Configuring disclaimer exclusion list

In some cases, you may not want to insert disclaimers to some email messages. For example, you may not want to insert disclaimers to paging text or SMS text messages. To do this, you add the specific senders, sender domains, recipients, or recipients domains to the exclusion list, and when you configure the global disclaimer settings (see “Configuring global disclaimers” on page 374), you can enable the exclusion list.

To create a disclaimer exclusion list

1. Go to Mail Settings > Settings > Disclaimer Exclusion List.
2. Click New to create or new list or double click on an existing one to edit it.
3. Enter a sender pattern and/or recipient pattern. For example, for sender pattern, if you add *@example.com, all messages from example.com users will be exempted from disclaimer insertion.
4. Click Create.

Selecting the mail data storage location

The Mail Settings > Settings > Storage tab lets you configure local or remote storage of mail data such as the mail queues, email archives, email users’ mailboxes, quarantined email, and IBE encrypted email.

FortiMail units can store email either locally or remotely. FortiMail units support remote storage by a centralized quarantine, and/or by a network attached storage (NAS) server using the network file system (NFS) protocol.

NAS has the benefits of remote storage which include ease of backing up the mail data and more flexible storage limits. Additionally, you can still access the mail data on the NAS server if your FortiMail unit loses connectivity.

If the FortiMail unit is a member of an active-passive HA group, and the HA group stores mail data on a remote NAS server, disable mail data synchronization to prevent duplicate mail data traffic. For details, see “Configuring the HA mode and group” on page 319.

If you store the mail data on a remote NAS device, you cannot back up the data. You can only back up the mail data stored locally on the FortiMail hard disk. For information about backing up mail data, see “Configuring mailbox backups” on page 227.

Tested and Supported NFS servers

• Linux NAS (NFS v3/v4)
• Red Hat 5.5
• Fedora 16/17/18/19
• Ubuntu 11/12/13
• OpenSUSE 13.1
• FreeNAS
• Openfiler

Untested NFS servers

• Buffalo TeraStation
• Cisco Linksys NAS server

Non-Supported NFS Servers

• Windows 2003 R2 /Windows 2008 Service for NFS

If you do not need consolidated storage for the mail queue and email user inboxes, the larger

FortiMail models (FortiMail 1000D, 2000A, 2000B, VM04, 3000C, 3000D, VM08, 5001A, and 5002B) can act as a centralized quarantine server and IBE encrypted email storage server. If applicable to your model, the Receive quarantined messages from clients option and the Receive IBE messages from clients option appear on the Storage tab.

FortiMail 1000D, 2000A, 2000B, and VM04 model can host a maximum of 10 clients and FortiMail 3000C and above models can host up to 20 clients. Any FortiMail model can be a client.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read or Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To configure mail data storage

1. Go to Mail Settings > Settings > Storage.

Figure 154:Storage tab (FortiMail 2000A and above models)

2. Configure the following:

GUI item	Description
NAS section
Local	Select to store email on the FortiMail unit’s local disk or RAID.
NAS server	Select to store email on a remote network attached storage (NAS) server.
GUI item	Description
Test (button)	Click to verify the NAS server settings are correct and that the FortiMail unit can access that location. This button is available only when NAS server is selected.
Protocol	Select a type of the NAS server: •      NFS: To configure a network file system (NFS) server. For this option, enter the following information: Hostname/IP address: the IP address or fully qualified domain name (FQDN) of the NFS server. Port: the TCP port number on which the NFS server listens for connections. Directory: the directory path of the NFS export on the NAS server where the FortiMail unit will store email. •      iSCSI Server: To configure an Internet SCSI (Small Computer System Interface) server. For this option, enter the following information: Username: the user name of the FortiMail unit’s account on the iSCSI server. Password: the password of the FortiMail unit’s account on the iSCSI server. Hostname/IP address: the IP address or fully qualified domain name (FQDN) of the iSCSI server. Port: the TCP port number on which the iSCSI server listens for connections. Encryption key: the key that will be used to encrypt data stored on the iSCSI server. Valid key lengths are between 6 and 64 single-byte characters. iSCSI ID: the iSCSI identifier in the format expected by the iSCSI server, such as an iSCSI Qualified Name (IQN), Extended Unique Identifier (EUI), or T11 Network Address Authority (NAA). Status: When available it, indicates if the iSCSI share was successfully mounted on the FortiMail unit’s file system. This field appears only after you configure the iSCSI share and click Apply. Status may take some time to appear if the iSCSI server is slow to respond. If Not mounted appears, the iSCSI share was not successfully mounted. Verify that the iSCSI server is responding and the FortiMail unit has both read and write permissions on the iSCSI server.
Refresh (button)	This button appears when you configure an iSCSI server. Click it to update the information in the Status field.

Click here to These two links appear when you configure an iSCSI server and click format this    Apply. device

Click here to Click a link to initiate the described action (that is, format the device check file            or check its file system). A message appears saying the action is system on     being executed. Click OK to close the message and click Refresh to this device       see a Status update.

GUI item                     Description

Centralized Quarantine section

Disabled

Select to store the quarantines on the FortiMail unit’s local disk or RAID.

Receive quarantined messages from clients

Select to have this FortiMail unit act as a centralized quarantine server, then enter the IP addresses of all valid clients. This option is available on FortiMail 1000D and above models. For FortiMail 1000D, 2000A, 2000B, and VM04 models, you can enter a maximum of 10 IP addresses as clients. For FortiMail 3000C and above models, you can enter a maximum of 20 IP addresses. Other FortiMail units acting as clients send all their quarantined email to this FortiMail unit. This FortiMail unit only accepts a connection if the client’s IP address matches an IP address on the list of clients configured here.

Send         Select to have this FortiMail unit act as a centralized quarantine quarantined client. All quarantined email is saved on a centralized quarantine messages to server, if available. remote

When selected, enter the following information:

server

• Over SSL: Select to send quarantined messages over SSL.
• Name: Enter a name to identify this client to the quarantine server. This value must match the name of the client as it is configured on the quarantine server. Otherwise, the connection will fail.
• Host: Enter the IP address of the FortiMail unit that is acting as a centralized quarantine server.

Centralized IBE section
Disabled	Select to store IBE encrypted email on the FortiMail unit’s local disk or RAID.

GUI item                      Description Receive IBE Select to have this FortiMail unit act as a centralized IBE mail storage
messages from clients Send IBE	server, then enter the IP addresses of all valid clients which are the FortiMail units that are configured to send IBE messages to this unit. This option is available on FortiMail 1000D and above models. For FortiMail 1000D, 2000A, 2000B, and VM04 models, you can enter a maximum of 10 IP addresses as clients. For FortiMail 3000C and above models, you can enter a maximum of 20 IP addresses. Other FortiMail units acting as clients send all their IBE email to this FortiMail unit. This FortiMail unit will only accept a connection if the client’s IP address matches an IP address on the list of clients configured here. Note: The protected domains on the IBE mail server must match the domains on the clients. Otherwise the secure mail recipients cannot retrieve their secure email from the server. Select to have this FortiMail unit act as a centralized IBE storage
messages to client. All IBE email will be saved on the centralized IBE mail storage remote server, if available. server over When selected, enter the following information: SSL

• Name: Enter a name to identify this client to the centralized IBE mail storage server. This value must match the name of the client as it is configured on the centralized IBE mail storage server. Otherwise, the connection will fail.
• Host: Enter the IP address of the FortiMail unit that is acting as a centralized IBE mail storage server.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!