Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Configuring email quarantines and quarantine reports

The Quarantine submenu lets you configure quarantine settings, and to configure system-wide settings for quarantine reports.

Using the email quarantine feature involves the following steps:

See also

Configuring global quarantine report settings

Configuring the system quarantine setting

Configuring the quarantine control options

Configuring global quarantine report settings

The Quarantine Report tab lets you configure various system-wide aspects of the quarantine report, including scheduling when the FortiMail unit will send reports.

Note

For the quarantine report schedule to take effect, you must enable the quarantine action in the antispam and/or content action profile first. For details, see Configuring antispam action profiles and Configuring content action profiles. For general steps about how to use email quarantine, see Configuring email quarantines and quarantine reports.

FortiMail units send quarantine reports to notify email users when email is quarantined to their per-recipient quarantine. If no email messages have been quarantined to the per-recipient quarantine folder in the period since the previous quarantine report, the FortiMail unit does not send a quarantine report.

In addition to the system-wide quarantine report settings, you can configure some quarantine report settings individually for each protected domain, including whether the FortiMail unit will send either or both plain text and HTML format quarantine reports. For more information about domain-wide quarantine report settings, see Quarantine Report Setting.

Note

Starting from v4.1, domain-wide quarantine report settings are independent from the system-wide quarantine report settings.

For information on the contents of the plain text and HTML format quarantine report, see About the plain text formatted quarantine report and About the HTML formatted quarantine report.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Quarantine category.

For details, see About administrator account permissions and domains.

To configure the global quarantine report settings
  1. Go to Security > Quarantine > Quarantine Report.
  2. Configure the following:
  3. GUI item

    Description

    Schedule

     

     

     

    These hours

    Select the hours of the day during which you want the FortiMail unit to generate quarantine reports.

     

    These days

    Select the days of the week during which you want the FortiMail unit to generate quarantine reports.

    Template

     

     

     

    Quarantine report template

    Select a template from the dropdown list or click Edit to customize it. For details about email template customization, see Customizing email templates.

    Webmail Access Setting

     

     

     

    Time limited access without authentication

    Enable to allow user access without authentication for the following period of time.

     

    Expiry period

    Specify the time limit for the above setting. 0 means unlimited.

     

    Web release host name/IP

    Enter a host name for the FortiMail unit that will be used for web release links in quarantine reports (but not email release links). If this field is left blank:

    • If the FortiMail unit is operating in gateway mode or server mode, web release and delete links in the quarantine report will use the fully qualified domain name (FQDN) of the FortiMail unit.
    • If the FortiMail unit is operating in transparent mode, web release and delete links in the quarantine report will use the FortiMail unit’s management IP address. For more information, see About the management IP.

    Configuring an alternate host name for web release and delete links can be useful if the local domain name or management IP of the FortiMail unit is not resolvable from everywhere that email users will use their quarantine reports. In that case, you can override the web release link to use a globally resolvable host name or IP address.

  4. In the Quarantine Report Recipient Setting section, double-click a domain name to modify its related settings.
  5. A dialog appears.

  6. Configure the following and click OK.
Quarantine report recipient settings

GUI item

Description

Domain name

 

Displays the name of a protected domain.

For more information on protected domains, see Configuring protected domains.

 

Send to original recipient

Select to send quarantine reports to each recipient address in the protected domain.

 

Send to other recipient

Select to send quarantine reports to an email address other than the recipients or group owners, then enter the email address.

 

Send to LDAP group owner based on LDAP profile

Select to send quarantine reports to the email addresses of group owners, then select the name of an LDAP profile in which you have enabled and configured in Configuring group query options.

Also configure the following two options for more granular control:

  • Only when original recipient is group
  • When group owner is found, do not send to original recipient.

About the plain text formatted quarantine report

Plain text quarantine reports:

  • notify email users about email messages that have been quarantined to their per-recipient quarantine
  • explain how to delete one or all quarantined email messages
  • explain how to release individual email messages

For plain text quarantine reports, you can only release email from the per-recipient quarantine by using the email release method. For more information on how to release email from the per-recipient quarantine, see Releasing and deleting email via quarantine reports.

Release instructions in a plain text quarantine report may use either the management IP address or local domain name.

Note

The contents of quarantine reports are customizable. For more information, see Customizing GUI, replacement messages, email templates, SSO, and Security Fabric.

Sample plain text quarantine report

Sample plain text quarantine report

 

Report content

Message header of quarantine report

Subject: Quarantine Summary: [ 3 message(s) quarantined from Thu, 04 Sep 2008 11:00:00 to Thu, 04 Sep 2008 12:00:00 ]

From: release-ctrl@example.com

Date: Thu, 04 Sep 2008 12:00:00

To: user1@example.com

Quarantined email #1

Date: Thu, 04 Sep 2008 11:52:51

Subject: [SPAM] information leak

From: User 1 <user1@example.com>

Message-Id: MTIyMDU0MzU3MS43NDJfNTk5ODcuRm9ydGlNYWlsLTQwMCwjRiNTIzYzMyNFLFU4OjIsUw==

Quarantined email #2

Date: Thu, 04 Sep 2008 11:51:10

Subject: [SPAM] curious?

From: User 1 <user1@example.com>

Message-Id: MTIyMDU0MzQ3MC43NDFfOTA0MjcxLkZvcnRpTWFpbC00MDAsI0YjUyM2MjUjRSxVNzoyLA==

Quarantined email #3

Date: Thu, 04 Sep 2008 11:48:50

Subject: [SPAM] Buy now!!!! lowest prices

From: User 1 <user1@example.com>

Message-Id: MTIyMDU0MzMzMC43NDBfNjkwMTUwLkZvcnRpTWFpbC00MDAsI0YjUyM2NDIjRSxVNToyLA==

Instructions for deleting or releasing quarantined email

Actions:

o) Release a message: Send an email to <release-ctrl@example.com> with subject line set to "user1@example.com:Message-Id".

o) Delete a message: Send an email to <delete-ctrl@example.com> with subject line set to "user1@example.com:Message-Id".

o) Delete all messages: Send an email to <delete-ctrl@example.com> with subject line set to "delete_all:user1@example.com:e4d46814:ac146004:05737c7c111d68d0111d68d0111d68d0".

About the HTML formatted quarantine report

HTML quarantine reports:

From an HTML format quarantine report, you can release or delete messages by using either web or email release methods. For more information on how to release email from the per-recipient quarantine, see Releasing and deleting email via quarantine reports.

Web release and delete links in an HTML formatted quarantine report may link to either the management IP address, local domain name, or an alternative host name for the FortiMail unit. For more information, see Web release host name/IP.

Note

The contents of quarantine reports are customizable. For more information, see Customizing GUI, replacement messages, email templates, SSO, and Security Fabric.

If option to auto add to personal safe list when releasing spam is enabled, default HTML report now seems to include notification of that setting. From replacement message:

<**SPAM_CONFIG_NOTE**><b>Note: %%SPAM_SAFE_LIST%%.</b>

<**/SPAM_CONFIG_NOTE**>

Sample HTML quarantine report

Sample HTML quarantine report

 

Report content

Message header of quarantine report

Subject: Quarantine Summary: [ 3 message(s) quarantined from Thu, 04 Sep 2008 11:00:00 to Thu, 04 Sep 2008 12:00:00 ]

From: release-ctrl@example.com

Date: Thu, 04 Sep 2008 12:00:00

To: user1@example.com

Quarantined email #1

Date: Thu, 04 Sep 2008 11:52:51

From: User 1 <user1@example.com>

Subject: [SPAM] information leak

Web Actions: Release Delete

Email Actions: Release Delete

Quarantined email #2

Date: Thu, 04 Sep 2008 11:51:10

From: User 1 <user1@example.com>

Subject: [SPAM] curious?

Web Actions: Release Delete

Email Actions: Release Delete

Quarantined email #3

Date: Thu, 04 Sep 2008 11:48:50

From: User 1 <user1@example.com>

Subject: [SPAM] Buy now!!!! lowest prices

Web Actions: Release Delete

Email Actions: Release Delete

Instructions for deleting or releasing quarantined email

Web Actions:

Click on Release link to send a http(s) request to have the message sent to your inbox.

Click on Delete link to send a http(s) request to delete the message from your quarantine.

Click Here to send a http(s) request to Delete all messages from your quarantine.

 

Email Actions:

Click on Release link to send an email to have the message sent to your inbox.

Click on Delete link to send an email to delete the message from your quarantine.

Click here to send an email to Delete all messages from your quarantine.

 

Other:

To view your entire quarantine inbox or manage your preferences, Click Here

Releasing and deleting email via quarantine reports

Quarantine reports enable recipients to remotely monitor and delete or release email messages in the per-recipient quarantine folders.

Depending on whether the quarantine report is sent and viewed in plain text or HTML format, a quarantine report recipient may use either or both web release and email release methods to release or delete email from a per-recipient quarantine.

  • Web release: To release or delete an email from the per-recipient quarantine, the recipient must click the Release or Delete web action link which sends an HTTP or HTTPS request to the FortiMail unit. Available for HTML format quarantine reports only.
  • Email release: To release or delete an email from the per-recipient quarantine, the recipient must either:
  • Click the Release or Delete email action link which creates a new email message containing all required information, then send it to the quarantine control account of the FortiMail unit. Available for HTML format quarantine reports only.
  • Manually send an email message to the quarantine control account of the FortiMail unit. The To: address must be the quarantine control email address, such as release-ctrl@example.com or delete-ctrl@example.com. The subject line must contain both the recipient email address and Message-Id: of the quarantined email, separated by a colon (:), such as:
    user1@example.com:MTIyMDU0MDk1Ni43NDRfMTk2ODU0LkZvcnRpTWFpbC00MDAsI0YjUyM2NjUjRQ==
Releasing an email from the per-recipient quarantine using email release

Quarantine control email addresses are configurable. For information, see Configuring the quarantine control options.

Web release links may be configured to expire after a period of time, and may or may not require the recipient to log in to the FortiMail unit. For more information, see Configuring global quarantine report settings.

For more information on the differences between plain text and HTML format quarantine reports, see About the plain text formatted quarantine report and About the HTML formatted quarantine report.

See also 

Configuring global quarantine report settings

Managing the personal quarantines

About the plain text formatted quarantine report

About the HTML formatted quarantine report

Configuring the system quarantine setting

Go to Security > Quarantine > System Quarantine Setting to configure the system quarantine account, quarantine folder, and other system quarantine settings.

The system quarantine can be accessed through the following two methods:

  • IMAP -- use an IMAP email client to access the FortiMail unit with the system quarantine account name (without any domain name) and password.
  • Administrator Web UI -- create an administrator account with the quarantine access privilege in the access profile and access the web UI using this administrator account.

The system quarantine cannot be accessed through POP3 or webmail.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Quarantine category.

For details, see About administrator account permissions and domains.

To configure the system quarantine account and quarantine folders
  1. Go to Security > Quarantine > System Quarantine Setting.
  2. Configure the following:

GUI item

Description

Account Setting

Account

Enter the user name of the system quarantine account. You can use this account to view the system quarantine via an IMAP email client.

Password

Enter the password for the system quarantine account.

Forward to

Enter an email address to which the FortiMail unit will forward a copy

of each email that is quarantined to the system quarantine.

Quarantine Folders

Enable folder rotation

Enable to rotate the folders according to the interval settings below.

Rotation interval (days)

Enter the maximum amount of time that the current system quarantine mailbox (Inbox) will be used. When the mailbox reaches this time, the FortiMail unit renames the current mailbox based on its creation date and rename date, and creates a new Inbox mailbox.

New

Click to create a new folder. When creating a folder, also specify the retention time (in days) and the administrators who are allowed to access the quarantine folder. The retention time determines how long the quarantined email will saved in the folder before it get deleted.

See also 

Managing the system quarantine

Configuring the quarantine control options

Go to Security > Quarantine > Quarantine Control to configure quarantine release and delete control accounts. You can also specify whether to re-scan the quarantined email messages for virus infections before they are released. This can be useful if the email messages are quarantined due to antispam reasons, or if the antivirus signatures are updated later.

Email users can remotely release or delete email messages in their per-recipient quarantine by sending email to quarantine control email addresses.

For example, if Release account is release-ctrl and the local domain name of the FortiMail unit is example.com, an email user could release an email message from their per-recipient quarantine by sending an email to release-ctrl@example.com. For more information on releasing and deleting quarantined items through email, see Releasing and deleting email via quarantine reports.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Quarantine category.

For details, see About administrator account permissions and domains.

To configure the quarantine control settings
  1. Go to Security > Quarantine > Quarantine Control.
  2. Under Quarantine Release Re-scan Setting, specify whether to re-scan the quarantined email with the FortiMail AV engine and/or FortiSandbox before the email is released. Also specify whether to scan the personal quarantine and/or system quarantine.
  3. For Release account, enter the user name portion (also known as the local-part) of the email address on the FortiMail unit that will receive quarantine release commands; for example: such as release‑ctrl.
  4. For Delete account, enter the user name portion (also known as the local-part) of the email address on the FortiMail unit that will receive quarantine delete commands; such as delete‑ctrl.
  5. Click Apply.
See also

Managing the personal quarantines

Configuring global quarantine report settings

Configuring email quarantines and quarantine reports

The Quarantine submenu lets you configure quarantine settings, and to configure system-wide settings for quarantine reports.

Using the email quarantine feature involves the following steps:

See also

Configuring global quarantine report settings

Configuring the system quarantine setting

Configuring the quarantine control options

Configuring global quarantine report settings

The Quarantine Report tab lets you configure various system-wide aspects of the quarantine report, including scheduling when the FortiMail unit will send reports.

Note

For the quarantine report schedule to take effect, you must enable the quarantine action in the antispam and/or content action profile first. For details, see Configuring antispam action profiles and Configuring content action profiles. For general steps about how to use email quarantine, see Configuring email quarantines and quarantine reports.

FortiMail units send quarantine reports to notify email users when email is quarantined to their per-recipient quarantine. If no email messages have been quarantined to the per-recipient quarantine folder in the period since the previous quarantine report, the FortiMail unit does not send a quarantine report.

In addition to the system-wide quarantine report settings, you can configure some quarantine report settings individually for each protected domain, including whether the FortiMail unit will send either or both plain text and HTML format quarantine reports. For more information about domain-wide quarantine report settings, see Quarantine Report Setting.

Note

Starting from v4.1, domain-wide quarantine report settings are independent from the system-wide quarantine report settings.

For information on the contents of the plain text and HTML format quarantine report, see About the plain text formatted quarantine report and About the HTML formatted quarantine report.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Quarantine category.

For details, see About administrator account permissions and domains.

To configure the global quarantine report settings
  1. Go to Security > Quarantine > Quarantine Report.
  2. Configure the following:
  3. GUI item

    Description

    Schedule

     

     

     

    These hours

    Select the hours of the day during which you want the FortiMail unit to generate quarantine reports.

     

    These days

    Select the days of the week during which you want the FortiMail unit to generate quarantine reports.

    Template

     

     

     

    Quarantine report template

    Select a template from the dropdown list or click Edit to customize it. For details about email template customization, see Customizing email templates.

    Webmail Access Setting

     

     

     

    Time limited access without authentication

    Enable to allow user access without authentication for the following period of time.

     

    Expiry period

    Specify the time limit for the above setting. 0 means unlimited.

     

    Web release host name/IP

    Enter a host name for the FortiMail unit that will be used for web release links in quarantine reports (but not email release links). If this field is left blank:

    • If the FortiMail unit is operating in gateway mode or server mode, web release and delete links in the quarantine report will use the fully qualified domain name (FQDN) of the FortiMail unit.
    • If the FortiMail unit is operating in transparent mode, web release and delete links in the quarantine report will use the FortiMail unit’s management IP address. For more information, see About the management IP.

    Configuring an alternate host name for web release and delete links can be useful if the local domain name or management IP of the FortiMail unit is not resolvable from everywhere that email users will use their quarantine reports. In that case, you can override the web release link to use a globally resolvable host name or IP address.

  4. In the Quarantine Report Recipient Setting section, double-click a domain name to modify its related settings.
  5. A dialog appears.

  6. Configure the following and click OK.
Quarantine report recipient settings

GUI item

Description

Domain name

 

Displays the name of a protected domain.

For more information on protected domains, see Configuring protected domains.

 

Send to original recipient

Select to send quarantine reports to each recipient address in the protected domain.

 

Send to other recipient

Select to send quarantine reports to an email address other than the recipients or group owners, then enter the email address.

 

Send to LDAP group owner based on LDAP profile

Select to send quarantine reports to the email addresses of group owners, then select the name of an LDAP profile in which you have enabled and configured in Configuring group query options.

Also configure the following two options for more granular control:

  • Only when original recipient is group
  • When group owner is found, do not send to original recipient.

About the plain text formatted quarantine report

Plain text quarantine reports:

  • notify email users about email messages that have been quarantined to their per-recipient quarantine
  • explain how to delete one or all quarantined email messages
  • explain how to release individual email messages

For plain text quarantine reports, you can only release email from the per-recipient quarantine by using the email release method. For more information on how to release email from the per-recipient quarantine, see Releasing and deleting email via quarantine reports.

Release instructions in a plain text quarantine report may use either the management IP address or local domain name.

Note

The contents of quarantine reports are customizable. For more information, see Customizing GUI, replacement messages, email templates, SSO, and Security Fabric.

Sample plain text quarantine report

Sample plain text quarantine report

 

Report content

Message header of quarantine report

Subject: Quarantine Summary: [ 3 message(s) quarantined from Thu, 04 Sep 2008 11:00:00 to Thu, 04 Sep 2008 12:00:00 ]

From: release-ctrl@example.com

Date: Thu, 04 Sep 2008 12:00:00

To: user1@example.com

Quarantined email #1

Date: Thu, 04 Sep 2008 11:52:51

Subject: [SPAM] information leak

From: User 1 <user1@example.com>

Message-Id: MTIyMDU0MzU3MS43NDJfNTk5ODcuRm9ydGlNYWlsLTQwMCwjRiNTIzYzMyNFLFU4OjIsUw==

Quarantined email #2

Date: Thu, 04 Sep 2008 11:51:10

Subject: [SPAM] curious?

From: User 1 <user1@example.com>

Message-Id: MTIyMDU0MzQ3MC43NDFfOTA0MjcxLkZvcnRpTWFpbC00MDAsI0YjUyM2MjUjRSxVNzoyLA==

Quarantined email #3

Date: Thu, 04 Sep 2008 11:48:50

Subject: [SPAM] Buy now!!!! lowest prices

From: User 1 <user1@example.com>

Message-Id: MTIyMDU0MzMzMC43NDBfNjkwMTUwLkZvcnRpTWFpbC00MDAsI0YjUyM2NDIjRSxVNToyLA==

Instructions for deleting or releasing quarantined email

Actions:

o) Release a message: Send an email to <release-ctrl@example.com> with subject line set to "user1@example.com:Message-Id".

o) Delete a message: Send an email to <delete-ctrl@example.com> with subject line set to "user1@example.com:Message-Id".

o) Delete all messages: Send an email to <delete-ctrl@example.com> with subject line set to "delete_all:user1@example.com:e4d46814:ac146004:05737c7c111d68d0111d68d0111d68d0".

About the HTML formatted quarantine report

HTML quarantine reports:

From an HTML format quarantine report, you can release or delete messages by using either web or email release methods. For more information on how to release email from the per-recipient quarantine, see Releasing and deleting email via quarantine reports.

Web release and delete links in an HTML formatted quarantine report may link to either the management IP address, local domain name, or an alternative host name for the FortiMail unit. For more information, see Web release host name/IP.

Note

The contents of quarantine reports are customizable. For more information, see Customizing GUI, replacement messages, email templates, SSO, and Security Fabric.

If option to auto add to personal safe list when releasing spam is enabled, default HTML report now seems to include notification of that setting. From replacement message:

<**SPAM_CONFIG_NOTE**><b>Note: %%SPAM_SAFE_LIST%%.</b>

<**/SPAM_CONFIG_NOTE**>

Sample HTML quarantine report

Sample HTML quarantine report

 

Report content

Message header of quarantine report

Subject: Quarantine Summary: [ 3 message(s) quarantined from Thu, 04 Sep 2008 11:00:00 to Thu, 04 Sep 2008 12:00:00 ]

From: release-ctrl@example.com

Date: Thu, 04 Sep 2008 12:00:00

To: user1@example.com

Quarantined email #1

Date: Thu, 04 Sep 2008 11:52:51

From: User 1 <user1@example.com>

Subject: [SPAM] information leak

Web Actions: Release Delete

Email Actions: Release Delete

Quarantined email #2

Date: Thu, 04 Sep 2008 11:51:10

From: User 1 <user1@example.com>

Subject: [SPAM] curious?

Web Actions: Release Delete

Email Actions: Release Delete

Quarantined email #3

Date: Thu, 04 Sep 2008 11:48:50

From: User 1 <user1@example.com>

Subject: [SPAM] Buy now!!!! lowest prices

Web Actions: Release Delete

Email Actions: Release Delete

Instructions for deleting or releasing quarantined email

Web Actions:

Click on Release link to send a http(s) request to have the message sent to your inbox.

Click on Delete link to send a http(s) request to delete the message from your quarantine.

Click Here to send a http(s) request to Delete all messages from your quarantine.

 

Email Actions:

Click on Release link to send an email to have the message sent to your inbox.

Click on Delete link to send an email to delete the message from your quarantine.

Click here to send an email to Delete all messages from your quarantine.

 

Other:

To view your entire quarantine inbox or manage your preferences, Click Here

Releasing and deleting email via quarantine reports

Quarantine reports enable recipients to remotely monitor and delete or release email messages in the per-recipient quarantine folders.

Depending on whether the quarantine report is sent and viewed in plain text or HTML format, a quarantine report recipient may use either or both web release and email release methods to release or delete email from a per-recipient quarantine.

  • Web release: To release or delete an email from the per-recipient quarantine, the recipient must click the Release or Delete web action link which sends an HTTP or HTTPS request to the FortiMail unit. Available for HTML format quarantine reports only.
  • Email release: To release or delete an email from the per-recipient quarantine, the recipient must either:
  • Click the Release or Delete email action link which creates a new email message containing all required information, then send it to the quarantine control account of the FortiMail unit. Available for HTML format quarantine reports only.
  • Manually send an email message to the quarantine control account of the FortiMail unit. The To: address must be the quarantine control email address, such as release-ctrl@example.com or delete-ctrl@example.com. The subject line must contain both the recipient email address and Message-Id: of the quarantined email, separated by a colon (:), such as:
    user1@example.com:MTIyMDU0MDk1Ni43NDRfMTk2ODU0LkZvcnRpTWFpbC00MDAsI0YjUyM2NjUjRQ==
Releasing an email from the per-recipient quarantine using email release

Quarantine control email addresses are configurable. For information, see Configuring the quarantine control options.

Web release links may be configured to expire after a period of time, and may or may not require the recipient to log in to the FortiMail unit. For more information, see Configuring global quarantine report settings.

For more information on the differences between plain text and HTML format quarantine reports, see About the plain text formatted quarantine report and About the HTML formatted quarantine report.

See also 

Configuring global quarantine report settings

Managing the personal quarantines

About the plain text formatted quarantine report

About the HTML formatted quarantine report

Configuring the system quarantine setting

Go to Security > Quarantine > System Quarantine Setting to configure the system quarantine account, quarantine folder, and other system quarantine settings.

The system quarantine can be accessed through the following two methods:

  • IMAP -- use an IMAP email client to access the FortiMail unit with the system quarantine account name (without any domain name) and password.
  • Administrator Web UI -- create an administrator account with the quarantine access privilege in the access profile and access the web UI using this administrator account.

The system quarantine cannot be accessed through POP3 or webmail.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Quarantine category.

For details, see About administrator account permissions and domains.

To configure the system quarantine account and quarantine folders
  1. Go to Security > Quarantine > System Quarantine Setting.
  2. Configure the following:

GUI item

Description

Account Setting

Account

Enter the user name of the system quarantine account. You can use this account to view the system quarantine via an IMAP email client.

Password

Enter the password for the system quarantine account.

Forward to

Enter an email address to which the FortiMail unit will forward a copy

of each email that is quarantined to the system quarantine.

Quarantine Folders

Enable folder rotation

Enable to rotate the folders according to the interval settings below.

Rotation interval (days)

Enter the maximum amount of time that the current system quarantine mailbox (Inbox) will be used. When the mailbox reaches this time, the FortiMail unit renames the current mailbox based on its creation date and rename date, and creates a new Inbox mailbox.

New

Click to create a new folder. When creating a folder, also specify the retention time (in days) and the administrators who are allowed to access the quarantine folder. The retention time determines how long the quarantined email will saved in the folder before it get deleted.

See also 

Managing the system quarantine

Configuring the quarantine control options

Go to Security > Quarantine > Quarantine Control to configure quarantine release and delete control accounts. You can also specify whether to re-scan the quarantined email messages for virus infections before they are released. This can be useful if the email messages are quarantined due to antispam reasons, or if the antivirus signatures are updated later.

Email users can remotely release or delete email messages in their per-recipient quarantine by sending email to quarantine control email addresses.

For example, if Release account is release-ctrl and the local domain name of the FortiMail unit is example.com, an email user could release an email message from their per-recipient quarantine by sending an email to release-ctrl@example.com. For more information on releasing and deleting quarantined items through email, see Releasing and deleting email via quarantine reports.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Quarantine category.

For details, see About administrator account permissions and domains.

To configure the quarantine control settings
  1. Go to Security > Quarantine > Quarantine Control.
  2. Under Quarantine Release Re-scan Setting, specify whether to re-scan the quarantined email with the FortiMail AV engine and/or FortiSandbox before the email is released. Also specify whether to scan the personal quarantine and/or system quarantine.
  3. For Release account, enter the user name portion (also known as the local-part) of the email address on the FortiMail unit that will receive quarantine release commands; for example: such as release‑ctrl.
  4. For Delete account, enter the user name portion (also known as the local-part) of the email address on the FortiMail unit that will receive quarantine delete commands; such as delete‑ctrl.
  5. Click Apply.
See also

Managing the personal quarantines

Configuring global quarantine report settings