Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Troubleshooter_73
New Contributor III

Reject Empty Domains - Risk Assessment

Topic

We had to disable "Reject Empty Domains" in a Session Profile, because we cant find another solution.

 

Why?

The system rejected E-Mails from an Cloud Provider, because the DSN messages was sent with an empty sender and my customer want to receive this E-Mails to get the Non Delivery Report for it's users.

We created a IP Profile with the sending IPs as a IP Group, but the messages does not match it at all.

Yes, we placed it before the global IP policy with remote IPs 0.0.0.0/0.

We disabled the empty domain check in the Session Profile, we enabled Bounce Verification gloibal and add the Cloud Provider mailserver name to the "Verification Exempt List". Everythings works fine now, how expected.

 

Why this Topic, if everything works fine now?

We heard of a risk (Bounces and DSN and Blacklisting), if we disable this feature global and want to ask if there is anybody who's able to explain this risk and / or maybe can turn us to the right direction for another solution, so we are able to further reject empty domains global, but not from the Cloud Provider IPs or names.

 

System Details

System: Fortimail 200D (A/P Cluster)

Firmware: 5.2.6 GA

Internal Mail Host: Exchange 2010



FCNSA 5, FCNSP 5, NSE 4

FCNSA 5, FCNSP 5, NSE 4
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors