Administration Guide

Email concepts and process workflow
- Email protocols
- Client-server connections in SMTP
- DNS role in email delivery
- How FortiMail processes email
- FortiMail operation modes
- FortiMail high availability
- FortiMail management methods
Setting up the FortiMail system
- Connecting to the GUI or CLI
- Choosing the operation mode
- Running the Quick Start Wizard
- Connecting to FortiGuard services
- Gateway mode deployment
- Transparent mode deployment
- Server mode deployment
- Testing the installation
- Backing up the configuration
Using the dashboard
- Viewing the dashboard
- Using the CLI Console
Using FortiView
- Viewing mail statistics
- View threat statistics
- View outbreak statistics
- Viewing top user statistics
- Viewing current IP sessions
Monitoring the system
- Viewing log messages
- Managing the quarantines
- Managing the mail queue
- Viewing DMARC report statistics
  - Viewing the DMARC and SPF report summary
  - Viewing details about DMARC and SPF report statistics
- Viewing the greylist statuses
- Viewing sender, authentication and endpoint reputation
- Managing archived email
- Viewing reports
Centrally monitoring the HA cluster
- Viewing the cluster status
- Viewing HA cluster mail statistics
- Viewing HA cluster threat statistics
- Searching the HA cluster logs
Configuring system settings
- Configuring network settings
- Configuring administrator accounts and access profiles
- Configuring system time, options, and other system options
- Configuring mail settings
- Customizing GUI, custom messages, email templates, and Security Fabric
- Configuring single sign-on (SSO)
- Configuring RAID
- Using high availability (HA)
- Managing certificates
- Using FortiNDR malware inspection
- Using FortiSandbox antivirus inspection
- Configuring FortiGuard services and licensed features
  - Configuring licensed features
    - Configuring image analysis
- System maintenance
- System utility
Configuring domains and users
- Configuring protected domains
- Managing users
- Configuring user aliases
- Configuring address mappings
- Configuring IBE users
- Configuring the address book
- Sharing calendars and address books (server mode only)
- Migrating email from other mail servers (server mode only)
Configuring policies
- What is a policy?
- How to use policies
- Controlling SMTP access and delivery
- Controlling email based on IP addresses
- Controlling email based on sender and recipient addresses
Configuring profiles
- Configuring session profiles
- Configuring antispam profiles and actions
- Configuring antivirus profiles, file signatures, and actions
- Configuring content profiles and content action profiles
- Configuring replacement message profiles and variables
- Configuring resource profiles
- Workflow to enable and configure authentication of email users
- Configuring authentication profiles
- Configuring LDAP profiles
- Configuring dictionary profiles
- Configuring security profiles
- Configuring IP pools
- Configuring email, IP and GeoIP groups
- Configuring notification profiles
Configuring security settings
- Configuring URL filter profiles
- Configuring a threat feed
  - Types and file formats of threat feeds
- Configuring content disarming and reconstruction
- Configuring authentication reputation
- Configuring email quarantines and quarantine reports
- Configuring the block lists and safe lists
- Configuring greylisting
- Configuring bounce verification and tagging
- Configuring sender rewriting scheme
- Configuring endpoint reputation
- Configuring preferences
- Training and maintaining the Bayesian databases
Configuring encryption settings
- Configuring IBE encryption
- Configuring certificate bindings
Configuring data loss prevention
- DLP configuration workflow
- Defining the sensitive data
- Configuring DLP rules
- Configuring DLP profiles
Archiving email
- Email archiving workflow
- Configuring email archiving accounts
- Configuring email archiving policies
- Configuring email archiving exemptions
Logs, reports, and alerts
- About FortiMail logging
- Configuring logging
- Configuring report profiles and generating reports
- Configuring alert email
Microsoft 365, Exchange and Google Workspace threat remediation
- Microsoft 365, Exchange, and Google Workspace protection workflow
- To create a Microsoft Exchange account
- Configuring scanning policies
- Configuring profiles
- Monitoring log messages
Managing firmware and configuration
- Testing firmware before installing it
- Installing firmware
- Clean installing firmware
- Upgrading firmware on HA units
Best practices and fine tuning
- General security tuning
- System security tuning
- Network topology tuning
- High availability (HA) tuning
- SMTP connectivity tuning
- Antispam tuning
- Policy tuning
- System maintenance tips
- Performance tuning
Troubleshooting
- Establish a system baseline
- Define the problem
- Search for a known solution
- Create a troubleshooting plan
- Gather system information
- Troubleshoot hardware issues
- Troubleshoot GUI and CLI connection issues
- Troubleshoot FortiGuard connection issues
- Troubleshoot MTA issues
- Troubleshoot antispam issues
- Troubleshoot HA issues
- Troubleshoot resource issues
- Troubleshoot bootup issues
- Troubleshoot installation issues
- Contact Fortinet customer support for assistance
Setup for email users
- Training Bayesian databases
- Managing tagged spam
- Accessing the personal quarantine and webmail
- Sending email from an email client (gateway and transparent mode)
Appendix A: Supported RFCs
Appendix B: Maximum Values
Appendix C: Port Numbers
Appendix D: Wildcards and regular expressions
- Special characters with regular expressions and wildcards
- Case sensitivity
- Modifiers
- Word boundary
- Syntax
- Example regular expressions
Appendix E: Working with TLS/SSL
- About TLS/SSL
- How TLS/SSL works
- FortiMail support of TLS/SSL
- Troubleshooting FortiMail TLS issues
Appendix F: PKI Authentication
- Introduction to PKI authentication
- FortiMail PKI architecture
- Configuring PKI authentication on FortiMail
Change log

Home FortiMail 7.6.1 Administration Guide

7.6.1

Configuring preferences

Go to Security > Option > Preference to configure some global settings for action profile, mail scan, and antispam preferences.

GUI item

Description

Action Profile

In action profiles (see Configuring antispam action profiles, Configuring antivirus action profiles, and Configuring content action profiles), you can select an action:

Deliver to alternate host
Deliver to original host
System quarantine
Personal quarantine
Disclaimer insertion
Subject tag location
Replacement message location

For delivery and quarantine actions, you can select which form of the email to use:

Modified copy — Modify the email according to the action.

Unmodified copy — Original email header and body.

If the email is in its original form, the recipient in the SMTP envelope(RCPT TO:) still might be rewritten by the action.

For example, when the HTML content is converted to text, if you choose to deliver the unmodified copy, then the HTML version will be delivered; if you choose to deliver the modified copy, then the plain text version will be delivered.

For Disclaimer insertion, you can choose to insert the disclaimer in selected or all messages.

For Subject tag location, you can choose to insert the tag at the start or end of the subject line.

Enforce delivery action if 'delivery to original/alternate host' is enabled

If the action in a profile is one of the final actions, such as System quarantine, while the action in another profile is to deliver to the original host or alternate host, you can enable this option to override the final action.

Execute attachment scan on spam email under personal quarantine

For spam that is sent to personal quarantine, you can either continue or stop further scans of the email's attachments.

Mail Scan

Specify the following:

Maximum level to decompress archive file — Enter how many levels to decompress the archived files for antivirus and content scan. Valid range is 1 to 36. Default value is 12.
Maximum archive file size to decompress (MB) — Enter the maximum file size to scan after the archived files are decompressed. This applies to every single file after decompression. Bigger files will not be scanned. Default value is 10MB.
Maximum compression ratio for archive bomb — Enter the maximum compression ratio for FortiMail to decompress. Valid range is 1 to 1000. Default value is 200.

AntiSpam

DMARC failure action

Select either:

Action profile — Use the action specified in the antispam profile.
Action profile with none — If the policy option in the sender's DMARC record is p=none, use that action. Else use the action in the antispam profile.
DMARC record policy — Use the actions specified in the policy option of the sender's DMARC record.

The default setting is Action profile with none.

This system-wide setting can be overridden by a per-domain setting. For details, see the FortiMail CLI Reference.

DMARC Report
Generation

Select either:

Enable — Collect DMARC check data. Each day, for each sender domain that matched a policy where DMARC checks are enabled, send a report to that domain's authorized DMARC report recipient.

Also configure Sender address local part.

Note: If a sender does not have a valid DMARC RUA/RUF configured in the domain's DNS TXT record, then even if you enable DMARC reports, FortiMail cannot send them to that domain because there is no report recipient email address.

Tip: If you have the DMARC report analysis feature license, then you can instead use charts with statistics about DMARC reports.You can also generate DMARC reports on demand, and send them to other recipients. See Viewing DMARC report statistics and On-demand DMARC reports.
Disable — Do not collect DMARC check data. Do not generate a report.
Monitor Only — Collect DMARC check data, but do not generate a report.

This system-wide setting can be overridden by a per-domain setting. For details, see DMARC Report Setting.

Sender address local part

Enter the local part (username) that the FortiMail unit will use as its sender email address (From:) when it sends DMARC report email.

Default is syslocal. Change it if, for example, an administrator wants replies about DMARC reports.

Also configure DMARC Report Generation.

Analysis

Indicates whether the DMARC report analysis feature licence is valid. See also DMARC report analysis.

Impersonation analysis

Email impersonation is one of the email spoofing attacks. It forges the email header to deceive the recipient because the message appears to be from a different source than the actual address.

To fight against email impersonation, you can map display names with email addresses and check email for the mapping.

You can choose whether the impersonation analysis uses manual mapping entries or dynamic entries. You can also use both types of entries.

Manual — Use the entries you manually entered under Profile > AntiSpam > Impersonation.
Dynamic — Use the entries automatically learned by the FortiMail mail statistics service. To enable this service, enable mailstat-service under config system global.

The default setting is Manual.

QR code URL scan

Select which locations to scan for QR code images that contain known spam URLs.

Inline image — Embedded inline, in the email body.
Attachment image — Email attachments. If PDF attachment scan is also enabled in the antispam profile (see Configuring antispam profiles and actions), QR code images in the PDF attachment will also be scanned.