Fortinet black logo

CLI Reference

mailsetting relay-host-list

mailsetting relay-host-list

Use this command to configure the FortiMail unit’s built-in MTA’s connection to an SMTP relay, if any, to which the FortiMail unit will relay outgoing email. You can configure up to eight relays.

This is typically provided by your Internet service provider (ISP), but could be a mail relay on your internal network.

If the SMTP relay’s domain name resolves to more than one IP address, for each SMTP session, the FortiMail unit will randomly select one of the IP addresses from the result of the DNS query, effectively load balancing between the SMTP relays.

If you do not configure a relay server, for outgoing email delivered by the built-in MTA, the FortiMail unit will instead query the DNS server for the MX record of the mail domain in the recipient’s email address (RCPT TO:), and relay the email directly to that mail gateway.

You can also use MX records and IP groups as relay types.

For details, see the FortiMail Administration Guide.

This option will be ignored for email that matches an antispam or content profile where you have enabled alternate-host {<relay_fqdn> | <relay_ipv4>}.

Syntax

config mailsetting relay-host-list

edit <relay-host-name>

set auth-password <password_str>

set auth-status {enable | disable}

set auth-type {auto | plain | login | digest-md5 | cram‑md5}

set auth-username <user_str>

set host-name

set host-port

set ip-group-profile

set mx-lookup-domain-name

set relay-type {host | ip-group | mx-lookup}

set use-smtps {enable | disable}

end

Variable

Description

Default

<relay-host-name>

Enter the host name or IP address of the relay server.

auth-password <password_str>

If auth-status {enable | disable} is enable, enter the password of the FortiMail unit’s user account on the SMTP relay.

auth-status {enable | disable}

Enable if the SMTP relay requires authentication using the SMTP AUTH command. Also configure auth-username <user_str>, auth-password <password_str>, and auth-type {auto | plain | login | digest-md5 | cram‑md5}.

disable

auth-type {auto | plain | login | digest-md5 | cram‑md5}

If auth-status {enable | disable} is enable, enter either the SMTP authentication type required by the SMTP relay when the FortiMail unit sends the ESMTP AUTH command, or enter auto to automatically detect and use the most secure authentication type supported by the relay server.

auto

auth-username <user_str>

If auth-status {enable | disable} is enable, enter the name of the FortiMail unit’s user account on the SMTP relay.

host-name

Enter the relay host ip or host name.

host-port

Enter the host port number.

25

ip-group-profile

Enter an IP group profile.

mx-lookup-domain-name

Enter the domain name for MX record lookup.

relay-type {host | ip-group | mx-lookup}

Enter the SMTP relay type: host, ip-group, or mx-lookup.

host

use-smtps {enable | disable}

Enable to initiate SSL- and TLS-secured connections to the SMTP relay if it supports SSL/TLS.

When disabled, SMTP connections from the FortiMail unit’s built-in MTA or proxy to the relay will occur as clear text, unencrypted.

This option must be enabled to initiate SMTPS connections.

disable

Related topics

mailsetting proxy-smtp

mailsetting storage central-quarantine

mailsetting storage central-quarantine

mailsetting systemquarantine

mailsetting relay-host-list

Use this command to configure the FortiMail unit’s built-in MTA’s connection to an SMTP relay, if any, to which the FortiMail unit will relay outgoing email. You can configure up to eight relays.

This is typically provided by your Internet service provider (ISP), but could be a mail relay on your internal network.

If the SMTP relay’s domain name resolves to more than one IP address, for each SMTP session, the FortiMail unit will randomly select one of the IP addresses from the result of the DNS query, effectively load balancing between the SMTP relays.

If you do not configure a relay server, for outgoing email delivered by the built-in MTA, the FortiMail unit will instead query the DNS server for the MX record of the mail domain in the recipient’s email address (RCPT TO:), and relay the email directly to that mail gateway.

You can also use MX records and IP groups as relay types.

For details, see the FortiMail Administration Guide.

This option will be ignored for email that matches an antispam or content profile where you have enabled alternate-host {<relay_fqdn> | <relay_ipv4>}.

Syntax

config mailsetting relay-host-list

edit <relay-host-name>

set auth-password <password_str>

set auth-status {enable | disable}

set auth-type {auto | plain | login | digest-md5 | cram‑md5}

set auth-username <user_str>

set host-name

set host-port

set ip-group-profile

set mx-lookup-domain-name

set relay-type {host | ip-group | mx-lookup}

set use-smtps {enable | disable}

end

Variable

Description

Default

<relay-host-name>

Enter the host name or IP address of the relay server.

auth-password <password_str>

If auth-status {enable | disable} is enable, enter the password of the FortiMail unit’s user account on the SMTP relay.

auth-status {enable | disable}

Enable if the SMTP relay requires authentication using the SMTP AUTH command. Also configure auth-username <user_str>, auth-password <password_str>, and auth-type {auto | plain | login | digest-md5 | cram‑md5}.

disable

auth-type {auto | plain | login | digest-md5 | cram‑md5}

If auth-status {enable | disable} is enable, enter either the SMTP authentication type required by the SMTP relay when the FortiMail unit sends the ESMTP AUTH command, or enter auto to automatically detect and use the most secure authentication type supported by the relay server.

auto

auth-username <user_str>

If auth-status {enable | disable} is enable, enter the name of the FortiMail unit’s user account on the SMTP relay.

host-name

Enter the relay host ip or host name.

host-port

Enter the host port number.

25

ip-group-profile

Enter an IP group profile.

mx-lookup-domain-name

Enter the domain name for MX record lookup.

relay-type {host | ip-group | mx-lookup}

Enter the SMTP relay type: host, ip-group, or mx-lookup.

host

use-smtps {enable | disable}

Enable to initiate SSL- and TLS-secured connections to the SMTP relay if it supports SSL/TLS.

When disabled, SMTP connections from the FortiMail unit’s built-in MTA or proxy to the relay will occur as clear text, unencrypted.

This option must be enabled to initiate SMTPS connections.

disable

Related topics

mailsetting proxy-smtp

mailsetting storage central-quarantine

mailsetting storage central-quarantine

mailsetting systemquarantine