Configuring Mail Settings

Configuring SMTP relay hosts

Configure one or more SMTP relays, if needed, to which the FortiMail unit will relay outgoing email. This is typically provided by your Internet service provider (ISP), but could be mail relays on your internal network.

When you configure mail server settings (“Configuring outgoing email options” on page 371), you can specify to use a relay host for outgoing email.

If the SMTP relay’s domain name resolves to more than one IP address, for each SMTP session, the FortiMail unit will randomly select one of the IP addresses from the result of the DNS query, effectively load balancing between the SMTP relays.

If you do not configure a relay, for outgoing email delivered by the built-in MTA, the FortiMail unit will instead query the DNS server for the MX record of the mail domain in the recipient’s email address (RCPT TO:), and relay the email directly to that mail gateway. For details, see “When FortiMail uses the proxies instead of the built-in MTA” on page 415.

Server relay is ignored if the FortiMail unit is operating in transparent mode, and “Use client-specified SMTP server to send email” on page 422 (for outgoing connections) or “Use this domain’s SMTP server to deliver the mail” on page 389 (for incoming connections containing outgoing email messages) is enabled.

To configure STMP relays

  1. Go to Mail Settings > Settings > Relay Host List. You can configure a maximum of 5 relays.
  2. Click New.
  3. Configure the following:

GUI item               Description

Name                  Enter a descriptive name for this relay host.

Host name/IP      Enter the domain name or IP address of an SMTP relay.

Port                  Enter the TCP port number on which the SMTP relay listens.

This is typically provided by your Internet service provider (ISP).

GUI item Description
Use SMTPS Enable to initiate SSL- and TLS-secured connections to the SMTP relay if it supports SSL/TLS.

When disabled, SMTP connections from the FortiMail unit’s built-in MTA or proxy to the relay will occur as clear text, unencrypted.

This option must be enabled to initiate SMTPS connections.

Authentication Required If the relay server requires use of the SMTP AUTH command, enable this option, click the arrow to expand the section and configure:

•      User name: Enter the name of the FortiMail unit’s account on the SMTP relay.

•      Password: Enter the password for the FortiMail unit’s user name.

•      Authentication type: Available SMTP authentication types include: • AUTO (automatically detect and use the most secure SMTP authentication type supported by the relay server) • PLAIN (provides an unencrypted, scrambled password)

•      LOGIN (provides an unencrypted, scrambled password)

•      DIGEST-MD5 (provides an encrypted hash of the password)

•      CRAM-MD5 (provides an encrypted hash of the password, with hash replay prevention, combined with a challenge and response mechanism)

Configuring global disclaimers

The Mail Settings > Settings > Disclaimer tab lets you configure system-wide disclaimer messages.A disclaimer message is text that is generally attached to email to warn the recipient that the email contents may be confidential.

Disclaimers can be appended to both incoming and outgoing email. For an explanation of directionality, see “Incoming versus outgoing email messages” on page 454.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To configure disclaimer messages

  1. Go to Mail Settings > Settings > Disclaimer.
  2. Configure the following:

GUI item                                   Description

Allow per-domain settings Enable to allow protected domains to select from either the system-wide disclaimer messages, configured below, or their own separate disclaimer messages.

Disable to require that all protected domains use the system-wide disclaimer messages.

If this option is disabled, domain-specific disclaimers cannot be configured. For information on configuring disclaimer messages specific to a protected domain, see “Disclaimer for a domain” on page 398.

For incoming messages  
Disclaimer in incoming message header Enable to append a disclaimer message to the message header of incoming messages, then enter the disclaimer message. The maximum length is 256 characters.
Disclaimer in incoming message body Enable to append a disclaimer message to the message body of incoming messages, then enter the disclaimer message. The maximum length is 1024 characters.
For outgoing messages  
Disclaimer in outgoing message header Enable to append a disclaimer message to the message header of outgoing messages, then enter the disclaimer message. The maximum length is 256 characters.
Disclaimer in outgoing message body Enable to append a disclaimer message to the message body of outgoing messages, then enter the disclaimer message. The maximum length is 1024 characters.
Enable disclaimer exclusion list If you do not want to insert disclaimers to the email messages from certain senders or to certain recipients, you can enable this option. For details about disclaimer exclusion list, see “Configuring disclaimer exclusion list” on page 375.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

6 thoughts on “Configuring Mail Settings

  1. Viorel

    Hi,
    Do you think I could use fortimail in server mode integrated with office 365?
    Can i use this setup to be able to create email accounts in office 365 and some emails in fortimail?
    In my case I have like 140 permanent users and 30-40 users let say “temporar users”(3-4 months/year). For them I want to create emails accounts in fortimail.
    Ex: someone@testdomain.com is an office365 account, and someone2@testdomain.com to be an fortimail account.
    When an email is received I want to be able to be redirected where it belongs. If an email created in office 365 to be redirected there, if was created in fortimail should be redirected to fortimail.

    Is possible this setup?
    Thank you

    Reply
    1. Mike Post author

      I have only ever deployed a FortiMail for Office 365 utilizing Gateway mode. I’m not sure, off hand, how one would make it work in server mode.

      Reply
  2. Danny

    I have several associated domains in Fortimail, mainly for ease of administration. We currently have DKIM and SPF set up for O365 outbound mail but I’d like to start using Fortimail for outbound filtering. Will Fortimail just transparently relay the mail leaving the DKIM signature and SPF IP address unaltered and valid? Or will it strip them requiring me to use Fortimail for DKIM and its IP address in our SPF record? DKIM is so easy to set up in O365 so I would hate to have to redo it and split all our associated domains into dedicated domains.

    Reply
  3. Murat

    Hi we Have created a user in migrated user and start to migrate mailbox from exchange after couple of minutes give connection error. We sniff on cli and get an error code 500.5.3.3 can you find whats problem thanks

    Reply
  4. Conver Zafra

    I have configured the LDAP in my Outlook 2010. Is there a way to automatically sync the LDAP contacts to my local Outlook contact list, so i can search contacts even when i am offline?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.