Troubleshooting

Problem

The event log shows Milter (mailfilterd): timeout before data read, where=eom.

Solution

This may be caused by the following reason:

If an email message contains a shortened URI that redirects to another URI, the FortiMail unit is able to send a request to the shortened URI to get the redirected URI and scan it against the FortiGuard AntiSpam database. By default, this function is enabled. To use it, you need to open your HTTP port to allow the FortiMail unit to send requests for scanning the redirected URI.

This also means, if the upstreaming device (firewall, router, etc.) does not allow HTTP traffic from the FortiMail unit, FortiMail’s HTTP request to FortiGuard servers will get timeout.

To solve this problem

  • Allow HTTP/HTTPS outbound traffic from the FortiMail unit on the upstreaming device.

or

  • Run the following CLI commands on FortiMail to disable the feature: config system fortiguard antispam set uri-redirect-lookup disable end

When recipient verification is enabled on the Microsoft Exchange server, all email is rejected.

Solution

By default, Microsoft Exchange servers will not verify the recipient. With an Microsoft Exchange server as the MTA, it is recommended to configure the FortiMail to use LDAP to do recipient verification using the Microsoft Active Directory service. Alternatively, you can configure Microsoft Exchange to enable SMTP recipient verification.

To configure recipient verification on a Microsoft Exchange server

  1. Open the Microsoft Exchange system manager and go to Global settings > Message Delivery > Properties.
  2. Enable Recipient Filtering.
  3. Click Filter recipients who are not in the Directory.
  4. Go to Administrative Groups > First Administrative Group > Servers > [your server] > SMTP > the default SMTP virtual server > Properties.
  5. Click Advanced.
  6. Click Edit.
  7. Click Apply Recipient Filter.
  8. Click OK.

To test the configuration, open a Telnet connection to port 25 of your Microsoft Exchange server.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.