Configuring policy for PKI access to webmail (server mode)
Use this procedure to configure a recipient based policy for email access using PKI authentication.
This procedure applies only if the FortiMail unit is operating in server mode. In server mode, PKI users can access all email, including quarantine email, stored on the FortiMail unit.
2. Create a PKI user for each webmail user that requires access to regular email residing on the FortiMail unit (server mode). For more information, see
“Configuring PKI authentication”.
3. From
Policy > Policies >
Recipient Policies, select
New to create a new Recipient Based Policy, or
Modify to change an existing policy. For more information on recipient base policies, see
“Controlling email based on recipient addresses”.
4. In the Recipient Base Policy, expand Advanced Settings and configure the following:
• Ensure the Enable PKI authentication for web mail spam access is enabled.
• If desired, select a PKI user name from the drop-down list.
| Ensure the PKI user is appropriate for the selected recipient. Choosing the wrong PKI user could result in email user access to administrator functions. For more information, see “Configuring PKI authentication”. |
• Ensure Certificate validation is mandatory is enabled. This will enforce PKI authentication for the specified PKI user.
5. Repeat steps
3 and
4 for each webmail PKI user.