Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Managing the mail queue

The FortiMail unit prioritizes the mail queue into two types:

  • Regular mail queue
  • When the initial attempt to deliver an email fails, the FortiMail unit moves the email to the regular mail queue.

  • Slow mail queue
  • After another two failed delivery attempts, the FortiMail unit moves the email to the slow mail queue. This allows the FortiMail unit to resend valid email quickly, instead of keep resending invalid email (for example, email destined to an invalid MTA).

Note

After the undelivered email remains in the deferred queue for five minutes, the mail appears under Monitor > Mail Queue > Mail Queue. This also means that email staying in the deferred queue for less than five minutes does not appear on the Mail Queue tab.

Delivery failure can be caused by temporary reasons such as interruptions to network connectivity. FortiMail units will periodically retry delivery (administrators can also manually initiate a retry). If the email is subsequently sent successfully, the FortiMail unit simply removes the email from the queue. It does not notify the sender. But if delivery continues to be deferred, the FortiMail unit eventually sends an initial delivery status notification (DSN) email message to notify the sender that delivery has not yet succeeded. Finally, if the FortiMail unit cannot send the email message by the end of the time limit for delivery retries, the FortiMail unit sends a final DSN to notify the sender about the delivery failure and deletes the email message from the deferred queue. If the sender cannot receive this notification, such as if the sender’s SMTP server is unreachable or if the sender address is invalid or empty, the FortiMail unit will save a copy of the email in the dead mail folder. For more information, see Managing undeliverable mail.

When you delete a deferred email, the FortiMail unit sends an email message, with the deleted email attached to it, to notify the sender.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Policy category

For details, see About administrator account permissions and domains.

To view, delete, or resend an email in the deferred mail queue, go to Monitor > Mail Queue > Mail Queue.

Note

To reduce the amount of hard disk space consumed by quarantined mail, regularly release or delete the contents of each recipient’s quarantine.

 

GUI item

Description

View (button)

Select a message and click View to see its contents.

Delete (button)

Click to deleted the selected item.

Resend

(button)

Mark the check boxes of the rows corresponding to the email messages that you want to immediately retry to send, then click Resend.

To determine if these retries succeeded, click Refresh. If a retry succeeds, the email will no longer appear in either the deferred mail queue or the dead mail folder. Otherwise, the retry has failed.

Type

Select the directionality and priority level of email to filter the mail queue display.

  • Default: Displays all email in the regular mail queue. After three failed delivery retries, the mail will be moved to the Default-slow mail queue.
  • Incoming: Only displays the delayed incoming emai that meets the following criteria: 1. The mail must be destined to both protected and unprotected domains; 2. The mail must have triggered different actions in regard to different domains, for example, inserting disclaimer for outgoing email and tagging the subjects for incoming email. If the incoming email action is triggered, the mail will be moved to the Incoming mail queue. If both the outgoing email action and incoming email action are triggered, the mail will be moved to both the Incoming and Outgoing mail queues.

After three failed delivery retries, the mail will be moved to the Incoming-slow mail queue.

  • Outgoing: Only displays the delayed outgoing emai that meets the following criteria: 1. The mail must be destined to both protected and unprotected domains; 2. The mail must have triggered different actions in regard to different domains, for example, inserting disclaimer for outgoing email and taking no action for incoming email is considered to be different actions for different domains. If the outgoing email action is triggered, the mail will be moved to the Outgoing mail queque. If both the outgoing email action and incoming email action are triggered, the mail will be moved to both the Incoming and Outgoing mail queues.

After three failed delivery retries, the mail will be moved to the Outgoing-slow mail queue.

  • IBE: Only displays the IBE email in the regular mail queue. For information about IBE email, see Configuring IBE encryption. After three failed delivery retries, the mail will be moved to the IBE-slow mail queue.
  • Default-slow: Displays all email in the slow mail queue.
  • Incoming-slow: Displays the incoming email in the slow mail queue.
  • Outgoing-slow: Displays the outgoing email in the slow mail queue.
  • IBE-slow: Displays the IBE email in the slow mail queue.
  • Delivery control: Displays the email throttled by delivery control policies ( see Configuring delivery control policies). After three attempts, the mail will be moved to the outgoing-slow queue.

Search

(button)

Select to filter the mail queue display by entering criteria that email must match in order to be visible.

Client IP

Lists the client IP addresses.

Location

Lists the GeoIP locations/country names.

Envelope From

Lists the sender (MAIL FROM:) of the email.

Envelope To

Lists the recipient (RCPT TO:) of the email.

Subject

Lists the email subjects.

Reason

Lists the reasons why the email has been deferred, such as DNS lookup failure or refused connections.

First Processed

Lists the date and time that the FortiMail unit first tried to send the email.

Last Processed

Lists the date and time that the FortiMail unit last tried to send the email.

Tries

Lists the number of times that the FortiMail unit has tried to send the email.

Viewing the FortiGuard spam outbreak protection mail queue

If you enabled spam outbreak protection in an antispam profile, FortiMail will temporarily hold suspicious email for a certain period of time (configurable with CLI command config system fortiguard antispam set outbreak-protection-period) if the enabled FortiGuard antispam check (block IP and/or URL filter) returns no result. After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard antispam service to update its database in cases a spam outbreak occurs.

To view the email on hold, go to Monitor > Mail Queue > Spam Outbreak.

Viewing the FortiGuard virus outbreak protection mail queue

If you enabled antivirus outbreak protection in an antivirus profile, FortiMail will temporarily hold suspicious email for a certain period of time (configuragle under System > FortiGuard > Antivirus). After the specified time interval, FortiMail will query the antivirus database for the second time. This provides an opportunity for the FortiGuard antivirus service to update its database in cases a virus outbreak occurs.

To view the email on hold, go to Monitor > Mail Queue > Virus Outbreak.

Viewing the FortiSandbox mail queue

The FortiSandbox unit is used for automated sample tracking, or sandboxing. You can send suspicious email attachments to FortiSandbox for inspection when you configure antivirus profiles (see Managing antivirus profiles). If the file exhibits risky behavior, or is found to contain a virus, the result will be sent back to FortiMail and a new virus signature is created and added to the FortiGuard antivirus signature database as well. For more information about FortiSandbox, please visit Fortinet’s web site at https://www.fortinet.com.

To view the email waiting to be sent to FortiSandbox, go to Monitor > Mail Queue > FortiSandbox.

Managing undeliverable mail

The Dead Mail tab displays the list of email messages in the dead mail folder.

Unlike the deferred mail queue, the dead mail folder contains copies of delivery status notification (DSN) email messages, also called non-delivery reports (NDR).

DSN messages are sent from the FortiMail unit ("postmaster") to an email’s sender when the email is considered to be more permanently undeliverable because all previous retry attempts of the deferred email message have failed. These email messages from "postmaster" include a copy of the original email message for which the DSN was generated.

If an email cannot be sent nor a DSN returned to the sender, it is usually because both the recipient and sender addresses are invalid. Such email messages are often sent by spammers who know the domain name of an SMTP server but not the names of its email users, and are attempting to send spam by guessing at valid recipient email addresses.

The FortiMail unit can automatically delete old dead mail.

Tooltip

Alternatively, to prevent dead mail to invalid recipients, enable recipient address verification to reject email with invalid recipients. Rejecting email with invalid recipients also prevents quarantine mailboxes for invalid recipients from consuming hard disk space. For details, see Configuring recipient address verification.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Policy category

For details, see About administrator account permissions and domains.

To view or delete undeliverable email, go to Monitor > Mail Queue > Dead Mail.

Viewing the mail queue size

Mail queue size status can be viewed, including incoming, outgoing, IBE, spam and virus outbreak, and Sandbox queues.

View the mail queue size status in the GUI under Dashboard > Status in the Queue Status widget, or view the mail queue status using the following CLI command:

diagnose system mailqueue status

Managing the mail queue

The FortiMail unit prioritizes the mail queue into two types:

  • Regular mail queue
  • When the initial attempt to deliver an email fails, the FortiMail unit moves the email to the regular mail queue.

  • Slow mail queue
  • After another two failed delivery attempts, the FortiMail unit moves the email to the slow mail queue. This allows the FortiMail unit to resend valid email quickly, instead of keep resending invalid email (for example, email destined to an invalid MTA).

Note

After the undelivered email remains in the deferred queue for five minutes, the mail appears under Monitor > Mail Queue > Mail Queue. This also means that email staying in the deferred queue for less than five minutes does not appear on the Mail Queue tab.

Delivery failure can be caused by temporary reasons such as interruptions to network connectivity. FortiMail units will periodically retry delivery (administrators can also manually initiate a retry). If the email is subsequently sent successfully, the FortiMail unit simply removes the email from the queue. It does not notify the sender. But if delivery continues to be deferred, the FortiMail unit eventually sends an initial delivery status notification (DSN) email message to notify the sender that delivery has not yet succeeded. Finally, if the FortiMail unit cannot send the email message by the end of the time limit for delivery retries, the FortiMail unit sends a final DSN to notify the sender about the delivery failure and deletes the email message from the deferred queue. If the sender cannot receive this notification, such as if the sender’s SMTP server is unreachable or if the sender address is invalid or empty, the FortiMail unit will save a copy of the email in the dead mail folder. For more information, see Managing undeliverable mail.

When you delete a deferred email, the FortiMail unit sends an email message, with the deleted email attached to it, to notify the sender.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Policy category

For details, see About administrator account permissions and domains.

To view, delete, or resend an email in the deferred mail queue, go to Monitor > Mail Queue > Mail Queue.

Note

To reduce the amount of hard disk space consumed by quarantined mail, regularly release or delete the contents of each recipient’s quarantine.

 

GUI item

Description

View (button)

Select a message and click View to see its contents.

Delete (button)

Click to deleted the selected item.

Resend

(button)

Mark the check boxes of the rows corresponding to the email messages that you want to immediately retry to send, then click Resend.

To determine if these retries succeeded, click Refresh. If a retry succeeds, the email will no longer appear in either the deferred mail queue or the dead mail folder. Otherwise, the retry has failed.

Type

Select the directionality and priority level of email to filter the mail queue display.

  • Default: Displays all email in the regular mail queue. After three failed delivery retries, the mail will be moved to the Default-slow mail queue.
  • Incoming: Only displays the delayed incoming emai that meets the following criteria: 1. The mail must be destined to both protected and unprotected domains; 2. The mail must have triggered different actions in regard to different domains, for example, inserting disclaimer for outgoing email and tagging the subjects for incoming email. If the incoming email action is triggered, the mail will be moved to the Incoming mail queue. If both the outgoing email action and incoming email action are triggered, the mail will be moved to both the Incoming and Outgoing mail queues.

After three failed delivery retries, the mail will be moved to the Incoming-slow mail queue.

  • Outgoing: Only displays the delayed outgoing emai that meets the following criteria: 1. The mail must be destined to both protected and unprotected domains; 2. The mail must have triggered different actions in regard to different domains, for example, inserting disclaimer for outgoing email and taking no action for incoming email is considered to be different actions for different domains. If the outgoing email action is triggered, the mail will be moved to the Outgoing mail queque. If both the outgoing email action and incoming email action are triggered, the mail will be moved to both the Incoming and Outgoing mail queues.

After three failed delivery retries, the mail will be moved to the Outgoing-slow mail queue.

  • IBE: Only displays the IBE email in the regular mail queue. For information about IBE email, see Configuring IBE encryption. After three failed delivery retries, the mail will be moved to the IBE-slow mail queue.
  • Default-slow: Displays all email in the slow mail queue.
  • Incoming-slow: Displays the incoming email in the slow mail queue.
  • Outgoing-slow: Displays the outgoing email in the slow mail queue.
  • IBE-slow: Displays the IBE email in the slow mail queue.
  • Delivery control: Displays the email throttled by delivery control policies ( see Configuring delivery control policies). After three attempts, the mail will be moved to the outgoing-slow queue.

Search

(button)

Select to filter the mail queue display by entering criteria that email must match in order to be visible.

Client IP

Lists the client IP addresses.

Location

Lists the GeoIP locations/country names.

Envelope From

Lists the sender (MAIL FROM:) of the email.

Envelope To

Lists the recipient (RCPT TO:) of the email.

Subject

Lists the email subjects.

Reason

Lists the reasons why the email has been deferred, such as DNS lookup failure or refused connections.

First Processed

Lists the date and time that the FortiMail unit first tried to send the email.

Last Processed

Lists the date and time that the FortiMail unit last tried to send the email.

Tries

Lists the number of times that the FortiMail unit has tried to send the email.

Viewing the FortiGuard spam outbreak protection mail queue

If you enabled spam outbreak protection in an antispam profile, FortiMail will temporarily hold suspicious email for a certain period of time (configurable with CLI command config system fortiguard antispam set outbreak-protection-period) if the enabled FortiGuard antispam check (block IP and/or URL filter) returns no result. After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard antispam service to update its database in cases a spam outbreak occurs.

To view the email on hold, go to Monitor > Mail Queue > Spam Outbreak.

Viewing the FortiGuard virus outbreak protection mail queue

If you enabled antivirus outbreak protection in an antivirus profile, FortiMail will temporarily hold suspicious email for a certain period of time (configuragle under System > FortiGuard > Antivirus). After the specified time interval, FortiMail will query the antivirus database for the second time. This provides an opportunity for the FortiGuard antivirus service to update its database in cases a virus outbreak occurs.

To view the email on hold, go to Monitor > Mail Queue > Virus Outbreak.

Viewing the FortiSandbox mail queue

The FortiSandbox unit is used for automated sample tracking, or sandboxing. You can send suspicious email attachments to FortiSandbox for inspection when you configure antivirus profiles (see Managing antivirus profiles). If the file exhibits risky behavior, or is found to contain a virus, the result will be sent back to FortiMail and a new virus signature is created and added to the FortiGuard antivirus signature database as well. For more information about FortiSandbox, please visit Fortinet’s web site at https://www.fortinet.com.

To view the email waiting to be sent to FortiSandbox, go to Monitor > Mail Queue > FortiSandbox.

Managing undeliverable mail

The Dead Mail tab displays the list of email messages in the dead mail folder.

Unlike the deferred mail queue, the dead mail folder contains copies of delivery status notification (DSN) email messages, also called non-delivery reports (NDR).

DSN messages are sent from the FortiMail unit ("postmaster") to an email’s sender when the email is considered to be more permanently undeliverable because all previous retry attempts of the deferred email message have failed. These email messages from "postmaster" include a copy of the original email message for which the DSN was generated.

If an email cannot be sent nor a DSN returned to the sender, it is usually because both the recipient and sender addresses are invalid. Such email messages are often sent by spammers who know the domain name of an SMTP server but not the names of its email users, and are attempting to send spam by guessing at valid recipient email addresses.

The FortiMail unit can automatically delete old dead mail.

Tooltip

Alternatively, to prevent dead mail to invalid recipients, enable recipient address verification to reject email with invalid recipients. Rejecting email with invalid recipients also prevents quarantine mailboxes for invalid recipients from consuming hard disk space. For details, see Configuring recipient address verification.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Policy category

For details, see About administrator account permissions and domains.

To view or delete undeliverable email, go to Monitor > Mail Queue > Dead Mail.

Viewing the mail queue size

Mail queue size status can be viewed, including incoming, outgoing, IBE, spam and virus outbreak, and Sandbox queues.

View the mail queue size status in the GUI under Dashboard > Status in the Queue Status widget, or view the mail queue status using the following CLI command:

diagnose system mailqueue status