Managing archived email

You can archive email according to criteria you specify. For details, see “Email archiving workflow” on page 656.

You can view and search archived email through the web UI. You can also download them, forward them to an email address, and use them to train the Bayesian databases.

For more information on Bayesian database training, see “Training the Bayesian databases” on page 645.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To view archived email

1. Go to Monitor > Archive > Archive Accounts.
2. Select the email archive account you want to view and click View. For details about email archive accounts, see “Configuring email archiving accounts” on page 656.
3. From the Archive Folder drop-down list, select Inbox to view the good mail mailboxes, or select Bulk to view the spam mailboxes.
4. Double-click the name of the email archive mailbox that you want to view.

A list of archived email appears.

Figure 79:Contents an archive mailbox

GUI item	Description
View (button)	To view the message, click its check box and click View. You can also view the message by double-clicking the message.
Send (button)	Select the check box of each email that you want to send to an email address as a mailbox (.mbox) file, then click this button.
Export (button)	Select the check box of email that you want to download and click Export to download a mailbox (.mbox) file or an archive (.tar.gz) file containing individual email (.eml) files.
Train Bayesian Database (button)	Mark the check box of each email message to use to train Bayesian databases then click this button. For more information, see “To train Bayesian databases with archived mail” on page 204.
Back (button)	Click to return to the list of archive mailboxes.

To train Bayesian databases with archived mail

1. Go to Monitor > Archive > Archive Accounts.
2. Select the email archive account you want to view and click View. For details about email archive accounts, see “Configuring email archiving accounts” on page 656.
3. From the Archive Folder drop-down list, select Inbox to view the good mail mailboxes, or select Bulk to view the spam mailboxes.
4. Double-click the name of the email archive mailbox that you want to use to train the Bayesian databases.
5. In the check box column, mark the check box of each email that you want to use to train the Bayesian databases. To use all messages for training, select the check box above the first message to mark the check boxes of all email on the current page.
6. Click Train Bayesian Database.

Figure 80: Training a Bayesian database using archived email

7. Select whether to use the messages as spam or non-spam (known as innocent messages) email.
8. Select the database you want to train: global, per-domain (group), or personal.
   • Global requires no further information.
   • For per-domain database training, select the domain.
   • For personal database training, select the domain in Group database, then select the name of the user.
9. Click Apply.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Viewing the endpoint reputation statuses

Go to Monitor > Endpoint Reputation > Auto Blacklist to view the current list of carrier end points (by their MSISDN, subscriber ID, or other identifier) that were caught by FortiMail for sending spam. For general procedures about how to configure endpoint reputation, see “Configuring endpoint reputation” on page 639.

If a carrier end point has attempted to deliver during the automatic blacklisting window a number of spam text messages that is greater than the automatic endpoint blacklisting threshold, FortiMail unit adds the carrier end point to the automatic endpoint black list for the duration configured in the session profile. While the carrier end point is on the automatic black list and it does not expire, all text messages or email messages from it will be rejected. For information on configuring the automatic black list window, see “Configuring the endpoint reputation score window” on page 643. For information on enabling the endpoint reputation scan and configuring the automatic black list threshold in a session profile, see “Configuring session profiles” on page 482.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read or Read-Write permission to the Black/White List category For details, see “About administrator account permissions and domains” on page 290.

To view the automatic endpoint reputation black list, go to Monitor > Endpoint Reputation > Auto Blacklist.

Figure 77:Viewing endpoint reputation scores

Table 18:Auto Blacklist tab

GUI item	Description
Move (button)	To move entries to the manual endpoint black list or white list, in the check box column, mark the check boxes of entries that you want to move, then click Move.
Search (button)	Click to filter the displayed entries. For more information, see “Filtering automatic endpoint black list entries” on page 202.
Endpoint ID	Lists the mobile subscriber IDSN (MSISDN), subscriber ID, login ID, or other unique identifier for the carrier end point.
Score	Lists the number of text messages or email messages that the FortiMail has detected as spam or infected from the MSISDN/subscriber ID during the automatic endpoint black list window.
Expire	Lists the time at which the automatic endpoint blacklisting entry expires and is removed from the list. N/A appears if the endpoint ID has not reached the threshold yet.

Filtering automatic endpoint black list entries

You can filter automatic endpoint black list entries that appear on the Auto Blacklist tab based on the MSISDN, subscriber ID, or other sender identifier.

To filter the endpoint black list entries

1. Go to Monitor > Endpoint Reputation > Auto Blacklist.
2. Click Search.

Figure 78:A dialog appears.Search Dialog

GUI item	Description
Field	Displays one option: Endpoint ID.
Operation	Select how to match the field’s contents, such as whether the row must contain the contents of Value.
Case Sensitive	Enable for case-sensitive filtering.
Value	Enter the identifier of the carrier end point, such as the subscriber ID or MSISDN, for the entry that you want to display. A blank field matches any value. Use an asterisk (*) to match multiple patterns, such as typing 46* to match 46701123456, 46701123457, and so forth. Regular expressions are not supported.

3. Click Search.

The Auto Blacklist tab appears again, but its contents are restricted to entries that match your filter criteria. To remove the filter criteria and display all entries, click the Auto Blacklist tab to refresh its view.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Viewing the sender reputation statuses

The FortiMail unit tracks SMTP client behavior to limit deliveries of those clients sending excessive spam messages, infected email, or messages to invalid recipients. Should clients continue delivering these types of messages, their connection attempts are temporarily or permanently rejected. Sender reputation is managed by the FortiMail unit and requires no administration.

Monitor > Sender Reputation > Display displays the sender reputation score for each SMTP client.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

For more information on enabling sender reputation and configuring the score thresholds, see “Configuring sender reputation options” on page 485.

To view the sender reputation scores, go to Monitor > Sender Reputation > Display.

Figure 75:Display tab

Table 17:Viewing the sender reputation statuses

GUI item	Description
Search (button)	Click to filter the displayed entries. For more information, see “Filtering sender reputation score entries” on page 199.
IP	The IP address of the SMTP client.
Score	The SMTP client’s current sender reputation score.
State	Lists the action that the sender reputation feature is currently performing for delivery attempts from the SMTP client. •    Score controlled: The action is determined by comparing the current Score value to the thresholds in the session profile.
Last Modified	Lists the time and date the sender reputation score was most recently modified.

Sender reputation is a predominantly automatic antispam feature, requiring little or no maintenance. For each connecting SMTP client (sometimes called a sender), the sender reputation feature records the sender IP address and the number of good email and bad email from the sender.

In this case, bad email is defined as:

• Spam
• Virus-infected
• Unknown recipients
• Invalid DKIM
• Failed SPF check

The sender reputation feature calculates the sender’s current reputation score using the ratio of good email to bad email. and performs an action based on that score.

The FortiMail unit calculates the sender reputation score using statistics up to 12 hours old, with more recent statistics influencing the score more than older statistics. The sender reputation score decreases (improves) as time passes where the sender has not sent spam. The score itself ranges from 0 to 100, with 0 representing a completely acceptable sender, and 100 being a totally unacceptable sender.

To determine which action the FortiMail unit will perform after it calculates the sender reputation score, the FortiMail unit compares the score to three score thresholds which you can configure in the session profile:

1. Throttle client at: For scores less than this threshold, senders are allowed to deliver email without restrictions. For scores greater than this threshold but less than the temporary fail threshold, senders are rate-limited in the number of email messages that they can deliver per hour, expressed as either an absolute number or as a percentage of the number sent during the previous hour. If a sender exceeds the limit and keeps sending email, the FortiMail unit will send temporary failure codes to the sender. See descriptions for Temporary fail in “Configuring sender reputation options” on page 485.
2. Temporarily fail: For scores greater than this threshold but less than the reject threshold, the FortiMail unit replies to senders with a temporary failure code, delaying delivery and requiring senders to retry later when their score is reduced.
3. Reject: For scores greater than this threshold, the FortiMail unit replies to senders with a rejection code.

If the SMTP client does not attempt any email deliveries for more than 12 hours, the SMTP client’s sender reputation entry is deleted, and a subsequent delivery attempt is regarded as a new SMTP client by the sender reputation feature.

Filtering sender reputation score entries

You can filter sender reputation score entries that appear on the Display tab based on the IP address of the SMTP client, the score, state, and date/time of the last score modification.

To filter the sender reputation score entries 1. Go to Monitor > Sender Reputation > Display.

2. Click Search.

A dialog appears.

Figure 76:Search dialog

3. Configure one or more of the following:

GUI item	Description
Field	Select one of the following in the entries that you want to use to filter the display. •      IP •      Score •      State •      Last Modified
Operation	Select how to match the field’s contents, such as whether the row must contain the contents of Value.
Case Sensitive	Enable for case-sensitive filtering.
Value	Enter a pattern or exact value, based on your selection in Field and Operation. •      IP: Enter the IP address of the SMTP client, such as 172.16.1.10, for the entry that you want to display. •      Score: Enter the minimum and maximum of the range of scores of entries that you want to display. •      State: Select the State of entries that you want to display. •      Last modified: Select the year, month, day, and/or hour before or after the Last Modified value of entries that you want to display.

Blank fields match any value. Regular expressions and wild cards are not supported.

4. Click Search.

The Display tab appears again, but its contents are restricted to entries that match your filter criteria. To remove the filter criteria and display all entries, click the Display tab to refresh its view.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Viewing the greylist statuses

The Greylist submenu lets you monitor automatic greylisting exemptions, and email currently experiencing temporary failure of delivery due to greylisting.

Greylisting exploits the tendency of legitimate email servers to retry email delivery after an initial temporary failure, while spammers will typically abandon further delivery attempts to maximize spam throughput. The greylist scanner replies with a temporary failure for all email messages whose combination of sender email address, recipient email address, and SMTP client IP address is unknown. If an SMTP server retries to send the email message after the required greylist delay but before expiry, the FortiMail unit accepts the email and adds the combination of sender email address, recipient email address, and SMTP client IP address to the list of those known by the greylist scanner. Subsequent known email messages are accepted. For details on the greylisting mechanism, see “About greylisting” on page 624.

To use greylisting, you must enable the greylist scan in the antispam profile. For more information, see “Managing antispam profiles” on page 503.

Greylisting is bypassed if the SMTP client establishes an authenticated session (see “Bypass scan on SMTP authentication” on page 533, “Controlling email based on recipient addresses” on page 468, and “Controlling email based on IP addresses” on page 475), or if the matching access control rule’s Action is RELAY (see “Order of execution” on page 16).

You can configure the initial delay associated with greylisting, and manually exempt senders. For details, see “Configuring the grey list TTL and initial delay” on page 628 and “Manually exempting senders from greylisting” on page 630.

Viewing the pending and individual automatic greylist entries

The Display tab lets you view pending and individual automatic greylist entries.

• Pending greylist entries are those whose Status is not PASSTHROUGH. For email messages matching pending greylist entries, the FortiMail unit will reply to delivery attempts with a temporary failure code until the greylist delay period, indicated by Time to passthrough, has elapsed.
• Individual greylist entries are those whose Status is PASSTHROUGH. For email messages matching pending greylist entries, the greylist scanner will allow the delivery attempt, and may create a consolidated automatic greylist entry. For information on consolidated entries, see “Viewing the consolidated automatic greylist exemptions” on page 196.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

To view the greylist, go to Monitor > Greylist > Display.

Figure 73:Display tab

Table 15:Viewing the list of pending and individual greylist entries

GUI item	Description
Search (button)	Click to filter the displayed entries. For details, see “Filtering pending and individual automatic greylist entries” on page 195.
IP	Lists the IP address of the SMTP client that delivered or attempted to deliver the email message. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display.
Sender	Lists the sender email address in the message envelope (MAIL FROM:), such as user1@example.com. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display.
Recipient	Lists the recipient email address in the message envelope (RCPT TO:), such as user1@example.com. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display.
Status	Lists the current action of the greylist scanner when the FortiMail unit receives a delivery attempt for an email message matching the entry. •      TEMPFAIL: The greylisting delay period has not yet elapsed, and the FortiMail unit currently replies to delivery attempts with a temporary failure code. For information on configuring the greylist delay period, see “Configuring the grey list TTL and initial delay” on page 628. •      PASSTHROUGH: The greylisting delay period has elapsed, and the greylist scanner will allow delivery attempts.

Table 15:Viewing the list of pending and individual greylist entries

Time to passthrough

Lists the time and date when the greylisting delay period for a pending entry is scheduled to elapse. Delivery attempts after this date and time confirm the pending greylist entry, and the greylist scanner converts it to an individual automatic greylist entry. The greylist scanner may also consolidate individual greylist entries. For information on consolidated entries, see “Viewing the consolidated automatic greylist exemptions” on page 196. N/A appears if the greylisting period has already elapsed.

Expire

Lists the time and date when the entry will expire. The greylist entry’s expiry time is determined by the following two factors: •      Initial expiry period: After a greylist entry passes the greylist delay period and its status is changed to PASSTHROUGH, the entry’s initial expiry time is determined by the time you set with the CLI command set greylist-init-expiry-period under config antispam settings (for details, see the FortiMail CLI Reference). The default initial expiry time is 4 hours. If the initial expiry time elapses without an email message matching the automatic greylist entry, the entry expires and the greylist scanner removes the entry. •      TTL: Between the entry’s PASSTHROUGH time and initial expiry time, if the entry is hit again (the sender retries to send the message again), the entry’s expiry time will be reset by adding the TTL value (time to live) to the message’s “Received” time. Each time an email message matches the entry, the life of the entry is prolonged; in this way, entries that are in active use do not expire. If the TTL elapses without an email message matching the automatic greylist entry, the entry expires and the greylist scanner removes the entry. For information on configuring the TTL, see “Configuring the grey list TTL and initial delay” on page 628.

Filtering pending and individual automatic greylist entries

You can filter the greylist entries on the Display tab based on sender email address, recipient email address, and/or the IP address of the SMTP client.

To filter the greylist entries 1. Go to Monitor > Greylist > Display.

2. Click Search.

A dialog appears.

Figure 74:Search dialog

3. Configure one or more of the following:

GUI item	Description
Field	Select one of the following columns in the greylist entries that you want to use to filter the display. •      IP •      Sender •      Recipient
Operation	Select how the column’s contents will be matched, such as whether the row must contain the Value.
Case Sensitive	Enable for case-sensitive filtering.
Value	Enter a pattern or exact value based on your selection in Field and Operation. •      IP: Enter the IP address of the SMTP client, such as 172.16.1.10. •      Sender: Enter the complete sender email address in the message envelope (MAIL FROM:), such as user1@example.com. •      Recipient: Enter the complete recipient email address in the message envelope (RCPT TO:), such as user1@example.com.

Use an asterisk (*) to match multiple patterns, such as typing user* to match user1@example.com, user2@example.net, and so forth. Blank fields match any value.

Regular expressions are not supported.

4. Click Search.

The Display tab appears again, but its contents are restricted to entries that match your filter criteria. To remove the filter criteria and display all entries, click the Display tab to refresh its view.

Viewing the consolidated automatic greylist exemptions

The Auto Exempt tab displays consolidated automatic greylist entries.

The FortiMail unit creates consolidated greylist entries from individual automatic greylist entries that meet consolidation requirements. For more information on individual automatic greylist entries, see “Viewing the pending and individual automatic greylist entries” on page 193. For more information on consolidation requirements, see “Automatic greylist entries” on page 627.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read or Read-Write permission to the Policy category For details, see “About administrator account permissions and domains” on page 290.

To view the list of consolidated entries, go to Monitor > Greylist > Auto Exempt.

Table 16:Auto Exempt tab options

GUI item	Description
Search (button)	Click to filter the displayed entries.
IP	Lists the /24 subnet of the IP address of the SMTP client that delivered or attempted to deliver the email message. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display.
Sender	Lists the domain name portion of the sender email address in the message envelope (MAIL FROM:), such as example.com. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display.
Expire	Lists the time and date when the entry will expire, determined by adding the TTL value to the time the last matching message was received. For information on configuring the TTL, see “Configuring the grey list TTL and initial delay” on page 628.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Managing the deferred mail queue

The FortiMail unit prioritizes the mail queue into two types:

• Regular mail queue

When the initial attempt to deliver an email fails, the FortiMail unit moves the email to the regular mail queue.

• Slow mail queue

After another two failed delivery attempts, the FortiMail unit moves the email to the slow mail queue. This allows the FortiMail unit to resend valid email quickly, instead of keep resending invalid email (for example, email destined to an invalid MTA).

After the undelivered email remains in the deferred queue for five minutes, the mail appears under Monitor > Mail Queue > Mail Queue. This also means that email staying in the deferred queue for less than five minutes does not appear on the Mail Queue tab.

Delivery failure can be caused by temporary reasons such as interruptions to network connectivity. FortiMail units will periodically retry delivery. (Administrators can also manually initiate a retry.) If the email is subsequently sent successfully, the FortiMail unit simply removes the email from the queue. It does not notify the sender. But if delivery continues to be deferred, the FortiMail unit eventually sends an initial delivery status notification (DSN) email message to notify the sender that delivery has not yet succeeded. Finally, if the FortiMail unit cannot send the email message by the end of the time limit for delivery retries, the FortiMail unit sends a final DSN to notify the sender about the delivery failure and deletes the email message from the deferred queue. If the sender cannot receive this notification, such as if the sender’s SMTP server is unreachable or if the sender address is invalid or empty, the FortiMail unit will save a copy of the email in the dead mail folder. For more information, see “Managing undeliverable mail” on page 181.

For information on configuring the delivery retry interval, maximum amount of time that an email message can spend in a queue, and DSN timing, see “Configuring mail server settings” on page 366.

When you delete a deferred email, the FortiMail unit sends an email message, with the deleted email attached to it, to notify the sender.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

To view, delete, or resend an email in the deferred mail queue, go to Monitor > Mail Queue > Mail Queue.

Table 14:Managing the deferred mail queue

GUI item           Description

View (button)    Select a message and click View to see its contents.

Delete (button) Click to deleted the selected item.

Resend          Mark the check boxes of the rows corresponding to the email messages that you want to immediately retry to send, then click Resend. (button)

To determine if these retries succeeded, click Refresh. If a retry succeeds, the email will no longer appear in either the deferred mail queue or the dead mail folder. Otherwise, the retry has failed.

Table 14:Managing the deferred mail queue

GUI item	Description
Type	Select the directionality and priority level of email to filter the mail queue display. For details about email directionality, see “Incoming versus outgoing email messages” on page 454. •      Default: Displays all email in the regular mail queue. •      Incoming: Only displays the incoming email in the regular mail queue. •      Outgoing: Only displays the outgoing email in the regular mail queue. •      IBE: Only displays the IBE email in the regular mail queue. For information about IBE email, see “Configuring IBE encryption” on page 357. •      Default-slow: Displays all email in the slow mail queue. •      Incoming-slow: Displays the incoming email in the slow mail queue. •      Outgoing-slow: Displays the outgoing email in the slow mail queue. •      IBE-slow: Displays the IBE email in the slow mail queue.
Search (button)	Select to filter the mail queue display by entering criteria that email must match in order to be visible.
Session ID	Lists the Session-Id: message header of the email.
Envelope From	Lists the sender (MAIL FROM:) of the email.
Envelope To	Lists the recipient (RCPT TO:) of the email.
Reason	Lists the reasons why the email has been deferred, such as DNS lookup failure or refused connections.
First Processed	Lists the date and time that the FortiMail unit first tried to send the email.
Last Processed	Lists the date and time that the FortiMail unit last tried to send the email.
Tries	Lists the number of times that the FortiMail unit has tried to send the email.

Managing undeliverable mail

The Dead Mail tab displays the list of email messages in the dead mail folder.

Unlike the deferred mail queue, the dead mail folder contains copies of delivery status notification (DSN) email messages, also called non-delivery reports (NDR).

DSN messages are sent from the FortiMail unit (“postmaster”) to an email’s sender when the email is considered to be more permanently undeliverable because all previous retry attempts of the deferred email message have failed. These email messages from “postmaster” include a copy of the original email message for which the DSN was generated.

If an email cannot be sent nor a DSN returned to the sender, it is usually because both the recipient and sender addresses are invalid. Such email messages are often sent by spammers who know the domain name of an SMTP server but not the names of its email users, and are attempting to send spam by guessing at valid recipient email addresses.

The FortiMail unit can automatically delete old dead mail. For details, see “Configuring mail queue setting” on page 370.

Alternatively, you can:

• To prevent dead mail to invalid recipients, enable recipient address verification to reject email with invalid recipients. Rejecting email with invalid recipients also prevents quarantine mailboxes for invalid recipients from consuming hard disk space. For details, see “Configuring recipient address verification” on page 387.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

To view or delete undeliverable email, go to Monitor > Mail Queue > Dead Mail.

 

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Monitoring the system

The Monitor menu displays system usage, mail queues, log messages, reports, and other status-indicating items.

It also allows you to manage the contents of the mail queue and quarantines, and the sender reputation and endpoint reputation scores.

This section includes:

• Viewing overall system statuses
• Managing the deferred mail queue
• Managing the quarantines
• Viewing the greylist statuses
• Viewing the sender reputation statuses
• Viewing the endpoint reputation statuses
• Managing archived email
• Viewing log messages
• Viewing generated reports

Viewing overall system statuses

Monitor > System Status displays system statuses, most of which pertain to the entire system, such as CPU usage and current IP sessions. It also displays items that span multiple features, such as email statistics.

This section includes:

• Viewing the dashboard
• Viewing the email statistics
• Viewing the list of current IP sessions

Viewing the dashboard

Monitor > System Status > Status displays first after you log in to the web UI. It contains a dashboard with widgets that each indicate performance level or other statistics.

By default, widgets display the serial number and current system status of the FortiMail unit, including uptime, system resource usage, alert messages, host name, firmware version, system time, and email throughput.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To view the dashboard, go to Monitor > System Status > Status.

Page 173

Hiding, showing and moving widgets

The dashboard is customizable. You can select which widgets to display, where they are located on the tab, and whether they are minimized or maximized.

To move a widget, position your mouse cursor on the widget’s title bar, then click and drag the widget to its new location.

To show or hide a widget, in the upper left-hand corner, click Add Content, then mark the check boxes of widgets that you want to show.

Options vary slightly from widget to widget, but always include options to close or minimize/maximize the widget.

System Information widget

The System Information widget displays the serial number and basic system statuses such as the firmware version, system time, and up time and high availability (HA) status.

In addition to displaying basic system information, the System Information widget lets you configure the operation mode and to change the firmware.

To view the widget, go to Monitor > System Status > Status. If the widget is not currently shown, click Add Content, and mark the check box for the widget.

Figure 65:System Information widget

Table 12:System Information widget features

GUI item	Description
Serial number	Lists the serial number of the FortiMail unit. The serial number is unique to the FortiMail unit and does not change with firmware upgrades.
Up time	Lists the time in days, hours, and minutes since the FortiMail unit was started or rebooted.
System time	Lists the current time according to the FortiMail unit’s internal clock.
Firmware version	Lists the version of the firmware installed on the FortiMail unit. Click Update to change the firmware. For more information, see “Installing firmware” on page 688.

Table 12:System Information widget features

GUI item	Description
Operation mode	Select one of the following operation modes of the FortiMail unit: •      Gateway: Use when you do not want your email server to be visible to email users for security reasons. You will need to modify the email clients of your email users, the MX records on DNS servers for your protected domains, and policies on NAT devices such as routers and firewalls to route incoming email through the FortiMail unit for it to be scanned. •      Server: Use if you need an SMTP server with integrated advanced antispam and antivirus capabilities. •      Transparent: Use when a network is complex and you do not want to change the IP address scheme. Administrators whose Domain is System and whose access profile contains Read-Write permission in the Others category can change the FortiMail unit from one operation mode to another. Caution: Operation modes reflect the nature of the network topology in which you deploy the FortiMail unit, and other considerations. A significantly different deployment may be required, especially for transparent mode. Caution: Back up the configuration before beginning this procedure. This procedure may reset many of the configuration file changes that you have made to the FortiMail unit, including settings that do not apply to the new operation mode. For more information on creating a backup, see “Backup and restore” on page 218. Note: If the FortiMail unit is operating in gateway mode, you must configure the MX record of the DNS server for each protected domain to direct all email to this FortiMail unit instead of the protected SMTP servers.
HA mode	Lists the configured and effective (that is, current) HA operation mode. For more information, see “Monitoring the HA status” on page 313.
Log disk	Lists the capacity and usage level of the hard disk that the FortiMail unit uses to store log messages. For more information on logging, see “About FortiMail logging” on page 665.
Mailbox disk	Lists the capacity and usage level of the hard disk that the FortiMail unit uses to store archived email and quarantined spam. For more information on quarantining and email archiving, see “Configuring antispam action profiles” on page 516 and “Configuring email archiving policies” on page 660. For information on using the advanced mode of the web UI to configure the RAID level of the mailbox disk, see “Configuring RAID” on page 298.
Email throughput	Lists the total number of email messages processed per minute, as an average over the last 60-minute period.

License Information widget

The License Information widget displays the last queried license statuses for FortiGuard Antispam and FortiGuard Antivirus.

If you do not want to allow the FortiMail unit to automatically download antivirus definition updates from the FortiGuard Distribution Network (FDN), you can also use the

License Information widget to manually upload an antivirus definitions update file. To upload the file, first download the antivirus definition file to your management computer from the Fortinet Technical Support web site, https://support.fortinet.com, then click Update.

If your update is a downgrade to a lower antivirus definition, you need to enable this function in the CLI. For more information, see the diag debug autoupdate command in the FortiMail CLI Reference.

Updating FortiGuard Antivirus definitions can cause a short disruption in the traffic currently being scanned while the FortiMail unit applies the new signature database. To minimize disruptions, update when traffic is light, such as during the night.

To view the widget, go to Monitor > System Status > Status. If the widget is not currently shown, click Add Content, and mark the check box for the widget.

 

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Backing up the configuration

Once you have tested your basic installation and verified that it functions correctly, create a backup. This “clean” backup can be used to:

• troubleshoot a non-functional configuration by comparing it with this functional baseline
• rapidly restore your installation to a simple yet working point

The following procedures only produce a backup of the configuration file. If you have also configured other settings such as black/white lists, dictionaries, and the Bayesian databases, you should back them up as well. For information on how to back up other configuration settings and databases, see “Backup and restore” on page 218.

To back up the configuration file via the web UI

1. Log in to the web UI as the admin

Other administrator accounts do not have the required permissions.

2. Go to Maintenance > System > Configuraton in the advanced mode.
3. In the Backup Configuration area, select Local PC.
4. Select System Configuration (and User Configuration if you have already configured user preferences).
5. Click Backup.

If your browser prompts you, navigate to the folder where you want to save the configuration file. Click Save.

Your browser downloads the configuration file. Time required varies by the size of the configuration and the specifications of the appliance’s hardware as well as the speed of your network connection.

To back up the configuration file via the CLI

1. Log in to the CLI as the admin administrator using either the local serial console, the CLI Console widget in the web UI, or an SSH or Telnet connection.

Other administrator accounts do not have the required permissions.

2. Enter the following command:

execute backup full-config tftp <file-name_str> <server_ipv4> [<backup-password_str>]

where the variables and options are as follows:

Variable                        Description

<file-name_str>     Type the file name of the backup.

<server_ipv4>      Type the IP address or domain name of the server.

[<backup-password_s Optional. Type the password that will be used to encrypt the tr>]  backup file.

Caution: Do not lose this password. You will need to enter this same password when restoring the backup file in order for the appliance to successfully decrypt the file. If you cannot remember the password, the backup cannot be used.

For example, the following command backs up a FortiMail-3000C’s configuration file to a file named FortiMail-3000C.conf in the current directory on the TFTP server 172.16.1.10, encrypting the backup file using the password P@ssw0rd1:

FortiMail-3000C # execute backup full-config tftp

FortiMail-3000c.conf 172.16.1.10 P@ssw0rd1

Time required varies by the size of the database and the specifications of the appliance’s hardware, but could take several minutes.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Testing the installation

After completing the installation, test it by sending email between legitimate SMTP clients and servers at various points within your network topology.

If the FortiMail unit is operating in gateway mode or transparent mode, you may also wish to test access of email users to their per-recipient quarantined email.

If the FortiMail unit is operating in server mode, you may also wish to test access to FortiMail webmail, POP3, and/or IMAP.

Figure 59:Connection test paths (gateway mode)

Private                                                                                                       Public DNS Server

Gateway Mode

DNS Server

Figure 60:Connection test paths (transparent mode)

Figure 61:Connection test paths (server mode)

To verify all SMTP connections to and from your FortiMail unit, consider both internal and external recipient email addresses, as well as all possible internal and external SMTP clients and servers that will interact with your FortiMail unit, and send email messages that test the connections both to and from each of those clients and servers. For example:

1. Using an SMTP client on the local network whose MTA is the FortiMail unit or protected email server, send an email from an internal sender to an internal
2. Using an SMTP client on the local network whose MTA is the FortiMail unit or protected email server, send an email from an internal sender to an external
3. Send an email from an external sender to an internal
4. If you have remote SMTP clients such as mobile users or branch office SMTP servers, using an SMTP client on the remote network whose MTA is the FortiMail unit or protected email server, send an email from an internal sender to an internal
5. If you have remote SMTP clients such as mobile users or branch office SMTP servers, using an SMTP client on the remote network whose MTA is the FortiMail unit or protected email server, send an email from an internal sender to an external

If you cannot connect, receive error messages while establishing the connection, or the recipient does not receive the email message, verify your configuration, especially:

• routing and policy configuration of intermediary NAT devices such as firewalls or routers
• connectivity of the FortiMail unit with the Fortinet Distribution Network (FDN)
• external email servers’ connectivity with and the configuration of the public DNS server that hosts the MX records, A records, and reverse DNS records for your domain names
• the FortiMail unit’s connectivity with and the configuration of the local private DNS server (if any) that caches records for external domain names and, if the Use MX record option is enabled, hosts private MX records that refer to your protected email servers
• access control rules on your FortiMail unit
• configuration of MUAs, including the IP address/domain name of the SMTP and POP3/IMAP server, authentication, and encryption (such as SSL or TLS)

For information on tools that you can use to troubleshoot, see “Troubleshooting tools” on page 161.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!