Trying to fine tune recipient verification on my FortiMail. I have LDAP setup to look up addresses in AD and that works fine....EXCEPT...if a user has multiple email addresses associated with their mailbox. For example. User: John Smith with a primary SMTP address of JSmith@Example.com matches thru the LDAP query and allows mail. But, if John Smith also has another address setup in Exchange on the same mailbox, such as JohnS@example.com
the FML will deny the email based on recipient. How do I setup LDAP to check for all addresses for a user?
Did you try with SMTP verification instead with LDAP verification?
On the other hand I always prefer avoid implementing such checks because I think it is better for security. I mean such feature will inform some bad senders that this recipient exists and that recipient doesn't exist.
I believe I've found the answer...Profile, LDAP, LDAP, NAME, User Query Option, change Schema to Active Directory.
As for bad senders, I have the FML set to Discard mail that fails this check, not Reject.
Hi,
Indeed. As smtp recipient verification it's not supported for your MSExchange backend, your new approach is the way to go.
AD Schema available under Fortimail LDAP profile covers the most standard AD setup; but if your specific setup involves aliases o distribution lists you also have "User Alias Option" and "Group Alias Option", both available under LDAP profile to cover all needed scenarios.
Regarding to bad senders, once tested and verified your LDAP profile, Discard is a better option IMHO, it avoids to send back extra information to bad sender.
regards
/ Abel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1751 | |
1114 | |
766 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.