Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rfg76
New Contributor

Created on ‎07-12-2016 05:52 PM

Permit some senders to bypass ehlo/helo check

Using FortiMail 200D, Firmware version: 5.3.1

 

I've activated the next checks in the Session Profile

But I'd like to permit some known senders to bypass it.

I have tried, without result:

[ul]
  • Activate "Enable sender safelist checking" in Session Policy and add the addresses
  • Add the address in AntiSpam > Domain >  Safe List 
  • Add an entry in Policy > Access Control with Action=Safe:[ul]
  • Sender Pattern: *@mail.telcel.com
  • Recipient Pattern: *@mydomain.com
  • Sender IP: TheirIP/32
  • Reverse DNS: -/*
  • Auth Status: Any
  • Action: Safe[/ul][/ul]

    However I still see the rejected mail in the log:

     

    AntiSpam Log:

    Message: Invalid ehlo/helo domain. ( xiang.telcel.com ) Client: mail.telcel.com [200.38.208.219]

     

    History Log:

    Classifier: Session Domain Disposition: Reject

     

    Event Log:

    Message Milter: from=<someaddr@mail.telcel.com>, reject=550 5.5.0 Invalid EHLO/HELO domain

     

    So, where should I put the address for not be rejected?

     

    Thanks in advance.

    Roberto.

    • Labels:
    13426
    0 Kudos
    1 Solution
    abelio
    SuperUser
    SuperUser

    Created on ‎07-13-2016 11:20 AM

    Hello

    configure another session profile without such ehlo/helo restrictions and apply to a new IP policy

    That IP policy should match origin ip/sender  where your safe users traffic is coming from.

    Don't forget to check last "take precedence over recipient policy..." checkbox  and to move this new ip policy above general one.

     

    i hope it helps.

    regards




    / Abel

    View solution in original post

    regards / Abel
    3794
    0 Kudos
    1 REPLY 1
    abelio
    SuperUser
    SuperUser

    Created on ‎07-13-2016 11:20 AM

    Hello

    configure another session profile without such ehlo/helo restrictions and apply to a new IP policy

    That IP policy should match origin ip/sender  where your safe users traffic is coming from.

    Don't forget to check last "take precedence over recipient policy..." checkbox  and to move this new ip policy above general one.

     

    i hope it helps.

    regards




    / Abel

    regards / Abel
    3795
    0 Kudos
    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2024 Fortinet, Inc. All Rights Reserved.