Hello everyone,
I use a FortiMail 100C in server mode.
In this operation mode, is it possible to add a new domain as a backup mail exchanger so that the FortiMail unit will accept mails for this domain in case the primary mail exchanger is down or unreachable and pass the mails on to the primary MX once that one is up again.
Thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
No this is not possible, we are considering this DR scenario for a future release. Please feed back your interest to your FortiMail account team.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Maybe I'm too unexperienced, but why would that not be possible?
In a MX record you state at least one IP address. You can give 2 addresses for failover.
If the second address would point to the FML, the FML would never receive any mail until mail clients run into an 'unreachable' problem with the primary address, and resend to the secondary address.
Am I assuming wrong here?
Hi!
I can 95% agree to what ede_pfau wrote:
There should be no problem to setup a second FortiMail as MX with higher metric. The "second-MX" can send the mails to an upstream MTA (the first FortiMail) and can hold mails in it's queue, when the first MTA is not reachable for some time.
Option 2: The second FortiMail can send the mails to the same upstream-system, as the primary-one (e.g. Exchange-server).
But:
1. Problems:
You have no central config-instance. You need to setup both systems.
2. (the 5%, I do not agree to ede_pfau):
Some MTAs, that are not configured RFC-compliant to not only use the MX-record with the lowest metric. So, you will see some mails on the "backup-Fortimail".
MANY spammers try to bypass spam-filters on sending mails to the backup-MX-records.
Both should not be an issue.
Regards,
KPS
I agree, there are workarounds that can be used to achieve something close to this requirement but they have limitations e.g.
[ul]All doable, but not in a simple way, hence why an official DR deployment scenario is being considering for a future release.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Thanks @KPS and Carl, for a lot more insight in what this would take. Looking forward to a future release.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1546 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.