FortiMail 03 Email Setup

Embed Size (px)

Citation preview

  • 8/10/2019 FortiMail 03 Email Setup

    1/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    1

    2013 Fortinet Inc. All r ights reserved.

    The information contained herein is subject to change without notice. No part of this publication including text, examples, diagrams

    or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical

    or otherwise, for any purpose, without prior written permission of Fortinet Inc. 06-50000-0221-20130726

    Email Setup

    Module 3

    2

    Module Objectives

    By the end of this module, you will be able to:

    Explain how the FortiMail system classifies email as either incoming or outgoing

    Configure necessary system and email settings to enable commonly used

    security features

    Illustrate main steps of sending email using SMTP and test email operation in the

    classroom lab environment

  • 8/10/2019 FortiMail 03 Email Setup

    2/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    3

    Email Handling

    Any email received by the FortiMail unit is considered either incomingor outgoing depending on the recipient domain

    If the recipient domain matches a domain in the protected domain list,

    the email is considered incoming, otherwise it is outgoing

    Incoming emails are relayed by default

    Outgoing emails are rejected by default

    4

    Protected Domains Configuration

    Email domains protected byFortiMail Unit

  • 8/10/2019 FortiMail 03 Email Setup

    3/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    5

    Recipient Verification

    To verify the validity of a recipient email address, the FortiMail unit canuse the following techniques:

    Recipient Address Verification

    Automatic Removal of Invalid Quarantine Accounts

    To optimize the usage of system resources, it is recommended to

    enable one of the above techniques

    6

    Recipient Address Verification

    The FortiMail unit checks the validity of all incoming email and it

    rejects those for invalid recipients

    The technique used to verify the recipient address varies depending

    on the back-end server queried:

    LDAP Verification: The FortiMail unit queries the LDAP tree looking for an object

    with the matching attribute

    SMTP Verification: The FortiMail unit initiates an SMTP session to the back-end

    server with the recipient that must be verified

  • 8/10/2019 FortiMail 03 Email Setup

    4/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    7

    Automatic Removal of Invalid Quarantine

    Technique used to free up mail disk space by removing emailquarantined for invalid recipients

    By default, the quarantine list is checked at 4:00 am but this can be

    modified through the CLI as follows:config antispam settings

    (settings) # set backend-verify

    end

    8

    Outgoing Mail Rate Limiting for Blacklisting Protection

    Provides the ability to limit number or volume (in Mbytes) of email by

    sender

    Useful for hosting environment to prevent customers from sending out

    large volumes of email in too short of a time period which can result in

    the mail servers IP to be blacklisted

    Control email accounts that have been compromised and are sending

    spam

    Subsequent sessions are temp failed

    Configured per domain

  • 8/10/2019 FortiMail 03 Email Setup

    5/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    9

    Outgoing Mail Rate Limiting for Blacklisting Protection

    History Log Trace: Classifier Sender Address Rate Control

    Disposition Delay

    From [email protected]

    Antispam Log Trace: From [email protected]

    Message [email protected] exceeded sender rate control

    message limit. Messages Sent = 3

    Event Log Trace: Message Milter: from=, reject=451

    4.3.2 Please try again later

    10

    Domain Association

    Eliminates the need to configure multiple protected domains with

    identical settings

  • 8/10/2019 FortiMail 03 Email Setup

    6/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    11

    Local Domain

    The local domain is used by features such as: quarantine report,Bayesian database training, email quarantine and DSN

    If the FortiMail unit is used as an outgoing MTA, the IP address should

    be globally resolvable to the FQDN

    FortiMail FQDN

    12

    Default Domain Name for User Authentication

    If more than one domain

    is defined, a default

    domain name can be

    configured so it is

    appended to the user

    name

    Useful where the end

    user has only specified

    the local part of the email

    address (webmail, SMTP

    Auth, IMAP, POP3)

  • 8/10/2019 FortiMail 03 Email Setup

    7/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    13

    Maximum Email Size

    By default, the FortiMail unit will reject all email messages that exceed10 MB

    The administrator can override this limit by increasing one of the

    following settings: Cap message size value in the session profile

    Maximum message size value in the protected domain

    If both are configured, the smallest value is applied

    14

    Users

    When the FortiMail unit is operating in servermode, user inboxes can

    be defined locally or retrieved through LDAP

  • 8/10/2019 FortiMail 03 Email Setup

    8/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    15

    User Group Management

    Email user accounts that are part of the same domain can be groupedtogether for easier management

    16

    User Alias

    Email addresses in the alias can be part of the protected domain or

    they can belong to an external domain

    One-to-one or one-to-many relationship

    Unidirectional email translation

  • 8/10/2019 FortiMail 03 Email Setup

    9/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    17

    Address Map

    Bidirectional email translation one to one or many to many

    Generally used to hide a protected domain from the external

    Both email domains must be defined on the FortiMail unit

    18

    Mail Data Storage

    Mail data (MTA spool, mail queues, email archives, email users

    mailboxes, quarantined email messages) can be stored to local disk or

    to a remote NAS

    NFS and iSCSI

    protocols

    supported

  • 8/10/2019 FortiMail 03 Email Setup

    10/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    19

    FortiMail Queues

    Mail Queue Deferred queue, holds mail the MTA could not send

    In the case of temporary failure due to server being down or network connectivity

    MTA will attempt to resend the message later

    If greylisting is in use on the upstream server, the message is held here

    Dead Mail

    Mail that cannot be

    delivered or

    returned as the

    sender and recipient

    names are invalid

    20

    Mail Queue Timers

    After 6 hours a DSN

    message will be removedfrom the deferred queue

    and returned asundeliverable

    Zero means that only one

    resend attempt will be

    made before returning the

    message

    Retry for sending

    message every 15

    minutes

    After 1 day the

    message will be

    removed from thedeferred or spam

    queue and returned

    as undeliverable

    Wait 1 hourbefore sending

    a DSNdeferred

    message to

    sender

  • 8/10/2019 FortiMail 03 Email Setup

    11/12

    Email Se

    06-50000-0221-20130726

    Course 221 - FortiMail Email Filtering

    21

    Lab Network

    22

    Lab1 Initial Setup

    Objectives

    Understand the main steps of sending an email message using the SMTP

    protocol and test email operation in the classroom lab environment

    Tasks

    Ex 1: Introduction to the Classroom Mail Network

    Ex 2: Mail Transfer Agent and Mail User Agent Configuration

    Ex 3: Understanding an SMTP Connection

    Estimated time to complete the lab: 20 minutes

  • 8/10/2019 FortiMail 03 Email Setup

    12/12

    Email Se

    06 50000 0221 20130726

    Course 221 - FortiMail Email Filtering

    23

    Lab2 Gateway Mode MTA Configuration

    Objectives Configure system and email section of a gateway mode FortiMail system

    Understand how the DNS records are populated

    Understand email routing between internal and external domains

    Tasks

    Ex 1: Smarthost Gateway Configuration

    Ex 2: Understanding DNS Record

    Ex 3: Local and Protected Domain Configuration

    Estimated time to complete the lab: 30 minutes