Fortinet black logo

Administration Guide

Configure MTA adapter

Copy Link
Copy Doc ID 4f5a6250-a945-11ec-9fd1-fa163e15d75b:877925
Download PDF

Configure MTA adapter

The MTA adapter requires a contract.

To configure the MTA adapter:
  1. Go to Security Fabric > Adapter.
  2. Select the MTA adapter and click Edit.
  3. Enable the adapter.

  4. Configure the following settings and then click Apply.

    URL number to extract from email body

    Maximum number of URLs to be extracted from one email body.

    Tag For Suspicious/Malicious Mails

    If the email scan result is malicious or suspicious, this text is prefixed to the email subject line. The next hop email server can act accordingly.

    Email Scan Timeout (Minutes)

    Maximum time FortiSandbox waits for scan result. If there is no result after timeout, the email is released to recipient.

    Message Size Limit (mb)

    Maximum size of email to accept to scan.

    Disk Usage Upper Limit(%)

    Maximum percentage disk space used before MTA stops scanning emails and only routes emails.

    Relay Emails for Domain Names

    Domain names of email server to be relayed from this FortiSandbox. When FortiSandbox receives these emails and finishes scan, FortiSandbox relays these emails if they are clean, or quarantines them if malicious.

    Note

    If you change or a remove a domain, the emails submitted to that domain before they are relayed will be lost.

    Next Hop Mail Server Name

    IP address or domain name of email server to relay to for relayed emails.

    Local Interface

    Select the local interface.

    Local SMTP Port

    Specify the local SMTP port.

    Quarantine emails whose content has the following ratings

    Select the ratings of emails to quarantine.

    Send alert email to receivers when email is quarantined

    When email is quarantined, send alert email as configured.

    Email Sender

    The From field of alert email sent.

    Email Subject

    Email subject line of alert email sent.

    Email Content Template

    Text in alert email body.

To process quarantined emails:
  1. Go to Security Fabric > Adapter.

    If there are malicious and suspicious emails, the number of quarantined emails is displayed beside the MTA adapter name.

  2. Click the Quarantined link to display the list of quarantined emails.

    • To view job details, click the View Details icon.
    • To download the job files as a zip file, click the Download Email File icon.
    • To preview the original email, click the Preview Email icon.
    • To release the quarantined email to recipient, select the emails and click the Release Email icon.
    • To delete the quarantined email, select the emails and click the Delete Email icon.

Using MTA in HA-Cluster

In HA-Cluster, the MTA adapter is only available in the primary node.

Configuration is the same as on a standalone device. When the primary node receives MTA jobs, depending on workload and VM association, it distributes the jobs to itself or worker nodes.

Note

In a cluster, configure the Local Interface to the interface of the cluster IP address so that the secondary can take over the configuration in a failover.

To view jobs in a cluster, go to HA-Cluster > Job Summary.

To view logs in the primary node, go to Log & Report > Events > Job Events.

To view logs in a worker node, go to Log & Report > Events > All Events.

Configure MTA adapter

The MTA adapter requires a contract.

To configure the MTA adapter:
  1. Go to Security Fabric > Adapter.
  2. Select the MTA adapter and click Edit.
  3. Enable the adapter.

  4. Configure the following settings and then click Apply.

    URL number to extract from email body

    Maximum number of URLs to be extracted from one email body.

    Tag For Suspicious/Malicious Mails

    If the email scan result is malicious or suspicious, this text is prefixed to the email subject line. The next hop email server can act accordingly.

    Email Scan Timeout (Minutes)

    Maximum time FortiSandbox waits for scan result. If there is no result after timeout, the email is released to recipient.

    Message Size Limit (mb)

    Maximum size of email to accept to scan.

    Disk Usage Upper Limit(%)

    Maximum percentage disk space used before MTA stops scanning emails and only routes emails.

    Relay Emails for Domain Names

    Domain names of email server to be relayed from this FortiSandbox. When FortiSandbox receives these emails and finishes scan, FortiSandbox relays these emails if they are clean, or quarantines them if malicious.

    Note

    If you change or a remove a domain, the emails submitted to that domain before they are relayed will be lost.

    Next Hop Mail Server Name

    IP address or domain name of email server to relay to for relayed emails.

    Local Interface

    Select the local interface.

    Local SMTP Port

    Specify the local SMTP port.

    Quarantine emails whose content has the following ratings

    Select the ratings of emails to quarantine.

    Send alert email to receivers when email is quarantined

    When email is quarantined, send alert email as configured.

    Email Sender

    The From field of alert email sent.

    Email Subject

    Email subject line of alert email sent.

    Email Content Template

    Text in alert email body.

To process quarantined emails:
  1. Go to Security Fabric > Adapter.

    If there are malicious and suspicious emails, the number of quarantined emails is displayed beside the MTA adapter name.

  2. Click the Quarantined link to display the list of quarantined emails.

    • To view job details, click the View Details icon.
    • To download the job files as a zip file, click the Download Email File icon.
    • To preview the original email, click the Preview Email icon.
    • To release the quarantined email to recipient, select the emails and click the Release Email icon.
    • To delete the quarantined email, select the emails and click the Delete Email icon.

Using MTA in HA-Cluster

In HA-Cluster, the MTA adapter is only available in the primary node.

Configuration is the same as on a standalone device. When the primary node receives MTA jobs, depending on workload and VM association, it distributes the jobs to itself or worker nodes.

Note

In a cluster, configure the Local Interface to the interface of the cluster IP address so that the secondary can take over the configuration in a failover.

To view jobs in a cluster, go to HA-Cluster > Job Summary.

To view logs in the primary node, go to Log & Report > Events > Job Events.

To view logs in a worker node, go to Log & Report > Events > All Events.