Fortinet white logo
Fortinet white logo

Administration Guide

Configure FortiMail to integrate with FortiSandbox BCC Adapter

Configure FortiMail to integrate with FortiSandbox BCC Adapter

FortiSandbox has a BCC adapter to receive and scan forwarded emails from upstream MTA servers. FortiSandbox extracts attachment files and URLs from the email body and sends them to the job queue.

note icon

This feature is for information only, like sniffer mode. It will not block any email.

To configure the FortiSandbox:
  1. Enable the BCC adapter:
    1. Go to Scan Input > Adapter in the navigation tree.
    2. Select BCC and click Edit in the toolbar. The BCC adapter is disabled by default.
    3. Enable the BCC adapter.
    4. Enable Parse URL to allow the FortiSandbox to extract the first three URLs in an email.
    5. Enter the SMTP port that the FortiSandbox listens on to receive emails. The default port is 25.
    6. Select the interface that the FortiSandbox listens on. The default is port1.
    7. Click Apply.
  2. Enable file submission from the BCC adapter to create log events:
    1. Go to Scan Policy > General.
    2. Under Enable log event of file submission, select BCC Adapter.
    3. Click OK.
  3. View BCC adapter debug logs in run time, execute the following CLI command:

    diagnose-debug adapter_bcc

    For more information about the diagnose-debug command, see the FortiSandbox CLI Reference.

To configure the upstream MTA (in this case a FortiMail device):
  1. Go to Profile > AntiSpam and create a new AntiSpam profile:
    1. Enable Apply default action without scan upon policy match.
    2. Configure BCC as the default action.
    3. Edit the default action: enable BCC, and add a BCC address, such as fortimail207@fsabcctest.com.

  2. Go to Policy > Recipient Policy:
    1. Select the domain for forwarding emails to the FortiSandbox, and apply the new AntiSpam profile.
    2. Add a new inbound policy, select the domain for forwarding emails to the FortiSandbox, and apply the new AntiSpam profile.

    3. Add a new outbound policy, select the domain for forwarding emails to the FortiSandbox, and apply the new AntiSpam profile.

  3. Go to Policy > Access Control:
    1. On the Delivery tab, add a TLS policy with a recipient pattern matching the previously added BCC address (in this example: *@fsabcctest.com).
    2. Set TLS Profile as none or Preferred.

  4. For the DNS server that your upstream mail server is accessing, add an MX record for the BCC email domain to resolve the FortiSandbox device's IP address. In the above example, the email domain is fsabcctest.com and the IP address is that of the port that is receiving the email.

Configure FortiMail to integrate with FortiSandbox BCC Adapter

Configure FortiMail to integrate with FortiSandbox BCC Adapter

FortiSandbox has a BCC adapter to receive and scan forwarded emails from upstream MTA servers. FortiSandbox extracts attachment files and URLs from the email body and sends them to the job queue.

note icon

This feature is for information only, like sniffer mode. It will not block any email.

To configure the FortiSandbox:
  1. Enable the BCC adapter:
    1. Go to Scan Input > Adapter in the navigation tree.
    2. Select BCC and click Edit in the toolbar. The BCC adapter is disabled by default.
    3. Enable the BCC adapter.
    4. Enable Parse URL to allow the FortiSandbox to extract the first three URLs in an email.
    5. Enter the SMTP port that the FortiSandbox listens on to receive emails. The default port is 25.
    6. Select the interface that the FortiSandbox listens on. The default is port1.
    7. Click Apply.
  2. Enable file submission from the BCC adapter to create log events:
    1. Go to Scan Policy > General.
    2. Under Enable log event of file submission, select BCC Adapter.
    3. Click OK.
  3. View BCC adapter debug logs in run time, execute the following CLI command:

    diagnose-debug adapter_bcc

    For more information about the diagnose-debug command, see the FortiSandbox CLI Reference.

To configure the upstream MTA (in this case a FortiMail device):
  1. Go to Profile > AntiSpam and create a new AntiSpam profile:
    1. Enable Apply default action without scan upon policy match.
    2. Configure BCC as the default action.
    3. Edit the default action: enable BCC, and add a BCC address, such as fortimail207@fsabcctest.com.

  2. Go to Policy > Recipient Policy:
    1. Select the domain for forwarding emails to the FortiSandbox, and apply the new AntiSpam profile.
    2. Add a new inbound policy, select the domain for forwarding emails to the FortiSandbox, and apply the new AntiSpam profile.

    3. Add a new outbound policy, select the domain for forwarding emails to the FortiSandbox, and apply the new AntiSpam profile.

  3. Go to Policy > Access Control:
    1. On the Delivery tab, add a TLS policy with a recipient pattern matching the previously added BCC address (in this example: *@fsabcctest.com).
    2. Set TLS Profile as none or Preferred.

  4. For the DNS server that your upstream mail server is accessing, add an MX record for the BCC email domain to resolve the FortiSandbox device's IP address. In the above example, the email domain is fsabcctest.com and the IP address is that of the port that is receiving the email.