Basic Setup of FortiMail Mail Server
()
About this ebook
FortiMail virtual machines provide complete flexibility and portability for organizations wishing to deploy email security infrastructure into a private or public cloud setting. FortiMail virtual machines provide powerful scalability and ease-of-deployment.
For organizations wishing to deploy email protection in an on-premise setting or for service providers who wish to extend email services to their customers, FortiMail appliances offer high performance email routing and robust features for high availability.
Fortinet FortiMail provides multiple operating modes to choose from including API support for Microsoft 365, Server Mode, Gateway Mode and Transparent Mode.
This report talks about basic setup of FortiMail Server. This report includes the following sections:
1. Part 1: Basic Concept for Sending Emails.
2. Part 2: Basic Setup of FortiMail.
3. Part 3: Access Control and Policies
4. Part 4: Sessions Management.
5. Part 5: FortiMail Authentication.
6. Part 6: Content Filtering.
7. Part 7: System Maintenance.
8. Part 8: Troubleshooting.
9. Part 9: Data Loss Prevention.
10. Part 10: Email Archiving.
11. Part 11: AntiVirus.
12. Part 12: AntiSpam.
13. Part 13: Personal Quarantine Management.
14. Part 14: Transparent Mode.
15. Part 15: Quick Guide for FortiMail Hardware Package Installation.
16. Part 16: Tutorial 1-Registering FortiMail Demo Account.
17. Part 17: Tutorial 2-Installing FortiMail in VMWare.
18. Part 18: Tutorial 3- Configuring FortiMail Using the Web Based Control Panel.
19. Part 19: Tutorial 4 - Creating AntiVirus, AntiSpam, Content Filtering and Session Profiles.
20. Part 20: Tutorial 5-Testing Access Control Rules.
21. Part 21: Tutorial 6- Testing Recipient Policies.
22. Part 22: Tutorial 7- Testing IP Policy.
23. Part 23: Tutorial 8 - Testing Relay Host.
24. Part 24: Tutorial 9- FortiMail Gateway Mode.
25. Part 25: Tutorial 10- FortiMail Transparent Mode.
26. Part 26: Tutorial 11- Authentication.
27. Part 27: Tutorial 12- Creating NFS Server in Ubuntu Linux Machine.
28. Part 28: Tutorial 13-Muting the NFS share from Windows.
30. Part 29: Tutorial 14- Configuration and Mail Data Backup.
29. Part 30: Tutorial 15- Upgrading the Forti IOS Images through TFTP Server.
30. Part 31: References.
Read more from Dr. Hidaia Mahmood Alassoulii
Review of the Specifications and Features of Different Smartphones Models Rating: 0 out of 5 stars0 ratingsIntroduction to Power System Protection Rating: 0 out of 5 stars0 ratingsQuick Guideline to Prepare Paperback Book Interior and Cover Files Using Different Applications Rating: 0 out of 5 stars0 ratingsQuick Guide for Creating, Selling and Buying Non-Fungible Tokens (NFTs) Rating: 0 out of 5 stars0 ratingsPenetration Testing of Computer Networks Using BurpSuite and Various Penetration Testing Tools Rating: 0 out of 5 stars0 ratingsReal Stories of Academic Corruption in My Life Rating: 0 out of 5 stars0 ratings
Related to Basic Setup of FortiMail Mail Server
Related ebooks
Building Telephony Systems with OpenSER Rating: 0 out of 5 stars0 ratingsCreation of Postfix Mail Server Based on Virtual Users and Domains Rating: 0 out of 5 stars0 ratingsDesigning Storage for Exchange 2007 SP1 Rating: 0 out of 5 stars0 ratingsCloud: Get All The Support And Guidance You Need To Be A Success At Using The CLOUD Rating: 0 out of 5 stars0 ratingsIPsec VPN A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsNetstat A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsVersatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OS Rating: 0 out of 5 stars0 ratingsHyper-V Security Rating: 0 out of 5 stars0 ratingsConfiguring IPCop Firewalls: Closing Borders with Open Source Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection and Prevention Toolkit Rating: 5 out of 5 stars5/5DLP Architecture Second Edition Rating: 0 out of 5 stars0 ratingsSD-WAN and Cloud Networking Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsDDoS Mitigation A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsFirewall A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCCIE Security A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsIBM Security QRadar SIEM Second Edition Rating: 0 out of 5 stars0 ratingsCheckPoint NG VPN 1/Firewall 1: Advanced Configuration and Troubleshooting Rating: 0 out of 5 stars0 ratingsVMware vSphere Security Cookbook Rating: 0 out of 5 stars0 ratingsIBM QRadar A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsF5 A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsMicrosegmentation Architectures A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsSoftware-Defined WAN SD-WAN A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsMigration of Network Infrastructure: Project Management Experience Rating: 0 out of 5 stars0 ratingsIBM QRadar A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsManaging and Securing a Cisco Structured Wireless-Aware Network Rating: 3 out of 5 stars3/5Cisco Certified Network Professional CyberOps A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsKubernetes Secrets Management Rating: 0 out of 5 stars0 ratingsSimple Network Management Protocol A Complete Guide Rating: 0 out of 5 stars0 ratings
Security For You
Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCybersecurity For Dummies Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsDark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratings
Reviews for Basic Setup of FortiMail Mail Server
0 ratings0 reviews
Book preview
Basic Setup of FortiMail Mail Server - Dr. Hidaia Mahmood Alassoulii
Basic Setup of FortiMail Mail Server
By
Dr. Hidaia Mahmood Alassouli
Hidaia_alassoli@hotmail.com
While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
Basic Setup of FortiMail Mail Server
Copyright © 2022 Dr. Hidaia Mahmood Alassouli
Written by Dr. Hidaia Mahmood Alassouli.
1. Introduction:
Email is a critical tool for everyday business communication and productivity. Fortinet's email security solution - FortiMail delivers advanced multi-layered protection against the full spectrum of email-borne threats. Powered by FortiGuard Labs threat intelligence and integrated into the Fortinet Security Fabric, FortiMail helps your organization prevent, detect, and respond to email-based threats including spam, phishing, malware, zero-day threats, impersonation, and Business Email Compromise (BEC) attacks.
FortiMail virtual machines provide complete flexibility and portability for organizations wishing to deploy email security infrastructure into a private or public cloud setting. FortiMail virtual machines provide powerful scalability and ease-of-deployment.
For organizations wishing to deploy email protection in an on-premise setting or for service providers who wish to extend email services to their customers, FortiMail appliances offer high performance email routing and robust features for high availability.
Fortinet FortiMail provides multiple operating modes to choose from including API support for Microsoft 365, Server Mode, Gateway Mode and Transparent Mode.
This report talks about basic setup of FortiMail Server. This report includes the following sections:
1. Part 1: Basic Concept for Sending Emails.
2. Part 2: Basic Setup of FortiMail.
3. Part 3: Access Control and Policies
4. Part 4: Sessions Management.
5. Part 5: FortiMail Authentication.
6. Part 6: Content Filtering.
7. Part 7: System Maintenance.
8. Part 8: Troubleshooting.
9. Part 9: Data Loss Prevention.
10. Part 10: Email Archiving.
11. Part 11: AntiVirus.
12. Part 12: AntiSpam.
13. Part 13: Personal Quarantine Management.
14. Part 14: Transparent Mode.
15. Part 15: Quick Guide for FortiMail Hardware Package Installation.
16. Part 16: Tutorial 1-Registering FortiMail Demo Account.
17. Part 17: Tutorial 2-Installing FortiMail in VMWare.
18. Part 18: Tutorial 3- Configuring FortiMail Using the Web Based Control Panel.
19. Part 19: Tutorial 4 - Creating AntiVirus, AntiSpam, Content Filtering and Session Profiles.
20. Part 20: Tutorial 5-Testing Access Control Rules.
21. Part 21: Tutorial 6- Testing Recipient Policies.
22. Part 22: Tutorial 7- Testing IP Policy.
23. Part 23: Tutorial 8 - Testing Relay Host.
24. Part 24: Tutorial 9- FortiMail Gateway Mode.
25. Part 25: Tutorial 10- FortiMail Transparent Mode.
26. Part 26: Tutorial 11- Authentication.
27. Part 27: Tutorial 12- Creating NFS Server in Ubuntu Linux Machine.
28. Part 28: Tutorial 13-Muting the NFS share from Windows.
30. Part 29: Tutorial 14- Configuration and Mail Data Backup.
29. Part 30: Tutorial 15- Upgrading the Forti IOS Images through TFTP Server.
30. Part 31: References.
2. Part 1: Basic Concept for Sending Emails:
a) Sending and Receiving Emails:
1. Sending Emails:
The MUA connects to local mail server
The MTA performs a DNS MX record lookup on domain portion of the recipient address.
The local MTA connects to remote MTA and transit the message
The remote MTA delivers the message to user mailbox of the destination mail server.
Example that user1 at example1.org wants to send email to b at example3.com. send the pos.example.org is local email server for the sender, the email will go through pos.exampl1.org to send the email to destination.
The post.example1.org queries the public DNS MX record for post.example3.com and uses the entries with lowest preference which in this case relay.eample2.net with preference value 50. The relay.example2.net also queries the DNS server. This time the smallest preference is mail.example3.com. So relay.example2.net will forward the email to mail.example3.com.
Finally, user b@example3.com uses the email from mail.example3.com.
b) SMTP Standards:
1. Email in internet follows standard called SMTP, The SMTP protocol first submitted in 1982 under RFC 821.
2. Although many subsequent extensions, SMTP remains true to its name. It is relatively simple protocol with limited number of commands and responses. The SMTP commands in this slide shows how client, usually MUA or intermediary MTA performs various tasks.
3. Servers that can support ESMTP can be requested to use encryption of email body to use encryption using transport layer security TLS.
4. This slide shows the commands that are typically used between client and server during email exchange. It starts with client, sending MTA or MUA, initiating TCP session on port TC 25. If TCP session is established, the SMTP session is established when the server which is the receiving MTA presents the banner. The client then presents HELLO message with the server acknowledges. At this point the client is free to start SMTP transections by providing the envelope addresses. The client uses data command to indicate start of message, which includes the header and body. The message header can include much more information than that shown in slide. The client sends single period in new line to indicate end of message. Server acknowledges the end of SMTP transection. To end SMTP session, the client sends quit message which is acknowledged by server. Then the TCP session turns down.
5. The only exception to this interaction is between the Microsoft outlook and Microsoft exchange servers which use a Microsoft property protocol called messaging application programming interface Mappy. Mappy is used for both email transmission and retrieval between Microsoft outlook and Microsoft exchange.
6. A message header can contain a lot of useful information. Each email client has its own procedure to view the message header of single email. Message headers are often used to gather information or troubleshoot email issues. The content of message header remains intact when the email is forwarded as an attachment. Forwarding the email destroys the original message header because the MUA creates new header from new point of origin. One of the most important parts of an email is received header. Every time the email is generated by MUA which reverses the MTA a received header is added. At minimum the received header contains the IP address of the sender if it is the first hop or the receiver if it is intermediary hop as well as the day and time the email processed by hop. Depending on the vendor, the MTA sometimes add session ID for the email as well as TLS version and cipher information if applicable. The received headers are added on top of each other. The bottom shows when email starts its journey. And the top show where the email is currently located. As well as received headers, other information on message header includes MIME header and contents headers and subject
c) SMTP Authentication:
1. Original RFC for SMTP did not include any requirements for security mechanisms. Email was transmitted in plain text by unauthenticated users. The Auth extension is added in order to verify the sender identity. MTAs that support ESMTP can enforce authentications to ensure only authorized users can send emails. This verifies only the sender identity for outbound emails from protected domains. But will not prevent spoofing through inbound emails coming from external mail servers.
2. SMTPS implements a layer of security using TLS encryption. But it was never standardized.
3. MTAs need to maintain separate ports for encrypted sessions. Because SMTP uses port 25, SMTPS uses port 465 or 587.
4. Connections made using SMTP port and TLS negotiations occur after SMTP session is established. If both sides agree, a secure connection is established and the remaining data exchanged securely. Many ESMTP servers enforce start TLS for encryption. This means that the recipient MTA accepts the envelop addresses mail from
and rcpt to
only after TLS is established.
5. In SMTP over TLS, the initial connection is made on standard SMTP TCP port. The client can be MUA or MTA transmits EHLO message and is presented with list of extensions that represent the set of supported extensions on the server side of connection. If START TLS is present in the list and if the client wants secure connection, the client responds with STARTTLS, this initiates the TLS negotiation between the two points. After secure connection is established, the remaining SMTP traffic is encrypted over the network.
6. In SMTPs the server and client start SMTP session which is fully encrypted on TLS tunnel.
d) Retrieving Emails:
1. POP is used to download new messages, and stores them locally in