Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zuber
New Contributor

Fortimail as relay server - Send mails without protected domains

Iam setting up fortimail onpremise as a email relay server for an isp. The ISP requires that all their subscribers should be able to relay emails through fortimail if they use it as their smart relay. i have manage to setup mails to relay through specific ip address which only belong to that isp. they need a basic authentication which is possible under domain -> specific domain and authentication. The main requirement is that they dont want to specifiy each protected domain as there are hundreds of domains from their their customers.

is it possible to relay emails without configuring protected domain and allow mail relay if its coming through a specific subnet and with authentication.

3 REPLIES 3
abelio
Valued Contributor

Hello
that is a very specific setup for ISP/Carriers

Go for FortiMail in transparent mode for that scenario. There is public documentation available.

 

As there are hundred of domains  and there are not protected domains configured, you will not use authentication profiles against smtp servers.

FortiMail will be able to scan smtp connections for malware, etc
Related to authentication,  an ISP  uses a radius server in order to manage/authenticate the subscribers;  to fight against spam,  FortiMail can manage IP reputation of those endpoints

 

regards




/ Abel

regards / Abel
zuber
New Contributor

in transparent mode, fortmail wont be able to act as a relay server rather be just scanning mail

AEK
Honored Contributor II

Basically the protected domain is required for incoming e-mails.

Never tried it before but I think it is possible to make your FML to relay your e-mails without a protected domain.

I guess you will just need to configure Access Control policy and IP policy.

I think you should study well this case as there may be some extra security challenges that you should not miss.

For example you need to define the authorized sending domain(s) in your Access Control policies, otherwise your (malicious) users will be able to spoof the sending domain.

AEK
AEK
Labels
Top Kudoed Authors