- If you want to require authentication for SMTP connections received by the FortiMail unit, examine the access control rules whose sender patterns match your email users to ensure that authentication is required (Authenticated) rather than optional (Any).
- For secure (SSL or TLS) authentication:
Additionally, verify that no access control rule exists that allows unauthenticated connections. For details, see Configuring access control rules.
- Upload a local certificate. For details, see Managing local certificates.
- Enable SMTP over SSL/TLS. For details, see Configuring mail server settings.
- If you want to configure TLS, create a TLS profile, and select it in the access control rules. For details, see Configuring TLS security profiles and Configuring access control rules.
- If the email user will use a personal certificate to log in to webmail or their per-recipient quarantine, define the certificate authority (CA) and the valid certificate for that user. If OCSP is enabled, you must also configure a remote certificate revocation authority. For details, see Configuring PKI authentication, Managing certificate authority certificates, and Managing OCSP server certificates.
- SMTP, IMAP, or POP3 (gateway mode or transparent mode only; see Configuring authentication profiles)
- LDAP (see Configuring LDAP profiles)
- RADIUS (see Configuring authentication profiles)
For server mode, select the resource profile in the incoming recipient-based policy, and if users authenticate using an LDAP profile, select the LDAP profile. For details, see Controlling email based on sender and recipient addresses.