Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jOzzie
New Contributor

User access quarantine

We just have installed our Fortimail and all is doing well. But because the amount of spam I don't want to check this by myself, but let the recipient doing this job. By now I managed that spam is going to the users quarantine box and that this is cleaned up for non existing users. I already enabled "allow quarantined email access through webmail" although I don't know if this has to be.

I could access this sending a quarantine mail but that is not what I want, I just need access to this user/personal quarantinebox

 

I can see a https://<fortinet>/mail logon screen, but nothing what I enter works

I read the admin manual, for as far as possible searched this forum, but still haven't found the/an answer.

 

Hope someone does!

7 REPLIES 7
abelio
Valued Contributor

Did you define an authentication profile for the relevant recipient policy?

If not, please do it.

 

regards

regards


__ Abel

jOzzie
New Contributor

Abel thanks,

I indeed didn't have an authentication profile, which I used in my recipient policy.

But when did created one (profile-authentication) and added it to the recipient policy the result was the same.

Whatever I selected in the authentication profile and whatever I used for logging in "username, smtp-address, complete internal name, etc" nothing worked. I used a LDAP profile, that also didn't work.

 

But one thing I didn't figure out in reading and trying:

In my profile, *@* can mail to *@<maildomain>, it's scanned by three profiles.

But when reading the admin manual, I get the feeling that using authentication and access, people have to authenticate before they can send messages. Is that correct?

If so how to circumvent that, because I only want that users can access their quarantinebox

 

abelio
Valued Contributor

 

Authentication profile is the only way to authenticate users to access their quarantine.

Re-check it once again (smtp, ldap whatever) until it validates your account

Take in consideration how authentication is actually perfomed in your email environment, i.e. sometimes Server requires domain or secure authentication, tls etc).

If you translate that auth scheme to youri fortimal auth profile, you could solve the issue.

 

regards

regards


__ Abel

jOzzie
New Contributor

It took a while to get back, but by now I've tried every single setting and every kind of loginname.

But I still cannot connect to the quarantinebox.

The issue is not your answer, but somehow,somewhere I think I made a configuration error.

So I have to check all the settings again.

I have to be careful with that, because it's a live FortiMail, so I cannot change something and hope it doesn't affect something else.

So for now I thank you for your answers.

 

Bromont_FTNT

Open a support ticket to get this sorted out quickly

jOzzie

Bromont thanks, I will do that.

First I have to fix another thing, because my Fortinet's won't register because of a wrong serial.

So I have to fix that first en then I will open a support ticket.

 

It might take a while, but when it's fixed I will post the answer to my original problem.

 

jOzzie
New Contributor

Well finally, due to some short of time, but I managed to fix the issue.

All what was said like create a SMTP Profile Authentication and connecting that in the recipient policies was like expected, true.

But what was missing was the right authentication:

When telnetting to port 25 of our emailserver ther was no "250-AUTH LOGIN ", that was because of:

"For this you need to enable "Basic Authentication" on the Exchange server and disable "Offer Basic only after TLS".

 

After doing this all was doing OK. Still maybe not as secure as I like it to be, but it works so I can continue.

In Exchange there are two default connector in the hub config, I changed the one that serves port 25.

 

Thank you for your answers