Workflow to enable and configure authentication of email users
In general, to enable and configure email user authentication, you should complete the following:
1. If you want to require authentication for SMTP connections received by the FortiMail unit, examine the access control rules whose sender patterns match your email users to ensure that authentication is required (Authenticated) rather than optional (Any).
Additionally, verify that no access control rule exists that allows unauthenticated connections. For details, see
“Configuring access control rules”.
2. For secure (SSL or TLS) authentication:
3. If authentication will occur by querying an external authentication server rather than email user accounts locally defined on the FortiMail unit, configure the appropriate profile type, either:
5. For gateway mode or transparent mode, select the authentication profile in the IP-based policy or in the incoming recipient-based that matches that email user and enable
Use for SMTP authentication. If the user will use PKI authentication, in the incoming recipient-based policy, also enable
Enable PKI authentication for web mail spam access. For details, see
“Controlling email based on recipient addresses” and
“Controlling email based on IP addresses”.
For server mode, select the resource profile in the incoming recipient-based policy, and if users authenticate using an LDAP profile, select the LDAP profile. For details, see
“Controlling email based on recipient addresses”.