Fortinet black logo

Administration Guide

Workflow to enable and configure authentication of email users

Workflow to enable and configure authentication of email users

In general, to enable and configure email user authentication, you should complete the following:

  1. If you want to require authentication for SMTP connections received by the FortiMail unit, examine the access control rules whose sender patterns match your email users to ensure that authentication is required (Authenticated) rather than optional (Any).
  2. Additionally, verify that no access control rule exists that allows unauthenticated connections. For details, see Configuring access control rules.

  3. For secure (SSL or TLS) authentication:
  • If authentication will occur by querying an external authentication server rather than email user accounts locally defined on the FortiMail unit, configure the appropriate profile type, either:
  • For server mode, configure the email users and type their password, or select an LDAP profile. Also enable webmail access in a resource profile. For details, see Configuring local user accounts (server mode only) and Configuring resource profiles.
  • For gateway mode or transparent mode, select the authentication profile in the IP-based policy or in the incoming recipient-based that matches that email user and enable Use for SMTP authentication. If the user will use PKI authentication, in the incoming recipient-based policy, also enable Enable PKI authentication for web mail spam access. For details, see Controlling email based on sender and recipient addresses and Controlling email based on IP addresses.
  • For server mode, select the resource profile in the incoming recipient-based policy, and if users authenticate using an LDAP profile, select the LDAP profile. For details, see Controlling email based on sender and recipient addresses.

    Workflow to enable and configure authentication of email users

    In general, to enable and configure email user authentication, you should complete the following:

    1. If you want to require authentication for SMTP connections received by the FortiMail unit, examine the access control rules whose sender patterns match your email users to ensure that authentication is required (Authenticated) rather than optional (Any).
    2. Additionally, verify that no access control rule exists that allows unauthenticated connections. For details, see Configuring access control rules.

    3. For secure (SSL or TLS) authentication:
  • If authentication will occur by querying an external authentication server rather than email user accounts locally defined on the FortiMail unit, configure the appropriate profile type, either:
  • For server mode, configure the email users and type their password, or select an LDAP profile. Also enable webmail access in a resource profile. For details, see Configuring local user accounts (server mode only) and Configuring resource profiles.
  • For gateway mode or transparent mode, select the authentication profile in the IP-based policy or in the incoming recipient-based that matches that email user and enable Use for SMTP authentication. If the user will use PKI authentication, in the incoming recipient-based policy, also enable Enable PKI authentication for web mail spam access. For details, see Controlling email based on sender and recipient addresses and Controlling email based on IP addresses.
  • For server mode, select the resource profile in the incoming recipient-based policy, and if users authenticate using an LDAP profile, select the LDAP profile. For details, see Controlling email based on sender and recipient addresses.