if it doesn't match an IP policy then it uses a "default" session profile which can't be changed. 

It's hardcoded as far as I know and documented here: http://help.fortinet.com/...elp/profile_09_09.html

Hi ede_pfau, yes, FML's public IP address is listed in my domain mx records with highest priority.

Hi Bromont_FTNT, IP Policy ID 3 will be used in future , when I want to route outgoing message through Fortimail, now outgoing messages are routed through internet and this IP Policy is defined for nothing (not use now), however is it defined right ? Please let me know if is wrong and how to fix it. IP Policy ID 4 is used for incoming messages, if it is not matched for incoming , how to fix it ?

Hi abelio, like I said, When incoming message bigger than 10MB is rejected I got no logs from History , AntiSpam , Antivirus , except one entry in "Event", so this is when I "cross" log  for that specific event (please view image attact)

 As you can see there is no other "Log Type" except "Event".

Thank you for hint about ID Policy, when an incoming message is sent successfully to my system I notice that "cross" log provide full details including "History" , "AntiSpam" LogType, in "History" log I can see "Policy IDs" shows "0:0:1" , it proves that my IP Policy is not applied right ? How can I fix it ?

As Bromont said, the destination on policy ID 4 is incorrect. It should be the FortiMail IP or left as 0.0.0.0/0.

jwilkins wrote:

As Bromont said, the destination on policy ID 4 is incorrect. It should be the FortiMail IP or left as 0.0.0.0/0.

Did I misunderstand the workflow ? If the destination on policy ID 4 is the FortiMail IP then incoming messages from Fortimail to Exchange server will be handled by "Domain setting" --> "Relay Type" --> "IP pool profile" ?

Right. The message from external hits the FortiMail and checks policy matching. Then is relayed on based on the domain settings.

Thank you all, change the IP Policy 4 destination to FortiMail IP make it works, I can receive email larger than 10MB now. But I have another concern, it seems Fortimail add/increase incoming message size somehow , doesn't it ?

For ex:

In my first post , when it still limit 10MB as default, an incoming message with attached files about 15MB is rejected with error "The response from the remote server was: 552 5.2.3 Message size (20611500) is over limit (10485760)"

So if the limit is 20MB I cannot attach files larger then 15MB or it is rejected :

Attached files over 19MB : 552 5.2.3 Message size (27298309) is over limit (20971520)

Attached files about 17.5MB : 552 5.2.3 Message size (24372170) is over limit (20971520)

So If I want to receive message with attached files about ~20MB I have to set limit to 26 ~ 27 MB.

Hi Jack

jack.chuong wrote:

 But I have another concern, it seems Fortimail add/increase incoming message size somehow , doesn't it ?

Nothing related with Fortimail ;

https://en.wikipedia.org/wiki/Email_attachment

Hi abelio,

The Exchange message size limit is 20MB , I can send out a message (outgoing messages are routed straight to internet) with attached files ~19MB to my gmail.

When Fortimail limit is 20MB , I can send a message (from my gmail to my exchange mailbox) with attached files ~15MB , in my mailbox I also receive message with same size ~15MB , messages with size larger than 15MB will be rejected.

When Fortimail limit is 26MB , messages with size ~20MB will be ok.

So I think maybe there is something with the way Fortimail handle attached file messages, btw it works ok for me now so I won't bother you guys anymore , let's leave it for another day.

Thank you very much.