AnsweredPermit some senders to bypass ehlo/helo check

New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/02/11 10:14:39
  • Status: offline
2016/07/12 17:52:22 (permalink) FortiMail

Permit some senders to bypass ehlo/helo check

Using FortiMail 200D, Firmware version: 5.3.1
I've activated the next checks in the Session Profile

But I'd like to permit some known senders to bypass it.
I have tried, without result:
  • Activate "Enable sender safelist checking" in Session Policy and add the addresses
  • Add the address in AntiSpam > Domain >  Safe List 
  • Add an entry in Policy > Access Control with Action=Safe:
    • Sender Pattern: *
    • Recipient Pattern: *
    • Sender IP: TheirIP/32
    • Reverse DNS: -/*
    • Auth Status: Any
    • Action: Safe
However I still see the rejected mail in the log:
AntiSpam Log:
Message: Invalid ehlo/helo domain. ( )
Client: []
History Log:
Classifier: Session Domain
Disposition: Reject
Event Log:
Message Milter: from=<>, reject=550 5.5.0 Invalid EHLO/HELO domain
So, where should I put the address for not be rejected?
Thanks in advance.
Expert Member
  • Total Posts : 3647
  • Scores: 55
  • Reward points: 0
  • Joined: 2005/03/31 13:28:59
  • Location: Buenos Aires, Argentina
  • Status: offline
Re: Permit some senders to bypass ehlo/helo check 2016/07/13 11:20:06 (permalink) ☼ Best Answerby rfg76 2016/08/17 11:33:31
5 (1)
configure another session profile without such ehlo/helo restrictions and apply to a new IP policy
That IP policy should match origin ip/sender  where your safe users traffic is coming from.
Don't forget to check last "take precedence over recipient policy..." checkbox  and to move this new ip policy above general one.
i hope it helps.

Jump to:
© 2020 APG vNext Commercial Version 5.5