Fortinet black logo

CLI Reference

mailsetting proxy-smtp

mailsetting proxy-smtp

Use this command to configure using the outgoing proxy instead of the built-in MTA for outgoing SMTP connections.

This command applies only if the FortiMail unit is operating in transparent mode.

Syntax

config mailsetting proxy-smtp

set proxy-original {enable | disable}

end

Variable

Description

Default

proxy-original {enable | disable}

Enable to, for outgoing SMTP connections, use the outgoing proxy instead of the built-in MTA.

This allows the client to send email using the SMTP server that they specify, rather than enforcing the use of the FortiMail unit’s own built-in MTA. The outgoing proxy will refuse the connection if the client’s specified destination SMTP server is not available. In addition, it will not queue email from the SMTP client, and if the client does not successfully complete the connection, the outgoing proxy will simply drop the connection, and will not retry. Since authentication profiles may not successfully complete, the outgoing proxy will also ignore any authentication profiles that may be configured in the IP-based policy. The built-in MTA would normally apply authentication on behalf of the SMTP server, but the outgoing proxy will instead pass any authentication attempts through to the SMTP server, allowing it to perform its own authentication.

Disable to relay email using the built-in MTA to either the SMTP relay defined in mailsetting relay-host-list, if any, or directly to the MTA that is the mail exchanger (MX) for the recipient email address’s (RCPT TO:) domain. The email may not actually travel through the unprotected SMTP server, even though it was the relay originally specified by the SMTP client. For details, see the FortiMail Administration Guide.

Disclaimer messages require that this option be enabled. For more information, see system disclaimer.

Caution: If this option is enabled, consider also enabling session-prevent-open-relay {enable | disable}. Failure to do so could allow clients to use open relays.

Note: If this option is disabled, and an SMTP client is configured to authenticate, you must configure and apply an authentication profile. Without the profile, authentication with the built-in MTA will fail. Also, the mail server must be explicitly configured to allow relay from the built-in MTA in this case.

Note: If this option is enabled, you will not be able to use IP pools. For more information, see profile ip-pool.

Note: For security reasons, this option does not apply if there is no session profile selected in the applicable IP-based policy. For more information on configuring IP policies, see config policy delivery-control.

disable

Related topics

mailsetting relay-host-list

mailsetting storage central-quarantine

mailsetting storage central-quarantine

mailsetting systemquarantine

mailsetting proxy-smtp

Use this command to configure using the outgoing proxy instead of the built-in MTA for outgoing SMTP connections.

This command applies only if the FortiMail unit is operating in transparent mode.

Syntax

config mailsetting proxy-smtp

set proxy-original {enable | disable}

end

Variable

Description

Default

proxy-original {enable | disable}

Enable to, for outgoing SMTP connections, use the outgoing proxy instead of the built-in MTA.

This allows the client to send email using the SMTP server that they specify, rather than enforcing the use of the FortiMail unit’s own built-in MTA. The outgoing proxy will refuse the connection if the client’s specified destination SMTP server is not available. In addition, it will not queue email from the SMTP client, and if the client does not successfully complete the connection, the outgoing proxy will simply drop the connection, and will not retry. Since authentication profiles may not successfully complete, the outgoing proxy will also ignore any authentication profiles that may be configured in the IP-based policy. The built-in MTA would normally apply authentication on behalf of the SMTP server, but the outgoing proxy will instead pass any authentication attempts through to the SMTP server, allowing it to perform its own authentication.

Disable to relay email using the built-in MTA to either the SMTP relay defined in mailsetting relay-host-list, if any, or directly to the MTA that is the mail exchanger (MX) for the recipient email address’s (RCPT TO:) domain. The email may not actually travel through the unprotected SMTP server, even though it was the relay originally specified by the SMTP client. For details, see the FortiMail Administration Guide.

Disclaimer messages require that this option be enabled. For more information, see system disclaimer.

Caution: If this option is enabled, consider also enabling session-prevent-open-relay {enable | disable}. Failure to do so could allow clients to use open relays.

Note: If this option is disabled, and an SMTP client is configured to authenticate, you must configure and apply an authentication profile. Without the profile, authentication with the built-in MTA will fail. Also, the mail server must be explicitly configured to allow relay from the built-in MTA in this case.

Note: If this option is enabled, you will not be able to use IP pools. For more information, see profile ip-pool.

Note: For security reasons, this option does not apply if there is no session profile selected in the applicable IP-based policy. For more information on configuring IP policies, see config policy delivery-control.

disable

Related topics

mailsetting relay-host-list

mailsetting storage central-quarantine

mailsetting storage central-quarantine

mailsetting systemquarantine