Concepts and workflow
Email protocols
SMTP
POP3
IMAP
HTTP and HTTPS
Client-server connections in SMTP
MTA
MUA
Incoming versus outgoing directionality
The role of DNS in email delivery
MX record
A record
Reverse DNS record
How FortiMail processes email
Email domains
Access control rules
Recipient address verification
Disclaimer messages and customized appearance
Advanced delivery features
Antispam techniques
FortiMail antispam techniques
FortiGuard Antispam service
Order of execution
FortiMail operation modes
FortiMail high availability modes
FortiMail management methods
Basic mode versus advanced mode
About basic management mode
AntiSpam submenu features
Incoming versus outgoing email
Configuring incoming mail protection
Configuring incoming actions
Configuring outgoing mail protection
Configuring outgoing actions
Monitoring the system
Viewing overall system statuses
Viewing the dashboard
Hiding, showing and moving widgets
System Information widget
License Information widget
System Resource widget
System Command widget
Statistics History widget
Statistics Summary widget
Fortinet RSS Feed widget
Viewing the email statistics
Viewing the list of current IP sessions
Using the CLI Console
Managing the deferred mail queue
Managing undeliverable mail
Viewing the FortiGuard outbreak protection mail queue
Viewing the FortiSandbox mail queue
Managing the quarantines
Managing the personal quarantines
How to enable, configure, and use personal quarantines
Searching email in the personal quarantine
Managing the system quarantine
Searching email in the system quarantine
Viewing the greylist statuses
Viewing the pending and individual automatic greylist entries
Filtering pending and individual automatic greylist entries
Viewing the consolidated automatic greylist exemptions
Viewing the sender reputation statuses
Filtering sender reputation score entries
Viewing the endpoint reputation statuses
Filtering automatic endpoint block list entries
Managing archived email
Searching the archived email
Viewing log messages
Displaying and arranging log columns
Displaying and arranging log columns
Using the right-click pop-up menus
Searching log messages
Cross-searching log messages
Viewing generated reports
Maintaining the system
Backup and restore
Backing up your configuration using the CLI
Scheduling configuration backup
Restoring the configuration
Restoring the firmware
Backing up and restoring the mailboxes
Viewing the mailbox backup/restoration status
Configuring mailbox backups
Restoring mailboxes from backups
Using the traffic capture
Configuring FortiGuard updates and antispam queries
Verifying connectivity with FortiGuard services
Configuring scheduled updates
Configuring push updates
Manually requesting updates
Downloading a trace file
Configuring system settings
Configuring network settings
About IPv6 Support
About the management IP
About FortiMail logical interfaces
VLAN subinterfaces
Redundant interfaces
Loopback interfaces
Configuring the network interfaces
Editing network interfaces
Configuring link status monitoring
Interface tracking
Configuring Link Status propagation
Configuring static routes
Configuring DNS
Configuring dynamic DNS
Configuring port forwarding
Scanning SMTP traffic redirected from FortiGate
Configuring system time, options, and other system options
Configuring the time and date
Configuring system options
Configuring SNMP queries and traps
Configuring an SNMP threshold
Configuring an SNMP v1 and v2c community
Configuring an SNMP v3 user
FortiMail MIBs
FortiMail traps
MIB fields
Customizing GUI, replacement messages and email templates
Customizing the GUI appearance
Customizing replacement messages
Viewing the replacement messages list
Modifying replacement messages
Creating variables
Customizing email templates
Configuring administrator accounts and access profiles
About administrator account permissions and domains
About the “admin” account
About the “remote_wildcard” account
Configuring administrator accounts
Configuring access profiles
Configuring RAID
About RAID levels
Hot spares
Configuring RAID for FortiMail models with software RAID controllers
Configuring RAID on FortiMail models with hardware RAID controllers
Replacing a RAID disk
Using high availability (HA)
About high availability
About the heartbeat and synchronization
Configuration settings that are not synchronized
Synchronization of MTA queue directories after a failover
About logging, alert email and SNMP in HA
Getting HA information using SNMP
How to use HA
Monitoring the HA status
Restarting the HA processes on a stopped primary unit
Configuring the HA mode and group
Configuring the primary HA options
Configuring the master configuration IP
Configuring the backup options
Configuring the advanced options
Configuring the slave system options
Storing mail data on a NAS server
Configuring interface monitoring
Configuring service-based failover
Example: Failover scenarios
Failover scenario 1: Temporary failure of the primary unit
Failover scenario 2: System reboot or reload of the primary unit
Failover scenario 3: System reboot or reload of the secondary unit
Failover scenario 4: System shutdown of the secondary unit
Failover scenario 5: Primary heartbeat link fails
Failover scenario 6: Network connection between primary and secondary units fails (remote service monitoring detects a failure)
Example: Active-passive HA group in gateway mode
About standalone versus HA deployment
Configuring the DNS and firewall settings
Configuring the primary unit for HA operation
Configuring the secondary unit for HA operation
Administering an HA group
Managing certificates
Managing local certificates
Obtaining and installing a local certificate
Generating a certificate signing request
Downloading a certificate signing request
Submitting a certificate request to your CA for signing
Importing a certificate
Downloading a PKCS #12 certificate
Managing certificate authority certificates
Managing the certificate revocation list
Managing OCSP server certificates
Configuring encryption settings
Configuring IBE encryption
About IBE
About FortiMail IBE
FortiMail IBE configuration workflow
Configuring IBE services
Configuring certificate bindings
Configuring mail settings
Configuring the built-in MTA and mail server
Configuring mail server settings
Configuring local host settings
Configuring DSN options
Configuring mail queue setting
Configuring outgoing email options
Configuring deferred message delivery
Configuring domain check options
Configuring SMTP relay hosts
Configuring global disclaimers
Configuring disclaimer exclusion list
Selecting the mail data storage location
Configuring action profile preferences
Configuring protected domains
Configuring domain associations
Configuring recipient address verification
Configuring transparent mode options
Configuring removal of invalid accounts
Configuring advanced settings
Domain Association
Quarantine Report Setting
DKIM Setting
Disclaimer for a domain
Configuring advanced scan settings
Configuring domain level service settings (server mode only)
Configuring mail migration settings (server mode only)
Managing the address book (server mode only)
Adding contacts (server mode only)
Adding contact groups (server mode only)
Configuring LDAP attribute mapping template (server mode only)
Sharing calendars and address books (server mode only)
Calendar sharing
Address book sharing
Migrating email from other mail servers (server mode only)
Defining a remote mail server for mail migration
Creating domains for mail migration
Configuring proxies (transparent mode only)
About the transparent mode proxies
When FortiMail uses the proxies instead of the built-in MTA
Incoming versus outgoing SMTP connections
Transparency of the proxies and built-in MTA
Avoiding scanning email twice
Relaying using FortiMail’s built-in MTA versus unprotected SMTP servers
Use client-specified SMTP server to send email
Managing users
Configuring local user accounts (server mode only)
Configuring users in server mode
Importing a list of users
Managing the disk usage of email users mailboxes
Configuring user preferences
Configuring PKI authentication
Configuring user groups
Configuring aliases
Configuring address mappings
Configuring IBE users
Configuring active users
Configuring expired users
Configuring security questions
Configuring IBE authentication
Viewing and managing IBE domains
Configuring policies
What is a policy?
Recipient-based policies versus IP-based policies
Incoming versus outgoing email messages
How to use policies
Whether to use IP-based or recipient-based policies
Order of execution of policies
Which policy/profile is applied when an email has multiple recipients?
Controlling SMTP access and delivery
Configuring access control rules
Using wildcards and regular expressions
Example: Access control rules with wild cards
Example: Access control rules with regular expressions
Configuring delivery rules
Controlling email based on recipient addresses
Configuring the recipient incoming policies
Configuring the recipient outgoing policies
Configuring the profiles section of a recipient policy
Configuring authentication for incoming email
Configuring the advanced incoming policies
Controlling email based on IP addresses
Example: Strict and loose IP-based policies
Configuring data loss prevention
DLP configuration workflow
Defining the sensitive data
DLP document fingerprinting
Configuring DLP rules
Configuring DLP profiles
Configuring profiles
Configuring session profiles
Configuring connection settings
Configuring sender reputation options
Configuring endpoint reputation options
Configuring sender validation options
Configuring session settings
Configuring unauthenticated session settings
Configuring SMTP limit options
Configuring error handling options
Configuring header manipulation options
Configuring list options
Configuring advanced MTA control settings
Configuring address rewrite profiles in the session profile
Configuring mail routing profiles in a session profile
Configuring access control profiles in a session profile
Configuring DSN profiles in a session profile
Configuring antispam profiles and antispam action profiles
Managing antispam profiles
Configuring FortiGuard options
Configuring heuristic options
Configuring SURBL options
Configuring DNSBL options
Configuring banned word options
Configuring safelist word options
Configuring dictionary options
Configuring image spam options
Configuring Bayesian options
Configuring scan conditions
Configuring other antispam settings
Performing a batch edit
Configuring antispam action profiles
Configuring antivirus profiles and antivirus action profiles
Managing antivirus profiles
Configuring antivirus action profiles
View the virus database information
Configuring content profiles and content action profiles
Configuring content profiles
Configuring attachment scan rules
Configuring file filters
Configuring scan options
Configuring content monitor and filtering
Configuring content action profiles
Configuring resource profiles (server mode only)
Workflow to enable and configure authentication of email users
Configuring authentication profiles
Configuring LDAP profiles
Configuring user query options
Configuring group query options
Configuring user authentication options
Configuring user alias options
Configuring mail routing
Configuring address mapping options
Configuring scan override options
Configuring domain lookup options
Configuring remote access override options
Configuring advanced options
Preparing your LDAP schema for FortiMail LDAP profiles
Using common schema styles
Using other schema styles
Testing LDAP profile queries
Clearing the LDAP profile cache
Configuring dictionary profiles
Configuring dictionary groups
Configuring security profiles
Configuring TLS security profiles
Configuring encryption profiles
Using S/MIME encryption
Configuring IP pools
Configuring email and IP groups
Configuring email groups
Configuring IP groups
Configuring notification profiles
Configuring antispam settings
Configuring email quarantines and quarantine reports
Configuring global quarantine report settings
About the plain text formatted quarantine report
About the HTML formatted quarantine report
Releasing and deleting email via quarantine reports
Configuring the system quarantine settings
Configuring the quarantine control accounts
Configuring the block lists and safe lists
Order of execution of block lists and safe lists
About block list and safe list address formats
Configuring the global block and safe list
Configuring the per-domain block lists and safe lists
Configuring the personal block lists and safe lists
Configuring the block list action
Configuring greylisting
About greylisting
Matching greylist entries
Automatic greylist entries
Manual greylist entries
Configuring the grey list TTL and initial delay
Manually exempting senders from greylisting
Example: Manual greylist entries (exemptions)
Configuring the URL exempt list
Configuring bounce verification and tagging
Excluding recipient domains from bounce verification tagging
Excluding senders from bounce verification
Configuring endpoint reputation
About endpoint reputation
Manually blocklisting endpoints
Exempting endpoints from endpoint reputation
Filtering manual endpoint block list entries
Configuring the endpoint reputation score window
Training and maintaining the Bayesian databases
Types of Bayesian databases
Global
Group
Training the Bayesian databases
Example: Bayesian training
Backing up, batch training, and monitoring the Bayesian databases
Configuring the Bayesian training control accounts
Configuring antivirus settings
Using FortiSandbox antivirus inspection
FortiCloud service
Adding file signatures
Archiving email
Email archiving workflow
Configuring email archiving accounts
Configuring account settings
Configuring rotation settings
Configuring destination settings
Archiving email from Microsoft Exchange journaling
Configuring email archiving policies
Configuring email archiving exemptions
Logs, reports and alerts
About FortiMail logging
Accessing FortiMail log messages
Log message syntax
FortiMail log types
Log message severity levels
Classifiers and dispositions in history logs
Configuring logging
Configuring logging to the hard disk
Choosing which events to log
Configuring logging to a Syslog server or FortiAnalyzer unit
Configuring report profiles and generating reports
Configuring the report time period
Configuring the report query selection
Configuring the report schedule
Selecting the protected domains to report
Configuring report conditions
Configuring report email notification
Generating a report manually
Configuring alert email
Configuring alert recipients
Configuring alert categories
Installing firmware
Testing firmware before installing it
Installing firmware
Reconnecting to the FortiMail unit
Restoring the configuration
Verifying the configuration
Upgrading the firmware
Clean installing firmware
Upgrading firmware on HA units
Best practices and fine tuning
Network topology tuning
System security tuning
High availability (HA) tuning
SMTP connectivity tuning
Antispam tuning
Policy tuning
System maintenance tips
Performance tuning
Troubleshooting
Establish a system baseline
Define the problem
Search for a known solution
Create a troubleshooting plan
Check your access
Gather system information
Check port assignments
Troubleshoot hardware issues
Problem
Troubleshoot GUI and CLI connection issues
Problem
Problem
Troubleshoot FortiGuard connection issues
Problem
Troubleshoot MTA issues
Problem
Problem
Problem
Problem
Problem
Problem
Problem
Problem
Problem
Troubleshoot antispam issues
Problem
Problem
Problem
Problem
Problem
Problem
Problem
Troubleshoot HA issues
Problem
Problem
Troubleshoot resource issues
Problem
Troubleshoot bootup issues
A. Do you see the boot options menu
B. Do you have problems with the console text
C. Do you have visible power problems
D. You have a suspected defective FortiMail unit
Troubleshoot installation issues
Contact Fortinet customer support for assistance
Setup for email users
Training Bayesian databases
Managing tagged spam
Accessing the personal quarantine and webmail
Accessing personal quarantines through FortiMail webmail (gateway and transparent mode)
Accessing FortiMail webmail (server mode)
Using quarantine reports
Example: Quarantine report (HTML)
Example: Quarantine report (plain text)
Accessing personal quarantines through POP3 (gateway and transparent mode)
Accessing mailboxes through POP3 or IMAPv4 (server mode)
Sending email from an email client (gateway and transparent mode)
Appendix A: Supported RFCs
SMTP RFCs:
IMAP RFCs
POP3 RFCs
Other RFCs
Appendix B: Maximum Values Matrix
Appendix C: Port Numbers
Appendix D: Regular expressions
Special characters with regular expressions and wild cards
Word boundary
Case sensitivity
Syntax
Examples
Appendix E: Working with TLS/SSL
About TLS/SSL
How TLS/SSL works
FortiMail support of TLS/SSL
FortiMail TLS behavior in two mail flow directions
FortiMail TLS behavior in two mail flow directions
TLS profile
Example
Troubleshooting FortiMail TLS issues
Common error messages
Useful tools
Appendix F: PKI Authentication
Introduction to PKI authentication
FortiMail PKI architecture
Configuring PKI authentication on FortiMail
Before you begin
PKI configuration work flow
Prerequisites
Creating a custom certificate request template using MMC
Requesting a client certificate
Exporting a client certificate
Importing a client certificate to an end-user browser
Downloading a CA certificate for FortiMail
Importing a CA certificate to FortiMail
Creating email accounts on FortiMail for PKI users
Configuring policy for PKI access to webmail (server mode)
Configuring policies for PKI access to email quarantine (transparent and gateway mode)
Configuring PKI access for administrators
Enabling PKI authentication globally with CLI
Testing PKI authentication
Fortinet products EULA
Concepts and workflow
Fortinet products EULA
AsavSetIncoming
AsavSetIncomingCollection
AsAvActionIncoming
AsavSetOutgoing
AsAvActionOutgoing
WMMessages
MailSearchedResultCollection
SysStatusModulesCollection
SysStatisticRealtimeCollection
SysStatusSessionCollection
SysStatusConsole
MailSetQueue
MailSetQueueCollection
MailSetDeadMail
MailSetDeadMailCollection
FortiGuardQueueFolderCollection
SandBoxQueueFolderCollection
QuarantineMailDisplayCollection
QuarantineDirectoryDisplayCollection
QuarantineRecipientSearchResultCollection
QuarantineRecipientSearchResult
QuarantineFolderDisplayCollection
SystemQuarantineDirectoryDisplayCollection
AsGreylistCollection
AsGreylistAutoexemptCollection
AsSenderReputationCollection
AsMsisdnReputationAuto_blacklistCollection
ArchDisplayDirectoryCollection
QuarantineRecipientSearchResultCollection_archiveAccount
HistoryLogCollection_alog
HistoryLogCollection_elog
HistoryLogCollection_vlog
HistoryLogCollection_slog
HistoryLogCollection_nlog
HistoryCollection
EventCollection
HistoryCollection_alog
HistoryCollection_elog
HistoryCollection_vlog
HistoryCollection_slog
AntiVirusCollection
EncryptionCollection
SpamCollection
LogSearch
LogCrossSearchCollection
LogReportFileCollection
CentralBackupConfig
Bayesiandbmaintain
MailSetQueueMaintain
BwlistMaintenance
SysBurstStatus
ViewPcapFilesCollection
SysAutoupdate
SysFortiguard
SysInterfaceCollection
SysInterface
SysLink_monitor
SysRouteCollection
SysRoute
SysDns
SysDdnsCollection
SysDdns
SysPort_forwarding
SysPort_forwardingCollection
SysWccpSettings
SysTimeManual
SysOption
SysSnmpCommunityCollection
SysSnmpCommunity
SysSnmpSnmpv3_user
SysAppearance
SysCmsgCollection
SysCmsgMessage
SysCMessageCollectionExtended
SysCmsgVariableCollection
SysCEmailTemplateCollectionExtended
SysCmsgEmailTemplate
SysAdminCollection
SysAdmin
SysAccprofileCollection
SysAccprofile
RaidControllerInfo
SysHaStatus
SysHa
SysHaServices
SysCertificateDetailCollection
SysCertificateDetail_local
SysCertificateLocalGenerate
SysCertificateUpload_local
SysCertificateCaCollection
SysCertificateDetail_ca
SysCertificateUpload_ca
SysCertificateCrlCollection
SysCertificateDetail_crl
SysCertificateUpload_crl
SysCertificateRemoteCollection
SysCertificateDetail_remote
SysCertificateUpload_remote
SysEncryptionIbe
ProfCertificate_bindingCollection
ProfCertificate_binding
SysMailserver
MailSetRelay_hostCollection
SysDisclaimer
SysDisclaimer_excludeCollection
SysDisclaimer_exclude
MailSetStrgNfs
MailSetPreference
DomainInfoCollection
DomainSetting
AddressbookCollection
Addressbook
contactgroup
AddressbookGroupCollection
AddressbookGroup
AddressbookLdapMapCollection
AddressbookLdapMap
CalendarServer
CalResourceCollection
CalResource
MigrationUsersCollection
MigrationUsers
SysRemote_mail_serverCollection
SysRemote_mail_server
MailSetSmtp
UserMailCollection
UserMail
UserPreference
UserPreferenceCollection
UserPkiCollection
UserPki
UserUser_group
UserUser_groupCollection
UserAlias
UserAliasCollection
UserMapCollection
UserMap
SemailDbUserCollection
SemailDbUserExpiredCollection
SemailDbQuestionCollection
SemailDbQuestion
SysEncryptionIbe_authCollection
SysEncryptionIbe_auth
SemailDbDomainCollection
PolicyCollection
MailSetAccessRuleCollection
MailSetAccessRule
MailSetDeliveryRuleCollection
MailSetDeliveryRule
PolicyRecipient
PolicyIp
Sensitive_dataComplianceCollection
Sensitive_dataFingerprint_sourceCollection
Sensitive_dataFingerprintCollection
ContentScanRulesCollection
ProfDlpCollection
ProfSessionCollection
ProfSession
ProfAddr_rewriteCollection
ProfAddr_rewrite
ProfMail_routeCollection
ProfMail_route
ProfAcl_rulesetCollection
ProfAcl_ruleset
ProfBounce_notificationCollection
ProfBounce_notification
ProfAntispamCollection
ProfAntispam
ProfUri_filterCollection
ProfUri_filter
ProfAntispam_actionCollection
ProfAntispam_action
ProfAntivirusCollection
ProfAntivirus
ProfAntivirus_actionCollection
ProfAntivirus_action
VirusDatabase
ProfContentCollection
ProfContent
FilePatternCollection
ProfContent_actionCollection
ProfContent_action
ProfMiscCollection
ProfMisc
ProfAuthSmtp
ProfAuthCollection
ProfAuthRadiusCollection
ProfAuthRadius
ProfLdapCollection
ProfLdap
ProfDictionary
ProfDictionaryCollection
ProfDictionary_groupCollection
ProfDictionary_group
ProfTlsCollection
ProfTls
ProfEncryptionCollection
ProfEncryption
ProfIp_poolCollection
ProfIp_pool
Prof_group
ProfEmail_address_groupCollection
ProfEmail_address_group
ProfIp_address_groupCollection
ProfIp_address_group
ProfNotificationCollection
ProfNotification
AsSpamreport
MailSetSystemquarantine
ControlAccount
SystemBlackWhiteList
DomainBlackWhiteListCollection
PersonalBlackWhiteList
BlacklistAction
AsGreylistSetting
AsGreylistExemptCollection
AsGreylistExempt
AsUrl_fgas_exempt_listCollection
AsBounceverifyKeyCollection
AsBounceverifyKey
AsBounceverifyTag_exempt_listCollection
AsBounceverifyTag_exempt_list
AsBounceverifyVerify_exempt_listCollection
AsBounceverifyVerify_exempt_list
AsMsisdnReputationBlacklistCollection
AsMsisdnReputationBlacklist
AsMsisdnReputationExemptCollection
AsMsisdnReputationExempt
AsMsisdnReputationSetting
Bayesiansettings
BayesianFileTrain
BayesianFileUpload
BayesianControlAccount
SysFortisandbox
FileSignatureCollection
ArchAccount
ArchAccountCollection
ArchJournalSourceCollection
ArchPolicyCollection
ArchPolicy
ArchExemptCollection
ArchExempt
LogSetLocal
LogSetRemote
LogSetRemoteCollection
LogReport_configCollection
LogReport_config
LogAltMMailtoCollection
LogAltMMailto
LogAltMSetting