<profile_name>

Enter the name of the profile.

access-method {push | pull}

Select how recipients can retrieve encrypted messages:

• push: A notification and a secure mail is delivered to the recipient. Recipients must go to FortiMail to open the message. FortiMail does not store the message. If the message exceeds max-push-size <size_int>, the pull method is used instead.

• pull: A notification is delivered to the recipient. Recipients must go to FortiMail to open the message. FortiMailstores the message.

This setting appears only if protocol {ibe | ibe-on-tls-failure | smime} is ibeor ibe-on-tls-failure.

action-on-failure {drop | send | tls}

Select what to do when encrypted messages cannot be used:

• drop: Send a delivery status notification (DSN) email to the sender’s email address, indicating that the email is permanently undeliverable.

• send: Deliver the email in clear text, without encryption.

• tls: Effect varies by other TLS settings.

  • Continue the existing secure connection if:

    • level {none | preferred | secure} is secure

    • level {none | preferred | secure} is preferred and the other SMTP client or server agreed to an SSL/TLS session

  • Temporarily fail if level {none | preferred | secure} is preferred but the other SMTP client or server did not agree to an SSL/TLS session, and the TLS profile's action {fail | tempfail} is tempfail.

  • Reject the email and reply with SMTP reply code 550.if:

    • (for receiving) smtps-tls-status {enable | disable} is disabled

    • no TLS profile is selected

    • level {none | preferred | secure} is none

    • level {none | preferred | secure} is preferred but the other SMTP client or server did not agree to an SSL/TLS session, and the TLS profile's action {fail | tempfail} is fail

This setting appears only if protocol {ibe | ibe-on-tls-failure | smime} is ibeor smime.

action {encrypt | encryptandsign | sign}

Select either:

• encrypt

• sign

• encryptandsign

This setting appears only if protocol {ibe | ibe-on-tls-failure | smime} is smime. (For IBE, encryption occurs.)

comment "<description_str>"

Enter a description or comment.

encryption-algorithm {aes128 | aes192 | aes256 | cast5 | tripledes | des}

Select which encryption algorithm will be used to encrypt the email message:

• aes256

• aes192

• aes128

• cast5

• tripledes (3DES)

• des

max-push-size <size_int>

Select the secure message size limit in kilobytes (KB) for IBE push. If a message exceeds the limit, pull is used instead. Valid range is 0 to 10240.

This setting appears only if protocol {ibe | ibe-on-tls-failure | smime} is ibeor ibe-on-tls-failure.

protocol {ibe | ibe-on-tls-failure | smime}

Select which message encryption protocol to use, either:

• ibe

• ibe-on-tls-failure: See also check-encryption-strength {enable | disable} etc.

• smime