Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Access Control Policies


I have recently configured Fortimail. i am a newbie to fortimail access policies. I need help with configuring it as I am sure it will help in reducing the number of spams we receive.


My fortimail's private IP is and my exchange server IP is The fortimail also have a public ip .. for the sake of argument suppose it I have almost 28 protected domains ... could any one of you just help me start with the policies. I am not sure how to go about it.


I will appreciate ur help.







Esteemed Contributor III

Did you read the  fortimail admin setup guide? A access-policy is not  required for a "must have".  You need to understand  the  difference of a  access-control policy and rcpt-policy and how to best use them.


Access Control  Policy are best used for ;


ipv4 address like to block a unique address like a spammer or the chinese guy that fails  SMTP-AUTH 1000000 per-day that's pissing you off,  to set  tls policy per-addresss  or domain ( recipient domain  i.e  I use TLS 1.1 for mail to * etc.....)


Recipient policy are  just that;  " recipient based" and AS/AV/Content profiles do I apply.




I would use the Quick Start Wizzard and build a based FML cfg and then modify and controlled it from that based cfg IMHO





I have a 800 Firewall and 200D Fortimail.  


Change Exchange address from MX record to another IP address.   Mail follows the MX record into the firewall.  Port 25 forwards it to Fortimail.  Fortimail forwards it to Exchange.   In the firewall, I set virtual IPs to do the port forwarding from MX IP to Exchange IP