system mailserver
Use this command to configure the system-wide mail settings.
Syntax
config system mailserver
config mail-queue
edit {default | incoming | outgoing}
set queue-dsn-timeout <timeout_int>
set queue-retry <interval_int>
set queue-timeout <timeout_int>
set queue-warning <first-dsn_int>
end
set deadmail-expiry <time_int>
set default-auth-domain <domain_name>
set defer-delivery-starttime <time_str>
set defer-delivery-stoptime <time_str>
set delivery-failure-handling-option {normal | relay-to-host}
set delivery-failure-host <host_name>
set delivery-failure-min-age <minute_int>
set delivery-tracking-status {enable | disable}
set dsn-ehlo-option {host-name | domain-name | other-name}
set dsn-ehlo-other-name <name_str>
set dsn-email-attach-orig {enable | disable}
set dsn-email-customization-status {enable | disable}
set dsn-sender-address <email_str>
set dsn-sender-displayname <name_str>
set dsn-status {enable | disable}
set imap-service {enable | disable}
set ip-pool-direction {all | exclude-internal-to-internal}
set ldap-domaincheck {enable | disable}
set ldap-domaincheck-auto-associate {enable | disable}
set ldap-domaincheck-internal-domain <domain_str>
set ldap-domaincheck-profile <profile_str>
set local-domain-name <local-domain_str>
set pop3-service {enable | disable}
set queue-dsn-timeout <timeout_int>
set queue-retry <interval_int>
set queue-timeout <timeout_int>
set queue-warning <first-dsn_int>
set relay-server-name <relay_name>
set relay-server-status {enable |disable}
set show-accept-cert-ca {enable | disable}
set smtp-auth {enable | disable}
set smtp-auth-over-tls {enable | disable}
set smtp-auth-smtps {enable | disable}
set smtp-delivery-addr-pref {ipv4-ipv6 | ipv6-ipv4 | ipv4 | ipv6}
set smtp-delivery-session-preference {domain | host}
set smtp-max-connections <connection_int>
set smtp-max-hop-count <number>
set smtp-msa {enable | disable}
set smtp-mtasts-status {check-all-domain | check-external-domain | disable}
set smtp-service {enable | disable}
set smtps-tls-status {enable | disable}
set timeout-connect <seconds_int>
set timeout-greeting <seconds_int>
end
Variable |
Description |
Default |
Enter the number of days to keep permanently undeliverable email in the dead mail folder. Dead mail has both incorrect recipient and sender email addresses, and can neither be delivered nor the sender notified. The valid range is from 1 to 365 days. |
1 |
|
Enter the domain to use for default authentication. |
|
|
Select the queue you want to configure. |
default |
|
Enter the time that the FortiMail unit will begin to process deferred oversized email, using the format |
00:00 |
|
Enter the time that the FortiMail unit will stop processing deferred oversized email, using the format |
00:00 |
|
Enter either:
|
no |
|
delivery-failure-conditions {dns-failure | mta-failure-permanant | mta-failure-temporary | network-failure-connection | network-failure-other} |
Specify the type of failed network connections the backup relay should take over and retry. |
|
When email delivery fails, you can choose to use the mail queue settings to handle the temporary or permanent failures. You can also try another relay that you know might work.
|
normal |
|
Enter a host to relay email when access to original mail host fails. |
|
|
Enter the time in minutes the undelivered email should wait in the normal queue before trying the backup relay. |
30 |
|
Enable to record the following mail delivery statuses in the history log:
You can view queued email except IBE email in the history log from the right-click pop-up menu. For security reasons, IBE email cannot be viewed in the queue. |
disable |
|
Specify the DSN
|
host-name |
|
If |
|
|
Enable to attach original email in delivery status notifications (DSN) or non-delivery reports (NDR). |
disable |
|
Enable DSN (NDR) customization. |
disable |
|
Enter the sender email address in DSN email messages sent by the FortiMail unit to notify email users of delivery failure. If this string is empty, the FortiMail unit sends DSN from the default sender email address of “postmaster@example.com", where “example.com" is the domain name of the FortiMail unit. |
|
|
Enter the display name of the sender email address for DSN. If this string is empty, the FortiMail unit uses the display name “postmaster". |
|
|
Enable to allow DSN email generation. |
disable |
|
Enable to allow IMAP service. |
enable |
|
By default, IP pools in IP policies and domain settings will be applied to all email directions, including internal to internal, internal to external, external to internal, and external to external. You can exempt IP pool usage for internal-to-internal email using the exclude-internal-to-internal option. Note: IP pools in ACL delivery rules are still applied to internal-to-internal email. |
|
|
Enable to verify the existence of domains that have not been configured as protected domains. Also configure ldap-domaincheck-profile <profile_str> and ldap-domaincheck-auto-associate {enable | disable}. To verify the existence of unknown domains, the FortiMail unit queries an LDAP server for a user object that contains the email address. If the user object exists, the verification is successful, the action varies by configuration of ldap-domaincheck-auto-associate {enable | disable}. |
disable |
|
If
|
disable |
|
If |
|
|
If |
|
|
Enter the name of the domain to which the FortiMail unit belongs, such as This option applies only if the FortiMail unit is operating in server mode. |
|
|
Enter the port number on which the FortiMail unit’s POP3 server will listen for POP3 connections. The default port number is 110. This option applies only if the FortiMail unit is operating in server mode. |
110 |
|
Enable to allow POP3 service. |
enable |
|
Enter the maximum number of days a delivery status notification (DSN) message can remain in the mail queues. If the maximum time is set to zero (0) days, the FortiMail unit attempts to deliver the DSN only once. After the maximum time has been reached, the DSN email is moved to the dead mail folder. The valid range is from zero to ten days. |
5 |
|
Enter the number of minutes between delivery retries for email messages in the deferred and spam mail queues. The valid range is from 10 to 120 minutes. |
27 |
|
Enter the maximum number of hours that deferred email messages can remain in the deferred or spam mail queue, during which the FortiMail unit periodically retries to send the message. After the maximum time has been reached, the FortiMail unit will send a final delivery status notification (DSN) email message to notify the sender that the email message was undeliverable. The valid range is from 1 to 240 hours. |
120 |
|
Enter the number of hours after an initial failure to deliver an email message before the FortiMail unit sends the first delivery status notification (DSN) email message to notify the sender that the email message has been deferred. After sending this initial DSN, the FortiMail unit will continue to retry sending the email until reaching the limit configured in The valid range is from 1 to 24 hours. |
4 |
|
Specify the relay server to deliver outgoing email. |
|
|
If enabled, the relay server will be used to deliver outgoing email. If disabled, the FortiMail built-in MTA will be used. |
disable |
|
Enable to show acceptable client certificate ca. |
enable |
|
Enable to accept the |
enable |
|
Enable to accept the |
enable |
|
Enable to accept the |
enable |
|
smtp-delivery-addr-pref {ipv4-ipv6 | ipv6-ipv4 | ipv4 | ipv6} |
When FortiMail delivers email to a host name, it does DNS AAAA and A record lookup. Use this command to specify the IPv4/IPv6 delivery preferences:
|
ipv4-ipv6 |
Google business email service does not accept multiple destination domains per SMTP transaction, resulting in repeated delivery attempts and delayed email. To work around this Google limitation, this command is added in 5.4.6 and 6.0.1 releases. Before 5.4.6 and 6.0. releases, the default setting is host. Multiple recipient domains that resolve to the same MTA are sent to the server in the same session. After 5.4.6 and 6.0.1 release, the default setting is changed to domain. Multiple recipient domains that resolve to the same MTA are sent to the server in separate sessions. |
domain |
|
Enter the maximum number of concurrent SMTP connections that FortiMail can accept from the STMP clients. |
Platform dependent |
|
Enter the maximum number of hops that FortiMail can accept from the SMTP connections. Valid range is 1 to 200. |
30 |
|
Enable to allow your email clients to use SMTP for message submission on a separate TCP port number from deliveries or mail relay by MTAs. For details on message submission by email clients as distinct from SMTP used by MTAs, see RFC 2476. |
disable |
|
Enter the TCP port number on which the FortiMail unit listens for email clients to submit email for delivery. |
587 |
|
smtp-mtasts-status {check-all-domain | check-external-domain | disable} |
Enable MTA Strict Transport Security (MTA-STS) domain checking:
|
disable |
Enter the port number on which the FortiMail unit’s SMTP server will listen for SMTP connections. |
25 |
|
Enable to allow SMTP service. |
disable |
|
Enter the port number on which the FortiMail unit’s built-in MTA listens for secure SMTP connections. |
465 |
|
Enable to allow SSL- and TLS-secured connections from SMTP clients that request SSL/TLS. When disabled, SMTP connections with the FortiMail unit’s built-in MTA must occur as clear text, unencrypted. |
disable |
|
Enter the maximum amount of time to wait, after the FortiMail unit initiates it, for the receiving SMTP server to establish the network connection. The valid range is 10 to 120. Note: This timeout applies to all SMTP connections, regardless of whether it is the first connection to that SMTP server or not. |
30 |
|
Enter the maximum amount of time to wait for an SMTP server to send SMTP reply code 220 to the FortiMail unit. The valid range is 10 to 360. Note: RFC 2821 recommends a timeout value of 5 minutes (300 seconds). For performance reasons, you may prefer to have a smaller timeout value, which reduces the amount of time spent waiting for sluggish SMTP servers. However, if this causes your FortiMail unit to be unable to successfully initiate an SMTP session with some SMTP servers, consider increasing the timeout. |
30 |