Permit some senders to bypass ehlo/helo check

rfg76 · ‎07-12-2016

Using FortiMail 200D, Firmware version: 5.3.1

I've activated the next checks in the Session Profile

But I'd like to permit some known senders to bypass it.

I have tried, without result:

[ul]

Activate "Enable sender safelist checking" in Session Policy and add the addresses

Add the address in AntiSpam > Domain > Safe List

Add an entry in Policy > Access Control with Action=Safe:[ul]

Sender Pattern: *@mail.telcel.com

Recipient Pattern: *@mydomain.com

Sender IP: TheirIP/32

Reverse DNS: -/*

Auth Status: Any

Action: Safe[/ul][/ul]

However I still see the rejected mail in the log:

AntiSpam Log:

Message: Invalid ehlo/helo domain. ( xiang.telcel.com ) Client: mail.telcel.com [200.38.208.219]

History Log:

Classifier: Session Domain Disposition: Reject

Event Log:

Message Milter: from=<someaddr@mail.telcel.com>, reject=550 5.5.0 Invalid EHLO/HELO domain

So, where should I put the address for not be rejected?

Thanks in advance.

Roberto.

abelio · ‎07-13-2016

Hello

configure another session profile without such ehlo/helo restrictions and apply to a new IP policy

That IP policy should match origin ip/sender where your safe users traffic is coming from.

Don't forget to check last "take precedence over recipient policy..." checkbox and to move this new ip policy above general one.

i hope it helps.

regards

/ Abel