This article describes how to troubleshoot when the FortiMail did not quarantine an email when DMARC failed.
Scope
FortiMail.
Solution
FortiMail combines non-final actions set in the antispam profile with the actions set in the DMARC DNS record policy.
If the antispam profile DMARC actions are non-final, such as ‘Tag subject’ and ‘Notify’, then they are combined with the actions in the DMARC DNS record policy: none, reject, or quarantine.
This happens when the FortiMail configuration is:
config antispam settings set dmarc-failure-action use-profile-action-with-none
Refer to the following document to know more about FortiMail actions: How FortiMail processes email.
Solution:
To configure FortiMail to use antispam policy action, run the below command:
config antispam settings set dmarc-failure-action use-policy-action
As a result, if the email fails the DMARC check, it will perform the FortiMail action and ignore the DNS record policy.