How to enable, configure, and use personal quarantines

In general, to use personal quarantines, you should complete the following:

1. Configure the host name and mail queue of the FortiMail unit. For details, see “Configuring mail server settings” on page 366.

If you want to specify an alternate FQDN that will be used only by web release/delete URLs in HTML-formatted quarantine reports, see “Web release host name/IP” on page 604. This FQDN should be globally resolvable.

2. Select the recipients, delivery schedule, and release methods of the quarantine report. For details, see “Configuring protected domains” on page 380 for quarantine report settings that are domain-specific, or “Configuring global quarantine report settings” on page 602 for quarantine report settings that are system-wide.
3. If email users will release/delete email from their quarantine by sending email, configure the user name portion (also known as the local-part) for the quarantine control email addresses. (The domain-part will be the local domain name of the FortiMail unit.) For details, see “Configuring the quarantine control accounts” on page 612.
4. For gateway mode or transparent mode, configure authentication profiles that will allow email users to authenticate when accessing their per-recipient quarantine. Alternatively, if email users require only HTTP/HTTPS access, you may configure PKI user accounts.

For server mode, configure the email user accounts. Email users can authenticate using this account to access their per-recipient quarantine.

For details, see “Workflow to enable and configure authentication of email users” on page 541.

You can allow unauthenticated HTTP/HTTPS access to the per-recipient quarantine during a limited period following the sending of the quarantine report. For details, see “Time limited access without authentication” on page 603 and “Expiry period” on page 604.

5. Enable quarantine reports in each email user’s preferences. Both FortiMail administrators and email users can do this. For details, see “Configuring user preferences” on page 428, or the online help for FortiMail webmail and per-recipient quarantines.
6. If the FortiMail unit is operating in server mode and you want to enable web release/delete, configure resource profiles in which “Webmail access” is enabled.
7. Enable the Personal quarantine and Send quarantine report option in incoming antispam and/or content profiles. If you want to allow email users to release and/or delete email from their quarantine by email or web release/delete, also enable Email release and Web release.

For details, see “Configuring antispam action profiles” on page 516 and/or “Configuring content action profiles” on page 535.

8. Select the antispam and/or content profiles in incoming recipient-based policies. If you configured a resource profile in step 6, also select the resource profile.

If the FortiMail unit is operating in gateway or transparent mode and you want to enable web release/delete, enable Allow quarantined email access through webmail in each incoming recipient-based policy.

For details, see “Controlling email based on recipient addresses” on page 468.

9. Either email users or FortiMail administrators can manage email in the per-recipient quarantines. For details, see “Managing the personal quarantines” on page 182 and “Releasing and deleting email via quarantine reports” on page 609.