Initial Configuration in Basic Mode

Configuring the use of DSN

If desired, enable delivery service notifications and set the display options.

Click the down-arrow beside the heading to expand the options.

DSN  
DSN (NDR) email generation Enable to allow the FortiMail unit to send delivery status notification (DSN) email messages sent by the FortiMail unit to notify email users of delivery delays and/or failure.
Sender displayname The name of the sender, such as FortiMail administrator, as it should appear in DSN.

If this field is empty, the FortiMail unit sends DSN from the default name of postmaster.

Sender address The sender email address in DSN.

If this field is empty, the FortiMail unit sends DSN from the default sender email address of postmaster@<domain_str>, where <domain_str> is the domain name of the FortiMail unit, such as example.com.

Configuring the mail queues and ESMTP

The mail queue options affect what you will see on FortiMail’s two mail queues. See “Viewing and managing mail queues” on page 123.

Click the down-arrow beside a heading to expand the options.

Mail Queue

Maximum time for Select the maximum number of hours that deferred/delayed email email in queue messages can remain in the delayed mail queue.

After the maximum time passes, the FortiMail unit will send a final delivery status notification (DSN) email message to notify the sender that the email message was undeliverable.

Maximum time for DSN email in queue Select the maximum number of days a delivery status notification (DSN) message can remain in the mail queues. If the maximum time is set to zero (0) days, the FortiMail unit attempts to deliver the DSN only once.

After the maximum time has been reached, the DSN email is moved to the dead mail folder.

Time before delay warning Select the number of hours after an initial failure to deliver an email message before the FortiMail unit sends the first delivery status notification (DSN) email message to notify the sender that the email message has been deferred.

After sending this initial DSN, the FortiMail unit will continue to retry sending the email until reaching the limit configured in Maximum time for email in queue.

Time interval for retry Select the number of minutes between delivery retries for email messages in the deferred and spam mail queues.

The number of            Enter the number of days that undeliverable email and its days a dead mail is associated DSN will be kept in the dead mail folder. After this to be kept          amount of time, the dead email and its DSN is automatically deleted.

Delivery Options

Disable ESMTP for Mark the check box to disable Extended Simple Mail Transfer outgoing email    Protocol (ESMTP) for outgoing email.

By default, FortiMail units can use ESMTP commands. ESMTP supports email messages with graphics, sound, video, and text in various languages.

Configuring an LDAP connection

You can set up an LDAP connection for email address mappings and access to unprotected domains. This is not available in server mode.

Click the down-arrow beside the heading to expand the options.

Domain Check    These options apply to gateway and transparent mode only

Perform LDAP domain verification for unknown domains Enable to verify the existence of domains that have not been configured as protected domains. Also configure LDAP profile for domain check.

To verify the existence of unknown domains, the FortiMail unit queries an LDAP server for a user object that contains the email address. If the user object exists, the verification is successful, and:

•      If Automatically create domain association for verified domain is enabled, the FortiMail unit automatically adds the unknown domain as a domain associated of the protected domain selected in Internal domain to hold association.

•      If Automatically create domain association for verified domain is disabled, and the DNS lookup of the unknown domain name is successful, the FortiMail unit routes the email to the IP address resolved for the domain name during the DNS lookup. Because the domain is not formally defined as a protected domain, the email is considered to be outgoing, and outgoing recipient-based policies are used to scan the email.

LDAP profile for domain check Select the LDAP profile to use when verifying existence of unknown domains. The LADP query is configured under User Query Options in an LDAP profile.

This option is available only if Perform LDAP domain verification for unknown domains is enabled.

Automatically create domain association for verified domain Enable to automatically add unknown domains as domain associations if they are successfully verified by the LDAP query.

This option is available only if Perform LDAP domain verification for unknown domains is enabled.

Internal domain to Select the name of a protected domain with which to associate hold domain           unknown domains, if they pass domain verification. association

This option is available only if Automatically create domain association for verified domain is enabled.

 

This entry was posted in Administration Guides, FortiMail and tagged , , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.