Configuring header manipulation options

This procedure is part of the session profile configuration process. For general procedures about how to configure a session profile, see “Configuring session profiles” on page 482.

1. Go to Profile > Session.
2. Click New to create a new session profile or double click on an existing profile to edit it.
3. Click the arrow to expand Header Manipulation.

Email processing software and hardware can add extra lines to the message header of each email message. When multiple lines are added, this can significantly increase the size of the email message. You can configure header manipulation settings to reduce the number of message headers.

Figure 205:Header manipulation

4. Configure the following:

GUI item	Description
Remove received header	Enable to remove all Received: message headers from email messages. You can alternatively remove this header on a per-domain basis. For details, see “Remove received header of outgoing email” on page 391.
Remove headers	Enable to remove other configured headers from email messages, then click Edit to configure which headers should be removed.

Configuring list options

This procedure is part of the session profile configuration process. For general procedures about how to configure a session profile, see “Configuring session profiles” on page 482.

1. Go to Profile > Session.
2. Click New to create a new session profile or double click on an existing profile to edit it.
3. Click the arrow to expand Lists.

Configure the sender and recipient black lists and white lists, if any, to sue with the session profile. Black and white lists are separate for each session profile, and apply only to traffic controlled by the IP-based policy to which the session profile is applied.

Email addresses in each black list or white list are arranged in alphabetical order. For more information on how blacklisted email addresses are handled, see “Order of execution of black lists and white lists” on page 614.

If you require regular expression support for whitelisting and blacklisting sender and recipient email addresses in the envelope, do not configure white and black lists in the session profile. Instead, configure access control rules and message delivery rules. For more information, see “Managing the address book (server mode only)” on page 402.

Use black and white lists with caution. They are simple and efficient tools for fighting spam and enhancing performance, but can also cause false positives and false negatives if not used carefully. For example, a white list entry of *.edu would allow all email from the .edu top level domain to bypass the FortiMail unit’s other antispam scans.

4. Configure the following:

GUI item	Description
Enable sender white list checking	Enable to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the white list in the SMTP sessions to which this profile is applied, then click Edit to define the whitelisted email addresses.
Enable sender black list checking	Enable to check the sender addresses in the email envelope (MAIL FROM:) and email header (From:) against the black list in the SMTP sessions to which this profile is applied, then click Edit to define the blacklisted email addresses.
Allow recipients on this list	Enable to check the recipient addresses in the email envelope (RCPT TO:) and email header (To:) against the white list in the SMTP sessions to which this profile is applied, then click Edit to define whitelisted email addresses.
Disallow recipients on this list	Enable to check the recipient addresses in the email envelope (RCPT TO:) and email header (To:) against the black list in the SMTP sessions to which this profile is applied, then click Edit to define blacklisted email addresses.

Configuring advanced MTA control settings

This procedure is part of the session profile configuration process. For general procedures about how to configure a session profile, see “Configuring session profiles” on page 482.

In addition to global MTA settings, you can configure the following MTA settings in a session profile. These session-specific MTA settings will overwrite the global settings configured elsewhere.

By default, this feature is hidden. To use this feature, you must enable it by using the following CLI command: config system global set mta-adv-ctrl-status enable

end

After this feature is enabled, the following options will appear in the session profile settings. In addition, four new tabs (Address Rewrite, Mail Routing, Access Control, and DSN) will also appear under Profile > Session.

Figure 206:Advance MTA control options in session profile

1. Go to Profile > Session.
2. Click New to create a new session profile or double click on an existing profile to edit it.
3. Click the arrow to expand Advanced Control.
4. Configure the following:

GUI item	Description
Email queue	Select which email queue to use for the matching sessions. For other general queue settings, see “Configuring mail queue setting” on page 370.
Rewrite sender address	Select a Address Rewrite profile to rewrite the sender address. Click New to create a new profile. For details about configuring Address Rewrite profiles, see “Configuring address rewrite profiles in the session profile” on page 502.
Rewrite recipient address	Select a Address Rewrite profile to rewrite the recipient address. Click New to create a new profile. For details about configuring Address Rewrite profiles, see “Configuring address rewrite profiles in the session profile” on page 502.
Mail routing	Select a mail routing profile or click New to create one. For details about creating mail routing profiles, see “Configuring mail routing profiles in a session profile” on page 502.
Access control	Select an access control profile or click New to create one. For details, see “Configuring access control profiles in a session profile” on page 502.
DSN	Select a DNS profile or click New to create one. For details, see “Configuring DSN profiles in a session profile” on page 503.
Remote logging	Select a remote logging profile or click New to create one. Note that the remote logging profiles used here are the same as the system-wide remote logging profiles. For details, see “Configuring logging to a Syslog server or FortiAnalyzer unit” on page 674.

Configuring address rewrite profiles in the session profile

If you enable the advanced MTA control feature in session profiles (see “Configuring advanced MTA control settings” on page 500), the Address Rewrite tab will appear.

To configure an address rewrite profile to be used in a session profile

1. Go to Profile > Session > Address Rewrite.
2. Click New.
3. Enter a profile name.
4. Click New to enter the address entries.
5. In the popup window, enter the original address and the address you want to rewrite to. If you want to keep the local part or the domain part of the original address, click Insert Variable to insert the variable for the local part or the domain part.
6. Click Create.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!