AnsweredPermit some senders to bypass ehlo/helo check

Author
rfg76
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/02/11 10:14:39
  • Status: offline
2016/07/12 17:52:22 (permalink) FortiMail
0

Permit some senders to bypass ehlo/helo check

Using FortiMail 200D, Firmware version: 5.3.1
 
I've activated the next checks in the Session Profile

But I'd like to permit some known senders to bypass it.
I have tried, without result:
  • Activate "Enable sender safelist checking" in Session Policy and add the addresses
  • Add the address in AntiSpam > Domain >  Safe List 
  • Add an entry in Policy > Access Control with Action=Safe:
    • Sender Pattern: *@mail.telcel.com
    • Recipient Pattern: *@mydomain.com
    • Sender IP: TheirIP/32
    • Reverse DNS: -/*
    • Auth Status: Any
    • Action: Safe
However I still see the rejected mail in the log:
 
AntiSpam Log:
Message: Invalid ehlo/helo domain. ( xiang.telcel.com )
Client: mail.telcel.com [200.38.208.219]
 
History Log:
Classifier: Session Domain
Disposition: Reject
 
Event Log:
Message Milter: from=< someaddr@mail.telcel.com>, reject=550 5.5.0 Invalid EHLO/HELO domain
 
So, where should I put the address for not be rejected?
 
Thanks in advance.
Roberto.
#1
abelio
Expert Member
  • Total Posts : 3630
  • Scores: 55
  • Reward points: 0
  • Joined: 2005/03/31 13:28:59
  • Location: Buenos Aires, Argentina
  • Status: offline
Re: Permit some senders to bypass ehlo/helo check 2016/07/13 11:20:06 (permalink) ☼ Best Answerby rfg76 2016/08/17 11:33:31
5 (1)
Hello
configure another session profile without such ehlo/helo restrictions and apply to a new IP policy
That IP policy should match origin ip/sender  where your safe users traffic is coming from.
Don't forget to check last "take precedence over recipient policy..." checkbox  and to move this new ip policy above general one.
 
i hope it helps.

regards
--
Abel
#2
Jump to:
© 2019 APG vNext Commercial Version 5.5