Managing The Deferred Mail Queue

Managing the quarantines

You can quarantine email messages based on the message content, such as whether the email is spam or contains a prohibited word or phrase. FortiMail units have two types of quarantine:

  • Personal quarantine

Quarantines email messages into separate folders for each recipient address in each protected domain. The FortiMail unit periodically sends quarantine reports to notify recipients, their designated group owner, and/or another email address of the email messages that were added to the quarantine folder for that recipient. See “Managing the personal quarantines” on page 182.

  • System quarantine

Quarantines email messages into a system-wide quarantine. Unlike the per-recipient quarantine, the FortiMail unit does not send a quarantine report. The FortiMail administrator should review the quarantined email messages to decide if they should be released or deleted. See “Managing the system quarantine” on page 188.

To quarantine spam and/or email with prohibited content, you must select a quarantine action in an antispam profile or content profile. For details, see “Configuring antispam profiles and antispam action profiles” on page 503 and “Configuring content profiles and content action profiles” on page 526.

All FortiMail models can be configured to remotely store their quarantined email messages in a centralized quarantine hosted on a FortiMail-2000 model or greater. For more information, see “Selecting the mail data storage location” on page 376.

Managing the personal quarantines

The Personal Quarantine tab displays a list of personal quarantines, also called per-recipient quarantines.

In advanced mode, when incoming email matches a policy that directs quarantined email to the personal quarantine, the FortiMail unit will save the email to its hard drive and not deliver it to the recipient. Instead, the FortiMail unit will periodically send a quarantine report to email users, their designated group owner, or another recipient (if you have configured one using the advanced mode of the web UI).

In basic mode, incoming quarantined email also is kept on the FortiMail unit’s hard drive.

The quarantine report, by default sent once a day at 9 AM, lists all email messages that were withheld since the previous quarantine report. Using the quarantine report, email users can review email message details and release any email messages that are false positives by clicking the link associated with them. The email message will then be released from quarantine and delivered to the email user’s inbox. Using the web UI, FortiMail administrators can also manually release or delete quarantined email. For more information on deleting email that has been quarantined to the per-recipient quarantine, see “Managing the personal quarantines” on page 182. For information on configuring the schedule and recipients of the quarantine report, see “Configuring global quarantine report settings” on page 602.

You can configure the FortiMail unit to send email to the per-recipient quarantine by selecting

Quarantine in action profiles, content profiles and antispam profiles. For more information, see “Configuring antispam action profiles” on page 516 and “Configuring content profiles” on page 526.

Unlike the system-wide quarantine, the per-recipient quarantine can be accessed remotely by email users so that they can manage their own quarantined email. For information on configuring remote per-recipient quarantine access, see “How to enable, configure, and use personal quarantines” on page 186.

To access this part of the web UI, your administrator account’s access profile must have Read-Write permission to the Quarantine category. For details, see “About administrator account permissions and domains” on page 290.

To view the list of per-recipient quarantine folders for a protected domain

  1. Go to Monitor > Quarantine > Personal Quarantine.
  2. Select the name of a protected domain from Domain.

Figure 68:Personal Quarantine tab

GUI item            Description

Delete (button) Click to delete the selected item.

Compact

(button)

Mark the check boxes in the rows of the quarantine folders that you want to compact and click Compact.

For performance reasons, when you delete an email, it is marked for deletion but not actually removed from the hard disk at that time, and so still consumes some disk space. Compaction reclaims this hard disk space.

Note: Folder sizes are updated once an hour. The reduction in folder size will not be immediately reflected after you compact a folder.

Send quarantine report to (button) Either:

•      to send a quarantine report for all personal quarantines in the selected domain, mark the check box in the check box column heading

•      to send a quarantine report for some personal quarantines in the selected domain, mark the check boxes of each personal quarantine for which you want to send a quarantine report

then click this button. A dialog appears: in For past hours, enter the number of previous hours’ worth of spam to include in the quarantine report.

To periodically send quarantine reports, configure a quarantine report schedule. For more information, see “Configuring global quarantine report settings” on page 602 and “Quarantine Report Setting” on page 394.

Note: The quarantine report is sent to the recipient email address configured in “Configuring global quarantine report settings” on page 602 or “Quarantine Report Setting” on page 394, which might not be the same as the name of the personal quarantine mailbox. For example, you could configure it-manager@example.com to be the recipient of all quarantine reports for the protected domain example.com.

Search

(button)

Click to create a filter for searching email in the per-recipient quarantine.

For details, see “Searching email in the personal quarantine” on page 187.

Search user From the drop-down list, select how you want entries to match your filter criteria (such as Regular Expression). In the text box, enter your filter criteria (such as user.*\@example\.com), then press Enter.

Mailboxes not matching your filter criteria will be hidden.

To show all mailboxes for the selected domain again, delete your filter criteria, then press Enter.

Domain Select the name of a protected domain to view per-recipient quarantines for recipients in that protected domain. You can see only the domains that are permitted by your administrator profile.

For more information on protected domains, see “Configuring protected domains” on page 380.

GUI item Description
Mailbox Displays the recipient email address for which the FortiMail unit has quarantined email into a personal quarantine mailbox.

Note: The name in Mailbox might not match the email address as it appears on the protected SMTP server if, for example, you configured address mappings, aliases, or recipient-address-rewriting on the FortiMail unit or at other points during the email processing stream. To locate the personal quarantine for an email user or alias, search for the recipient email address exactly as it appears when an email to that individual or group passes through the FortiMail unit, before any subsequent redirection.

Size Displays the size of the quarantine folder in kilobytes (KB).

Note: FortiMail updates folder sizes once an hour.

You can view, delete, and release email that has been quarantined to each personal quarantine mailbox.

To view email messages inside a personal quarantine mailbox

  1. Go to Monitor > Quarantine > Personal Quarantine.
  2. Double-click the row corresponding to that mailbox.
  3. To view an email in the mailbox, double-click it.

Figure 69:User quarantine page

GUI item Description
View

(button)

To view a message, either double-click it, or mark its check box and click View.

A pop-up window appears which displays the email message. If the message body and subject line are not sufficient to help you decide whether you want to release or delete the email, you can click the Detailed Header link to view additional message headers.

Delete (button) Click to delete the selected item.
Release (button) To release all email messages in the quarantine for this recipient, mark the top check box and click Release.

To release individual email messages, mark their check boxes and click Release.

A pop-up window appears. You can release email to the original recipient and/or to other recipients. If want to release email to other recipient, enter the email address. You can add up to five email addresses.

Back

(button)

Click to return to the list of personal quarantine mailboxes for the selected protected domain.
Filter User the filter to display the released or unreleased email only.

By default, FortiMail only displays the unreleased email.

From Lists the display name of the sender, such as “User 1”.
Subject Lists the subject line of the email.
Date Lists the date and time of that the email was sent.
Received Lists the date and time that the email was quarantined.
Envelope From Lists the email address of the sender as it appears in the message envelope (MAIL FROM:), such as user1@example.com.
This entry was posted in Administration Guides, FortiMail on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.