Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
giovinco_06
New Contributor

HELO/EHLO domain is invalid

* A problem description I can' t receive the email from the domain catur.com and I got this error report at my customer site => < mail00.ltl.co.id #5.0.0 smtp; 5.1.0 - Unknown address error 554-' 5.7.1 This message has been blocked because the HELO/EHLO domain is invalid.' (delivery attempts: 0)> * A network diagram with the IP addressing clearly indicated Internet <=> Firewall <=> mail Server Anybody knows how to avoid this problem, since the email is not spam. I already try to make some whitelist, but it didn' t work out.. Fortigate still recognizes it as a spam.. thanks, aboe
FGC-110C v4.0 MR2 Patch 9 -aboe-
FGC-110C v4.0 MR2 Patch 9 -aboe-
6 REPLIES 6
Carl_Wallmark
Valued Contributor

try to uncheck the ehlo check in your spam profile. or else you have invalid domain settings, but not everyone follows the rfc standard regarding ehlo/helo.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
giovinco_06
New Contributor

Dear Selective, Thanks, I already uncheck for HELO DNS check. And i can receive the email. But i must sacrifice that my servers are attacked with a lot of spams. Maybe i will try to make BLfor email filter. thanks a lot bro
FGC-110C v4.0 MR2 Patch 9 -aboe-
FGC-110C v4.0 MR2 Patch 9 -aboe-
discoveryit
New Contributor

config spamfilter dnsbl edit 1 config entries edit 1 set action reject set server " zen.spamhaus.org" next edit 2 set action reject set server " bl.spamcop.net" next end set name " BlackList" next end also for MR2 config spamfilter profile edit " your spam profile" set spam-rbl-table 1
FCNSP
FCNSP
giovinco_06
New Contributor

thanks discovery, I' m quite frustrated because my servers still attacked by spammers from hinet.net I will try to edit the DNSBL from CLI using your source code. Hopefully it will work GBU, -aboe-
FGC-110C v4.0 MR2 Patch 9 -aboe-
FGC-110C v4.0 MR2 Patch 9 -aboe-
giovinco_06
New Contributor

Dear Discovery Thanks for your tips, In couple of days ago, I monitored the traffic, and it really worked. All spams are dissapear now. May I ask for one more question, Do the SPAM problem also related with my " SMTP incoming" policy ? In my " SMTP incoming" mail policy, I checked the NAT. I read couple of old threads, it said that, NAT should not be checked for SMTP incoming. thanks,
FGC-110C v4.0 MR2 Patch 9 -aboe-
FGC-110C v4.0 MR2 Patch 9 -aboe-
ede_pfau
SuperUser
SuperUser

If you check the NAT option on an incoming policy, the source IP of the internet host will be replaced by the IP of the external interface of your Fortigate (usually wan1). If the spam filter is setup to check the source IP against an IP blacklist (DNSRBL) then it will only check your external IP in every incoming mail against the list...this effectively disables the IP spam check.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors