- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- 60E 6.0.4 - email alerts to custom SMTP server giv...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
60E 6.0.4 - email alerts to custom SMTP server giving "illegal syntax" error
The 60E device is configured to use an internal SMTP server. The server has IP address 192.168.220.2 is running Postfix on Linux. The Fortigate is 192.168.220.1. Here is the output of "config system email-server":
config system email-server
set reply-to "user@domain.com"
set server "192.168.220.2"
end
Here is the output of "config system alertemail settings":
config alertemail setting
set username "user@domain.com"
set mailto1 "user@domain.com"
set antivirus-logs enable
set FDS-license-expiring-warning enable
set FDS-license-expiring-days 30
end
The Postfix mail server is reporting the following in its logs when the Fortigate tries to send an email:
Jun 03 21:35:08 MX-VM postfix/smtpd[18619]: connect from _gateway[192.168.220.1]
Jun 03 21:35:08 MX-VM postfix/smtpd[18619]: warning: Illegal address syntax from _gateway[192.168.220.1] in MAIL command: <noreply@192.168.220.2>
Jun 03 21:35:08 MX-VM postfix/smtpd[18619]: disconnect from _gateway[192.168.220.1] ehlo=1 mail=0/1 quit=1 commands=2/3
Seems like the Fortigate is trying to use "noreply@192.168.220.2" as the From: value.
Whats going on?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
please post the output of those commands:
di deb reset
di deb di
diagnose debug application alertmail -1
diagnose debug enable
diagnose log alertmail test
Thanks
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey there,
try this: unset reply-to under 'config system email-server'
or set 'source -ip' under 'config system email-server' (to the ip of the "email sending" interface)
Regards
sudo apt-get-rekt
sudo apt-get-rekt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the config with the requested changes:
MYFORTINET # show system automation-action
config system automation-action
edit "alert-conf-change_email"
set action-type email
set email-to "MYEMAILADDRESS"
set email-from "MYEMAILADDRESS"
set email-subject "Fortigate Config Changed"
set message "test"
next
end
MYFORTINET # show system automation-destination
config system automation-destination
edit "0"
set destination "SERIALNUMBER"
next
end
MYFORTINET # show system automation-stitch
config system automation-stitch
edit "alert-conf-change"
set trigger "alert-conf-change"
set action "alert-conf-change_email"
next
end
MYFORTINET # show system automation-trigger
config system automation-trigger
edit "alert-conf-change"
set event-type config-change
next
end
MYFORTINET # show system email-server
config system email-server
set server "MAIL_SERVER_IP"
set source-ip FORTINET_IP
end
Here is the output of the requested commands. The test email from these commands arrives successfully, but the emails notifying a config change fail with the "illegal syntax" error:
Arrived msg(type 4, 91 bytes):Alert Mail Test
Message body (log level = 1):
1st Line
2nd Line
(2020-06-18 02:25:50)
mail_info:
from:MAIL_SERVER_IP user:MYEMAILADDRESS
mail_info:
reverse path:MYEMAILADDRESS
user name:admin
to[0]:MYEMAILADDRESS
to[1]:
to[2]:
<==_init_mail_info
create session
resolve MAIL_SERVER_IP to 1 IP
==> send mail
connecting to MAIL_SERVER_IP port 25
send mail 0x5406908 session 0x541ba08
session: 0x541ba08, rsp_state: greeting, code: 220
session: 0x541ba08, rsp_state: ehlo, code: 250
session: 0x541ba08, rsp_state: mail, code: 250
session: 0x541ba08, rsp_state: rcpt, code: 250
session: 0x541ba08, rsp_state: data, code: 354
=== send: Alert Mail Test
Message body (log level = 1):
1st Line
2nd Line
(2020-06-18 02:25:50)
session: 0x541ba08, rsp_state: data2, code: 250
session: 0x541ba08, rsp_state: quit, code: 221
session finined
_session_on_destroy
<== send mail success, m = 0x5406908 s = 0x541ba08
I have tried deleting all the "config automation" entries and re-adding them with the CLI instead of the GUI, but this changed nothing.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the debug output during a failure:
Arrived msg(type 9, 129 bytes):MYEMAILADDR;
Fortigate 1176 Config Changed
FGT[SERIALNUMBER] Automation Stitch:alert-conf-change is triggered.
test
mail_info:
from:MAIL_SERVER_IP user:noreply
mail_info:
reverse path:noreply@MAIL_SERVER_IP
user name:noreply
to[0]:MYEMAILADDR
<==_init_mail_info
create session
resolve MAIL_SERVER_IP to 1 IP
==> send mail
connecting to MAIL_SERVER_IP port 25
create session
resolve MAIL_SERVER_IP to 1 IP
==> send mail
connecting to MAIL_SERVER_IP port 25
send mail 0x541beb8 session 0x541ea40
session: 0x541ba08, rsp_state: greeting, code: 220
session: 0x541ba08, rsp_state: ehlo, code: 250
session: 0x541ba08, rsp_state: mail, code: 501
session: 0x541ba08, rsp_state: quit, code: 221
session finined
_session_on_destroy
<== send mail failed, m = 0x5405e90 s = 0x541ba08
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this is a mail failure. This is not a firewall question really, its an SMTP question.
Your test and the real message are different. One has your email address, one has a noreply email address. It's entirely possible that they're going to behave differently.
Your message generated a 501. See "session: 0x541ba08, rsp_state: mail, code: 501". Do you have access to the mail server side logs, so you can see more detail behind what the error was ? My initial guess is that this is an issue with the server not permitting an invalid sender to submit a message - try using your email in the triggered message
Related Posts
- Which Firewall of Fortigate help me... 109 Views
- FortiExtender Cloud 24.1 is now Released! 113 Views
- Fortinet Developer Network Access 117 Views
- Setting up Automation Stitch for SSL... 209 Views
- DNS Server not resolving internal IP's 303 Views
Labels
-
FortiGate
6,453 -
FortiClient
1,289 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
410 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
67 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.