Configuring mail settings : Configuring the built-in MTA and mail server : Configuring SMTP relay hosts
Configuring SMTP relay hosts
Configure one or more SMTP relays, if needed, to which the FortiMail unit will relay outgoing email. This is typically provided by your Internet service provider (ISP), but could be mail relays on your internal network.
When you configure mail server settings (“Configuring outgoing email options”), you can specify to use a relay host for outgoing email.
If the SMTP relay’s domain name resolves to more than one IP address, for each SMTP session, the FortiMail unit will randomly select one of the IP addresses from the result of the DNS query, effectively load balancing between the SMTP relays.
If you do not configure a relay, for outgoing email delivered by the built-in MTA, the FortiMail unit will instead query the DNS server for the MX record of the mail domain in the recipient’s email address (RCPT TO:), and relay the email directly to that mail gateway. For details, see “When FortiMail uses the proxies instead of the built-in MTA”.
 
Server relay is ignored if the FortiMail unit is operating in transparent mode, and “Use client-specified SMTP server to send email” (for outgoing connections) or “Use this domain’s SMTP server to deliver the mail” (for incoming connections containing outgoing email messages) is enabled.
.
 
Server relay is ignored for email that matches an antispam or content profile where you have enabled “Deliver to alternate host”.
To configure STMP relays
1. Go to Mail Settings > Settings > Relay Host List. You can configure a maximum of 5 relays.
2. Click New.
3. Configure the following:
GUI item
Description
Name
Enter a descriptive name for this relay host.
Host name/IP
Enter the domain name or IP address of an SMTP relay.
Port
Enter the TCP port number on which the SMTP relay listens.
This is typically provided by your Internet service provider (ISP).
Use SMTPS
Enable to initiate SSL- and TLS-secured connections to the SMTP relay if it supports SSL/TLS.
When disabled, SMTP connections from the FortiMail unit’s built-in MTA or proxy to the relay will occur as clear text, unencrypted.
This option must be enabled to initiate SMTPS connections.
Authentication Required
If the relay server requires use of the SMTP AUTH command, enable this option, click the arrow to expand the section and configure:
User name: Enter the name of the FortiMail unit’s account on the SMTP relay.
Password: Enter the password for the FortiMail unit’s user name.
Authentication type: Available SMTP authentication types include:
• AUTO (automatically detect and use the most secure SMTP authentication type supported by the relay server)
• PLAIN (provides an unencrypted, scrambled password)
• LOGIN (provides an unencrypted, scrambled password)
• DIGEST-MD5 (provides an encrypted hash of the password)
• CRAM-MD5 (provides an encrypted hash of the password, with hash replay prevention, combined with a challenge and response mechanism)