Example 3: FortiMail unit for an ISP or carrier Transparent mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
138 Revision 2
http://docs.fortinet.com/ • Feedback
Exceptions to SMTP connections that can be proxied or relayed include SMTP
connections destined for the FortiMail unit itself. For those local connections, such as
email messages from email users requesting deletion or release of their quarantined
email, you must choose to either allow or block the connection.
Proxy pick-up is configured separately for incoming and outgoing connections.
In this deployment example, no protected domains have been configured. Therefore all
connections are outgoing. In addition, per-domain and per-recipient Bayesian databases
and per-recipient quarantines will not exist, and therefore the FortiMail unit does not need
to receive local SMTP connections in order to train databases or delete or release a
domain’s recipient’s quarantined email.
The FortiMail unit must not expend resources to queue undeliverable email, nor reroute
connections, and therefore it must not implicitly use its built-in MTA. Instead, it must
always use its outgoing proxy by enabling Use client-specified SMTP server to send
email. Because port1 is used exclusively for administration, the outgoing proxy must be
configure to pick up outgoing connections only on port2 and port3.
To configure outgoing proxy pick-up
1 Go to Mail Settings > Proxies in the advanced mode of the web-based manager.
2 Configure the following:
3 Select Apply.
Testing the installation
Basic configuration is now complete, and the installation may be tested. For testing
instructions, see “Testing the installation” on page 159.
For information on configuring additional features, see the FortiMail Administration Guide.
Note: For information on determining directionality, see “Incoming vs. outgoing
directionality” on page 15.
Use client-specified SMTP server to
send email
enabled
Port 2
Incoming SMTP connections are dropped
Outgoing SMTP connections are proxied
Local SMTP connections are not allowed
Port 3
Incoming SMTP connections are dropped
Outgoing SMTP connections are proxied
Local SMTP connections are not allowed
Note: Unlike other deployments, this deployment requires that SMTP clients be configured
to use the SMTP AUTH command, and not to use TLS. Before testing, you should verify that
SMTP clients that will connect for themselves through the FortiMail unit meet those
requirements. If some subscribers require TLS or do not use authentication, consider first
making separate session profiles and IP-based policies for those subscribers.
To Next Page
Loading...
