Fortinet white logo
Fortinet white logo

Cookbook

Configuring DNS records

Configuring DNS records

When the FortiMail unit is operating in Transparent mode, in most cases, configuring DNS records for protected domain names is not required. Proper DNS records for your protected domain names are usually already in place.

However, you usually must configure public DNS records for the FortiMail unit itself, so that FortiMail can receive web connections, and send and receive email, for its own domain name. Dependent features include:

  • delivery status notification (DSN) email
  • spam reports
  • email users' access to their per-recipient quarantined mail
  • FortiMail administrators' access to the web UI by domain name
  • alert email
  • report generation notification email

You will also need to configure some transparent mode specific domain settings, in order to hide the presence of the FortiMail unit.

  1. Go to Domain & User > Domain > Domain and edit a domain.
  2. Expand Transparent Mode Options.
  3. Set This server is on to the port to which the protected SMTP server is connected.
  4. Enable Hide the transparent box, in order to preserve the IP address or domain name of the SMTP client.
  5. Enable Use this domain's SMTP server to deliver the mail.
  6. Click OK.
  7. Go to Profile > Session > Session and click New, or edit an existing profile.
  8. Optionally enable Hide this box from the mail server.
  9. Unless you have enabled both Hide the transparent box in each protected domain and Hide this box from the mail server in each session profile, the FortiMail unit is not fully transparent in SMTP sessions.

    In addition, unless you have enabled Take precedence over recipient based policy match in the IP-based policy, the Hide the transparent box option in the protected domain has precedence over this option, and may prevent it from applying to incoming email messages.

Configuring DNS records

Configuring DNS records

When the FortiMail unit is operating in Transparent mode, in most cases, configuring DNS records for protected domain names is not required. Proper DNS records for your protected domain names are usually already in place.

However, you usually must configure public DNS records for the FortiMail unit itself, so that FortiMail can receive web connections, and send and receive email, for its own domain name. Dependent features include:

  • delivery status notification (DSN) email
  • spam reports
  • email users' access to their per-recipient quarantined mail
  • FortiMail administrators' access to the web UI by domain name
  • alert email
  • report generation notification email

You will also need to configure some transparent mode specific domain settings, in order to hide the presence of the FortiMail unit.

  1. Go to Domain & User > Domain > Domain and edit a domain.
  2. Expand Transparent Mode Options.
  3. Set This server is on to the port to which the protected SMTP server is connected.
  4. Enable Hide the transparent box, in order to preserve the IP address or domain name of the SMTP client.
  5. Enable Use this domain's SMTP server to deliver the mail.
  6. Click OK.
  7. Go to Profile > Session > Session and click New, or edit an existing profile.
  8. Optionally enable Hide this box from the mail server.
  9. Unless you have enabled both Hide the transparent box in each protected domain and Hide this box from the mail server in each session profile, the FortiMail unit is not fully transparent in SMTP sessions.

    In addition, unless you have enabled Take precedence over recipient based policy match in the IP-based policy, the Hide the transparent box option in the protected domain has precedence over this option, and may prevent it from applying to incoming email messages.