Fortinet black logo

Administration Guide

SMTP connectivity tuning

SMTP connectivity tuning

  • Configure a fully qualified domain name (FQDN) that is different than that of your protected email server (gateway mode and transparent mode). The FortiMail unit’s domain name will be used by many FortiMail features such as quarantine, spam reports, Bayesian database training, alerts, and DSN email. The FQDN is formed by prepending the host name to the local domain name, both of which are configured in System > Mail Settings > Mail Server Settings.
  • Use a different host name for each FortiMail unit when managing multiple FortiMail units of the same model or when configuring an HA cluster. The host name is set in System > Mail Settings > Mail Server Settings.
  • If the FortiMail unit is used as an outbound relay (gateway mode and server mode only) or if remote email users will view their per-recipient quarantines, the FortiMail unit’s FQDN must be globally DNS-resolvable. External SMTP servers require that A records and reverse DNS records be configured on public DNS servers for both forward and reverse lookup of the FQDN and its IP address.
  • Configure the public DNS records for each of your protected domains with only one MX record that routes incoming email through the FortiMail unit (gateway mode). With only one MX record, spammers cannot bypass the FortiMail unit by using lower-priority mail gateways.
  • If the FortiMail unit is operating in transparent mode, SMTP clients are configured for authentication, and you have disabled the Use client-specified SMTP Server to send email option for SMTP proxies (located in System > Mail Settings > Proxies), you must configure and apply an authentication profile (such as Profile > Authentication). Without the authentication profile, authentication with the FortiMail unit will fail. Additionally, you must configure an access control rule (located in Policy > Access Control > Receiving) to allow relay to external domains. The SMTP client uses the FortiMail to relay, instead of a protected mail server or an external mail server.

SMTP connectivity tuning

  • Configure a fully qualified domain name (FQDN) that is different than that of your protected email server (gateway mode and transparent mode). The FortiMail unit’s domain name will be used by many FortiMail features such as quarantine, spam reports, Bayesian database training, alerts, and DSN email. The FQDN is formed by prepending the host name to the local domain name, both of which are configured in System > Mail Settings > Mail Server Settings.
  • Use a different host name for each FortiMail unit when managing multiple FortiMail units of the same model or when configuring an HA cluster. The host name is set in System > Mail Settings > Mail Server Settings.
  • If the FortiMail unit is used as an outbound relay (gateway mode and server mode only) or if remote email users will view their per-recipient quarantines, the FortiMail unit’s FQDN must be globally DNS-resolvable. External SMTP servers require that A records and reverse DNS records be configured on public DNS servers for both forward and reverse lookup of the FQDN and its IP address.
  • Configure the public DNS records for each of your protected domains with only one MX record that routes incoming email through the FortiMail unit (gateway mode). With only one MX record, spammers cannot bypass the FortiMail unit by using lower-priority mail gateways.
  • If the FortiMail unit is operating in transparent mode, SMTP clients are configured for authentication, and you have disabled the Use client-specified SMTP Server to send email option for SMTP proxies (located in System > Mail Settings > Proxies), you must configure and apply an authentication profile (such as Profile > Authentication). Without the authentication profile, authentication with the FortiMail unit will fail. Additionally, you must configure an access control rule (located in Policy > Access Control > Receiving) to allow relay to external domains. The SMTP client uses the FortiMail to relay, instead of a protected mail server or an external mail server.