Configuring the system quarantine administrator account and disk quota

The System Quarantine Setting tab lets you configure system quarantine quota and rotation. It also lets you configure a system quarantine administrator account exclusively for the purpose of managing the system-wide quarantine, which cannot be managed by individual email users through their quarantine reports.

Like other FortiMail administrators, the system quarantine administrator can log in to the web UI, but can access only the system quarantine. In this way, you can assign the periodic review of the system quarantine to someone else without allowing that person full administrative access to all FortiMail unit settings.

The system quarantine administrator can also view the system quarantine using a IMAP email client. To do this, configure the email client with the IP address of the FortiMail unit as the IMAP server, using the system quarantine administrator account name and password.

The system quarantine user cannot view the system quarantine using a POP3 email client because the system quarantine folder rotates and generates multiple folders. The POP3 email client can only access one of the folders, while IMAP could access all folders.

The system quarantine user cannot view the system quarantine using the webmail. However, you can create an administrator with “quarantine” role to access system quarantine.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read or Read-Write permission to the Quarantine

For details, see “About administrator account permissions and domains” on page 290.

To configure the system quarantine account and quotas

1. Go to AntiSpam > Quarantine > System Quarantine Setting.

Figure 268:System Quarantine Setting tab

2. Configure the following:

GUI item	Description
Account	Enter the user name of the system quarantine administrator account. This is the same user name that this person will use to log in to the web UI in order to manage the system quarantine.
Password	Enter the password for the system quarantine administrator account.
Forward to	Enter an email address to which the FortiMail unit will forward a copy of each email that is quarantined to the system quarantine.
Mailbox rotation size	Enter the maximum size of the current system quarantine mailbox (Inbox). When the mailbox reaches this size, the FortiMail unit renames the current mailbox based on its creation date and rename date, and creates a new Inbox mailbox. Alternatively or additionally configure Mailbox rotation time. For more information, see “Mailbox” on page 190.
Mailbox rotation time	Enter the maximum amount of time that the current system quarantine mailbox (Inbox) will be used. When the mailbox reaches this time, the FortiMail unit renames the current mailbox based on its creation date and rename date, and creates a new Inbox mailbox. Alternatively or additionally configure Mailbox rotation size. For more information, see “Mailbox” on page 190.
Disk quota	Enter the maximum amount of disk space the system quarantine will be permitted to use, including rotated folders. Maximum configurable disk quota depends on the amount of available disk space. Note: Before v4.0 MR3 Patch 3 release, the disk quota setting applies to both the FortiMail local hard disk and the NAS server (for information about configuring NAS storage, see “Selecting the mail data storage location” on page 376). Starting from v4.0 MR3 Patch 3 release, this setting only applies to the FortiMail local disk. The default disk quota for a NAS server is 1 TB.

Quarantine             Select the action that the FortiMail unit will take when the system options when disk quarantine has consumed its disk quota, either: quota is full

• Overwrite: Discard the oldest email messages in the system quarantine in order to use the disk space to quarantine new email messages.
• Do not quarantine: Discard and do not save quarantine email messages.

Configuring the quarantine control accounts

Go to AntiSpam > Quarantine > Control Account to configure quarantine control email addresses.

Email users can remotely release or delete email messages in their per-recipient quarantine by sending email to quarantine control email addresses.

For example, if Release User is release-ctrl and the local domain name of the FortiMail unit is example.com, an email user could release an email message from their per-recipient quarantine by sending an email to release-ctrl@example.com.For more information on releasing and deleting quarantined items through email, see “Releasing and deleting email via quarantine reports” on page 609.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read or Read-Write permission to the Quarantine

For details, see “About administrator account permissions and domains” on page 290.

To configure the quarantine-release and delete-email addresses

1. Go to AntiSpam > Quarantine > Control Account.

Figure 269:Configuring the quarantine control accounts

2. For Release user, enter the user name portion (also known as the local-part) of the email address on the FortiMail unit that will receive quarantine release commands; for example: such as release-ctrl.
3. For Delete user, enter the user name portion (also known as the local-part) of the email address on the FortiMail unit that will receive quarantine delete commands; such as delete-ctrl.

If you have more than one FortiMail unit (such as with HA-config high availability or load balancing), the release user and delete user names and must be unique on each FortiMail unit; that is, not duplicated on another FortiMail unit.

4. Click Apply.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!