Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
But in your outgoing AS profile you have " Treat SPF checking failed email as spam" enabled right?No - And as I use a proper SPF record for this domain - Which does not include my private DMZ IP addresses, I would really already have recognized... I checked it a couple of times. On all policies that apply: from the log above: <snip> Direction out Policy IDs 1:3:1 </snip> None of those 3 applying policies had SPF checking or Deep Header enabled...
Ok, let us know what support says... I haven' t been able to block a blacklisted IP address based on X-Originating-IP even with deep header enabled.Yes sure - I update you here! I found that trouble with the totally opposite way - We got some users who are blacklisted on their internet access, but need to send via SMTPS over the Exchange. And those users where blocked due to normal Fortiguard Black IP scan on mails coming from Exchange - As Deep Scanning was disabled and the only thing new was the X-Originating-IP Attribute, which came with Exchange 2013 into this infrastructure - Postfix didn' t use it...
To be honest I' m surprised you don' t have SPF enabled in the AS or session profiles at all... typically the Fortimail would use the connecting IP for SPF check but if the connecting IP is in a private address range then it looks at the last Received header for SPF regardless of whether deep header is enabled.I aggreed on this statement and is how I handle AS protection. I drop maybe 2-5% of email due to SPF checks thru-out the day. Not a lot but it helps. On the exchange-server, i would build a profile that does not use deep-header check nor SPF validation. This would prevent AS inspection dropping mail, that' s legit. You can always disable AS inspection for mail from trusted host but it' s adviseable to ensure proper mail from trusted inside relays. fwiw: Since " X-Originating-IP" covers the sender, you could build a ip based policy on this source/mask and allow this traffic.
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.