- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Feature request - Handling Large Attachments
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Feature request - Handling Large Attachments
It would be fantastic if the Fortimail could help us deal with end-users that are getting large attachments in a method beyond just bouncing the messages. We continue to get complaints from users that tell us it's very frustrating because they don't realize a message never got through unless the sender contacts them.
I'd suggest a couple of ideas to deal with this in a user friendly manner:
1) Allow the message to go through but strip off the attachment. At least this way the user would get some notification that someone had attempted to send them a large file. (Though it would be important to be able to add that information into the message so that the recipient didn't just have the sender try over and over again....)
2) It would be fantastic to have the fortimail act like gmail and other services do when they receive a large attachment they get the original email with a link to the fortimail to download the attachment. This would be the best case scenario because it would get the user the file quickly, without it ending up in their main mailbox.
I had been wondering if it would be possible to accomplish #1 or #2 with current fortimail rules, but I don't believe so.
Thanks! Jeff
Jeff Roback
Jeff Roback
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why not increase the maximum message size on Session Profile(s)?
In any case, that is a prerequisite for both of your suggestions, otherwise the message is rejected outright.
1) Look at the Scan Options on the Content Profile. You can apply an action for max message or attachment size (on 5.4).
You can also defer delivery of messages over X size or on policy match until off-peak hours if bandwidth is a concern.
The Replace action can replace the attachment (strip it).
2) Sort of the same as above, but quarantine the message so that the user can log in to webmail and download the message / attachment. This can include a notify message for the recipient and/order sender in the Action Profile.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Increasing the attachment size becomes a circular problem with the users, unfortunately, no matter how big we make it, they will keep sending larger attachments.... and Outlook, mobile devices, and Exchange servers just don't do well with messages above a certain size.
I didn't realize the strip attachment option was there, that does sound like one good option. I'll investigate.
When the message is quarantined, I'd like for the user to not be able to release it, but just download the attachment. But I'll investigate further and see if this will work.
But I still think it would be a great FortiMail feature if there was the option to say that for attachments above X size, that the FortiMail would pass through the message with a link that said "Click here to download the attached message" and then with a single link the user could get an attachment of any size that went along with the message. That way the user would have just a single click instead of having to go to quarantine, get the message, and find the attachment.
This would give fortimail functionality along the lines of what people are used to with Gmail and other popular mail services.
Jeff
Jeff Roback
Jeff Roback
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For large e-mails it's typically the sending server that will bounce the e-mail. The sending server will connect to the fortimail and sees the maximum message size the fortimail advertizes after the EHLO command, if the message size exeeds the limit the sending server won't go any further and will bounce the message back to the sender without the Fortimail ever knowing why the sending server disconnected.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Jeff
Users can download just the attachment from webmail.
There is no one-click method but can be done in about 4 clicks if you include the link to webmail in the notification message. User then logs in, clicks the email and clicks download.
Your users should be educated that email should not be used as a method for delivering large attachments.
Which is perhaps why you are looking to implement this configuration, as some kind of deterrent?
Again, the max size on Session Profile still needs to be increased and make the Content Profile setting the limiting factor. Else, the FortiMail returns '552 5.2.3 Message size is over limit ([limit value])'.
@Bromont
That's only possible if the sending client somehow knows the message size before it is actually delivered.
The FortiMail does not do this as client. It attempts to send the message.
Related Posts
- Setting Up NAT64 to handle 64:ff9b::... 52 Views
- ssl vpn proxy error the proxy... 143 Views
- Seeking Guidance on Managing Email Attachments... 331 Views
- What flow-based inspection do with... 7121 Views
- FortiWeb what happens to TOS/QOS going... 392 Views
Labels
-
FortiGate
6,524 -
FortiClient
1,301 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
241 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.