Configuring mail settings : Configuring protected domains : Configuring transparent mode options
Configuring transparent mode options
This section appears only when the FortiMail unit operates in transparent mode.
1. Go to Mail Settings > Domains > Domains.
2. Either click New to create a new protected domain, or click an row to modify it.
A multisection dialog appears. Its options vary with the operation mode.
3. Click the arrow to expand the transparent mode settings section.
4. Configure the following:
 
GUI item
Description
This server is on
Select the network interface (a port) to which the protected SMTP server is connected.
Note: Selecting the wrong network interface will result in the FortiMail sending email traffic to the wrong network interface.
Hide the transparent box
Enable to preserve the IP address or domain name of the SMTP client for incoming email messages in:
the SMTP greeting (HELO/EHLO) in the envelope and in the Received: message headers of email messages
the IP addresses in the IP header
This masks the existence of the FortiMail unit to the protected SMTP server.
Disable to replace the SMTP client’s IP address or domain name with that of the FortiMail unit.
For example, an external SMTP client might have the IP address 172.168.1.1, and the FortiMail unit might have the domain name fortimail.example.com. If the option is enabled, the message header would contain (difference highlighted in bold):
 
 
Received: from 192.168.1.1 (EHLO 172.16.1.1) (192.168.1.1) by smtp.external.example.com with SMTP; Fri, 24 Jul 2008 07:12:40 -0800
Received: from smtpa ([172.16.1.2]) by [172.16.1.1] with SMTP id kAOFESEN001901 for <user1@external.example.com>; Fri, 24 Jul 2008 15:14:28 GMT
But if the option is disabled, the message headers would contain:
Received: from 192.168.1.1 (EHLO fortimail.example.com) (192.168.1.1) by smtp.external.example.com with SMTP; Fri, 24 Jul 2008 07:17:45 -0800
Received: from smtpa ([172.16.1.2]) by fortimail.example.com with SMTP id kAOFJl4j002011 for <user1@external.example.com>; Fri, 24 Jul 2008 15:19:47 GMT
For more information on transparency, see “Transparency of the proxies and built-in MTA”.
Note: If the protected SMTP server applies rate limiting according to IP addresses, enabling this option can improve performance. The rate limit will then be separate for each client connecting to the protected SMTP server, rather than shared among all connections handled by the FortiMail unit.
Note: Unless you have enabled “Take precedence over recipient based policy match” in the IP-based policy, this option supsersedes the “Hide this box from the mail server” option in the session profile, and may prevent it from applying to incoming email messages.
Use this domain’s SMTP server to deliver the mail
Enable to use the protected SMTP server, instead of the FortiMail built-in MTA, to deliver outgoing email messages from the SMTP clients whose sending MTA is the protected SMTP server.
For example, if the protected domain example.com has the SMTP server 192.168.1.1, and an SMTP client for user1@example.com connects to it to send email to user2@external.example.net, enabling this option would cause the FortiMail unit to pass the mail message via its built-in MTA to the protected SMTP server, which will deliver the message.
Disable to relay email using the built-in MTA to either the SMTP relay defined in “Configuring SMTP relay hosts”, if any, or directly to the MTA that is the mail exchanger (MX) for the recipient email address’s (RCPT TO:) domain. The email may not actually travel through the protected SMTP server, even though it was the relay originally specified by the SMTP client.
This option does not affect incoming connections containing incoming email messages, which will always be handled by the built-in MTA. For details, see “When FortiMail uses the proxies instead of the built-in MTA”.
Note: This option will be ignored for email that matches an antispam or content action profile.