FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
tinkpen_FTNT
Staff
Staff
Article Id 194804
Description
This article explains how to block all emails to Exchange groups requiring authentication using the FortiMail.

Solution
Under Profiles >  LDAP modify the existing LDAP query or create a new one if one does not exist.  The creation of LDAP profiles is explained in the FortiMail Administration Guide.

In the LDAP profile expand "User Query Options" and modify the query using the following query:
(&(|(objectClass=user)(objectClass=group)(objectClass=publicFolder))(|(proxyAddresses=smtp:$m)(mail=$m))(!(msExchRequireAuthToSendTo=TRUE)))
The & means AND, the | means OR, and ! means negation.

So the query means:

"Bring in data where objectclass is either user or group or publicfolder AND the proxyaddress attribute OR the mail attribute has values."

Add another AND attribute where  msExchRequireAuthToSendTo cannot equal TRUE.

This has been tested with users and groups that have both TRUE and FALSE.  The ones that have TRUE do not exist anymore and the rest return successfully as expected.

Ensure that the main recipient policy is using "LDAP group" under "Recipient Pattern".

Please note that the Fortinet TAC does not support the writing of custom LDAP Queries.

Contributors