Configuring DNS records Gateway mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
96 Revision 2
http://docs.fortinet.com/ • Feedback
where 10.10.10.1 is either the public IP address of the FortiMail unit, or a virtual IP
address on a firewall or router that maps to the private IP address of the FortiMail unit.
If your FortiMail unit will relay outgoing email, you should also configure the public reverse
DNS record. The public IP address of the FortiMail unit, or the virtual IP address on a
firewall or router that maps to the private IP address of the FortiMail unit, should be
globally resolvable into the FortiMail unit’s FQDN. If it is not, reverse DNS lookups by
external SMTP servers will fail.
For example, if the public network IP address of the FortiMail unit is 10.10.10.1, a public
DNS server’s reverse DNS zone file for the 10.10.10.0/24 subnet might contain:
1 IN PTR fortimail.example.com.
where fortimail.example.com is the FQDN of the FortiMail unit.
Configuring DNS records for the FortiMail unit itself
In addition to that of protected domains, the FortiMail unit must be able to receive web
connections, and send and receive email, for its own domain name. Dependent features
include:
• delivery status notification (DSN) email
• spam reports
• email users’ access to their per-recipient quarantines
• FortiMail administrators’ access to the web-based manager by domain name
•alert email
• report generation notification email
For this reason, you should also configure public DNS records for the FortiMail unit itself.
Appropriate records vary by whether or not Web Release Host Name/IP (located in
AntiSpam > Quarantine > Spam Report in the advanced mode of the web-based
manager) is configured:
• Case 1: Web Release Host Name/IP is empty/default
• Case 2: Web Release Host Name/IP is configured
Case 1: Web Release Host Name/IP is empty/default
By default (that is, if Web Release Host Name/IP is unconfigured), the web release/delete
links that appear in spam reports will use the fully qualified domain name (FQDN) of the
FortiMail unit.
For example, if the FortiMail unit’s host name is fortimail, and its local domain name is
example.net, resulting in the FQDN fortimail.example.net, a spam report’s
default web release link might look like (FQDN highlighted in bold):
https://fortimail.example.net/releasecontrol?release=0%3Auser2%40e
xample.com%3AMTIyMDUzOTQzOC43NDJfNjc0MzE1LkZvcnRpTWFpbC00MDAsI0YjU
yM2NTkjRSxVMzoyLA%3D%3D%3Abf3db63dab53a291ab53a291ab53a291
In the DNS configuration to support this and the other DNS-dependent features, you
would configure the following three records:
example.net IN MX 10 fortimail.example.net
fortimail IN A 10.10.10.1
Note: For more information on MX and A records, see “The role of DNS in email delivery”
on page 16.
To Next Page
Loading...
