Administration Guide

Email concepts and process workflow
- Email protocols
- Client-server connections in SMTP
- DNS role in email delivery
- How FortiMail processes email
- FortiMail operation modes
- FortiMail high availability
- FortiMail management methods
Setting up the FortiMail system
- Connecting to the GUI or CLI
- Choosing the operation mode
- Running the Quick Start Wizard
- Connecting to FortiGuard services
- Gateway mode deployment
- Transparent mode deployment
- Server mode deployment
- Testing the installation
- Backing up the configuration
Using the dashboard
- Viewing the dashboard
- Using the CLI Console
Using FortiView
- Viewing mail statistics
- Viewing threat statistics
- Viewing outbreak statistics
- Viewing top user statistics
- Viewing current IP sessions
Monitoring the system
- Viewing log messages
- Managing the quarantines
- Managing the mail queues
- Viewing DMARC report statistics
  - Viewing the DMARC and SPF report summary
  - Viewing details about DMARC and SPF report statistics
- Viewing the greylist statuses
- Viewing sender, authentication and endpoint reputation
- Managing archived email
- Viewing reports
Centrally monitoring the HA cluster
- Viewing the cluster status
- Viewing HA cluster mail statistics
- Viewing HA cluster threat statistics
- Searching the HA cluster logs
Configuring system settings
- Configuring network settings
- Configuring administrator accounts and access profiles
- Configuring system time, options, and other system options
- Configuring mail settings
- Customizing custom messages, email templates, GUI and Security Fabric
- Configuring single sign-on (SSO)
- Configuring RAID
- Using high availability (HA)
- Managing certificates
- Using FortiNDR malware inspection
- Using FortiSandbox antivirus inspection
- Configuring FortiGuard services and licensed features
  - Configuring licensed features
- System maintenance
- System utility
Configuring domains and users
- Configuring protected domains
- Managing users
- Configuring user aliases
- Configuring address mappings
- Configuring IBE users
- Configuring the address book
- Sharing calendars and address books (server mode only)
- Migrating email from other mail servers (server mode only)
Configuring policies
- What is a policy?
- How to use policies
- Controlling SMTP access and delivery
- Controlling email based on IP addresses
- Controlling email based on sender and recipient addresses
Configuring profiles
- Configuring session profiles
- Configuring antispam profiles and actions
- Configuring antivirus profiles, file signatures, and actions
- Configuring content profiles and content action profiles
- Configuring replacement message profiles and variables
- Configuring resource profiles
- Workflow to enable and configure authentication of email users
- Configuring authentication profiles
- Configuring LDAP profiles
- Configuring dictionary profiles
- Configuring security profiles
- Configuring IP pools
- Configuring email, IP and GeoIP groups
- Configuring notification profiles
Configuring security settings
- Configuring URL filter profiles
- Configuring a threat feed
  - Types and file formats of threat feeds
- Configuring content disarming and reconstruction
- Configuring authentication reputation
- Configuring email quarantines and quarantine reports
- Configuring the block lists and safe lists
- Configuring greylisting
- Configuring bounce verification and tagging
- Configuring sender rewriting scheme
- Configuring endpoint reputation
- Configuring preferences
- Training and maintaining the Bayesian databases
Configuring encryption settings
- Configuring IBE encryption
- Configuring certificate bindings
Configuring data loss prevention
- DLP configuration workflow
- Defining the sensitive data
- Configuring DLP rules
- Configuring DLP profiles
Archiving email
- Email archiving workflow
- Configuring email archiving accounts
- Configuring email archiving policies
- Configuring email archiving exemptions
Logs, reports, and alerts
- About FortiMail logging
- Configuring logging
- Configuring report profiles and generating reports
- Configuring alert email
Microsoft 365, Exchange and Google Workspace threat remediation
- Microsoft 365, Exchange, and Google Workspace protection workflow
- Configuring accounts
- Configuring scanning policies
- Configuring profiles
- Monitoring log messages
Managing firmware and configuration
- Testing firmware before installing it
- Installing firmware
- Clean installing firmware
- Upgrading firmware on HA units
Best practices and fine tuning
- General security tuning
- System security tuning
- Network topology tuning
- SMTP connectivity tuning
- Antispam tuning
- Policy tuning
- System maintenance tips
- Performance tuning
Troubleshooting
- Establish a system baseline
- Define the problem
- Search for a known solution
- Create a troubleshooting plan
- Gather system information
- Troubleshoot hardware issues
- Troubleshoot GUI and CLI connection issues
- Troubleshoot FortiGuard connection issues
- Troubleshoot MTA issues
- Troubleshoot antispam issues
- Troubleshoot HA issues
- Troubleshoot resource issues
- Troubleshoot bootup issues
- Troubleshoot installation issues
- Contact Fortinet customer support for assistance
Setup for email users
- Training Bayesian databases
- Managing tagged spam
- Accessing the personal quarantine and webmail
- Sending email from an email client (gateway and transparent mode)
Appendix A: Supported RFCs
Appendix B: Maximum Values
Appendix C: Port Numbers
Appendix D: Wildcards and regular expressions
- Special characters with regular expressions and wildcards
- Case sensitivity
- Modifiers
- Word boundary
- Syntax
- Example regular expressions
Appendix E: Working with TLS/SSL
- About TLS/SSL
- How TLS/SSL works
- FortiMail support of TLS/SSL
- Troubleshooting FortiMail TLS issues
Appendix F: PKI Authentication
- Introduction to PKI authentication
- FortiMail PKI architecture
- Configuring PKI authentication on FortiMail
Change log

Home FortiMail Appliances and Virtual Machines 7.6.3 Administration Guide

7.6.3

Managing the mail queues

FortiMail units prioritize email delivery according to mail queues:

Regular mail queues

When the FortiMail unit's 1^st attempt to deliver an email fails, then the email is moved to a normal priority mail queue: default, incoming, or outgoing.
Slow mail queues

If more delivery retries fail, then the email is moved to a slow mail queue. (The threshold between normal and slow queues is a CLI-only setting.) Slow queues also try to use Time interval for retry, but if FortiMail is busy and system resource usage is high, then slow queues have a lower priority than normal queues, so a retry in a slow queue might not occur exactly at the interval time. This allows the FortiMail unit to send valid email more quickly, instead of wasting system resources frequently retrying email that may be invalid (for example, email destined to an invalid MTA) or for an MTA that is too busy or undergoing maintenance.

After an undelivered email is in a deferred queue for 5 minutes, then the email appears in Monitor > Mail Queue > Mail Queue. Email that has been deferred for less than 5 minutes does not appear.

Delivery failure can be caused by temporary reasons such as high system resource usage or interruptions to network connectivity. FortiMail units will periodically retry delivery. (Administrators can also manually initiate a retry.) If the retry succeeds, then the FortiMail unit removes the email from the queue. It does not notify the sender. But if delivery continues to be delayed, then the FortiMail unit eventually sends an initial delivery status notification (DSN) email message to notify the sender that delivery has not yet succeeded. Finally, if the FortiMail unit cannot send the email message by the retry time limit, then the FortiMail unit sends a final DSN to notify the sender about the delivery failure and deletes the email message from the deferred queue. If the sender cannot receive this notification(for example, if the sender’s SMTP server is unreachable or if the sender address is invalid or empty), then the FortiMail unit saves the email in the dead mail folder. See Managing undeliverable mail.

When you delete a deferred email, the FortiMail unit sends an email message, with the deleted email attached to it, to notify the sender.

To view, delete, or resend an email in the deferred mail queue, go to Monitor > Mail Queue > General.

GUI item	Description
View (button)	Select a message and click View to see its contents.
Delete (button)	Click to deleted the selected item.
Resend (button)	Mark the check boxes of the rows corresponding to the email messages that you want to immediately retry to send, then click Resend. To determine if these retries succeeded, click Refresh. If a retry succeeds, the email will no longer appear in either the deferred mail queue or the dead mail folder. Otherwise, the retry has failed.
Type	Select the directionality and priority level of email to filter the mail queue display. Default: For FortiMail email process usage. Incoming: Displays email to protected domains after a failed delivery attempt. After more failed retries, the email may be moved to Incoming-slow. (The threshold between normal and slow queues is a CLI-only setting.) Outgoing: Displays email to unprotected domains after a failed delivery attempt. After more failed retries, the email may be moved to Outgoing-slow. IBE: Displays IBE email after a failed delivery attempt. After more failed retries, the email may be moved to the IBE-slow.For information about IBE email, see Configuring IBE encryption. Default-slow: For FortiMail email process usage. Incoming-slow: Displays incoming email for which retries failed. Outgoing-slow: Displays outgoing email for which retries failed. IBE-slow: Displays IBE email for which retries failed. Delivery control: Displays email throttled by delivery control policies (see Rate limiting for delivery). After 3 attempts, the mail will be moved to Outgoing-slow.
Search (button)	Select to filter the mail queue display by entering criteria that email must match in order to be visible.
Client IP	Lists the client IP addresses.
Location	Lists the geographic locations or country names associated with the IP address.
Envelope From	Lists the sender (`MAIL FROM:`) of the email.
Envelope To	Lists the recipient (`RCPT TO:`) of the email.
Subject	Lists the email subjects.
First Processed	Lists the date and time that the FortiMail unit first tried to send the email.
Last Processed	Lists the date and time that the FortiMail unit last tried to send the email.
Tries	Lists the number of times that the FortiMail unit has tried to send the email.

Viewing the FortiGuard spam outbreak protection mail queue

If you enable Spam outbreak protection in an antispam profile, and if the FortiGuard Antispam check (blocked IP and/or URL filter) returns no result, then FortiMail temporarily holds the email. After the specified wait time, FortiMail queries FortiGuard again. This provides an opportunity for the FortiGuard Antispam service to update its database when a spam outbreak occurs, so that it can give a query result.

To view the email on hold, go to Monitor > Mail Queue > Spam Outbreak.

Viewing the FortiGuard virus outbreak protection mail queue

If you enabled antivirus outbreak protection in an antivirus profile, FortiMail will temporarily hold suspicious email for a certain period of time (configurable on System > FortiGuard > AntiVirus). After the specified time interval, FortiMail will query the antivirus database for the second time. This provides an opportunity for the FortiGuard antivirus service to update its database in cases a virus outbreak occurs.

To view the email on hold, go to Monitor > Mail Queue > Virus Outbreak.

Viewing the FortiSandbox mail queue

The FortiSandbox unit is used for automated sample tracking, or sandboxing. You can send suspicious email attachments to FortiSandbox for inspection when you configure antivirus profiles (see Configuring antivirus profiles). If the file exhibits risky behavior, or is found to contain a virus, the result will be sent back to FortiMail and a new virus signature is created and added to the FortiGuard antivirus signature database as well.

To view the email waiting to be sent to FortiSandbox, go to Monitor > Mail Queue > FortiSandbox.

Managing undeliverable mail

The Dead Mail tab displays the list of email messages in the dead mail folder.

Unlike the deferred mail queue, the dead mail folder contains copies of delivery status notification (DSN) email messages, also called non-delivery reports (NDR).

DSN messages are sent from the FortiMail unit ("postmaster") to an email’s sender when the email is considered to be more permanently undeliverable because all previous retry attempts of the deferred email message have failed. These email include a copy of the original email message for which the DSN was generated.

If an email cannot be sent nor a DSN returned to the sender, it is usually because both the recipient and sender addresses are invalid. Such email messages are often sent by spammers who know the domain name of an SMTP server but not the names of its email users, and are attempting to send spam by guessing at valid recipient email addresses.

The FortiMail unit can automatically delete old dead mail.

Alternatively, to prevent dead mail to invalid recipients, enable recipient address verification to reject email with invalid recipients. Rejecting email with invalid recipients also prevents quarantine mailboxes for invalid recipients from consuming hard disk space. For details, see Configuring recipient address verification.

To view or delete undeliverable email, go to Monitor > Mail Queue > Dead Mail.

Configuring mail queue search tasks

Similar to the quarantine search functionality, you can configure mail queue tasks that provide options to execute various actions, including the sending or deletion of mail, or delivery to an alternative host.

Delivery of mail to alternative host is only available for General mail queue search tasks.

To configure a mail queue search task:

Go to Monitor > Mail Queue > Mail Queue Search Task and select New.
Select a Queue type. Additionally, set a Subtype for general mail queue searches.
Define the Time Range start and end times for the search to take place.
For more granularity, use the And/Or logic filters under Search Filter and click Add to add relationship settings.
Under Search Result, define the action to take place for search results.
When finished configuring, click Search.

From the list of mail queue search tasks, you can Stop, Resume, and Rerun search tasks as necessary.

Viewing the mail queue size

Mail queue size status can be viewed, including incoming, outgoing, IBE, spam and virus outbreak, and FortiSandbox queues.

View the mail queue size status in the GUI under Dashboard > Status in the Queue Status widget, or view the mail queue status using the following CLI command:

diagnose system mailqueue status