Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Amranifares
New Contributor II

Created on ‎10-13-2024 11:06 PM

FortiGate does not send Two-Factor activation code email to other domains

i have configure the SSL vpn users with MFA using email so when i put the same domain i am integrated it is working fine but when using other domains or gmail it is not working

 

 

below for none-working logs -i have changed some details-

2024-10-13 16:53:13 Arrived msg(type 6, 83 bytes):user1@domain.net.sa
AuthCode: 176743
Your authentication token code is 176743.

2024-10-13 16:53:13 mail_info:
from:192.168.100.108 user:MFA@MFA.com.sa
2024-10-13 16:53:13 mail_info:
reverse path:MFA@MFA.com.sa
user name:mfa
2024-10-13 16:53:13 to[0]:use1@domain.net.sa
2024-10-13 16:53:13 <==_init_mail_info
2024-10-13 16:53:13 create session
2024-10-13 16:53:13 resolve 192.168.100.100 to 1 IP
2024-10-13 16:53:13 ==> send mail
2024-10-13 16:53:13 connecting to 192.168.100.100 port 25
2024-10-13 16:53:13 send mail 0x917c640 session 0x919dd00
2024-10-13 16:53:13 session: 0x919dd00, rsp_state: greeting, code: 220
2024-10-13 16:53:13 session: 0x919dd00, rsp_state: ehlo, code: 250
2024-10-13 16:53:13 session: 0x919dd00, rsp_state: mail, code: 250
2024-10-13 16:53:13 session: 0x919dd00, rsp_state: rcpt, code: 550
2024-10-13 16:53:13 session: 0x919dd00, rsp_state: data, code: 503
2024-10-13 16:53:13 session: 0x919dd00, rsp_state: quit, code: 221
2024-10-13 16:53:13 session finined
2024-10-13 16:53:13 _session_on_destroy
2024-10-13 16:53:13 <== send mail success, m = 0x917c640 s = 0x919dd00
2024-10-13 16:53:46 Arrived msg(type 0, 507 bytes):Message meets Alert condition

 

 

 

Below logs for working logs

2024-10-13 17:08:43 Arrived msg(type 6, 84 bytes):user2@mfa.com.sa
AuthCode: 888041
Your authentication token code is 888041.

2024-10-13 17:08:43 mail_info:
from:192.168.100.100 user:mfa@mfa.com.sa
2024-10-13 17:08:43 mail_info:
reverse path:mfa@mfa.com.sa
user name:mfa
2024-10-13 17:08:43 to[0]:user2@mfa.com.sa
2024-10-13 17:08:43 <==_init_mail_info
2024-10-13 17:08:43 create session
2024-10-13 17:08:43 resolve 192.168.100.108 to 1 IP
2024-10-13 17:08:43 ==> send mail
2024-10-13 17:08:43 connecting to 192.168.100.108 port 25
2024-10-13 17:08:43 send mail 0x91e6270 session 0x918f700
2024-10-13 17:08:43 session: 0x918f700, rsp_state: greeting, code: 220
2024-10-13 17:08:43 session: 0x918f700, rsp_state: ehlo, code: 250
2024-10-13 17:08:43 session: 0x918f700, rsp_state: mail, code: 250
2024-10-13 17:08:44 session: 0x918f700, rsp_state: rcpt, code: 250
2024-10-13 17:08:44 session: 0x918f700, rsp_state: data, code: 354
2024-10-13 17:08:44 === send: Your authentication token code is 888041.

2024-10-13 17:08:44 session: 0x918f700, rsp_state: data2, code: 250
2024-10-13 17:08:44 session: 0x918f700, rsp_state: quit, code: 221
2024-10-13 17:08:44 session finined
2024-10-13 17:08:44 _session_on_destroy
2024-10-13 17:08:44 <== send mail success, m = 0x91e6270 s = 0x918f700

 

 

 

i do not knew why it is not working.

Labels:
847
0 Kudos
8 REPLIES 8
ebilcari
Staff
Staff

Created on ‎10-14-2024 12:16 AM

This seems like the SMTP server limitation, make sure that the email server (MFA.com.sa) allows to relay/send emails to external domains.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
827
Amranifares
New Contributor II
In response to ebilcari

Created on ‎10-14-2024 12:29 AM Edited on ‎10-14-2024 12:35 AM

Thanks Ebilcari,

thanks for the above reply.

i have checked the engineer from SMTP and he confirm all is fine and they are using office 365.

i notice that in the working logs i could see the logs below

2024-10-13 17:08:44 === send: Your authentication token code is 888041.

 

but in the none working i could not see it.

please share a URL if exist for the required setting on the SMTP it would be great.

 

regards,

 
822
Amranifares
New Contributor II
In response to Amranifares

Created on ‎10-14-2024 12:49 AM

i believe the firewall is not sending the otp email as they confirm that no email received when using different domain in the user setting.

 

807
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎10-14-2024 01:00 AM Edited on ‎10-14-2024 02:01 AM

"550 Blocked error or 550 Requested action not taken: mailbox unavailable is an SMTP (Simple Mail Transfer Protocol) error code. Put simply, this message means that the email you sent was blocked by the recipient's email hosting server, and returned to you."

 

Edit: Quoted

AEK
AEK
800
AEK
SuperUser
SuperUser

Created on ‎10-14-2024 02:07 AM Edited on ‎10-14-2024 02:09 AM

"This 503 error occurs when the client is explicitly configured to ignore authentication requirements or when an incorrect username and password pair is provided. You may check whether your email client is properly configured for SMTP authentication and whether your username and password are authentic"

 

Quoted as well.

I think you need to check the SMTP authentication. Your server may require authentication to send to outside, while it doesn't require for inside.

AEK
AEK
769
Amranifares
New Contributor II
In response to AEK

Created on ‎10-14-2024 08:36 AM Edited on ‎10-14-2024 09:07 AM

Great AEK, thanks for above info.

i have informed the same but issue not resolved unfotunatly.

i am trying to use the default configuration -Fortinet- but it is not working also ,i have checked it few hours back and it works fine but now it is not.

 

resolve notification.fortinet.net to 1 IP
==> send mail
connecting to 208.91.114.151 port 465
failed to connect
failed to connect
session_io_event: creating ssl structure for session 0x91db250
create_ssl: 0x7f96cb585000
error in SSL_connect (null)
_session_on_destroy
<== send mail failed, m = 0x91c8cc0 s = 0x91db250
session_io_event: creating ssl structure for session 0x91da440
create_ssl: 0x7f96cb585000
error in SSL_connect (null)
_session_on_destroy
<== send mail failed, m = 0x91bfdc0 s = 0x91da440
create session
resolve notification.fortinet.net to 1 IP
==> send mail
connecting to 208.91.114.151 port 465
create session
resolve notification.fortinet.net to 1 IP
==> send mail
connecting to 208.91.114.151 port 465

Screenshot 2024-10-14 190715.png

regards,

690
0 Kudos
AEK
SuperUser
SuperUser
In response to Amranifares

Created on ‎10-14-2024 10:31 AM

Please share the following:

show system email-server
AEK
AEK
659
Amranifares
New Contributor II
In response to AEK

Created on ‎10-14-2024 01:40 PM

Much appreciated  AEK

there was an ip address configured as a source ip that it dose not have internet access so i have removed it and it works fine.

 

 

# show system email-server
config system email-server
set server "notification.fortinet.net"
set port 465
set source-ip 192.168.10.98
set security smtps
end

631
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.