Administration Guide

Email concepts and process workflow
- Email protocols
- Client-server connections in SMTP
- DNS role in email delivery
- How FortiMail processes email
- FortiMail operation modes
- FortiMail high availability modes
- FortiMail management methods
Setting up FortiMail system
- Connecting to the web UI or CLI
- Choosing the operation mode
- Running the Quick Start Wizard
- Connecting to FortiGuard services
- Gateway mode deployment
- Transparent mode deployment
- Server mode deployment
- Testing the installation
- Backing up the configuration
Using the dashboard
- Viewing the dashboard
- Using the CLI Console
Using FortiView
- Viewing email statistics
- View threat statistics
- View outbreak statistics
- Viewing top user statistics
- Viewing current IP sessions
Monitoring the system
- Viewing log messages
- Managing the quarantines
- Managing the mail queue
- Viewing the greylist statuses
- Viewing sender, authentication and endpoint reputation
- Managing archived email
- Viewing generated reports
Centrally monitoring the HA cluster
- Viewing the cluster status
- Viewing HA cluster mail statistics
- Viewing HA cluster threat statistics
- Searching the HA cluster logs
Configuring system settings
- Configuring network settings
- Configuring administrator accounts and access profiles
- Configuring system time, options, and other system options
- Configuring mail settings
- Customizing GUI, custom messages, email templates, SSO, and Security Fabric
- Configuring RAID
- Using high availability (HA)
- Managing certificates
- Using FortiNDR malware inspection
- Using FortiSandbox antivirus inspection
- Configuring FortiGuard services
- System maintenance
- System utility
Configuring domains and users
- Configuring protected domains
- Managing users
- Configuring user aliases
- Configuring address mappings
- Configuring IBE users
- Managing the address book (server mode only)
- Sharing calendars and address books (server mode only)
- Migrating email from other mail servers (server mode only)
Configuring policies
- What is a policy?
- How to use policies
- Controlling SMTP access and delivery
- Controlling email based on IP addresses
- Controlling email based on sender and recipient addresses
Configuring profiles
- Configuring session profiles
- Configuring antispam profiles and antispam action profiles
- Configuring antivirus profiles, file signatures, and antivirus action profiles
- Configuring content profiles and content action profiles
- Configuring replacement message profiles and variables
- Configuring resource profiles
- Workflow to enable and configure authentication of email users
- Configuring authentication profiles
- Configuring LDAP profiles
- Configuring dictionary profiles
- Configuring security profiles
- Configuring IP pools
- Configuring email, IP and GeoIP groups
- Configuring notification profiles
Configuring security settings
- Configuring the FortiGuard URL filter
- Configuring content disarm and reconstruction
- Configuring authentication reputation
- Configuring email quarantines and quarantine reports
- Configuring the block lists and safe lists
- Configuring greylisting
- Configuring bounce verification and tagging
- Configuring sender rewriting scheme
- Configuring endpoint reputation
- Training and maintaining the Bayesian databases
Configuring encryption settings
- Configuring IBE encryption
- Configuring certificate bindings
Configuring data loss prevention
- DLP configuration workflow
- Defining the sensitive data
- Configuring DLP rules
- Configuring DLP profiles
Archiving email
- Email archiving workflow
- Configuring email archiving accounts
- Configuring email archiving policies
- Configuring email archiving exemptions
Logs, reports and alerts
- About FortiMail logging
- Configuring logging
- Configuring report profiles and generating mail statistic reports
- Configuring alert email
Microsoft 365 threat remediation
- Microsoft 365 protection workflow
- Configuring Microsoft 365 accounts
- Configuring profiles
- Configuring scanning policies
- Monitoring log messages
Managing firmware and configuration
- Testing firmware before installing it
- Installing firmware
- Clean installing firmware
- Upgrading firmware on HA units
Best practices and fine tuning
- General security tuning
- System security tuning
- Network topology tuning
- High availability (HA) tuning
- SMTP connectivity tuning
- Antispam tuning
- Policy tuning
- System maintenance tips
- Performance tuning
Troubleshooting
- Establish a system baseline
- Define the problem
- Search for a known solution
- Create a troubleshooting plan
- Gather system information
- Troubleshoot hardware issues
- Troubleshoot GUI and CLI connection issues
- Troubleshoot FortiGuard connection issues
- Troubleshoot MTA issues
- Troubleshoot antispam issues
- Troubleshoot HA issues
- Troubleshoot resource issues
- Troubleshoot bootup issues
- Troubleshoot installation issues
- Contact Fortinet customer support for assistance
Setup for email users
- Training Bayesian databases
- Managing tagged spam
- Accessing the personal quarantine and webmail
- Sending email from an email client (gateway and transparent mode)
Appendix A: Supported RFCs
Appendix B: Maximum Values
Appendix C: Port Numbers
Appendix D: Wildcards and regular expressions
- Special characters with regular expressions and wildcards
- Case sensitivity
- Modifiers
- Word boundary
- Syntax
- Examples
Appendix E: Working with TLS/SSL
- About TLS/SSL
- How TLS/SSL works
- FortiMail support of TLS/SSL
- Troubleshooting FortiMail TLS issues
Appendix F: PKI Authentication
- Introduction to PKI authentication
- FortiMail PKI architecture
- Configuring PKI authentication on FortiMail
Change Log

Home FortiMail 7.2.5 Administration Guide

7.2.5

Configuring sender rewriting scheme

Go to Security > Sender Rewriting Scheme to configure sender rewriting scheme (SRS) settings, and maintain a domain name exempt list.

SRS is used to rewrite the envelope sender of an email address, so that emails may be forwarded by an MTA if necessary without being rejected by the receiving server which may have a strict SPF policy in place.

To configure SRS settings

Go to Security > Sender Rewriting Scheme > Setting.
Configure the following as required:

GUI item	Description
Domain for rewrite	Select which domains to rewrite for external senders sending emails. None: No domains are rewritten. Protected Domains: Only protected domains are rewritten. All Domains: All domains are rewritten.
Rewritten address handling	Select which action to take for rewritten addresses. None: Deny any recipient that is previously rewritten. Reverse: Reverse the recipient address and send the email to the original sender, for those recipients that are previously rewritten senders.

GUI item

Description

Domain for rewrite

Select which domains to rewrite for external senders sending emails.

None: No domains are rewritten.
Protected Domains: Only protected domains are rewritten.
All Domains: All domains are rewritten.

Rewritten address handling

Select which action to take for rewritten addresses.

None: Deny any recipient that is previously rewritten.
Reverse: Reverse the recipient address and send the email to the original sender, for those recipients that are previously rewritten senders.

If Default domain for authentication (under System > Mail Setting > Mail Server Setting) is not enabled, SRS rewrite will not work.
If there are multiple domains, the default domain will be used for SRS rewrite.

Excluding domains from SRS

If you want to exempt certain domain names from SRS, you can do so by adding the recipient domain name to the exempt list.

To configure the domain name exempt list

Go to Security > Sender Rewriting Scheme > Exempt List.
Click New.
Add the recipient domain name.
Click Create.