Hi,
Our Foritgate appliance is configured to send email alerts, which are being received for all the desired events. However, when using FortiToken, we do not get our activation code via email. While the firewall shows that the email has been sent successfully.
Is there a way to track outgoing email from our FortiGate appliance?
Version: 6.0
Hi, for debugging you can use following: diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug application alertmail -1
send the activation mail, then disable debug by:
diag debug disable
diag debug reset
Best Regards,
Alivo
livo
Useful command line info but where do you find the debug information? I have the same issue when trying to send either email or SMS for a 2FA verification code.
davepartridge wrote:Leave the CLI open. The output displays to the console. (Just minimize it while you send the test/activation email or connect with a 3rd party SSH client like Putty so you can do both and not lose your console output).Useful command line info but where do you find the debug information? I have the same issue when trying to send either email or SMS for a 2FA verification code.
thks !
When the sending of email fails, the fortigate falls back on notification.fortinet.net (which leads to an SPF problem)
Examples:
Can you please clarify where in the debug does it show that the FortiGate is supposedly falling back to notification.fortinet.com? The FQDN is not mentioned anywhere in the debugs, and the IP used doesn't match that server either. (the IP shown is some Google server.
Late to this game, but I ran into this tonight.
When Fortinet sends the email with the activation code, it sends it from the user who is also the recipient, and there are plenty of email systems - including mine and that of my customer - who reject emails *from* a user who is part of the receiving domain but not properly authenticated to that domain.
Figured this out tonight with an outstanding Fortinet tech (hi Jai!) while watching my mailserver logs, and this is clearly a bug that is unaware of anti-spam countermeasures in the last 10 years.
I'm about to open a defect ticket.
Created on 05-11-2022 02:51 PM Edited on 05-11-2022 03:13 PM
@SJFriedl You are absolutely right! I just checked my email headers and it is indeed sending it from FortiGuard servers as myself! This is unbelieveable! Anyone with SPF set up correctly will fail this email. It goes to show how inept the ones who wrote this routine were when they wrote it about email security and that nobody has cared enough to fix it, like you well put "in the last 10 years" or more.
I'm gonna follow suit and open a ticket as well.
EDIT: Wait, it seems to be more complicated that it first appeared. The activation code email actually originated from the firewall, not from the FortiGuard servers. So technically, it is originating from inside your network and SPF should be ok. However, at some point, the notifications.fortinet.net server takes over the message as if it has sent it itself and the next hop does indeed complain about an SPF error.
Created on 05-11-2022 03:32 PM Edited on 05-11-2022 03:36 PM
I'm almost sure FGT picks email address under System->Settings->Email Service->Default Reply-to for the source address of any self-originated email. Or "config system email-server/set reply-to" in CLI.
Have to set it up? If not set, it might use the destination address because no other immediate options.
Toshi
Yeah, I just checked and I have it blank on mine. I didnt want to change a default setting without knowing what it did. That's good to know. However, this does not solve the SPF problem since these messages are being relayed through notifications.fortinet.net and any mail gateway obeying SPF will reject them. It seems the only solution is to designate notifications.fortinet.net as a permitted sender in the SPF config line.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.