Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ideait
New Contributor II

Fortimail SMTP AUTH Failure From clients that do not use web mail (ex: printers, mobile client)

Hi, I have this problem related to my Fortimail unit.

I have installed the fortimail unit in front of a zimbra mail server in transparent mode, on the same DMZ subnet and obviously behind the fortigate.

Incoming connections are coming from port 1 configured for smtp proxy are inbound and enabling local connections

While the server is enabled on port 3 and is in pass trought both incoming and outgoing.

On the fortimail unit only one domain "example.com" is configured and the relay type is set as HOST by specifying the IP address of the mail server behind the fortimail unit, making the conection rest on relay host, everything works.

I can send mails and receive them without any problems, again from webmail.

On the other hand, when I try to connect with a client from an external network such as a mobile device or from an internal network such as a printer that sends scans via mail.

I get the error SMTP AUTH Failure.

Conversely, if the relay type on the domain is set as MX record and no longer specifying the mail server host, the error no longer occurs

But the fortimail unit no longer collects the logs, as if it engorges to protect that domain by being completely transparent and not performing any kind of control over the mail traffic in transit.

What could the SMTP AUTH failure error be due to?
I have also tried creating an SMTP authentication profile and associating it with an IP policy that allows traffic from any ip address to any address ip

 

Miguel Sotomayor Gonzalez
Miguel Sotomayor Gonzalez
1 Solution
ideait
New Contributor II

I solved the issue, basically I had to enable the proxy even for outbound sessions which are handled by a separate entry in system->mail setting->proxy
Next I created an SMTP authentication profile that would send back to my server on port 465 enabling SSL and STARTTLS.
This profile was associated with an Ip-policy and enabled SMTP authentication, as well as baypassed the spam check for authenticated SMTP connections.

Miguel Sotomayor Gonzalez

View solution in original post

Miguel Sotomayor Gonzalez
10 REPLIES 10
ideait
New Contributor II

I solved the issue, basically I had to enable the proxy even for outbound sessions which are handled by a separate entry in system->mail setting->proxy
Next I created an SMTP authentication profile that would send back to my server on port 465 enabling SSL and STARTTLS.
This profile was associated with an Ip-policy and enabled SMTP authentication, as well as baypassed the spam check for authenticated SMTP connections.

Miguel Sotomayor Gonzalez
Miguel Sotomayor Gonzalez
Labels
Top Kudoed Authors