Fortinet black logo

Administration Guide

Migrating email from other mail servers (server mode only)

Migrating email from other mail servers (server mode only)

If you already have other mail servers, such as Exchange or FortiMail server, and you want to consolidate the mail user and data into one FortiMail server, you can do so by migrating the users and data to your FortiMail unit.

The email migration process involves the following procedures:

  1. Preparation
    1. Enable the mail migration feature using the following CLI commands (available in server mode only):
    2. config system global

      set email-migration-status enable

      end

      Note

      By default, the email migration feature does not appear on the GUI until you enable it with the above CLI commands.

    3. Define the remote mail server settings. For details, see Defining a remote mail server for mail migration.
    4. Create a domain for the to-be-migrated users. For details, see Creating domains for mail migration.
  2. User migration: Because FortiMail will act as an IMAP client on behalf of the users to get their email from the remote mail server, you must import the user/password information first. To do this, you can use one of the following methods:
  • If you only need to migrate email for a few users and you know the users’ login credentials, you can manually enter their user name/password information by going to Domain & User > Mail Migration > Migration User and click New.
  • If you can export the user name/non-encrypted password list into a CSV file, you can import the CSV file by going to Domain & User > Mail Migration > Migration User and click Action > Import > From .CSV File.
  • If the to-be-migrated users already have accounts on the FortiMail server, you can import/copy the local user list to the migration user list by going to Domain & User > Mail Migration > Migration User and click Action > Import > From Local Domain.
  • If the user passwords are encrypted, you have to collect their passwords through FortiMail webmail login or SMTP client login. To do this:
    1. First create an authentication profile that uses the remote mail server as the authentication server. For details, see Configuring authentication profiles.
    2. Create a recipient-based policy that includes the migration users as senders and also includes the authentication profile. For details, see the Controlling email based on sender and recipient addresses.
    3. Use one of the following two methods to collect user passwords:
      1. Through FortiMail webmail login: Inform the users to log in to the FortiMail webmail portal, using their email addresses of the remote domain (the domain part needs to match proper authentication policy) and their passwords. Upon successful login, the users will be shown an empty webmail mailbox. This is because the email data has not been migrated yet and this step is only meant to collect user passwords.
      2. Through SMTP client login: Inform the users to use the FortiMail host name as their outgoing mail server.

    After you have done the above, when the users try to send email, they will have to authenticate through FortiMail. Then FortiMail will record the user names and passwords into the migration user list under Domain & User > Mail Migration > Migration User.

  • Mail data migration: After you have migrated the users, you can start to migrate the their mail boxes from the remote server. To do this:
    1. Go to Domain & User > Mail Migration > Migration User.
    2. From the Action dropdown list, select Migrate > Selected Users or All Users.
    3. If needed, you can click the Stop and Start button to control the migration process.
    4. After the user’s mail data is successfully migrated, you can export the user to the local user list by clicking Action > Export > Selected Users or All Users. The exported users will appear as local users under User > User.
  • Defining a remote mail server for mail migration

    This is one of the email migration procedures. For the entire procedures, see Migrating email from other mail servers (server mode only).

    1. Go to Domain & User > Mail Migration > Remote Mail Server.
    2. Click New.
    3. Enter a name for the remote server.
    4. Enter the host name or IP address of the remote server.
    5. For Protocol, select either IMAP or IMAPS, FortiMail will act as an IMAP client on the users’ behalf to get email from the remote server.
    6. Enter the IMAP port number if different from the default one (port 993).
    7. Click Create.

    Creating domains for mail migration

    This is one of the email migration procedures. For the entire procedures, see Migrating email from other mail servers (server mode only).

    1. Go to Domain & User > Domain > Domain.
    2. Click New.
    3. Configure the settings as described in Configuring protected domains.
    4. Note

      In v5.0 release, the created domain name on FortiMail must be the same as the users’ domain on the remote mail server. Beginning from v5.0.1 release, the domain names can be different.

    5. Since you have enabled mail migration, a new section called Mail Migration Settings appears at the bottom of the domain settings page. Expand this section and configure the following settings.
    6. Check Enable mail migration.
    7. Specify the remote mail server from the dropdown list. See Defining a remote mail server for mail migration.
    8. Click Create.
    See also:

    Configuring protected domains

    Configuring LDAP profiles

    Migrating email from other mail servers (server mode only)

    If you already have other mail servers, such as Exchange or FortiMail server, and you want to consolidate the mail user and data into one FortiMail server, you can do so by migrating the users and data to your FortiMail unit.

    The email migration process involves the following procedures:

    1. Preparation
      1. Enable the mail migration feature using the following CLI commands (available in server mode only):
      2. config system global

        set email-migration-status enable

        end

        Note

        By default, the email migration feature does not appear on the GUI until you enable it with the above CLI commands.

      3. Define the remote mail server settings. For details, see Defining a remote mail server for mail migration.
      4. Create a domain for the to-be-migrated users. For details, see Creating domains for mail migration.
    2. User migration: Because FortiMail will act as an IMAP client on behalf of the users to get their email from the remote mail server, you must import the user/password information first. To do this, you can use one of the following methods:
    • If you only need to migrate email for a few users and you know the users’ login credentials, you can manually enter their user name/password information by going to Domain & User > Mail Migration > Migration User and click New.
    • If you can export the user name/non-encrypted password list into a CSV file, you can import the CSV file by going to Domain & User > Mail Migration > Migration User and click Action > Import > From .CSV File.
    • If the to-be-migrated users already have accounts on the FortiMail server, you can import/copy the local user list to the migration user list by going to Domain & User > Mail Migration > Migration User and click Action > Import > From Local Domain.
    • If the user passwords are encrypted, you have to collect their passwords through FortiMail webmail login or SMTP client login. To do this:
      1. First create an authentication profile that uses the remote mail server as the authentication server. For details, see Configuring authentication profiles.
      2. Create a recipient-based policy that includes the migration users as senders and also includes the authentication profile. For details, see the Controlling email based on sender and recipient addresses.
      3. Use one of the following two methods to collect user passwords:
        1. Through FortiMail webmail login: Inform the users to log in to the FortiMail webmail portal, using their email addresses of the remote domain (the domain part needs to match proper authentication policy) and their passwords. Upon successful login, the users will be shown an empty webmail mailbox. This is because the email data has not been migrated yet and this step is only meant to collect user passwords.
        2. Through SMTP client login: Inform the users to use the FortiMail host name as their outgoing mail server.

      After you have done the above, when the users try to send email, they will have to authenticate through FortiMail. Then FortiMail will record the user names and passwords into the migration user list under Domain & User > Mail Migration > Migration User.

  • Mail data migration: After you have migrated the users, you can start to migrate the their mail boxes from the remote server. To do this:
    1. Go to Domain & User > Mail Migration > Migration User.
    2. From the Action dropdown list, select Migrate > Selected Users or All Users.
    3. If needed, you can click the Stop and Start button to control the migration process.
    4. After the user’s mail data is successfully migrated, you can export the user to the local user list by clicking Action > Export > Selected Users or All Users. The exported users will appear as local users under User > User.
  • Defining a remote mail server for mail migration

    This is one of the email migration procedures. For the entire procedures, see Migrating email from other mail servers (server mode only).

    1. Go to Domain & User > Mail Migration > Remote Mail Server.
    2. Click New.
    3. Enter a name for the remote server.
    4. Enter the host name or IP address of the remote server.
    5. For Protocol, select either IMAP or IMAPS, FortiMail will act as an IMAP client on the users’ behalf to get email from the remote server.
    6. Enter the IMAP port number if different from the default one (port 993).
    7. Click Create.

    Creating domains for mail migration

    This is one of the email migration procedures. For the entire procedures, see Migrating email from other mail servers (server mode only).

    1. Go to Domain & User > Domain > Domain.
    2. Click New.
    3. Configure the settings as described in Configuring protected domains.
    4. Note

      In v5.0 release, the created domain name on FortiMail must be the same as the users’ domain on the remote mail server. Beginning from v5.0.1 release, the domain names can be different.

    5. Since you have enabled mail migration, a new section called Mail Migration Settings appears at the bottom of the domain settings page. Expand this section and configure the following settings.
    6. Check Enable mail migration.
    7. Specify the remote mail server from the dropdown list. See Defining a remote mail server for mail migration.
    8. Click Create.
    See also:

    Configuring protected domains

    Configuring LDAP profiles