Folks - I have a Fortimail appliance running v5.2,build404,140822 (5.2.0 GA), operating in Gateway mode.
Currently our inside Exchange hosts are delivering mail directly to remote MTAs - only inbound mail routes via the Fortimail. The Fortimail is set up to not relay, so only delivers to the two domains defined in Mail Settings --> Domains (web interface).
My understanding from the Admin Guide is that if I start to route outbound mail via the Fortimail, it will deliver mail destined for arbitrary domains as long as that mail comes to the Fortimail from a mailer defined in Mail Settings --> Domains, i.e. the Fortimail will relay for Protected Domains.
Questions:
- is this correct?
- is there a way to test this prior to cutting my Exchange servers over to forwarding outbound mail to the Fortimail. I don't want to bounce production mail and would like to see the Fortimail relay for a Protected Domain in advance if possible.
Thoughts? Thanks in advance for any assistance!
Regards - Pete
You just need to set up an access control policy matching your internal Exchange servers to relay all mail.
Policy ---> Access Control (receiving) ---> Sender IP (exchange) ---> Action Relay
Thanks for the quick reply - appreciate it!
I just tested this with my workstation and Swaks, and it worked, thanks.
I'm understanding from your Reply that I need to do this for all Exchange servers, even if they're defined in Mail Settings --> Domain as the SMTP Server (Relay Type: Host)?
Regards - Pete
Yes... for outbound mail (outbound meaning the destination is not a protected domain configured on the Fortimail) you'll need an access control policy for each server to relay out... you can also enter the netmask to allow a range of IPs
Understood - thanks for the clarification.
On a related note, is applying the AntiSpam engine to outbound mail (in the same sense you used the term above) recommended? To be honest, I haven't found any discussion regarding running an organisation's outbound mail through an AntiSpam regime \, all the literature speaks to defending an organisation against inbound Spam - comments?
[N.B. I had a look at the Forums but couldn't locate a Netiquette doc regarding preferred behaviour- should I create a new post on this supplemental question or add it in as a follow-up post in this thread?]
Thanks!
Regards - Pete
Antispam scanning on outbound can protect your mail server reputation in the case you get a trojan horse on an internal computer which spams outbound. You may also want to use the rate limiting feature for outbound mail.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.