Troubleshooting

This section provides guidelines to help you determine why your FortiMail unit is behaving unexpectedly. It includes general troubleshooting methods and specific troubleshooting tips using both the command line interface (CLI) and the web UI. Each troubleshooting item describes both the problem and the solution.

Some CLI commands provide troubleshooting information not available through the web UI. The web UI is better suited for viewing large amounts of information on screen, reading logs and archives, and viewing status through the dashboard.

For late-breaking troubleshooting information, see the Fortinet Knowledge Base .

For additional information, see “Best practices and fine tuning” on page 697.

This section contains the following topics:

Establish a system baseline
Define the problem
Search for a known solution
Create a troubleshooting plan
Gather system information
Troubleshoot hardware issues
Troubleshoot GUI and CLI connection issues
Troubleshoot FortiGuard connection issues
Troubleshoot MTA issues
Troubleshoot antispam issues
Troubleshoot HA issues
Troubleshoot resource issues
Troubleshoot bootup issues
Troubleshoot installation issues
Contact Fortinet customer support for assistance

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Best Practices and Fine Tuning

1 Reply

Best practices and fine tuning

This section is a collection of guidelines to ensure the most secure and reliable operation of FortiMail units.

These same guidelines can be found alongside their related setting throughout this

Administration Guide. To provide a convenient checklist, these guidelines are also listed here.

This section includes:

Network topology tuning
Network topology tuning
System security tuning
High availability (HA) tuning
SMTP connectivity tuning
Antispam tuning
Policy tuning
System maintenance tips
Performance tuning

Pages: 1 2 3 4 5 6 7 8

Installing Firmware

Leave a reply

Installing firmware

Fortinet periodically releases FortiMail firmware updates to include enhancements and address issues. After you have registered your FortiMail unit, FortiMail firmware is available for download at http://support.fortinet.com.

Installing new firmware can overwrite antivirus and antispam packages using the versions of the packages that were current at the time that the firmware image was built. To avoid repeat updates, update the firmware before updating your FortiGuard packages.

New firmware can also introduce new features which you must configure for the first time.

For information specific to the firmware release version, see the Release Notes available with that release.

In addition to major releases that contain new features, Fortinet releases patch releases that resolve specific issues without containing new features and/or changes to existing features. It is recommended to download and install patch releases as soon as they are available.

Before you can download firmware updates for your FortiMail unit, you must first register your FortiMail unit with Fortinet Technical Support. For details, go to http://support.fortinet.com/ or contact Fortinet Technical Support.

This section includes:

Testing firmware before installing it
Installing firmware
Clean installing firmware

Pages: 1 2 3 4 5

Logs, Reports, and Alerts

4 Replies

Logs, reports and alerts

The Log and Report menu lets you configure logging, reports, and alert email.

FortiMail units provide extensive logging capabilities for virus incidents, spam incidents and system events. Detailed log information and reports provide analysis of network activity to help you identify security issues and reduce network misuse and abuse.

Logs are useful when diagnosing problems or when you want to track actions the FortiMail unit performs as it receives and processes traffic.

This section includes:

About FortiMail logging
Configuring logging
Configuring report profiles and generating reports
Configuring alert email
Viewing log messages
Viewing generated reports

About FortiMail logging

FortiMail units can log many different email activities and traffic including:

system-related events, such as system restarts and HA activity
virus detections
spam filtering results
POP3, SMTP, IMAP and webmail events

You can select which severity level an activity or event must meet in order to be recorded in the logs. For more information, see “Log message severity levels” on page 668.

A FortiMail unit can save log messages to its hard disk or a remote location, such as a Syslog server or a Fortinet FortiAnalyzer unit. For more information, see “Configuring logging” on page 671. It can also use log messages as the basis for reports. For more information, see “Configuring report profiles and generating reports” on page 676.

Accessing FortiMail log messages

There are several ways you can access FortiMail log messages:

On the FortiMail web UI, you can view log messages by going to Monitor > Log. For details, see the FortiMail Administration Guide.
On the FortiMail web UI, under Monitor > Log, you can download log messages to your local PC and view them later.
You can send log messages to a FortiAnalyzer unit by going to Log and Report > Log Settings > Remote Log Settings and view them on FortiAnalyzer.
You can send log messages to any Syslog server by going to Log and Report > Log Settings > Remote Log Settings.

Pages: 1 2 3 4 5 6 7 8

Archiving Email

Leave a reply

Archiving email

You can archive email messages according to various criteria and reasons. For example, you may want to archive email sent by certain senders or email contains certain words.

This section contains the following topics:

Email archiving workflow
Configuring email archiving accounts
Configuring email archiving policies
Configuring email archiving exemptions

Email archiving workflow

To use the email archiving feature, you must do the following:

Create email archive accounts to send archived email to. See “Configuring email archiving accounts” on page 656.

Starting from version 4.2, you can create multiple archive accounts and send different categories of email to different accounts. For the maximum number of archive accounts you can create, see “Appendix B: Maximum Values Matrix” on page 726.

Create email archive policies or exemption policies to specify the archiving criteria. See “Configuring email archiving policies” on page 660 and “Configuring email archiving exemptions” on page 662. Or, when creating antispam action profiles and content action profiles, choose to archive email as one of the actions. See “Configuring antispam profiles and antispam action profiles” on page 503 and “Configuring content profiles and content action profiles” on page 526.
Assign the administrator account access privilege to the email archive. See “Configuring administrator accounts and access profiles” on page 289.
You can search or view the archived email as the FortiMail administrator. See “Managing archived email” on page 203. You can also access email archives remotely through IMAP. See “Configuring email archiving accounts” on page 656.

Configuring email archiving accounts

Before you can archive email, you need to set up and enable email archiving accounts, as described below. The archived emails will be stored in the archiving accounts. You can create multiple archive accounts and send different categories of email to different accounts. For the maximum number of archive accounts you can create, see “Appendix B: Maximum Values Matrix” on page 726.

When email is archived, you can view and manage the archived email messages. For more information, see “Managing archived email” on page 203. You can also access the email archive remotely through IMAP.

To access this part of the web UI, your administrator account’s:

Domain must be System
access profile must have Read or Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

Page 656

To enable and configure an email archive account

Go to Email Archiving > Archive Accounts > Archive Accounts.

Figure 293:Managing email archive accounts

GUI item	Description
Status	Select to enable an email archiving account. Clear the check box to disable it.
Account	Lists email archive accounts.
Index Type	Indicates if archive indexing is in use and how much is indexed. Indexing speeds up content searches. The choices are: • None: email is not indexed. • Header: email headers are indexed. • Full: the entire message is indexed.
Storage	Indicates the type of archive storage: Local or Remote.
(Green dot in column heading)	Indicates whether the archive is currently referred to by an archive policy. If so, a red dot appears in this column and the entry cannot be deleted.

Click New to create an account or double-click an account to modify it.

A multisection dialog appears.

Figure 294:Configuring email archive accounts

Configure the following sections, and click Create.
- “Configuring account settings”
- “Configuring rotation settings”
- “Configuring destination settings”

Pages: 1 2 3

Configuring AntiSPAM Settings

2 Replies

Configuring antispam settings

The AntiSpam menu lets you configure antispam settings that are system-wide or otherwise not configured individually for each antispam profile.

Several antispam features require that you first configure system-wide, per-domain, or per-user settings in the AntiSpam menu before you can use the feature in an antispam profile. For more information on antispam profiles, see “Configuring antispam profiles and antispam action profiles” on page 503.

This section contains the following topics:

Configuring email quarantines and quarantine reports
Configuring the black lists and white lists
Configuring greylisting
Configuring bounce verification and tagging
Configuring endpoint reputation
Training and maintaining the Bayesian databases

Configuring email quarantines and quarantine reports

The Quarantine submenu lets you configure quarantine settings, and to configure system-wide settings for quarantine reports.

Using the email quarantine feature involves the following steps:

First, enable email quarantine when you configure antispam action profiles (see “Configuring antispam action profiles” on page 516) and content action profiles (see “Configuring content action profiles” on page 535).
Configure the system quarantine administrator account who can manage the system quarantine. See “Configuring the system quarantine administrator account and disk quota” on page 611.
Configure the quarantine control accounts, so that email users can send email to the accounts to release or delete email quarantines. See “Configuring the quarantine control accounts” on page 612.
Configure system-wide quarantine report settings, so that the FortiMail unit can send reports to inform email users of the mail quarantines. Then the users can decide if they want to release or delete the quarantined emails. See “Configuring global quarantine report settings” on page 602.
Configure domain-wide quarantine report settings for specific domains. See “Quarantine Report Setting” on page 394.
View and manage personal quarantines and system quarantines. See “Managing the quarantines” on page 182.
As the FortiMail administrator, you may also need to instruct end users about how to access their email quarantines. See “Accessing the personal quarantine and webmail” on page 720.
Configuring global quarantine report settings
Configuring the system quarantine administrator account and disk quota
Configuring the quarantine control accounts

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

Configuring Profiles

6 Replies

Configuring profiles

The Profile menu lets you configure many types of profiles. These are a collection of settings for antispam, antivirus, authentication, or other features.

After creating and configuring a profile, you can apply it either directly in a policy, or indirectly by inclusion in another profile that is selected in a policy. Policies apply each selected profile to all email messages and SMTP connections that the policy governs.

Creating multiple profiles for each type of policy lets you customize your email service by applying different profiles to policies that govern different SMTP connections or email users. For instance, if you are an Internet service provider (ISP), you might want to create and apply antivirus profiles only to policies governing email users who pay you to provide antivirus protection.

This section includes:

Configuring session profiles
Configuring antispam profiles and antispam action profiles
Configuring antivirus profiles and antivirus action profiles
Configuring content profiles and content action profiles
Configuring resource profiles (server mode only)
Configuring authentication profiles
Configuring LDAP profiles
Configuring dictionary profiles
Configuring security profiles
Configuring IP pools
Configuring email and IP groups
Configuring notification profiles

Configuring session profiles

Session profiles focus on the connection and envelope portion of the SMTP session. This is in contrast to other types of profiles that focus on the message header, body, or attachments.

To access this part of the web UI, your administrator account’s access profile must have Read or Read-Write permission to the Policy category. For details, see “About administrator account permissions and domains” on page 290.

To configure session profiles

Go to Profile > Session > Session.
Click New to add a profile or double-click a profile to modify it.

A multisection page appears.

Figure 193:Session Profile dialog

For a new session profile, type the name in Profile name.
Configure the following sections as needed:

“Configuring connection settings” on page 483
“Configuring sender reputation options” on page 485
“Configuring endpoint reputation options” on page 487
“Configuring sender validation options” on page 488
“Configuring session settings” on page 490
“Configuring unauthenticated session settings” on page 493
“Configuring SMTP limit options” on page 496
“Configuring error handling options” on page 497
“Configuring header manipulation options” on page 498
“Configuring list options” on page 499
Configuring advanced MTA control settings

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

Configuring Policies

Leave a reply

Configuring policies

The Policy menu lets you create policies that use profiles to filter email.

It also lets you control who can send email through the FortiMail unit, and stipulate rules for how it will deliver email that it proxies or relays.

• What is a policy?

How to use policies
Controlling SMTP access and delivery
Controlling email based on recipient addresses
Controlling email based on IP addresses

What is a policy?

A policy defines which way traffic will be filtered. It may also define user account settings, such as authentication type, disk quota, and access to webmail.

After creating the antispam, antivirus, content, authentication, TLS, or resource profiles (see “Configuring profiles” on page 482), you need to apply them to policies for them to take effect.

FortiMail units support three types of policies:

Access control and delivery rules that are typical to SMTP relays and servers (see

“Controlling SMTP access and delivery” on page 456)

Recipient-based policies (see “Controlling email based on recipient addresses” on page 468)
IP-based policies (see “Controlling email based on IP addresses” on page 475)

Recipient-based policies versus IP-based policies

Recipient-based policies

The FortiMail unit applies these based on the recipient’s email address or the recipient’s user group. May also define authenticated webmail or POP3 access by that email user to their per-recipient quarantine. Since version 4.0, the recipient-based policies also check sender patterns.

IP-based policies

The FortiMail unit applies these based on the SMTP client’s IP address (server mode or gateway mode), or the IP addresses of both the SMTP client and SMTP server (transparent mode).

Page 453

Incoming versus outgoing email messages

There are two types of recipient-based policies: incoming and outgoing. The FortiMail unit applies incoming policies to the incoming mail messages and outgoing policies to the outgoing mail messages.

Whether the email is incoming or outgoing is decided by the domain name in the recipient’s email address. If the domain is a protected domain, the FortiMail unit considers the message to be incoming and applies the first matching incoming recipient-based policy. If the recipient domain is not a protected domain, the message is considered to be outgoing, and applies outgoing recipient-based policy.

To be more specific, the FortiMail unit actually matches the recipient domain’s IP address with the IP list of the protected SMTP servers where the protected domains reside. If there is an IP match, the domain is deemed protected and the email destined to this domain is considered to be incoming. If there is no IP match, the domain is deemed unprotected and the email destined to this domain is considered to be outgoing.

For more information on protected domains, see “Configuring protected domains” on page 380.

Pages: 1 2 3 4 5 6 7 8 9