"
end
Here is the output of "config system alertemail settings":
config alertemail setting
set username "user@domain.com"
set mailto1 "user@domain.com"
set antivirus-logs enable
set FDS-license-expiring-warning enable
set FDS-license-expiring-days 30
end
The Postfix mail server is reporting the following in its logs when the Fortigate tries to send an email:
Jun 03 21:35:08 MX-VM postfix/smtpd[18619]: connect from _gateway[192.168.220.1]
Jun 03 21:35:08 MX-VM postfix/smtpd[18619]: warning: Illegal address syntax from _gateway[192.168.220.1] in MAIL command: <noreply@192.168.220.2>
Jun 03 21:35:08 MX-VM postfix/smtpd[18619]: disconnect from _gateway[192.168.220.1] ehlo=1 mail=0/1 quit=1 commands=2/3
Seems like the Fortigate is trying to use "noreply@192.168.220.2" as the From: value.
Whats going on?
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
please post the output of those commands:
di deb reset
di deb di
diagnose debug application alertmail -1
diagnose debug enable
diagnose log alertmail test
Thanks
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey there,
try this: unset reply-to under 'config system email-server'
or set 'source -ip' under 'config system email-server' (to the ip of the "email sending" interface)
Regards
sudo apt-get-rekt
sudo apt-get-rekt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the config with the requested changes:
MYFORTINET # show system automation-action
config system automation-action
edit "alert-conf-change_email"
set action-type email
set email-to "MYEMAILADDRESS"
set email-from "MYEMAILADDRESS"
set email-subject "Fortigate Config Changed"
set message "test"
next
end
MYFORTINET # show system automation-destination
config system automation-destination
edit "0"
set destination "SERIALNUMBER"
next
end
MYFORTINET # show system automation-stitch
config system automation-stitch
edit "alert-conf-change"
set trigger "alert-conf-change"
set action "alert-conf-change_email"
next
end
MYFORTINET # show system automation-trigger
config system automation-trigger
edit "alert-conf-change"
set event-type config-change
next
end
MYFORTINET # show system email-server
config system email-server
set server "MAIL_SERVER_IP"
set source-ip FORTINET_IP
end
Here is the output of the requested commands. The test email from these commands arrives successfully, but the emails notifying a config change fail with the "illegal syntax" error:
Arrived msg(type 4, 91 bytes):Alert Mail Test
Message body (log level = 1):
1st Line
2nd Line
(2020-06-18 02:25:50)
mail_info:
from:MAIL_SERVER_IP user:MYEMAILADDRESS
mail_info:
reverse path:MYEMAILADDRESS
user name:admin
to[0]:MYEMAILADDRESS
to[1]:
to[2]:
<==_init_mail_info
create session
resolve MAIL_SERVER_IP to 1 IP
==> send mail
connecting to MAIL_SERVER_IP port 25
send mail 0x5406908 session 0x541ba08
session: 0x541ba08, rsp_state: greeting, code: 220
session: 0x541ba08, rsp_state: ehlo, code: 250
session: 0x541ba08, rsp_state: mail, code: 250
session: 0x541ba08, rsp_state: rcpt, code: 250
session: 0x541ba08, rsp_state: data, code: 354
=== send: Alert Mail Test
Message body (log level = 1):
1st Line
2nd Line
(2020-06-18 02:25:50)
session: 0x541ba08, rsp_state: data2, code: 250
session: 0x541ba08, rsp_state: quit, code: 221
session finined
_session_on_destroy
<== send mail success, m = 0x5406908 s = 0x541ba08
I have tried deleting all the "config automation" entries and re-adding them with the CLI instead of the GUI, but this changed nothing.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the debug output during a failure:
Arrived msg(type 9, 129 bytes):MYEMAILADDR;
Fortigate 1176 Config Changed
FGT[SERIALNUMBER] Automation Stitch:alert-conf-change is triggered.
test
mail_info:
from:MAIL_SERVER_IP user:noreply
mail_info:
reverse path:noreply@MAIL_SERVER_IP
user name:noreply
to[0]:MYEMAILADDR
<==_init_mail_info
create session
resolve MAIL_SERVER_IP to 1 IP
==> send mail
connecting to MAIL_SERVER_IP port 25
create session
resolve MAIL_SERVER_IP to 1 IP
==> send mail
connecting to MAIL_SERVER_IP port 25
send mail 0x541beb8 session 0x541ea40
session: 0x541ba08, rsp_state: greeting, code: 220
session: 0x541ba08, rsp_state: ehlo, code: 250
session: 0x541ba08, rsp_state: mail, code: 501
session: 0x541ba08, rsp_state: quit, code: 221
session finined
_session_on_destroy
<== send mail failed, m = 0x5405e90 s = 0x541ba08
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this is a mail failure. This is not a firewall question really, its an SMTP question.
Your test and the real message are different. One has your email address, one has a noreply email address. It's entirely possible that they're going to behave differently.
Your message generated a 501. See "session: 0x541ba08, rsp_state: mail, code: 501". Do you have access to the mail server side logs, so you can see more detail behind what the error was ? My initial guess is that this is an issue with the server not permitting an invalid sender to submit a message - try using your email in the triggered message
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,718 -
FortiClient
1,767 -
5.2
801 -
FortiManager
731 -
5.4
639 -
FortiAnalyzer
559 -
FortiSwitch
476 -
FortiAP
473 -
FortiClient EMS
435 -
6.0
416 -
5.6
362 -
FortiMail
319 -
6.2
251 -
SSL-VPN
246 -
FortiAuthenticator v5.5
234 -
IPsec
210 -
FortiWeb
205 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
104 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
83 -
Customer Service
79 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
51 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
41 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
VDOM
30 -
FortiConnect
29 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiGate-VM
16 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1714 | |
| 1093 | |
| 752 | |
| 447 | |
| 232 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.