Configuring email quarantines and quarantine reports
The Quarantine submenu lets you configure quarantine settings, and to configure system-wide settings for quarantine reports.
Using the email quarantine feature involves the following steps:
- First, enable email quarantine when you configure antispam action profiles (see Configuring antispam action profiles) and content action profiles (see Configuring content action profiles).
- Configure the system quarantine administrator account who can manage the system quarantine. See Configuring the system quarantine setting.
- Configure the quarantine control accounts, so that email users can send email to the accounts to release or delete email quarantines. See Configuring the quarantine control options.
- Configure system-wide quarantine report settings, so that the FortiMail unit can send reports to inform email users of the mail quarantines. Then the users can decide if they want to release or delete the quarantined emails. See Configuring global quarantine report settings.
- Configure domain-wide quarantine report settings for specific domains. See Quarantine Report Setting.
- View and manage personal quarantines and system quarantines. See Managing the quarantines.
- As the FortiMail administrator, you may also need to instruct end users about how to access their email quarantines. See Accessing the personal quarantine and webmail.
See also
Configuring global quarantine report settings
Configuring the system quarantine setting
Configuring the quarantine control options
Configuring global quarantine report settings
The Quarantine Report tab lets you configure various system-wide aspects of the quarantine report, including scheduling when the FortiMail unit will send reports.
For the quarantine report schedule to take effect, you must enable the quarantine action in the antispam and/or content action profile first. For details, see Configuring antispam action profiles and Configuring content action profiles. For general steps about how to use email quarantine, see Configuring email quarantines and quarantine reports. |
FortiMail units send quarantine reports to notify email users when email is quarantined to their per-recipient quarantine. If no email messages have been quarantined to the per-recipient quarantine folder in the period since the previous quarantine report, the FortiMail unit does not send a quarantine report.
In addition to the system-wide quarantine report settings, you can configure some quarantine report settings individually for each protected domain, including whether the FortiMail unit will send either or both plain text and HTML format quarantine reports. For more information about domain-wide quarantine report settings, see Quarantine Report Setting.
Starting from v4.1, domain-wide quarantine report settings are independent from the system-wide quarantine report settings. |
For information on the contents of the plain text and HTML format quarantine report, see About the plain text formatted quarantine report and About the HTML formatted quarantine report.
To configure the global quarantine report settings
- Go to Security > Quarantine > Quarantine Report.
- Configure the following:
- If the FortiMail unit is operating in gateway mode or server mode, web release and delete links in the quarantine report will use the fully qualified domain name (FQDN) of the FortiMail unit.
- If the FortiMail unit is operating in transparent mode, web release and delete links in the quarantine report will use the FortiMail unit’s management IP address. For more information, see About the management IP.
- In the Quarantine Report Recipient Setting section, double-click a domain name to modify its related settings.
- Configure the following and click OK.
GUI item |
Description |
|
Schedule |
|
|
|
These hours |
Select the hours of the day during which you want the FortiMail unit to generate quarantine reports. |
|
These days |
Select the days of the week during which you want the FortiMail unit to generate quarantine reports. |
Template |
|
|
|
Quarantine report template |
Select a template from the dropdown list or click Edit to customize it. For details about email template customization, see Customizing email templates. |
Webmail Access Setting |
|
|
|
Time limited access without authentication |
Enable to allow user access without authentication for the following period of time. |
|
Expiry period |
Specify the time limit for the above setting. Enter 0 to disable the above access. |
|
Enter a host name for the FortiMail unit that will be used for web release links in quarantine reports (but not email release links). If this field is left blank: Configuring an alternate host name for web release and delete links can be useful if the local domain name or management IP of the FortiMail unit is not resolvable from everywhere that email users will use their quarantine reports. In that case, you can override the web release link to use a globally resolvable host name or IP address. |
A dialog appears.
Quarantine report recipient settings
GUI item |
Description |
|
Domain name |
|
Displays the name of a protected domain. For more information on protected domains, see Configuring protected domains. |
|
Send to original recipient |
Select to send quarantine reports to each recipient address in the protected domain. |
|
Send to other recipient |
Select to send quarantine reports to an email address other than the recipients or group owners, then enter the email address. |
|
Send to LDAP group owner based on LDAP profile |
Select to send quarantine reports to the email addresses of group owners, then select the name of an LDAP profile in which you have enabled and configured in Configuring group query options. Also configure the following two options for more granular control:
|
About the plain text formatted quarantine report
Plain text quarantine reports:
- notify email users about email messages that have been quarantined to their per-recipient quarantine
- explain how to delete one or all quarantined email messages
- explain how to release individual email messages
For plain text quarantine reports, you can only release email from the per-recipient quarantine by using the email release method. For more information on how to release email from the per-recipient quarantine, see Releasing and deleting email via quarantine reports.
Release instructions in a plain text quarantine report may use either the management IP address or local domain name.
The contents of quarantine reports are customizable. For more information, see Customizing GUI, custom messages, email templates, and Security Fabric. |
Sample plain text quarantine report
Sample plain text quarantine report
|
Report content |
Message header of quarantine report |
|
Quarantined email #1 |
|
Quarantined email #2 |
|
Quarantined email #3 |
|
Instructions for deleting or releasing quarantined email |
|
About the HTML formatted quarantine report
- notify email users about email messages that have been quarantined to their per-recipient quarantine
- contain links to delete one or all quarantined email messages (see Sample HTML quarantine report)
- contain links to release individual email messages (see Sample HTML quarantine report)
From an HTML format quarantine report, you can release or delete messages by using either web or email release methods. For more information on how to release email from the per-recipient quarantine, see Releasing and deleting email via quarantine reports.
Web release and delete links in an HTML formatted quarantine report may link to either the management IP address, local domain name, or an alternative host name for the FortiMail unit. For more information, see Web release host name/IP.
The contents of quarantine reports are customizable. For more information, see Customizing GUI, custom messages, email templates, and Security Fabric. |
If option to auto add to personal safe list when releasing spam is enabled, default HTML report now seems to include notification of that setting. From replacement message:
<**SPAM_CONFIG_NOTE**><b>Note: %%SPAM_SAFE_LIST%%.</b>
<**/SPAM_CONFIG_NOTE**>
Sample HTML quarantine report
Sample HTML quarantine report
|
Report content |
Message header of quarantine report |
Subject: Quarantine Summary: [ 3 message(s) quarantined from Thu, 04 Sep 2008 11:00:00 to Thu, 04 Sep 2008 12:00:00 ] From: release-ctrl@example.com Date: Thu, 04 Sep 2008 12:00:00 To: user1@example.com |
Quarantined email #1 |
Date: Thu, 04 Sep 2008 11:52:51 From: User 1 <user1@example.com> Subject: [SPAM] information leak |
Quarantined email #2 |
Date: Thu, 04 Sep 2008 11:51:10 From: User 1 <user1@example.com> Subject: [SPAM] curious? |
Quarantined email #3 |
Date: Thu, 04 Sep 2008 11:48:50 From: User 1 <user1@example.com> Subject: [SPAM] Buy now!!!! lowest prices |
Instructions for deleting or releasing quarantined email |
|
Releasing and deleting email via quarantine reports
Quarantine reports enable recipients to remotely monitor and delete or release email messages in the per-recipient quarantine folders.
Depending on whether the quarantine report is sent and viewed in plain text or HTML format, a quarantine report recipient may use either or both web release and email release methods to release or delete email from a per-recipient quarantine.
-
Web release: To release or delete an email from the per-recipient quarantine, the recipient must click the Release or Delete web action link which sends an HTTP or HTTPS request to the FortiMail unit. Available for HTML format quarantine reports only.
-
Email release: To release or delete an email from the per-recipient quarantine, the recipient must either:
-
Click the Release or Delete email action link which creates a new email message containing all required information, then send it to the quarantine control account of the FortiMail unit. Available for HTML format quarantine reports only.
-
Manually send an email message to the quarantine control account of the FortiMail unit. The
To:
address must be the quarantine control email address, such asrelease-ctrl@example.com
ordelete-ctrl@example.com
. The subject line must contain both the recipient email address andMessage-Id:
of the quarantined email, separated by a colon (:
), such as:user1@example.com:MTIyMDU0MDk1Ni43NDRfMTk2ODU0LkZvcnRpTWFpbC00MDAsI0YjUyM2NjUjRQ==
-
Releasing an email from the per-recipient quarantine using email release
Quarantine control email addresses are configurable. For information, see Configuring the quarantine control options.
Web release links may be configured to expire after a period of time, and may or may not require the recipient to log in to the FortiMail unit. For more information, see Configuring global quarantine report settings.
For more information on the differences between plain text and HTML format quarantine reports, see About the plain text formatted quarantine report and About the HTML formatted quarantine report.
See also
Configuring global quarantine report settings
Managing the personal quarantines
About the plain text formatted quarantine report
About the HTML formatted quarantine report
Configuring the system quarantine setting
Go to Security > Quarantine > System Quarantine Setting to configure the system quarantine account, quarantine folder, and other system quarantine settings.
The system quarantine can be accessed through either:
- IMAP -- use an IMAP email client to access the FortiMail unit with the system quarantine account name (without any domain name) and password.
- Administrative GUI -- create an administrator account with the quarantine access privilege in the access profile and access the GUI using this administrator account.
The system quarantine cannot be accessed through POP3 or webmail.
To configure the system quarantine account and quarantine folders
- Go to Security > Quarantine > System Quarantine Setting.
- Configure the following:
See also
Managing the system quarantine
Configuring the quarantine control options
Go to Security > Quarantine > Quarantine Control to configure quarantine release and delete control accounts. You can also specify whether to re-scan the quarantined email for virus infections before they are released. This can be useful if the email messages are quarantined due to antispam reasons, or if the antivirus signatures are updated later.
For email messages in the Virus folder of the system quarantine, they will not be rescanned when they are released. Otherwise, you may never be able to release them. For email messages in other quarantine folders, they will be rescanned when they are released for the first time. In case they are quarantined again and you still want to release them, they will be released without rescan. |
Email users can remotely release or delete email messages in their per-recipient quarantine by sending email to quarantine control email addresses.
For example, if the Release account is release-ctrl
and the local domain name of the FortiMail unit is example.com
and example.com
is not a protected domain, an email user could release an email message from their per-recipient quarantine by sending an email to release-ctrl@example.com
. If the FortiMail unit's local domain name happens to be a protected domain name, the Release account address would be release-ctrl@hostname.example.com
. The FortiMail unit's host name and local domain name are configured under System > Mail Setting > Mail Server Setting.
For more information on releasing and deleting quarantined items through email, see Releasing and deleting email via quarantine reports.
To configure the quarantine control settings
- Go to Security > Quarantine > Quarantine Control.
- Under Quarantine Release Re-scan Setting, specify whether to re-scan the quarantined email with the FortiMail AV engine and/or FortiSandbox before the email is released. Also specify whether to scan the personal quarantine and/or system quarantine.
- For Release account, enter the user name portion (also known as the local-part) of the email address on the FortiMail unit that will receive quarantine release commands; for example: such as
release‑ctrl
. - For Delete account, enter the user name portion (also known as the local-part) of the email address on the FortiMail unit that will receive quarantine delete commands; such as
delete‑ctrl
. - Click Apply.