Example 3: FortiMail unit for an ISP or carrier Transparent mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
136 Revision 2
http://docs.fortinet.com/ • Feedback
5 Select OK.
Configuring the IP-based policies
Session profiles are applied to IP-based policies governing SMTP client connections.
Connection Settings
Hide this box from the
mail server
(transparent mode only)
Enable to preserve the IP address or domain name of the
SMTP client in:
• the SMTP greeting (HELO/EHLO) and in the Received:
message headers of email messages
• the IP addresses in the IP header
This masks the existence of the FortiMail unit.
Do not let client connect
to blacklisted SMTP
servers
(transparent mode only)
Enable to prevent clients from connecting to SMTP servers
that have been blacklisted in antispam profiles or, if enabled,
the FortiGuard AntiSpam service.
Endpoint
Reputation
Enable Endpoint
Reputation
Enable to accept, monitor, or reject email based upon endpoint
reputation scores.
This option is designed for use with SMTP clients with
dynamic IP addresses. It requires that your RADIUS server
provide mappings between dynamic IP addresses and
MSISDNs/subscriber IDs to the FortiMail unit.
Action Select either:
• Reject: Reject email and MMS messages from
MSISDNs/subscriber IDs whose endpoint reputation
scores exceed Auto blacklist score trigger value.
• Monitor: Log, but do not reject, email and MMS messages
from MSISDNs/subscriber IDs whose endpoint reputation
scores exceed Auto blacklist score trigger value. Log
entries appear in the history log.
Auto blacklist score
trigger value
Enter the endpoint reputation score over which the FortiMail
unit will add the MSISDN/subscriber ID to the automatic
blacklist.
The trigger score is relative to the period of time configured as
the automatic blacklist window. For more information on the
automatic blacklist window, see the FortiMail Administration
Guide.
Auto blacklist duration Enter the number of minutes that an MSISDN/subscriber ID
will be prevented from sending email or MMS messages after
they have been automatically blacklisted.
Session Settings
Prevent encryption of the
session
(transparent mode only)
Enable to block STARTTLS/MD5 commands so that email
connections cannot be TLS-encrypted.
Unauthenticated Session
Settings
Prevent open relaying
(transparent mode only)
Enable to prevent clients from using open relays to send email
by blocking sessions that are unauthenticated.
(Unauthenticated sessions are assumed to be occurring to an
open relay.)
If you permit SMTP clients to use open relays to send email,
email from their domains could be blacklisted by other SMTP
servers.
To Next Page
Loading...
