Hello Guys,
what would be a best practice to migrate Email Domains from other MailServers oder Email Security Gateways to FortiMail? i do have CSV from Postfix with 100 DOmains and want to somehow do a script that will create this domains on FortiMail and assign predefined Profiles. is that possible? or do we have to use somehof FortiMail API? Is there any guide for that or some recommendations? i see that i cannot upload scripts to FortiMail Can i use Putty > Connect to FortiMail and do Scripts directly via Putty? would appreciate your advice Thank you
NSE 8
NSE 1 - 7
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Holy wrote:i want to do smtptests via cli for 40 Email Servers, so it should be somehow automated.
Any idea or a solution how to solve that?
SWAKS- Swiss Army Knife for SMTP is your friend here. You can script mails from outside using something like:
swaks -f test@gmail.com -t <email address on protected domain> -s <FML IP> --body "Test text" --header-Content-Type "text/html" --header-Subject "Test ProtectedDomain"
Dr. Carl Windsor Field Chief Technology Officer Fortinet
This is what that test does. You initiate the test from outside by getting SWAKS to send the mail to the FML (-s <FML IP>), the FML will then attempt to deliver to the relevant mail servers it based on its configuration. The actual mail sent to the internal servers will be sourced from the FML in the same way the smtptest would be.
This meets the above requirement right?
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Hi
https://cookbook.fortinet.com/migrating-email-from-other-mail-servers/index.html
after you have user accounts in place, you can use imap to migrate mailboxes content to fortimail.
Surely you use some scripting in order to accelerate the whole process
AFAIK, there's no available Rest API methods for massive number of domains.
If all domains could share similar policies, you could define it as associate domains in order to save some time
regards
/ Abel
Hello abelio,
i saw this coockbook of couse, but this is for server mode.
i actualy just need a way to automate the migration process to Gateway mode with massive number of domains.
As there is no direct possibility to upload scripts to FortiMail a Script that connects via ssh should work too right?
is there a possiblity to check wheter the script execution sucseeded? on the FortiGate you can check error log for example.
Thank you
NSE 8
NSE 1 - 7
Hello,
Sorry, I didn't see 'gateway mode'
I guess that it should be easier than server mode, because you don't need to deal at first instance with users stuff.
(I said 'easier than' and not 'simple')
I agree with you a lack of support for direct scripting so useful within fortigate world.
In your shoes, I'll explore two (non-exclusive) approaches:
- Fortimail REST API 6.2 now includes HTTP PUT methods for /domain
- ask your local SE to confirm that we're in the right track
Please, share here with us if you can solve this problem, it's very interesting and challenging
regards
/ Abel
Hi,
well i solved it with a vba script in Excel.
i had the Protected Domains, associated Domains, smtp Servers and relay IPs exported as i .csv from Postfix
than made a vba script withing exel which has created the CLI Configs for FortiMail
LDAP Server, Protected Domains, Associated Domains, SMTP Relay, IP-Groups, E-Mail Groups.
Than i tested this scripts on a Test FortiMail VM Appliance , finetuned the Scripts and then applied it via Putty to Production FortiMail.
all gone smooth.
now the other thing that i try to figure out, is how to automaticly do smtp tests via FortiMail
with this command
execute smtptest mail.example.com
the Problem is, you have to Enter strg + D manually if you enter this command via cli
i want to do smtptests via cli for 40 Email Servers, so it should be somehow automated.
Any idea or a solution how to solve that?
Thank you
NSE 8
NSE 1 - 7
Holy wrote:i want to do smtptests via cli for 40 Email Servers, so it should be somehow automated.
Any idea or a solution how to solve that?
SWAKS- Swiss Army Knife for SMTP is your friend here. You can script mails from outside using something like:
swaks -f test@gmail.com -t <email address on protected domain> -s <FML IP> --body "Test text" --header-Content-Type "text/html" --header-Subject "Test ProtectedDomain"
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Hi Carl,
thank you for this recommendation.
the Problem is i have to test from FortiMail , that this smtp test will come from FortiMail IP-Adress. because all internal E-mail servers will be available only from this IP Adress (Firewall Rules). So using an external source is unfortunaly not an option.
NSE 8
NSE 1 - 7
This is what that test does. You initiate the test from outside by getting SWAKS to send the mail to the FML (-s <FML IP>), the FML will then attempt to deliver to the relevant mail servers it based on its configuration. The actual mail sent to the internal servers will be sourced from the FML in the same way the smtptest would be.
This meets the above requirement right?
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Hey Carls,
i see, thank you for the explanation. i will test that but it sound exactly what i was seeking for.
Thanks )
NSE 8
NSE 1 - 7
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.