Managing The Deferred Mail Queue

Searching email in the personal quarantine

You can search the personal quarantine for email messages based on their contents, senders, recipients, and time frames, across any or all protected domains.

The search action involves the following steps:

  • Create a search task, where you can specify search criteria.
  • Execute and view the search results.

See below for detailed instructions.

To search the personal quarantine

  1. Go to Monitor > Quarantine > Personal Quarantine.
  2. Click Search. The Personal Quarantine Search tab appears, displaying all search tasks, if there are any.
  3. Click New to add a search task.

A dialog appears.

  1. Configure the following:
GUI item Description
From Enter the email address (in whole or part) or display name of the sender.
To Enter the email address (in whole or part) or display name of the recipient.
Cc Enter the carbon copy email addresses.
Subject Enter the subject line.
Text Enter text that appears on the message body. Attachments are not searched.
Client IP Enter the SMTP client’s IP address.
Endpoint ID Enter the endpoint ID, such as the MSISDN, subscriber ID, or other identifiers.
Time Select the range of time of email messages that you want to include in the search results. The time is when the FortiMail unit received the email.
User Enter the user name portion (also known as the local-part) of recipient email addresses whose quarantine folders you want to search.
Domain Select which protected domains’ per-recipient quarantines will be searched, in the text area on the left, then click the right arrow to move them into the text area on the right.

You must select at least one protected domain to search.

Email messages must match all criteria that you configure to be included in the search results. For example, if you configure From and Subject, only email messages matching both From and Subject will be included in the search results.

  1. Click Create to execute and save the task. The task name is the time when the task is created. The Personal Quarantine Search tab displays the search tasks and their search status as follows:
    • Done: the FortiMail unit has finished the search. You can click the View Search Result button to view the search results.
    • Pending: the search task is in the waiting list.
    • Running: the search task is still running. You can choose to stop the task by clicking the Stop
    • Stopped: the search task is stopped. You can choose to resume the task by clicking the Resume

Managing the system quarantine

The System Quarantine tab displays the system quarantine.

Unlike the per-recipient quarantine, the system quarantine cannot be accessed remotely by email users. Also, they do not receive quarantine reports for email held in the system quarantine and cannot manage the system quarantine themselves. A FortiMail administrator should periodically review the contents of the system quarantine. Alternatively, you can configure a special-purpose system quarantine administrator for this task. For more information, see “Configuring the system quarantine administrator account and disk quota” on page 611.

By default, the system quarantine is not used until you configure the FortiMail unit to send per-recipient quarantine to system quarantine by selecting System quarantine in antivirus action profiles, content action profiles, and antispam action profiles. For more information, see “Configuring antivirus action profiles” on page 522, “Configuring antispam action profiles” on page 516 and “Configuring content action profiles” on page 535.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Quarantine category

For details, see “About administrator account permissions and domains” on page 290.

To view and manage system quarantine folders

  1. Go to Monitor > Quarantine > System Quarantine.
  2. From the Folder dropdown list, select which type of quarantined email you want to view:
    • Content — these are the email messages caught by content profiles.
    • Virus — these are the email messages caught by antivirus profiles.
    • Bulk — these are the email messages caught by antispam profiles.

Figure 70:System Quarantine tab

GUI item Description
Delete (button) Click to delete the selected item.
Compact

(button)

Select the check boxes of each email user whose quarantine folder you want to compact and click Compact.

For performance reasons, when you delete an email, it is marked for deletion but not actually removed from the hard disk at that time, and so still consumes some disk space. Compaction reclaims this hard disk space.

Note: FortiMail updates folder sizes once an hour. The reduction in folder size is not immediately reflected after compacting.

GUI item Description
Mailbox Lists the current mailbox, which is named Inbox. Older system quarantine mailboxes, also called rotated folders, are named according to their creation date and the rename date. For information on configuring rotation of the system quarantine mailbox, see “Configuring the system quarantine administrator account and disk quota” on page 611.

To view email messages quarantined in that mailbox, double-click its row. For more information, see “Managing the system quarantine” on page 188.

Size Lists the size of the quarantine folder in kilobytes (KB).

Note: Mailbox sizes are updated once an hour.

You can also configure a system quarantine administrator account whose exclusive purpose is to manage the system quarantine. For more information, see “Configuring the system quarantine administrator account and disk quota” on page 611.

  1. Double-click a system quarantine mailbox.

You can view, delete, release, and forward email in the system quarantine.

GUI item Description
View (button) To view a message, either double-click it, or mark its check box and click View.
Delete (button) Click to delete the selected item.
Release (button) To release all email messages in the current view, mark the top check box and click Release.

To release individual email messages, mark their check boxes and click Release.

In the pop-up window, you can select to release email to the original recipient and/or to other recipients. If want to release email to other recipients, enter the email addresses. You can add up to five email addresses.

Back

(button)

Click to return to viewing the list of system quarantine folders.
Filter User the filter to display the released or unreleased email only.

By default, FortiMail only displays the unreleased email.

Search

(button)

Click to search the system quarantine folder that you are currently viewing. For details, see “Searching email in the system quarantine” on page 191.
Subject Lists the subject line of the email. Click to display the email message.
From Lists the display name of the sender as it appears in the message header, such as “User 1”.
To Lists the display name of the recipient as it appears in the message header, such as “User 2”.
Rcpt To Lists the user name portion (also known as the local-part) of the recipient email address (RCPT TO:) as it appears in the message envelope, such as user2 where the full recipient email address is user2@example.com.
Received Lists the time that the email was received.
Size Lists the size of the email message in kilobytes (KB).
  1. Double-click an email message to open it.

The email message appears, including basic message headers such as the subject and date.

Figure 71: Viewing an email message in the system quarantine

  1. Select the action that you want to perform on the quarantined email.
    • To view additional message headers, click the + button, then click Detailed Header.
    • To release the email message to its recipient, click Release.
    • To delete the email message from the quarantine, click Delete.
This entry was posted in Administration Guides, FortiMail on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.