Here's we want to achieve, only legitimate users could able to send and receive emails. I want to secure my email system against spoofing and directory harvesting and etc.
Any additional thoughts is much appreciated. Below is my current config.
LDAP Server Config
config profile ldap edit ldap_server set server 192.168.121.254 set port 636 set secure ssl set base-dn DC=domain,DC=com, set bind-dn smfmail set bind-password ENC &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& next
Recipient Add verification
config domain-setting
set host 192.168.121.254 set recipient-verification ldap set recipient-verification-profile ldap_server set recipient-verification-background ldap set recipient-verification-background-profile ldap_server config sender-addr-rate-ctrl-exempt end
Recipient Policy Inbound
config policy recipient edit 1 set status enable set recipient-type ldap-group set profile-ldap ldap_server set profile-antispam AS_Inbound set profile-content CF_Inbound set profile-antivirus AV_SysQuarantine set profile-resource Res_Default set profile-auth-type ldap set profile-auth-ldap ldap_server set auth-allow-smtp enable next
Recipient Policy Outbound edit 2 set status enable set direction outgoing set sender-type ldap-group set profile-ldap ldap_server set profile-antispam AS_Outbound set profile-antivirus AV_SysQuarantine
Fortigate Newbie
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.