Fortinet Fortimail

Te c h n i c a l Tr a i n i n g

Disclaimer
This content is not related to Fortinet education from any side and nothing from the inner content ( documents , labs , expressions )
are attributed to Fortinet paid portals or documentation guides , All slides are made by instructor effort with screenshots from giant
labs , labs are practiced in private environment “EVE-NG Community Version” , all rights are reserved.
 How Fortimail Processes Email
FortiMail is put before existed mail servers usually to scan email traffic against viruses and scans , also it’s
used to be a rely on behalf of the mail server .
Scanning techniques will be supplied to your traffic using existed policies and profiles like antivirus ,
antispam , content , others .
Fortimail Protects A Domain :-
-- FortiMail units can be configured to protect email domains by defining policies and profiles to scan and
relay incoming and outgoing email.
Fortimail Operation Modes :-
Mode Description
Gateway - Relaying email to and from the email servers that it protects.
- Simple DNS MX record change redirects email to FortiMail for antispam and antivirus scanning.
- FortiMail does not locally store email unless queued or quarantined.

1
 How Fortimail Processes Email
Mode Description
Transparent - Fortimail resides between mail servers transparently , just scanning , no other role .
- No network configurations changes .
Server - Fortimail stores locally user accounts , messages , mail traffic .
- Works as a normal mail server

2
 How Fortimail Processes Email
Access Control Rules :-
> The access control rules define how your fortimail unit acts when it receives and email messages or when
it needs to deliver an email message ( Receiving & Delivery )
Recipient Address Verification :-
> It a feature used to reduce load on fortimail unit for receiving email traffic for non verified user accounts ,
so instead of receiving anything for anyone that isn’t verified , RAV could be used by integrating with any
authentication method like LDAP which is going to be used within giant labs .
Disclaimer messages and customized appearance :-
> You can customize both the disclaimer and replacement messages, as well as the appearance of the FortiMail unit
interface.
> The disclaimer message is attached to all email, generally warning the recipient the contents may be confidential.
Antispam Techniques :-
> FortiMail Antispam Technique ( Heuristic Scan , Bayesian Scan , .. ) .
> FortiGuard Antispam Service ( DNSBLS , SURBLS , SHASH ) .

3
 FortiMail Through GIANT Lab

4
 FortiMail Through GIANT Lab
We have an internal domain controller called test.local , installed on it a mail server using a free “open
source ” mail server MTA software called hmail and some machines in users zone defining the mail client
software which is thunderbird from Mozilla which is also free MTU.
Also, we have an external domain controller acting as the outside “in internet” another organization called
extranet.local . Also, hmail is used as the MTA in the external world . We have another client defining the
MTU in external world on client client-in with thunderbird also from Mozilla

// Prerequisites :- Turn off firewall on all devices in the schema or open the required ports on the firewall .. For
SMTP , IMAP , POP3 , HTTP , HTTPs ..

Stages :-
1) Creating domain controller role on each of the internal and external servers from sever manager.
2) Join both the clients internally and externally to the domains related to each region.
When clients join the domain, they will use dns of domain directly , as a result when they need to
communicate to mail servers, they will ask these dns servers “Internally and Externally”

5
 FortiMail Through GIANT Lab
3) Creating DNS Records On Each Domain ( test.local & extranet.local ) :-
-- A Record .
-- MX Record .
4) Installing HMAIL Server & Creating Accounts .

Type the name of user

Type a password for it

6
 FortiMail Through GIANT Lab
5) Install Thunderbird on each client and connect to the local server

Type the name of user

Enter the mail you created on hmail internally

Type a password for it

Then choose manual configuration

7
 FortiMail Through GIANT Lab
For sending mails As written in dns
record

For Retrieving

User created in mail server

As written in dns record

User created in mail server