Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pwood
New Contributor

Fortimail - relaying for protected domains

Folks - I have a Fortimail appliance running v5.2,build404,140822 (5.2.0 GA), operating in Gateway mode.

 

Currently our inside Exchange hosts are delivering mail directly to remote MTAs - only inbound mail routes via the Fortimail. The Fortimail is set up to not relay, so only delivers to the two domains defined in Mail Settings --> Domains (web interface).

 

My understanding from the Admin Guide is that if I start to route outbound mail via the Fortimail, it will deliver mail destined for arbitrary domains as long as that mail comes to the Fortimail from a mailer defined in Mail Settings --> Domains, i.e. the Fortimail will relay for Protected Domains.

 

Questions:

- is this correct?

- is there a way to test this prior to cutting my Exchange servers over to forwarding outbound mail to the Fortimail.  I don't want to bounce production mail and would like to see the Fortimail relay for a Protected Domain in advance if possible.

 

Thoughts? Thanks in advance for any assistance!

 

Regards - Pete

5 REPLIES 5
Bromont_FTNT
Staff
Staff

You just need to set up an access control policy matching your internal Exchange servers to relay all mail.

 

Policy ---> Access Control (receiving) ---> Sender IP (exchange) ---> Action Relay

pwood

Thanks for the quick reply - appreciate it!

 

I just tested this with my workstation and Swaks, and it worked, thanks.

 

I'm understanding from your Reply that I need to do this for all Exchange servers, even if they're defined in Mail Settings --> Domain as the SMTP Server (Relay Type: Host)?

 

Regards - Pete

Bromont_FTNT

Yes... for outbound mail (outbound meaning the destination is not a protected domain configured on the Fortimail) you'll need an access control policy for each server to relay out... you can also enter the netmask to allow a range of IPs

pwood

Understood - thanks for the clarification.

 

On a related note, is applying the AntiSpam engine to outbound mail (in the same sense you used the term above) recommended? To be honest, I haven't found any discussion regarding running an organisation's outbound mail through an AntiSpam regime \, all the literature speaks to defending an organisation against inbound Spam - comments?

 

[N.B. I had a look at the Forums but couldn't locate a Netiquette doc regarding preferred behaviour- should I create a new post on this supplemental question or add it in as a follow-up post in this thread?]

 

Thanks!

 

Regards - Pete

Bromont_FTNT

Antispam scanning on outbound can protect your mail server reputation in the case you get a trojan horse on an internal computer which spams outbound. You may also want to use the rate limiting feature for outbound mail. 

Labels
Top Kudoed Authors