Category Archives: FortiMail

FortiMail Open Ports

FortiMail Open Ports

FortiMail Open Ports

Incoming Ports

Purpose

Protocol/Port
Email Client Quarantine View/Retrieve TCP/80 or TCP/443 or TCP/110
SMTP or SMTPS TCP/25 or TCP/465
POP3 or POP3S TCP/110 or TCP/995 (server mode only)
IMAP or IMAPS TCP/143 or TCP/993 (server mode only)
FortiManager Config/Firmware Push TCP/22
SNMP Poll TCP/161
FortiGuard AV Push UDP/9443
External Email Server SMTP or SMTPS TCP/25 or 465
Protected Email Server SMTP or SMTPS TCP/25 or 465
Outgoing Ports

Purpose

Protocol/Port
FortiAnalyzer Syslog UDP/514
FortiManager Reg, Config Backup, Config/Firmware

Pull

TCP/443
SNMP Traps UDP/162
FortiGuard AS Rating UDP/53
AV/AS Update TCP/443
External

Email Server

SMTP or SMTPS TCP/25 or TCP/465
Protected Email Server SMTP or SMTPS TCP/25 or TCP/465
POP3 Auth TCP/110
IMAP Auth TCP/143

FortiMail Open Ports

Outgoing Ports

Purpose

Protocol/Port
Others Dyn DNS TCP/80 etc.
DNS, RBL UDP/53
NTP UDP/123
Alert Email TCP/25
LDAP or LDAPS TCP/389 or TCP/636
RADIUS Auth TCP/1812
NAS TCP/21, TCP/22, TCP/2049

Note that FortiMail uses the following URLs to access the FortiGuard Distribution Network (FDN):

  • fortiguard.net l service.fortiguard.net l support.fortinet.com

Furthermore, FortiMail performs these queries and updates listed below using the following ports and protocols:

  • FortiGuard Antispam rating queries: UDP 53, 8888, 8889 l FortiGuard AntiVirus Push updates: UDP 9443 l FortiGuard Antispam or AntiVirus updates: TCP 443

Can Greylisting be used in an active-active High availability FortiMail enviroment

Received the below question regarding Greylisting in an Active – Active HA environment. The answer is below as well!
Can Greylisting be used in an active/active High availability enviroment (with 2 mx records pointing to 2 fortimails)?
 
I mean:
When an email comes and gets greylisted by fortimail#1, if the second attempt  comes to the other fortimail (fortimail#2)
what happens? It will be graylisted again?
 
So we have this scenarios:
 
Hope 1)        mail comes,                        gets greylisted                  FM1       mx1       –
Hope 2)        mail comes again,            is cleared                             FM1       mx1       –
Hope 3)        mail passes
 
 
Hope 1)        mail comes,                        gets greylisted                  FM1       mx1       –
Hope 2)        mail comes again,            gets greylisted                  FM2       mx2       –
Hope 3)        mail comes again,            is cleared                             FM1       mx1       –              or FM2                  mx2
 
What will haped in scenario 2 ?  
Will email be delivered always?
 
 
What will happen if we have 3 or 4 or more fortimails?
 
Hope 1)        mail comes,                        gets greylisted                  FM1       mx1       –
Hope 2)        mail comes again,            gets greylisted                  FM2       mx2       –
Hope 3)        mail comes again,            gets greylisted                  FM3       mx3       –
Hope 4)        mail comes again,            gets greylisted                  FM4       mx4       –
 
Sender gives up????
My response is as follows:
No, it is not recommended to use grey listing in active/active deployments.  Grey listing data is not shared, at this time.
Sucks, hopefully they will make it available in future versions of the FortiMail FortiOS

Setup for Email Users

Setup for email users

This section contains information that you may need to inform or assist your email users so that they can use FortiMail features.

This information is not the same as what is included in the help for FortiMail webmail. It is included in the Administration Guide because:

  • Email users may require some setup before they can access the help for FortiMail webmail.
  • Some information may be too technical for some email users.
  • Email users may not be aware that their email has been scanned by a FortiMail unit, much less where to get documentation for it.
  • Email users may not know which operation mode you have configured.
  • Email users may be confused if they try to access a feature, but you have not enabled it (such as Bayesian scanning or their personal quarantine).
  • You may need to tailor some information to your network or email users.

This section includes:

  • Training Bayesian databases
  • Managing tagged spam
  • Accessing the personal quarantine and webmail
  • Sending email from an email client (gateway and transparent mode)

Training Bayesian databases

Bayesian scanning can be used by antispam profiles to filter email for spam. In order to be accurate, the Bayesian databases that are at the core of this scan must be trained. This is especially important when the databases are empty.

Administrators can provide initial training. For details, see “Training the Bayesian databases” on page 645. If you have enabled it (see “Configuring the Bayesian training control accounts” on page 654 and “Accept training messages from users” on page 511), email users can also contribute to training the Bayesian databases.

To help to improve the accuracy of the database, email users selectively forward email to the FortiMail unit. These email are used as models of what is or is not spam. When it has seen enough examples to become more accurate at catching spam, a Bayesian database is said to be well-trained.

For example, if the local domain is example.com, and the Bayesian control email addresses are the default ones, an administrator might provide the following instructions to his or her email users.

Page 719

To train your antispam filters

  1. Initially, forward a sample set of spam and non-spam messages.
    • If you have collected spam, such as in a junk mail folder, and want to train your personal antispam filters, forward them to learn-is-spam@example.com from your email account. Similar email will be recognized as spam.
    • If you have collected non-spam email, such as your inbox or archives, and want to train your personal spam filters, forward them to learn-is-not-spam@example.com from your email account. Similar email will be recognized as legitimate email.
  2. On an ongoing basis, to fine-tune your antispam filters, forward any corrections — spam that was mistaken for legitimate email, or email that was mistaken for spam.
    • Forward undetected spam to is-spam@example.com from your email account.
    • Forward legitimate email that was mistaken for spam to is-not-spam@example.com from your email account.
    • If you belong to an alias and receive spam that was sent to the alias address, forward it to is-spam@example.com to train the alias’s database. Remember to enter the alias, instead of your own email address, in the From:

This helps your antispam filters to properly distinguish similar email/spam in the future.

Managing tagged spam

Instead of detaining an email in the system or personal quarantine, the administrator can configure the FortiMail unit to tag the subject line or header of an email that is detected as spam. For details, see “Configuring antispam action profiles” on page 516.

Once spam is tagged, the administrator notifies email users of the text that comprises the tag. Email users can then set up a rule-based folder in their email clients to automatically collect the spam based on tags.

For example, if spam subject lines are tagged with “SPAM”, email users can make a spam folder in their email client, then make filter rules in their email clients to redirect all email with this tag from their inbox into the spam folder.

Methods to create mailbox folders and filter rules vary by email client. For instructions, see your email client’s documentation.

Troubleshooting

Troubleshooting

This section provides guidelines to help you determine why your FortiMail unit is behaving unexpectedly. It includes general troubleshooting methods and specific troubleshooting tips using both the command line interface (CLI) and the web UI. Each troubleshooting item describes both the problem and the solution.

Some CLI commands provide troubleshooting information not available through the web UI. The web UI is better suited for viewing large amounts of information on screen, reading logs and archives, and viewing status through the dashboard.

For late-breaking troubleshooting information, see the Fortinet Knowledge Base.

For additional information, see “Best practices and fine tuning” on page 697.

This section contains the following topics:

  • Establish a system baseline
  • Define the problem
  • Search for a known solution
  • Create a troubleshooting plan
  • Gather system information
  • Troubleshoot hardware issues
  • Troubleshoot GUI and CLI connection issues
  • Troubleshoot FortiGuard connection issues
  • Troubleshoot MTA issues
  • Troubleshoot antispam issues
  • Troubleshoot HA issues
  • Troubleshoot resource issues
  • Troubleshoot bootup issues
  • Troubleshoot installation issues
  • Contact Fortinet customer support for assistance

Best Practices and Fine Tuning

Best practices and fine tuning

This section is a collection of guidelines to ensure the most secure and reliable operation of FortiMail units.

These same guidelines can be found alongside their related setting throughout this

Administration Guide. To provide a convenient checklist, these guidelines are also listed here.

This section includes:

  • Network topology tuning
  • Network topology tuning
  • System security tuning
  • High availability (HA) tuning
  • SMTP connectivity tuning
  • Antispam tuning
  • Policy tuning
  • System maintenance tips
  • Performance tuning

Installing Firmware

Installing firmware

Fortinet periodically releases FortiMail firmware updates to include enhancements and address issues. After you have registered your FortiMail unit, FortiMail firmware is available for download at http://support.fortinet.com.

Installing new firmware can overwrite antivirus and antispam packages using the versions of the packages that were current at the time that the firmware image was built. To avoid repeat updates, update the firmware before updating your FortiGuard packages.

New firmware can also introduce new features which you must configure for the first time.

For information specific to the firmware release version, see the Release Notes available with that release.

In addition to major releases that contain new features, Fortinet releases patch releases that resolve specific issues without containing new features and/or changes to existing features. It is recommended to download and install patch releases as soon as they are available.

Before you can download firmware updates for your FortiMail unit, you must first register your FortiMail unit with Fortinet Technical Support. For details, go to http://support.fortinet.com/ or contact Fortinet Technical Support.

This section includes:

  • Testing firmware before installing it
  • Installing firmware
  • Clean installing firmware

Logs, Reports, and Alerts

Logs, reports and alerts

The Log and Report menu lets you configure logging, reports, and alert email.

FortiMail units provide extensive logging capabilities for virus incidents, spam incidents and system events. Detailed log information and reports provide analysis of network activity to help you identify security issues and reduce network misuse and abuse.

Logs are useful when diagnosing problems or when you want to track actions the FortiMail unit performs as it receives and processes traffic.

This section includes:

  • About FortiMail logging
  • Configuring logging
  • Configuring report profiles and generating reports
  • Configuring alert email
  • Viewing log messages
  • Viewing generated reports

About FortiMail logging

FortiMail units can log many different email activities and traffic including:

  • system-related events, such as system restarts and HA activity
  • virus detections
  • spam filtering results
  • POP3, SMTP, IMAP and webmail events

You can select which severity level an activity or event must meet in order to be recorded in the logs. For more information, see “Log message severity levels” on page 668.

A FortiMail unit can save log messages to its hard disk or a remote location, such as a Syslog server or a Fortinet FortiAnalyzer unit. For more information, see “Configuring logging” on page 671. It can also use log messages as the basis for reports. For more information, see “Configuring report profiles and generating reports” on page 676.

Accessing FortiMail log messages

There are several ways you can access FortiMail log messages:

  • On the FortiMail web UI, you can view log messages by going to Monitor > Log. For details, see the FortiMail Administration Guide.
  • On the FortiMail web UI, under Monitor > Log, you can download log messages to your local PC and view them later.
  • You can send log messages to a FortiAnalyzer unit by going to Log and Report > Log Settings > Remote Log Settings and view them on FortiAnalyzer.
  • You can send log messages to any Syslog server by going to Log and Report > Log Settings > Remote Log Settings.

Archiving Email

Archiving email

You can archive email messages according to various criteria and reasons. For example, you may want to archive email sent by certain senders or email contains certain words.

This section contains the following topics:

  • Email archiving workflow
  • Configuring email archiving accounts
  • Configuring email archiving policies
  • Configuring email archiving exemptions

Email archiving workflow

To use the email archiving feature, you must do the following:

  1. Create email archive accounts to send archived email to. See “Configuring email archiving accounts” on page 656.

Starting from version 4.2, you can create multiple archive accounts and send different categories of email to different accounts. For the maximum number of archive accounts you can create, see “Appendix B: Maximum Values Matrix” on page 726.

  1. Create email archive policies or exemption policies to specify the archiving criteria. See “Configuring email archiving policies” on page 660 and “Configuring email archiving exemptions” on page 662. Or, when creating antispam action profiles and content action profiles, choose to archive email as one of the actions. See “Configuring antispam profiles and antispam action profiles” on page 503 and “Configuring content profiles and content action profiles” on page 526.
  2. Assign the administrator account access privilege to the email archive. See “Configuring administrator accounts and access profiles” on page 289.
  3. You can search or view the archived email as the FortiMail administrator. See “Managing archived email” on page 203. You can also access email archives remotely through IMAP. See “Configuring email archiving accounts” on page 656.

Configuring email archiving accounts

Before you can archive email, you need to set up and enable email archiving accounts, as described below. The archived emails will be stored in the archiving accounts. You can create multiple archive accounts and send different categories of email to different accounts. For the maximum number of archive accounts you can create, see “Appendix B: Maximum Values Matrix” on page 726.

When email is archived, you can view and manage the archived email messages. For more information, see “Managing archived email” on page 203. You can also access the email archive remotely through IMAP.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

Page 656

To enable and configure an email archive account

  1. Go to Email Archiving > Archive Accounts > Archive Accounts.

Figure 293:Managing email archive accounts

GUI item Description
Status Select to enable an email archiving account. Clear the check box to disable it.
Account Lists email archive accounts.
Index Type Indicates if archive indexing is in use and how much is indexed. Indexing speeds up content searches. The choices are:

•      None: email is not indexed.

•      Header: email headers are indexed.

•      Full: the entire message is indexed.

Storage Indicates the type of archive storage: Local or Remote.
(Green dot in column heading) Indicates whether the archive is currently referred to by an archive policy. If so, a red dot appears in this column and the entry cannot be deleted.
  1. Click New to create an account or double-click an account to modify it.

A multisection dialog appears.

Figure 294:Configuring email archive accounts

  1. Configure the following sections, and click Create.
    • “Configuring account settings”
    • “Configuring rotation settings”
    • “Configuring destination settings”