GUI item | Description |
Reject different SMTP sender identity for authenticated user | Enable to require that the sender uses the same identity for: authentication name, SMTP envelope MAIL FROM:, and header FROM:. Disable to remove such requirements on sender identities. By default, this feature is disabled. |
Sender identity verification with LDAP server | In some cases, while you do not want to allow different SMTP sender identities for an authenticated user, you still want to: • allow users to authenticate with their identities (for example, user1@example.com) and send email from their proxy email addresses (for example, user1.name@example.com and user1name@example.com) • or to allow users in an alias group to authenticate with their own identities (for example, salesperson1@example.com) and send email from their alias group address (for example, sales@example.com) Then you can choose to verify the sender identity with the LDAP server. If the verification is successful, the sender will be allowed to send email with different identities. Note: When the above rejection option is enabled, even though the authentication identity can be different from the sender identity upon successful LDAP verification. the envelope (MAIL FROM:)address is never allowed to be different from the header FROM:)address. And the two addresses cannot be empty either. |
Enable PKI authentication for web mail access | Enable if you want to allow web mail users to log in by presenting a certificate rather than a user name and password. Also configure “Certificate validation is mandatory”. For more information on configuring PKI users and what defines a valid certificate, see “Configuring PKI authentication”. |
Certificate validation is mandatory | If the email user’s web browser does not provide a valid personal certificate, the FortiMail unit will fall back to standard user name and password-style authentication. To require valid certificates only and disallow password-style fallback, enable this option. |