Fortinet black logo

CLI Reference

domain-association

domain-association

This command applies only if the FortiMail unit is operating in gateway mode or transparent mode.

Use this command to configure domain associations. Associated domains use the settings of the protected domains or subdomains with which they are associated.

Domain associations can be useful for saving time when you have multiple domains for which you would otherwise need to configure protected domains with identical settings.

For example, if you have one SMTP server handling email for ten domains, you could create ten separate protected domains, and configure each with identical settings. Alternatively, you could create one protected domain, listing the nine remaining domains as domain associations. The advantage of using the second method is that you do not have to repeatedly configure the same things when creating or modifying the protected domains, saving time and reducing chances for error. Changes to one protected domain automatically apply to all of its associated domains.

Exceptions to settings that associated domains will re-use include DKIM keys and signing settings. Domain keys are by nature tied to the exact protected domain only, and cannot be used for any other protected domain, including associated domains.

Alternatively, you can configure LDAP queries to automatically add domain associations. For details, see system link-monitor.

Syntax

config domain-association

edit <domain-association-fqdn>

set main-domain <protected-domain-name>

next

end

Variable

Description

Default

<domain-association-fqdn>

Enter the fully qualified domain name (FQDN) of a mail domain that you want to use the same settings as the same protected domain.

<protected-domain-name>

Enter the name of the protected domain. The associated domain will use the settings of this domain.

Related topics

system link-monitor

domain-association

This command applies only if the FortiMail unit is operating in gateway mode or transparent mode.

Use this command to configure domain associations. Associated domains use the settings of the protected domains or subdomains with which they are associated.

Domain associations can be useful for saving time when you have multiple domains for which you would otherwise need to configure protected domains with identical settings.

For example, if you have one SMTP server handling email for ten domains, you could create ten separate protected domains, and configure each with identical settings. Alternatively, you could create one protected domain, listing the nine remaining domains as domain associations. The advantage of using the second method is that you do not have to repeatedly configure the same things when creating or modifying the protected domains, saving time and reducing chances for error. Changes to one protected domain automatically apply to all of its associated domains.

Exceptions to settings that associated domains will re-use include DKIM keys and signing settings. Domain keys are by nature tied to the exact protected domain only, and cannot be used for any other protected domain, including associated domains.

Alternatively, you can configure LDAP queries to automatically add domain associations. For details, see system link-monitor.

Syntax

config domain-association

edit <domain-association-fqdn>

set main-domain <protected-domain-name>

next

end

Variable

Description

Default

<domain-association-fqdn>

Enter the fully qualified domain name (FQDN) of a mail domain that you want to use the same settings as the same protected domain.

<protected-domain-name>

Enter the name of the protected domain. The associated domain will use the settings of this domain.

Related topics

system link-monitor