Fortinet black logo

Administration Guide

Home FortiMail 7.4.2 Administration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.7
6.2.0
6.0.6
6.0.4
6.0.3
6.0.1
6.0.0
5.4.10
5.4.8
5.4.5
5.4.4
5.4.3
5.4.0

Configuring FortiGuard services

Configuring FortiGuard services

FortiMail uses Fortinet FortiGuard Antivirus, Antispam, and URL protection services.

Go to System > FortiGuard > License to view your current licenses and service status, and go to System > FortiGuard > Licensed Feature to view the most recent updates to FortiGuard Antivirus engines, antivirus definitions, and FortiGuard Antispam definitions (antispam heuristic rules).

FortiMail units receive updates from the FortiGuard Distribution Network (FDN), a world-wide network of FortiGuard Distribution Servers (FDS). FortiMail units connect to the FDN by connecting to the FDS nearest to the FortiMail unit by its configured time zone.

In addition to manual update requests, FortiMail units also support scheduled updates, by which the FortiMail unit periodically polls the FDN to determine if there are any available updates.

You can alternatively manually update the FortiMail unit by uploading an update file by going to Dashboard > Status and click Update under License Information.

For FortiGuard Antispam and FortiGuard Antivirus update connectivity requirements and troubleshooting information, see Troubleshoot FortiGuard connection issues.

This section contains the following topics:

Configuring FortiGuard antivirus service

You can configure the FortiMail unit to periodically request updates from the FDN or override servers for the FortiGuard Antivirus engine and virus definitions.

For example, you might schedule updates every night at 2 AM or weekly on Sunday, when email traffic volume is light.

Before configuring scheduled updates, first verify that the FortiMail unit can connect to the FDN or override server.

To configure FortiGuard Antivirus options
  1. Go to System > FortiGuard > AntiVirus.

  2. Configure the following and then click Apply.

    GUI item

    Description

    FortiGuard server port

    Connect to FortiGuard Antivirus servers on either port 443 or 8890. The default port is 443.

    Use override server

    Enable to override the default FDN server to which the FortiMail unit connects for updates.

    Override server IP address

    Enter the IP address of the override public or private FDN server.

    Virus outbreak protection

    When a virus outbreak occurs, the FortiGuard antivirus database may need some time to get updated. Therefore, you can choose to defer the delivery of the suspicious email messages and scan them for the second time.

    • Disable: Do not query FortiGuard antivirus service.
    • Enable: Query FortiGuard antivirus service.
    • Enable with Defer: If the first query returns no results, defer the email for the specified time and do the second query.

    Virus outbreak protection period

    If Virus outbreak protection is Enable with Defer, enter how many minutes later a second query will be done.

    Virus database

    Depending on your models, FortiMail supports three types of antivirus databases:

    • Default: The default FortiMail virus database contains most commonly seen viruses and should be sufficient enough for regular antivirus protection.
      For the current release, FortiMail VM00 model supports the default virus database only.
    • Extended: Some high-end FortiMail models support the usage of an extended virus database, which contains viruses that are not active any more.
      For the current release, FortiMail VM01/VM02/200F/400F models support both the default and extended virus databases.
    • Extreme: Some high-end models also support the usage of an extreme virus database, which contains more virus signatures than the default and extended databases.
      For the current release, FortiMail VM04/900F and above models support all three types of virus databases

    Scheduled update

    Enable to perform updates according to a schedule, then select one of the following as the frequency of update requests. When the FortiMail unit requests an update at the scheduled time, results appear in Last Update Status.

    • Every: Select to request to update once every 1 to 23 hours, then select the number of hours between each update request.
    • Daily: Select to request to update once a day, then select the hour of the day to check for updates.
    • Weekly: Select to request to update once a week, then select the day of the week and the hour of the day to check for updates.

    Server location

    Use FortiGuard servers either in the United States only, or in any location in the world.
See also

Configuring FortiGuard services

Configuring FortiGuard antivirus service

Manually requesting updates

Troubleshoot FortiGuard connection issues

Manually requesting updates

You can manually trigger the FortiMail unit to connect to the FDN or override server to request available updates for its FortiGuard antivirus packages.

You can manually initiate updates as an alternative or in addition to other update methods.

To manually request updates

Before manually initiating an update, first verify that the FortiMail unit can connect to the FDN or override server.

  1. Go to System > FortiGuard > AntiVirus.
  2. Click Update Now.
    3. Note

    Updating FortiGuard Antivirus definitions can cause a short disruption in traffic currently being scanned while the FortiMail unit applies the new signature database. To minimize disruptions, update when traffic is light, such as during the night.
  3. After a few minutes, click the System > FortiGuard > License tab to check the update status. If an update was available, new version numbers appear for the packages that were updated. If you have enabled logging, messages are recorded to the event log indicating whether the update was successful or not. For details, see Logs, reports, and alerts.

Configuring FortiGuard Antispam service

You can connect to the FDN to use the FortiGuard Antispam service. You can also use your own override server, such as a FortiManager unit, for antispam service.

To configure the FortiGuard Antispam options

  1. Go to System > FortiGuard > AntiSpam.
  2. Under FortiGuard AntiSpam, verify that Status is enabled. Also select the FortiGuard server port (53 by default or 8888) and protocol (UDP or HTTPS).
  3. Specify a spam outbreak protection level. Higher level means more strict filtering.
  4. If you want to use an override server, such as a local FortiManager unit, instead of the default FDN server, specify it by enabling the option and entering the server address.
  5. Optionally enable cache and specify the cache TTL time. Enabling cache can improve performance.
  6. Use FortiGuard servers either in the United States only, or in any location in the world.
  7. Click Apply.

About spam outbreak protection from FortiGuard

This feature temporarily hold email for a certain period of time (spam outbreak protection period) if the enabled FortiGuard Antispam check (block IP and/or URL filter) returns no result (see Configuring FortiGuard options). After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard Antispam service to update its database in cases a spam outbreak occurs.

FortiMail uses its internal algorithms to determine the suspicious level of an email. For example, the following email is treated as highly suspicious because it contains a phishing URL that might not be known to FortiGuard at the time.

Received: from linux-2543.local ([64.78.154.244])by mail.example.com with ESMTP id 31AmE8tP018352-31AmE8tQ018352 for <bob@example.com>; Fri, 10 Feb 2023 14:14:09 -0800

From: "American Express Online" <info@american-express.com>

To: bob@example.com

Reply-To: <spammer@gmail.com>

Subject: New secure email message from American Express

Date: 10 Feb 2023 15:14:08 -0700

Message-ID: <20230210151408.e4253c5C355132EB@givemeyourmoney.com>

MIME-Version: 1.0

Content-Type: text/plain

For your protection, the content of this message has been sent securely by American Express using encryption technology

To view the secure message, for your security reason

Copy paste below the link in your browser and follow the instruction

https://american.express.vds.xxxxxx.com/secure_email

The secure message expire on Feburary 15 .2023 @ 9:01 PM(GMT)!!!

Do not reply to the notification message, the message was auto generated by the sender's Security system

Configuring spam sample submission service

You can designate an email address to receive and review sample submissions of spam for an administrator to review, or send directly to FortiGuard. Spam submissions can be made using the Report Spam plugin within Microsoft Outlook available for download at https://support.fortinet.com/.

Emails that have been submitted can be reviewed under Monitor > Quarantine > Sample Submission. For more information, see Sample Submission.

To configure a spam sample submissions service

  1. Go to System > FortiGuard > AntiSpam.

  2. Under Sample Submission, verify that Enable submission service is enabled.

  3. Select whether you want an administrator to manually review spam sample submissions or whether you want the submissions to be sent directly to FortiGuard.

  4. Define a Retention period of between 0-60 days, after which the sample submission will be deleted.

  5. Enter the email addresses to receive spam and non-spam (or ham) sample submissions.

    Note

    For the email addresses:

    • The two email accounts cannot be the same.

    • The two accounts are reserved for spam and non-spam submissions; they cannot receive other email.
      Therefore, you cannot use any email accounts in use for spam and non-spam submissions.

  6. Click Apply.

To use the report spam plugin for Microsoft Outlook

  1. Go to https://support.fortinet.com/ and log into your account.

  2. Go to Support > Firmware Download.

  3. Go to FortiMail > Plugins.

  4. Double-click the appropriate install file to start the installation process, and follow the on-screen instructions.

  5. After the plugin is successfully installed, restart Outlook.

    Upon reopening Outlook, you can Report Spam to report any uncaught suspicious email, and use Not Spam to report any caught spam email that you wish to mark as not spam.

Manually querying FortiGuard Antispam service

For testing or any other purposes, you may want to manually query the FortiGuard Antispam service by entering an IP address, URL, or a hash value of an email message.

To query FortiGuard Antispam service
  1. Go to System > FortiGuard > License.
  2. Enter an IP address, URL or hash value of an email message.

  3. Click Query.

    If the query is successful, the Query result field will display if the IP/URL is spam or unknown (not spam).

    If the query is unsuccessful, the Query result field will display No response. In this case, you can use the following tips to troubleshoot the issue.

    If the FortiMail unit can reach the DNS server, but cannot successfully resolve the domain name of the FDN, a message appears notifying you that a DNS error occurred.

    DNS error. Please check the DNS setting of the FortiMail.

  4. Verify that the DNS servers contain A records to resolve service.fortiguard.net and other FDN servers. To try to obtain additional insight into the cause of the query failure, manually perform a DNS query from the FortiMail unit using the following CLI command:

    execute nslookup name service.fortiguard.net

    If the FortiMail unit cannot successfully connect, or if your FortiGuard Antispam license does not exist or has expired, a message appears notifying you that a connection error occurred.

    Connection error. Please check the routing table of the firewall.

  5. Verify that:

    • this is no proxy in between FortiMail and the FDN server.
    • your FortiGuard Antispam license is valid and currently active
    • the default route (located in System > Network > Routing) is correctly configured
    • the FortiMail unit can connect to the DNS servers (located in System > Network > DNS) and to the FDN servers
    • firewalls between the FortiMail unit and the Internet or override server allow FortiGuard Antispam rating query traffic.

    See also Appendix C: Port Numbers.

  6. To try to obtain additional insight into the point of the connection failure, trace the connection using the following CLI command:

    execute traceroute <address_ipv4>

    where <address_ipv4> is the IP address of the DNS server or FDN server.

    When query connectivity is successful, antispam profiles can use the FortiGuard option.

    You can use the antispam log to monitor for subsequent query connectivity interruptions. When sending email through the FortiMail unit that matches a policy and profile where the FortiGuard option is enabled, if the FortiMail cannot connect to the FDN and/or its license is not valid, and if Information-level logging is enabled, the FortiMail unit records a log message in the antispam log (located in Monitor > Log > AntiSpam) whose Log Id field is 0300023472 and whose Message field is:

    FortiGuard-Antispam: No Answer from server.

  7. Verify that the FortiGuard Antispam license is still valid, and that network connectivity has not been disrupted.

Configuring licensed features

The following features are configurable with valid applicable licenses.

Configuring email continuity

When FortiMail is running in either gateway or transparent mode, with this feature enabled, end users are allowed to access inbound emails in instances where the email server behind the FortiMail unit goes offline. This feature is only available with a valid license from FortiGuard.

To configure email continuity
  1. Go to System > FortiGuard > Licensed Feature.

  2. In the Email Continuity section, set Status to Enable.

    Alternatively, you may select either Disable or Disable and Purge Email (to disable the feature and purge email from the email continuity service after the configured retention period expires).

  3. Adjust the Retention period according to your requirements. The higher the number, the higher the number of days emails are kept before they are removed. The default setting is 30. The valid range is 1-60.

    Caution

    The actual retention period is whichever is the smaller value of this setting and the email retention period set for incoming email when configuring a resource profile. See Configuring resource profiles.

    By default, this feature is disabled.
  4. Enable Authentication cache status to allow FortiMail to caches user's password, enabling users to authenticate in the event of an LDAP server outage.
  5. Define the Authentication cache period in days. The default setting is 20. The valid range is 1-60.

Configuring advanced management features (license required)

If you have the advanced management license, you can go to System > FortiGuard > Licensed Feature and in the Advanced Management section, enable the following settings.

GUI item

Description

Centralized monitor

For details, see Centrally monitoring the HA cluster.

User management

For details, see Configuring user import profiles

Mailbox accounting service

For details, see Configuring mailbox statistics and Viewing mail statistics.

Domain group support

For details, see To configure domain groups.

History log access for domain level administrator

For details, see Access level and Viewing log messages.

Domain mail statistics

For details, see Viewing mail statistics.

MTA advanced control

For details, see Configuring advanced MTA control settings.

Intra domain protection

Enable or disable applying both inbound and outbound policies when an email is sent between protected domains.

When this setting is disabled, if an email is sent between two protected domains, then FortiMail only applies the matching inbound policy. This means that, for example, an inbound policy with antispam would apply, but not an outbound policy with DLP. This behavior may be correct if all protected domains belong to the same company. However for an MSSP with multiple tenants, both policies should apply. In that case, enabled this setting so that FortiMail applies both inbound and outbound policies.

Configuring adult image analysis

When you configure a content profile (see Configuring scan options), you can choose to scan for adult images in the email body and attachments.

To configure adult image analysis settings
  1. Go to System > FortiGuard > Licensed Feature.
  2. In the Adult Image Analysis section, enable Status.

  3. Adjust the rating sensitivity according to your requirements. The higher the number, the higher the sensitivity. The default setting is 75 and the valid range is 0-100.

    Caution

    Adjust the rating sensitivity properly to avoid false positives and false negatives.

    Enabling this feature affects FortiMail performance. By default, this feature is enabled.
  4. Specify the minimum and maximum file size of images that will be scanned.
Previous
Next

Configuring FortiGuard services

FortiMail uses Fortinet FortiGuard Antivirus, Antispam, and URL protection services.

Go to System > FortiGuard > License to view your current licenses and service status, and go to System > FortiGuard > Licensed Feature to view the most recent updates to FortiGuard Antivirus engines, antivirus definitions, and FortiGuard Antispam definitions (antispam heuristic rules).

FortiMail units receive updates from the FortiGuard Distribution Network (FDN), a world-wide network of FortiGuard Distribution Servers (FDS). FortiMail units connect to the FDN by connecting to the FDS nearest to the FortiMail unit by its configured time zone.

In addition to manual update requests, FortiMail units also support scheduled updates, by which the FortiMail unit periodically polls the FDN to determine if there are any available updates.

You can alternatively manually update the FortiMail unit by uploading an update file by going to Dashboard > Status and click Update under License Information.

For FortiGuard Antispam and FortiGuard Antivirus update connectivity requirements and troubleshooting information, see Troubleshoot FortiGuard connection issues.

This section contains the following topics:

Configuring FortiGuard antivirus service

You can configure the FortiMail unit to periodically request updates from the FDN or override servers for the FortiGuard Antivirus engine and virus definitions.

For example, you might schedule updates every night at 2 AM or weekly on Sunday, when email traffic volume is light.

Before configuring scheduled updates, first verify that the FortiMail unit can connect to the FDN or override server.

To configure FortiGuard Antivirus options
  1. Go to System > FortiGuard > AntiVirus.

  2. Configure the following and then click Apply.

    GUI item

    Description

    FortiGuard server port

    Connect to FortiGuard Antivirus servers on either port 443 or 8890. The default port is 443.

    Use override server

    Enable to override the default FDN server to which the FortiMail unit connects for updates.

    Override server IP address

    Enter the IP address of the override public or private FDN server.

    Virus outbreak protection

    When a virus outbreak occurs, the FortiGuard antivirus database may need some time to get updated. Therefore, you can choose to defer the delivery of the suspicious email messages and scan them for the second time.

    • Disable: Do not query FortiGuard antivirus service.
    • Enable: Query FortiGuard antivirus service.
    • Enable with Defer: If the first query returns no results, defer the email for the specified time and do the second query.

    Virus outbreak protection period

    If Virus outbreak protection is Enable with Defer, enter how many minutes later a second query will be done.

    Virus database

    Depending on your models, FortiMail supports three types of antivirus databases:

    • Default: The default FortiMail virus database contains most commonly seen viruses and should be sufficient enough for regular antivirus protection.
      For the current release, FortiMail VM00 model supports the default virus database only.
    • Extended: Some high-end FortiMail models support the usage of an extended virus database, which contains viruses that are not active any more.
      For the current release, FortiMail VM01/VM02/200F/400F models support both the default and extended virus databases.
    • Extreme: Some high-end models also support the usage of an extreme virus database, which contains more virus signatures than the default and extended databases.
      For the current release, FortiMail VM04/900F and above models support all three types of virus databases

    Scheduled update

    Enable to perform updates according to a schedule, then select one of the following as the frequency of update requests. When the FortiMail unit requests an update at the scheduled time, results appear in Last Update Status.

    • Every: Select to request to update once every 1 to 23 hours, then select the number of hours between each update request.
    • Daily: Select to request to update once a day, then select the hour of the day to check for updates.
    • Weekly: Select to request to update once a week, then select the day of the week and the hour of the day to check for updates.

    Server location

    Use FortiGuard servers either in the United States only, or in any location in the world.
See also

Configuring FortiGuard services

Configuring FortiGuard antivirus service

Manually requesting updates

Troubleshoot FortiGuard connection issues

Manually requesting updates

You can manually trigger the FortiMail unit to connect to the FDN or override server to request available updates for its FortiGuard antivirus packages.

You can manually initiate updates as an alternative or in addition to other update methods.

To manually request updates

Before manually initiating an update, first verify that the FortiMail unit can connect to the FDN or override server.

  1. Go to System > FortiGuard > AntiVirus.
  2. Click Update Now.
    3. Note

    Updating FortiGuard Antivirus definitions can cause a short disruption in traffic currently being scanned while the FortiMail unit applies the new signature database. To minimize disruptions, update when traffic is light, such as during the night.
  3. After a few minutes, click the System > FortiGuard > License tab to check the update status. If an update was available, new version numbers appear for the packages that were updated. If you have enabled logging, messages are recorded to the event log indicating whether the update was successful or not. For details, see Logs, reports, and alerts.

Configuring FortiGuard Antispam service

You can connect to the FDN to use the FortiGuard Antispam service. You can also use your own override server, such as a FortiManager unit, for antispam service.

To configure the FortiGuard Antispam options

  1. Go to System > FortiGuard > AntiSpam.
  2. Under FortiGuard AntiSpam, verify that Status is enabled. Also select the FortiGuard server port (53 by default or 8888) and protocol (UDP or HTTPS).
  3. Specify a spam outbreak protection level. Higher level means more strict filtering.
  4. If you want to use an override server, such as a local FortiManager unit, instead of the default FDN server, specify it by enabling the option and entering the server address.
  5. Optionally enable cache and specify the cache TTL time. Enabling cache can improve performance.
  6. Use FortiGuard servers either in the United States only, or in any location in the world.
  7. Click Apply.

About spam outbreak protection from FortiGuard

This feature temporarily hold email for a certain period of time (spam outbreak protection period) if the enabled FortiGuard Antispam check (block IP and/or URL filter) returns no result (see Configuring FortiGuard options). After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard Antispam service to update its database in cases a spam outbreak occurs.

FortiMail uses its internal algorithms to determine the suspicious level of an email. For example, the following email is treated as highly suspicious because it contains a phishing URL that might not be known to FortiGuard at the time.

Received: from linux-2543.local ([64.78.154.244])by mail.example.com with ESMTP id 31AmE8tP018352-31AmE8tQ018352 for <bob@example.com>; Fri, 10 Feb 2023 14:14:09 -0800

From: "American Express Online" <info@american-express.com>

To: bob@example.com

Reply-To: <spammer@gmail.com>

Subject: New secure email message from American Express

Date: 10 Feb 2023 15:14:08 -0700

Message-ID: <20230210151408.e4253c5C355132EB@givemeyourmoney.com>

MIME-Version: 1.0

Content-Type: text/plain

For your protection, the content of this message has been sent securely by American Express using encryption technology

To view the secure message, for your security reason

Copy paste below the link in your browser and follow the instruction

https://american.express.vds.xxxxxx.com/secure_email

The secure message expire on Feburary 15 .2023 @ 9:01 PM(GMT)!!!

Do not reply to the notification message, the message was auto generated by the sender's Security system

Configuring spam sample submission service

You can designate an email address to receive and review sample submissions of spam for an administrator to review, or send directly to FortiGuard. Spam submissions can be made using the Report Spam plugin within Microsoft Outlook available for download at https://support.fortinet.com/.

Emails that have been submitted can be reviewed under Monitor > Quarantine > Sample Submission. For more information, see Sample Submission.

To configure a spam sample submissions service

  1. Go to System > FortiGuard > AntiSpam.

  2. Under Sample Submission, verify that Enable submission service is enabled.

  3. Select whether you want an administrator to manually review spam sample submissions or whether you want the submissions to be sent directly to FortiGuard.

  4. Define a Retention period of between 0-60 days, after which the sample submission will be deleted.

  5. Enter the email addresses to receive spam and non-spam (or ham) sample submissions.

    Note

    For the email addresses:

    • The two email accounts cannot be the same.

    • The two accounts are reserved for spam and non-spam submissions; they cannot receive other email.
      Therefore, you cannot use any email accounts in use for spam and non-spam submissions.

  6. Click Apply.

To use the report spam plugin for Microsoft Outlook

  1. Go to https://support.fortinet.com/ and log into your account.

  2. Go to Support > Firmware Download.

  3. Go to FortiMail > Plugins.

  4. Double-click the appropriate install file to start the installation process, and follow the on-screen instructions.

  5. After the plugin is successfully installed, restart Outlook.

    Upon reopening Outlook, you can Report Spam to report any uncaught suspicious email, and use Not Spam to report any caught spam email that you wish to mark as not spam.

Manually querying FortiGuard Antispam service

For testing or any other purposes, you may want to manually query the FortiGuard Antispam service by entering an IP address, URL, or a hash value of an email message.

To query FortiGuard Antispam service
  1. Go to System > FortiGuard > License.
  2. Enter an IP address, URL or hash value of an email message.

  3. Click Query.

    If the query is successful, the Query result field will display if the IP/URL is spam or unknown (not spam).

    If the query is unsuccessful, the Query result field will display No response. In this case, you can use the following tips to troubleshoot the issue.

    If the FortiMail unit can reach the DNS server, but cannot successfully resolve the domain name of the FDN, a message appears notifying you that a DNS error occurred.

    DNS error. Please check the DNS setting of the FortiMail.

  4. Verify that the DNS servers contain A records to resolve service.fortiguard.net and other FDN servers. To try to obtain additional insight into the cause of the query failure, manually perform a DNS query from the FortiMail unit using the following CLI command:

    execute nslookup name service.fortiguard.net

    If the FortiMail unit cannot successfully connect, or if your FortiGuard Antispam license does not exist or has expired, a message appears notifying you that a connection error occurred.

    Connection error. Please check the routing table of the firewall.

  5. Verify that:

    • this is no proxy in between FortiMail and the FDN server.
    • your FortiGuard Antispam license is valid and currently active
    • the default route (located in System > Network > Routing) is correctly configured
    • the FortiMail unit can connect to the DNS servers (located in System > Network > DNS) and to the FDN servers
    • firewalls between the FortiMail unit and the Internet or override server allow FortiGuard Antispam rating query traffic.

    See also Appendix C: Port Numbers.

  6. To try to obtain additional insight into the point of the connection failure, trace the connection using the following CLI command:

    execute traceroute <address_ipv4>

    where <address_ipv4> is the IP address of the DNS server or FDN server.

    When query connectivity is successful, antispam profiles can use the FortiGuard option.

    You can use the antispam log to monitor for subsequent query connectivity interruptions. When sending email through the FortiMail unit that matches a policy and profile where the FortiGuard option is enabled, if the FortiMail cannot connect to the FDN and/or its license is not valid, and if Information-level logging is enabled, the FortiMail unit records a log message in the antispam log (located in Monitor > Log > AntiSpam) whose Log Id field is 0300023472 and whose Message field is:

    FortiGuard-Antispam: No Answer from server.

  7. Verify that the FortiGuard Antispam license is still valid, and that network connectivity has not been disrupted.

Configuring licensed features

The following features are configurable with valid applicable licenses.

Configuring email continuity

When FortiMail is running in either gateway or transparent mode, with this feature enabled, end users are allowed to access inbound emails in instances where the email server behind the FortiMail unit goes offline. This feature is only available with a valid license from FortiGuard.

To configure email continuity
  1. Go to System > FortiGuard > Licensed Feature.

  2. In the Email Continuity section, set Status to Enable.

    Alternatively, you may select either Disable or Disable and Purge Email (to disable the feature and purge email from the email continuity service after the configured retention period expires).

  3. Adjust the Retention period according to your requirements. The higher the number, the higher the number of days emails are kept before they are removed. The default setting is 30. The valid range is 1-60.

    Caution

    The actual retention period is whichever is the smaller value of this setting and the email retention period set for incoming email when configuring a resource profile. See Configuring resource profiles.

    By default, this feature is disabled.
  4. Enable Authentication cache status to allow FortiMail to caches user's password, enabling users to authenticate in the event of an LDAP server outage.
  5. Define the Authentication cache period in days. The default setting is 20. The valid range is 1-60.

Configuring advanced management features (license required)

If you have the advanced management license, you can go to System > FortiGuard > Licensed Feature and in the Advanced Management section, enable the following settings.

GUI item

Description

Centralized monitor

For details, see Centrally monitoring the HA cluster.

User management

For details, see Configuring user import profiles

Mailbox accounting service

For details, see Configuring mailbox statistics and Viewing mail statistics.

Domain group support

For details, see To configure domain groups.

History log access for domain level administrator

For details, see Access level and Viewing log messages.

Domain mail statistics

For details, see Viewing mail statistics.

MTA advanced control

For details, see Configuring advanced MTA control settings.

Intra domain protection

Enable or disable applying both inbound and outbound policies when an email is sent between protected domains.

When this setting is disabled, if an email is sent between two protected domains, then FortiMail only applies the matching inbound policy. This means that, for example, an inbound policy with antispam would apply, but not an outbound policy with DLP. This behavior may be correct if all protected domains belong to the same company. However for an MSSP with multiple tenants, both policies should apply. In that case, enabled this setting so that FortiMail applies both inbound and outbound policies.

Configuring adult image analysis

When you configure a content profile (see Configuring scan options), you can choose to scan for adult images in the email body and attachments.

To configure adult image analysis settings
  1. Go to System > FortiGuard > Licensed Feature.
  2. In the Adult Image Analysis section, enable Status.

  3. Adjust the rating sensitivity according to your requirements. The higher the number, the higher the sensitivity. The default setting is 75 and the valid range is 0-100.

    Caution

    Adjust the rating sensitivity properly to avoid false positives and false negatives.

    Enabling this feature affects FortiMail performance. By default, this feature is enabled.
  4. Specify the minimum and maximum file size of images that will be scanned.
Previous
Next