Receiving external mails in LAN with fortigate 30E
Hi all. I'm new here and this may sound like a newbie but it's a problem that I'd be happy if someone can help me solve. We have a LAN with 10 workstations. We use a Fortigate 30E firewall. We also use Mail Enable on one of the workstations set up as a mail server to manage emails within the LAN. Everything works fine with mails sent within the LAN. However, we would like to also use one of the workstations to receive the official email of our office from the ISP. How can we configure this? Also how can we set things to enable people download emails from external accounts like gmail into their workstations and send mails to outside email accounts like gmail and Yahoo without connecting the workstations to the internet directly? Thanks
I think the FortiGate itself is not adding much to the topic here. What you are looking for is a mail collector service. If you try to collect mails from certain accounts, you need one client to log on to that mail account (internet access required), then you can download them.
Depending on your mail collector service, you may have the possibility to distribute the mails. email rules will likely do the same job (Thunderbird, Microsoft Outlook, Evolution have these rules).
Thanks for your reply. I can download mails using POP3 services with Thunderbird OUTSIDE the LAN. What some people in the office want is the possibility of accessing the same mails on their workstations that are within the LAN. None of the workstations is directly on the internet. The possibility of having internet access on them is through the Fortigate. I'm just thinking of a configuration in which a laptop can be connected to the Fortigate in a DMZ and then downloading the mail on it and somehow forwarding it to the correct email account within the LAN. The users should also be able to send mails out through the Fortigate and laptop in DMZ. Any ideas on this or a better way of achieving the same?
To get the mails your users must have a server connection.
If your users want to download mails, they have to be able to either connect to the server online or, if not possible, connect to a server that has the mails offline.
The only way I can think of is a mail collector service. These usually connect to the users' mailbox with their credentials (which need to be provided) to download the mail. Then you can write rules for individual users.
Think of "somehow forwarding it to the correct email" rule—that must be clearly defined and can only be done with a set of rules saying "mail to userA > forward to userA".
An automated way is not possible, not that I know of.
There is, for completeness, the method of a "mail relay". It takes mail via SMTP and simply forwards them via SMTP to another server, inside your network. This does not work with POP or IMAP as they are reflecting the other mail direction (SMTP = mail from client to server, POP/IMAP = mail from server to client).
This is a) provided that a server SMTP connects to your relay. In case of public mail providers this will not be a solution as the servers will simply not forward mails, gmail, tiscali as examples.
b) your mail relay is receiving mails for a managed mail domain. Then an outside server word SMTP forward mails to your relay, in the DMZ and it could forward to the server in LAN.
c) anything else and bad configuration with a relay is very likely used for mail spamming.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.