Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NeoRant
Contributor

Created on ‎05-17-2024 11:10 AM

Fortimail 7.4.1 - Create exceptions for blocked domains/emails

Hi guys,

 

Fortimail is POWERFUL.

 

Been getting some calls now from staff, that some of their mails are being blocked, required for work. Fortimail is working great i tell you, spam is being caught well, anything looks off, it is snatched for quarantined or blocked. I used an antispam inbound profile that is not so robust, but it seems like it is STILL kinda robust lol.

 

However, i would like to create some exceptions for certain email domains so these mails can pass via. Some mails are not even being quarantined; they are just blocked totally.

 

How can i set these exceptions and where specifically?blocked mail..jpg

 

 

Labels:
1345
0 Kudos
1 Solution
AEK
SuperUser
SuperUser

Created on ‎05-17-2024 12:33 PM

Hi NeoRant

I don't know what exactly means "Sender domain check failed", but I think this means like if FortiMail couldn't resolve the sending domain of the sender (in your screenshot you hid the domain). However as per the FML check execution sequence it seems you can't allow just by adding to safelist.

Personally to allow this I'd first investigate why FML can't resolve this domain (probably DNS issue). Then if I'm sure of what I'm doing (sender is 100% legitimate), I'd do as follows:

  1. create a new IP policy with the sender IP as source
  2. clone the inbound session profile
  3. in the newly created inbound session profile, under "Unauthenticated Session Settings" section, disable the "Check sender domain"
  4. leave all other profiles as the ones used for your 0.0.0.0 inbound IP policy
  5. put the newly created IP policy at top so it is matched before the 0.0.0.0 IP policy

Hope it helps

AEK

View solution in original post

AEK
1323
9 REPLIES 9
AEK
SuperUser
SuperUser

Created on ‎05-17-2024 12:33 PM

Hi NeoRant

I don't know what exactly means "Sender domain check failed", but I think this means like if FortiMail couldn't resolve the sending domain of the sender (in your screenshot you hid the domain). However as per the FML check execution sequence it seems you can't allow just by adding to safelist.

Personally to allow this I'd first investigate why FML can't resolve this domain (probably DNS issue). Then if I'm sure of what I'm doing (sender is 100% legitimate), I'd do as follows:

  1. create a new IP policy with the sender IP as source
  2. clone the inbound session profile
  3. in the newly created inbound session profile, under "Unauthenticated Session Settings" section, disable the "Check sender domain"
  4. leave all other profiles as the ones used for your 0.0.0.0 inbound IP policy
  5. put the newly created IP policy at top so it is matched before the 0.0.0.0 IP policy

Hope it helps

AEK
AEK
1324
NeoRant
Contributor
In response to AEK

Created on ‎05-17-2024 01:06 PM

Hi AEK, 

 

Thanks or your response. I am actually using the Recipient Policy for mail inspection.

 

Regards

1299
0 Kudos
AEK
SuperUser
SuperUser
In response to NeoRant

Created on ‎05-17-2024 01:42 PM

Hi NeoRant

It doesn't matter since the specific session profile is set in the IP policy.

AEK
AEK
1288
NeoRant
Contributor
In response to AEK

Created on ‎05-18-2024 08:44 PM

Hi AEK,

 

Yes i realised, my bad. Thank you again.

 

Regards

1231
NeoRant
Contributor
In response to AEK

Created on ‎05-20-2024 02:16 PM

Hi AEK, 

 

I did what you said and put the cloned ip policy(comprising the cloned session profile having the "check sender domain" unchecked) above my initial 0.0.0.0 IP policy. This new/cloned ip policy has as its source/sender e.g. 208.130.182.116/32 and destination of 0.0.0.0

 

I hope that's ok.

 

1165
0 Kudos
AEK
SuperUser
SuperUser
In response to NeoRant

Created on ‎05-20-2024 03:56 PM

Hi NeoRant

Yes, that's correct.

AEK
AEK
1149
NeoRant
Contributor
In response to AEK

Created on ‎05-21-2024 08:12 AM

Hi AEK,

 

Kindly see attached images.

 

 

So i applied your changes, you are of major help, THANKS. However, the classifier now changed from Session Domain to Recipient Verification. LOL, from one thing to the next I Tell you. Is there anything else I should turn off on this newly cloned IP Policy to allow mails or somewhere else in Fortimail. I dont believe I should even trouble my Recipient Address Verification (Domain->Domain&User), I have LDAP Server selected and Fortimail is flowing fine.

 

VTSSessionDomain.jpgVTSRecipVer.jpg

Any suggestions/fixes?

1122
0 Kudos
AEK
SuperUser
SuperUser
In response to NeoRant

Created on ‎05-22-2024 12:45 AM

Hi NeoRant

If I remember well the recipient address verification tells FML to check if the recipient address actually exists, this check can be done via LDAP, or  via SMTP directly with the backend mail server. I always leave this feature disabled since I didn't find any case where I actually need it.

AEK
AEK
1088
NeoRant
Contributor
In response to AEK

Created on ‎05-22-2024 05:41 AM

Hi AEK,

 

I forgot to update you earlier. Re: recipient verification - I already checked LDAP, the  AD account/user was in the wrong OU/not matching the binding lol, i resolved it.

Thanks much. You are a master AEK.

 

NEORANT

1069
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.