Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Holy
Contributor

Migration from Postfix to FortiMail (Gateway mode)

Hello Guys,

 

what would be a best practice to migrate Email Domains from other MailServers oder Email Security Gateways to FortiMail? i do have CSV from Postfix with 100 DOmains and want to somehow do a script that will create this domains on FortiMail and assign predefined Profiles. is that possible? or do we have to use somehof FortiMail API? Is there any guide for that or some recommendations? i see that i cannot upload scripts to FortiMail Can i use Putty > Connect to FortiMail and do Scripts directly via Putty? would appreciate your advice Thank you

NSE 8 

NSE 1 - 7

 

NSE 8 NSE 1 - 7
2 Solutions
Carl_Windsor_FTNT

Holy wrote:

i want to do smtptests via cli for 40 Email Servers, so it should be somehow automated.

Any idea or a solution how to solve that?

 

SWAKS- Swiss Army Knife for SMTP is your friend here.  You can script mails from outside using something like:

 

swaks -f test@gmail.com -t <email address on protected domain> -s <FML IP>  --body "Test text" --header-Content-Type "text/html" --header-Subject "Test ProtectedDomain"

 

 

 

Dr. Carl Windsor Field Chief Technology Officer Fortinet

View solution in original post

Carl_Windsor_FTNT

This is what that test does.   You initiate the test from outside by getting SWAKS to send the mail to the FML (-s <FML IP>), the FML will then attempt to deliver to the relevant mail servers it based on its configuration.  The actual mail sent to the internal servers will be sourced from the FML in the same way the smtptest would be. 

 

This meets the above requirement right?

Dr. Carl Windsor Field Chief Technology Officer Fortinet

View solution in original post

8 REPLIES 8
abelio
Valued Contributor

Hi

https://cookbook.fortinet.com/migrating-email-from-other-mail-servers/index.html

 

after you have user accounts in place, you can use imap to migrate mailboxes content to fortimail.

 

Surely you use some scripting in order to accelerate the whole process

AFAIK, there's no available Rest API methods for massive number of domains.

 

If all domains could share similar policies, you could define it as associate domains in order to save some time

 

 

 

regards




/ Abel

regards / Abel
Holy

Hello abelio,

 

i saw this coockbook of couse, but this is for server mode.

 

i actualy just need a way to automate the migration process to Gateway mode with massive number of domains.

 

As there is no direct possibility to upload scripts to FortiMail a Script that connects via ssh should work too right?

 

is there a possiblity to check wheter the script execution sucseeded? on the FortiGate you can check error log for example.

 

Thank you

 

NSE 8 

NSE 1 - 7

 

NSE 8 NSE 1 - 7
abelio
Valued Contributor

Hello,

Sorry, I didn't see 'gateway mode'

 

I guess that it should be easier than server mode,  because you don't need to deal  at first instance with users stuff.

(I said 'easier than' and not 'simple') 

I agree with you a lack of support for direct scripting so useful within fortigate world.

 

In your shoes, I'll explore two (non-exclusive) approaches:

- Fortimail REST API 6.2  now includes HTTP PUT methods for /domain

- ask your local SE  to confirm that we're in the right track

 

 Please, share here with us if you can solve this problem, it's very interesting and challenging

 

 

 

regards




/ Abel

regards / Abel
Holy

Hi,

 

well i solved it with a vba script in Excel.

 

i had the Protected Domains, associated Domains, smtp Servers and relay IPs exported as i .csv from Postfix

 

than made a vba script withing exel which has created the CLI Configs for FortiMail

 

LDAP Server, Protected Domains, Associated Domains, SMTP Relay, IP-Groups, E-Mail Groups.

 

Than i tested this scripts on a Test FortiMail VM Appliance , finetuned the Scripts and then applied it via Putty to Production FortiMail.

 

all gone smooth.

 

now the other thing that i try to figure out, is how to automaticly do smtp tests via FortiMail

 

with this command

execute smtptest mail.example.com

 

the Problem is, you have to Enter strg + D manually if you enter this command via cli

 

i want to do smtptests via cli for 40 Email Servers, so it should be somehow automated.

 

Any idea or a solution how to solve that?

 

Thank you

NSE 8 

NSE 1 - 7

 

NSE 8 NSE 1 - 7
Carl_Windsor_FTNT

Holy wrote:

i want to do smtptests via cli for 40 Email Servers, so it should be somehow automated.

Any idea or a solution how to solve that?

 

SWAKS- Swiss Army Knife for SMTP is your friend here.  You can script mails from outside using something like:

 

swaks -f test@gmail.com -t <email address on protected domain> -s <FML IP>  --body "Test text" --header-Content-Type "text/html" --header-Subject "Test ProtectedDomain"

 

 

 

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Holy

Hi Carl,

 

thank you for this recommendation.

 

the Problem is i have to test from FortiMail , that this smtp test will come from FortiMail IP-Adress. because all internal E-mail servers will be available only from this IP Adress (Firewall Rules). So using an external source is unfortunaly not an option.

NSE 8 

NSE 1 - 7

 

NSE 8 NSE 1 - 7
Carl_Windsor_FTNT

This is what that test does.   You initiate the test from outside by getting SWAKS to send the mail to the FML (-s <FML IP>), the FML will then attempt to deliver to the relevant mail servers it based on its configuration.  The actual mail sent to the internal servers will be sourced from the FML in the same way the smtptest would be. 

 

This meets the above requirement right?

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Holy

Hey Carls,

 

i see, thank you for the explanation. i will test that but it sound exactly what i was seeking for.

 

Thanks )

NSE 8 

NSE 1 - 7

 

NSE 8 NSE 1 - 7
Labels
Top Kudoed Authors