Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiMail 7.6.1 Administration Guide
    7.6.1
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.7
    6.2.0
    6.0.6
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    Configuring FortiGuard services and licensed features

    Configuring FortiGuard services and licensed features

    IF you have purchased licenses for them, your FortiMail unit can use various special features and Fortinet FortiGuard subscription services, such as Antivirus, Antispam, and URL click protection.

    Go to System > FortiGuard > License to view your current licenses and service status, and the most recent updates to FortiGuard Antivirus engines, antivirus definitions, and FortiGuard Antispam definitions (antispam heuristic rules).

    FortiMail units receive updates from the FortiGuard Distribution Network (FDN), a world-wide network of FortiGuard Distribution Servers (FDS). FortiMail units connect to the FDN by connecting to the FDS nearest to the FortiMail unit by its configured time zone.

    In addition to manual update requests, FortiMail units also support scheduled updates, by which the FortiMail unit periodically polls the FDN to determine if there are any available updates.

    For FortiGuard Antispam and FortiGuard Antivirus update connectivity requirements and troubleshooting information, see Troubleshoot FortiGuard connection issues.

    This section contains the following topics:

    Configuring FortiGuard Antivirus service

    You can configure the FortiMail unit to periodically request updates from the FDN or override servers for the FortiGuard Antivirus engine and virus definitions.

    For example, you might schedule updates every night at 2 AM or weekly on Sunday, when email traffic volume is light.

    Before configuring scheduled updates, first verify that the FortiMail unit can connect to the FDN or override server.

    To configure FortiGuard Antivirus options
    1. Go to System > FortiGuard > AntiVirus.
    2. Configure the following and then click Apply.

      GUI item

      Description

      FortiGuard server port

      Connect to FortiGuard Antivirus servers on either port 443 or 8890. The default port is 443.

      Use override server

      Enable to override the default FDN server to which the FortiMail unit connects for updates.

      Override server IP address

      Enter the IP address of the override public or private FDN server.

      Virus outbreak protection

      When a virus outbreak occurs, the FortiGuard antivirus database may need some time to get updated. Therefore, you can choose to defer the delivery of the suspicious email messages and scan them for the second time.

      • Disable: Do not query FortiGuard antivirus service.
      • Enable: Query FortiGuard antivirus service.
      • Enable with Defer: If the first query returns no results, defer the email for the specified time and do the second query.

      Virus outbreak protection period

      If Virus outbreak protection is Enable with Defer, enter how many minutes later a second query will be done.

      Virus database

      Depending on your models, FortiMail supports three types of antivirus databases:

      • Default: The default FortiMail virus database contains most commonly seen viruses and should be sufficient enough for regular antivirus protection.
        For the current release, FortiMail VM00 model supports the default virus database only.
      • Extended: Some high-end FortiMail models support the usage of an extended virus database, which contains viruses that are not active any more.
        For the current release, FortiMail VM01/VM02/200F/400F models support both the default and extended virus databases.
      • Extreme: Some high-end models also support the usage of an extreme virus database, which contains more virus signatures than the default and extended databases.
        For the current release, FortiMail VM04/900F and above models support all three types of virus databases

      Scheduled update

      Enable to perform updates according to a schedule, then select one of the following as the frequency of update requests. When the FortiMail unit requests an update at the scheduled time, results appear in Last Update Status.

      • Every: Select to request to update once every 1 to 23 hours, then select the number of hours between each update request.
      • Daily: Select to request to update once a day, then select the hour of the day to check for updates.
      • Weekly: Select to request to update once a week, then select the day of the week and the hour of the day to check for updates.

      Server location

      Use FortiGuard servers either in the United States only, or in any location in the world.

    See also

    Configuring FortiGuard services and licensed features

    Configuring FortiGuard Antivirus service

    Manually requesting updates

    Troubleshoot FortiGuard connection issues

    Manually requesting updates

    You can manually trigger the FortiMail unit to connect to the FDN or override server to request available updates for its FortiGuard antivirus packages.

    You can manually initiate updates as an alternative or in addition to other update methods.

    To manually request updates

    Before manually initiating an update, first verify that the FortiMail unit can connect to the FDN or override server.

    1. Go to System > FortiGuard > AntiVirus.
    2. Click Update Now.
      3. Note

      Updating FortiGuard Antivirus definitions can cause a short disruption in traffic currently being scanned while the FortiMail unit applies the new signature database. To minimize disruptions, update when traffic is light, such as during the night.
    3. After a few minutes, click the System > FortiGuard > License tab to check the update status. If an update was available, new version numbers appear for the packages that were updated. If you have enabled logging, messages are recorded to the event log indicating whether the update was successful or not. For details, see Logs, reports, and alerts.

    Configuring FortiGuard Antispam service

    You can connect to the FDN to use the FortiGuard Antispam service. You can also use your own override server, such as a FortiManager unit, for antispam service.

    To configure the FortiGuard Antispam options

    1. Go to System > FortiGuard > AntiSpam.
    2. Under FortiGuard AntiSpam, verify that Status is enabled. Also select the FortiGuard server port (53 by default or 8888) and protocol (UDP or HTTPS).
    3. Specify a spam outbreak protection level. Higher level means more strict filtering.
    4. If you want to use an override server, such as a local FortiManager unit, instead of the default FDN server, specify it by enabling the option and entering the server address.
    5. Optionally enable cache and specify the cache TTL time. Enabling cache can improve performance.
    6. Use FortiGuard servers either in the United States only, or in any location in the world.
    7. Click Apply.

    About spam outbreak protection from FortiGuard

    This feature temporarily hold email for a certain period of time (spam outbreak protection period) if the enabled FortiGuard Antispam check (block IP and/or URL filter) returns no result (see FortiGuard section). After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard Antispam service to update its database in cases a spam outbreak occurs.

    FortiMail uses its internal algorithms to determine the suspicious level of an email. For example, the following email is treated as highly suspicious because it contains a phishing URL that might not be known to FortiGuard at the time.

    Received: from linux-2543.local ([64.78.154.244])by mail.example.com with ESMTP id 31AmE8tP018352-31AmE8tQ018352 for <bob@example.com>; Fri, 10 Feb 2023 14:14:09 -0800

    From: "American Express Online" <info@american-express.com>

    To: bob@example.com

    Reply-To: <spammer@gmail.com>

    Subject: New secure email message from American Express

    Date: 10 Feb 2023 15:14:08 -0700

    Message-ID: <20230210151408.e4253c5C355132EB@givemeyourmoney.com>

    MIME-Version: 1.0

    Content-Type: text/plain

    For your protection, the content of this message has been sent securely by American Express using encryption technology

    To view the secure message, for your security reason

    Copy paste below the link in your browser and follow the instruction

    https://american.express.vds.xxxxxx.com/secure_email

    The secure message expire on February 15 .2023 @ 9:01 PM(GMT)!!!

    Do not reply to the notification message, the message was auto generated by the sender's Security system

    Configuring spam sample submission service

    You can designate an email address to receive and review sample submissions of spam and non-spam that were not detected correctly. These can be sent for an administrator to review, or sent directly to FortiGuard. This information can be used to improve the catch rate.

    Users can submit samples of spam via the Report Spam plugin for Microsoft Outlook. The plugin is available for download at https://support.fortinet.com/. To review the submitted samples, go to Monitor > Quarantine > Sample Submission. For more information, see Sample Submission.

    To configure a spam sample submissions service

    1. Go to System > FortiGuard > AntiSpam.

    2. In the Sample Submission section, enable Status.

    3. If you have multiple protected domains, enable Domain submission if you want to allow domain administrators to view spam sample submissions for their own domain..

    4. In Submission handling type, select whether you want an administrator to manually review spam sample submissions, or you want them to be sent directly to FortiGuard.

    5. In Retention period, enter a number of days between 0-60, after which the sample spam submission will be deleted.

    6. In Email account to receive spam and Email account to receive non-spam, enter the email addresses that will receive spam and non-spam ("ham") sample submissions.

      Note

      Sample submission email addresses must:

      • Not be the same.

      • Be reserved only for samples of spam and non-spam; they should not receive any other email. They cannot be the same as the quarantine control accounts, email archiving accounts, Bayesian training accouts, and any other email accounts.

    7. Click Apply.

    To use the report spam plugin for Microsoft Outlook

    1. Go to https://support.fortinet.com/ and log into your account.

    2. Go to Support > Firmware Download.>

    3. Go to FortiMail > Plugins.

    4. Double-click the installer file to start it, and then follow the on-screen instructions.

    5. After the plugin is successfully installed, restart Outlook.

      New buttons should appear in the menu ribbon. Click Spam to report any suspicious email that was not detected as spam, and use Not Spam to report normal email that was mistakenly detected as spam.

      FortiMail spam submission plugin for Microsoft Outlook

    Previous
    Next

    Configuring FortiGuard services and licensed features

    Configuring FortiGuard services and licensed features

    IF you have purchased licenses for them, your FortiMail unit can use various special features and Fortinet FortiGuard subscription services, such as Antivirus, Antispam, and URL click protection.

    Go to System > FortiGuard > License to view your current licenses and service status, and the most recent updates to FortiGuard Antivirus engines, antivirus definitions, and FortiGuard Antispam definitions (antispam heuristic rules).

    FortiMail units receive updates from the FortiGuard Distribution Network (FDN), a world-wide network of FortiGuard Distribution Servers (FDS). FortiMail units connect to the FDN by connecting to the FDS nearest to the FortiMail unit by its configured time zone.

    In addition to manual update requests, FortiMail units also support scheduled updates, by which the FortiMail unit periodically polls the FDN to determine if there are any available updates.

    For FortiGuard Antispam and FortiGuard Antivirus update connectivity requirements and troubleshooting information, see Troubleshoot FortiGuard connection issues.

    This section contains the following topics:

    Configuring FortiGuard Antivirus service

    You can configure the FortiMail unit to periodically request updates from the FDN or override servers for the FortiGuard Antivirus engine and virus definitions.

    For example, you might schedule updates every night at 2 AM or weekly on Sunday, when email traffic volume is light.

    Before configuring scheduled updates, first verify that the FortiMail unit can connect to the FDN or override server.

    To configure FortiGuard Antivirus options
    1. Go to System > FortiGuard > AntiVirus.
    2. Configure the following and then click Apply.

      GUI item

      Description

      FortiGuard server port

      Connect to FortiGuard Antivirus servers on either port 443 or 8890. The default port is 443.

      Use override server

      Enable to override the default FDN server to which the FortiMail unit connects for updates.

      Override server IP address

      Enter the IP address of the override public or private FDN server.

      Virus outbreak protection

      When a virus outbreak occurs, the FortiGuard antivirus database may need some time to get updated. Therefore, you can choose to defer the delivery of the suspicious email messages and scan them for the second time.

      • Disable: Do not query FortiGuard antivirus service.
      • Enable: Query FortiGuard antivirus service.
      • Enable with Defer: If the first query returns no results, defer the email for the specified time and do the second query.

      Virus outbreak protection period

      If Virus outbreak protection is Enable with Defer, enter how many minutes later a second query will be done.

      Virus database

      Depending on your models, FortiMail supports three types of antivirus databases:

      • Default: The default FortiMail virus database contains most commonly seen viruses and should be sufficient enough for regular antivirus protection.
        For the current release, FortiMail VM00 model supports the default virus database only.
      • Extended: Some high-end FortiMail models support the usage of an extended virus database, which contains viruses that are not active any more.
        For the current release, FortiMail VM01/VM02/200F/400F models support both the default and extended virus databases.
      • Extreme: Some high-end models also support the usage of an extreme virus database, which contains more virus signatures than the default and extended databases.
        For the current release, FortiMail VM04/900F and above models support all three types of virus databases

      Scheduled update

      Enable to perform updates according to a schedule, then select one of the following as the frequency of update requests. When the FortiMail unit requests an update at the scheduled time, results appear in Last Update Status.

      • Every: Select to request to update once every 1 to 23 hours, then select the number of hours between each update request.
      • Daily: Select to request to update once a day, then select the hour of the day to check for updates.
      • Weekly: Select to request to update once a week, then select the day of the week and the hour of the day to check for updates.

      Server location

      Use FortiGuard servers either in the United States only, or in any location in the world.

    See also

    Configuring FortiGuard services and licensed features

    Configuring FortiGuard Antivirus service

    Manually requesting updates

    Troubleshoot FortiGuard connection issues

    Manually requesting updates

    You can manually trigger the FortiMail unit to connect to the FDN or override server to request available updates for its FortiGuard antivirus packages.

    You can manually initiate updates as an alternative or in addition to other update methods.

    To manually request updates

    Before manually initiating an update, first verify that the FortiMail unit can connect to the FDN or override server.

    1. Go to System > FortiGuard > AntiVirus.
    2. Click Update Now.
      3. Note

      Updating FortiGuard Antivirus definitions can cause a short disruption in traffic currently being scanned while the FortiMail unit applies the new signature database. To minimize disruptions, update when traffic is light, such as during the night.
    3. After a few minutes, click the System > FortiGuard > License tab to check the update status. If an update was available, new version numbers appear for the packages that were updated. If you have enabled logging, messages are recorded to the event log indicating whether the update was successful or not. For details, see Logs, reports, and alerts.

    Configuring FortiGuard Antispam service

    You can connect to the FDN to use the FortiGuard Antispam service. You can also use your own override server, such as a FortiManager unit, for antispam service.

    To configure the FortiGuard Antispam options

    1. Go to System > FortiGuard > AntiSpam.
    2. Under FortiGuard AntiSpam, verify that Status is enabled. Also select the FortiGuard server port (53 by default or 8888) and protocol (UDP or HTTPS).
    3. Specify a spam outbreak protection level. Higher level means more strict filtering.
    4. If you want to use an override server, such as a local FortiManager unit, instead of the default FDN server, specify it by enabling the option and entering the server address.
    5. Optionally enable cache and specify the cache TTL time. Enabling cache can improve performance.
    6. Use FortiGuard servers either in the United States only, or in any location in the world.
    7. Click Apply.

    About spam outbreak protection from FortiGuard

    This feature temporarily hold email for a certain period of time (spam outbreak protection period) if the enabled FortiGuard Antispam check (block IP and/or URL filter) returns no result (see FortiGuard section). After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard Antispam service to update its database in cases a spam outbreak occurs.

    FortiMail uses its internal algorithms to determine the suspicious level of an email. For example, the following email is treated as highly suspicious because it contains a phishing URL that might not be known to FortiGuard at the time.

    Received: from linux-2543.local ([64.78.154.244])by mail.example.com with ESMTP id 31AmE8tP018352-31AmE8tQ018352 for <bob@example.com>; Fri, 10 Feb 2023 14:14:09 -0800

    From: "American Express Online" <info@american-express.com>

    To: bob@example.com

    Reply-To: <spammer@gmail.com>

    Subject: New secure email message from American Express

    Date: 10 Feb 2023 15:14:08 -0700

    Message-ID: <20230210151408.e4253c5C355132EB@givemeyourmoney.com>

    MIME-Version: 1.0

    Content-Type: text/plain

    For your protection, the content of this message has been sent securely by American Express using encryption technology

    To view the secure message, for your security reason

    Copy paste below the link in your browser and follow the instruction

    https://american.express.vds.xxxxxx.com/secure_email

    The secure message expire on February 15 .2023 @ 9:01 PM(GMT)!!!

    Do not reply to the notification message, the message was auto generated by the sender's Security system

    Configuring spam sample submission service

    You can designate an email address to receive and review sample submissions of spam and non-spam that were not detected correctly. These can be sent for an administrator to review, or sent directly to FortiGuard. This information can be used to improve the catch rate.

    Users can submit samples of spam via the Report Spam plugin for Microsoft Outlook. The plugin is available for download at https://support.fortinet.com/. To review the submitted samples, go to Monitor > Quarantine > Sample Submission. For more information, see Sample Submission.

    To configure a spam sample submissions service

    1. Go to System > FortiGuard > AntiSpam.

    2. In the Sample Submission section, enable Status.

    3. If you have multiple protected domains, enable Domain submission if you want to allow domain administrators to view spam sample submissions for their own domain..

    4. In Submission handling type, select whether you want an administrator to manually review spam sample submissions, or you want them to be sent directly to FortiGuard.

    5. In Retention period, enter a number of days between 0-60, after which the sample spam submission will be deleted.

    6. In Email account to receive spam and Email account to receive non-spam, enter the email addresses that will receive spam and non-spam ("ham") sample submissions.

      Note

      Sample submission email addresses must:

      • Not be the same.

      • Be reserved only for samples of spam and non-spam; they should not receive any other email. They cannot be the same as the quarantine control accounts, email archiving accounts, Bayesian training accouts, and any other email accounts.

    7. Click Apply.

    To use the report spam plugin for Microsoft Outlook

    1. Go to https://support.fortinet.com/ and log into your account.

    2. Go to Support > Firmware Download.>

    3. Go to FortiMail > Plugins.

    4. Double-click the installer file to start it, and then follow the on-screen instructions.

    5. After the plugin is successfully installed, restart Outlook.

      New buttons should appear in the menu ribbon. Click Spam to report any suspicious email that was not detected as spam, and use Not Spam to report normal email that was mistakenly detected as spam.

      FortiMail spam submission plugin for Microsoft Outlook

    Previous
    Next