I have a second mail gateway receiving e-mails from internet and forwards them to my FortiMail.
By default my FortiMail sends all these received e-mails to quarantine, since they fail SPF check (all mails from external domains are received on behalf of my 2nd SMTP gateway's public IP).
So my workaround was to add on my FML an IP policy without SPF check, dedicated to the second SMTP gateway's IP.
However I guess there should be a formal and clean method to tell my FortiMail that the second SMTP gateway is actually a legitimate SMTP gateway, so that my FML considers it as SMTP gateway and does the job properly.
Hello Aek I don´t know if I fully understand your post: are you asking for an alternative solution to solve your special setup?
I don´t see your approach as a 'dirty' one;
If you're checking SPF records with a quarantine action if failed, your FML is working correctly. Your specific scenario with another gateway requires an exception. An IP policy (with ´Take precedence over recipient based policy match' flag checked) is a clean approach to solve your scenario I guess.
Actually yes I'm searching for the "standard" solution, since I think my solution (IP policy with SPF check disabled) seems like a workaround. I guess there is a standard/clean way to make SMTP gateways work with each others.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.