- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Session Domain - Reject
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Session Domain - Reject
I need help with pin-pointing where/what is causing the disposition on mail we're trying to receive form a a sender. I have submitted a ticket to support (2nd time) and not getting any help from them. Not much available on this topic in the KB also. Attached I have a screenshot of the log.
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue is caused by the fact that security3.co.za is a non-existent domain so FortiMail is correctly doing its job and you are right not to turn that check off.
You could bypass, but this is really something fundamental DNS issue that the client needs to sort. At a guess, they probably have a config issue in this automated messaging system and there is a subdomain missing from the sending address e.g. secuirty3.domain.co.za. I would push it back to them to resolve.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Reghardt
Do refer to http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD40529
Session domain means the recipient email domain unable to be resolved via configured DNS. You can quickly do a MX lookup on the recipient email domain using the DNS to verify.
Regards
Chan Eng Siang
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Right mouse click on the log entry and do a cross search. These will identify the source of the block. Look in the Mail Event logs as this is likely related to not being able to resolve the sender domain which is configured under Session Profile > Unauthenticated Session Settings > Check Sender Domain.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Right click on the log entry just give the same information in the first default view (the list after the search)
ColumnContent[id="ext-gen2949"]#4643[2017-07-06[11:20:00[id="ext-gen2963"]ClassifierSession Domain[id="ext-gen2946"]DispositionReject[id="ext-gen2955"]Fromvideofied@security3.co.za[v669JF5s028342-v669JF5u028342[scrub1.mailzone.co.za [41.138.92.75]["REMOVED"[0[unknown[mta[0:1:0[OK[0200028343LevelinformationTypestatistics
I could not tell where in the policy the reason is for the block, but you've mentioned it's under; Session Profile > Unauthenticated Session Settings > Check Sender Domain. I can turn that off, but that will affect the global policy for all incoming mail, and I don't want to risk turning it off. So is this something the client will need to address his/her side? I believe this is a automated system message so convincing the other side will not be in my favor. Is the the only other possible solution then to setup a separate policy with this option disabled for the specific domain, and place this policy above the default one? Thanks,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue is caused by the fact that security3.co.za is a non-existent domain so FortiMail is correctly doing its job and you are right not to turn that check off.
You could bypass, but this is really something fundamental DNS issue that the client needs to sort. At a guess, they probably have a config issue in this automated messaging system and there is a subdomain missing from the sending address e.g. secuirty3.domain.co.za. I would push it back to them to resolve.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Carl - This was my thinking too. Rather let them practice better mail protocol than having others at risk by allowing potential threads in.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NXDOMAIN means no such domain in common sense, think about it in this shape
"why would you allow mail in from a domain that does not exist ? ", you can never reply to the sender ;)
So yes I agree the FML is doing it's job correctly. Mail sent from "non domains" are highly suspected as spam or mis-configurations, etc......
The same for mail sent from mail.domain that have no MX
just my 2ct opinions.
Ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Related Posts
- check if sender MX points to... 137 Views
- Fortiauthenticator domain computer 242 Views
- FortiClient VPN - Error 6005 10333 Views
- How to enable FortiMail ARC Sealing 584 Views
- Fortigate Memory Issue due to DNS... 490 Views
Labels
-
FortiGate
6,566 -
FortiClient
1,308 -
5.2
801 -
5.4
639 -
FortiManager
566 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
336 -
FortiAP
336 -
FortiClient EMS
267 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
25 -
Firewall policy
24 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
IP address management - IPAM
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SSO
6 -
Traffic shaping policy
5 -
SNMP
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Web application firewall profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
Fortinet Engage Partner Program
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Schedule
1 -
SDN connector
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Web rating
1 -
FortiManager-VM
1 -
Email filter profile
1 -
Multicast routing
1 -
Internet Service Database
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.