Basic Setup of FortiMail Mail Server

By Dr. Hidaia Mahmood Alassoulii

Email is a critical tool for everyday business communication and productivity. Fortinet's email security solution - FortiMail delivers advanced multi-layered protection against the full spectrum of email-borne threats. Powered by FortiGuard Labs threat intelligence and integrated into the Fortinet Security Fabric, FortiMail helps your organization prevent, detect, and respond to email-based threats including spam, phishing, malware, zero-day threats, impersonation, and Business Email Compromise (BEC) attacks.

FortiMail virtual machines provide complete flexibility and portability for organizations wishing to deploy email security infrastructure into a private or public cloud setting. FortiMail virtual machines provide powerful scalability and ease-of-deployment.

For organizations wishing to deploy email protection in an on-premise setting or for service providers who wish to extend email services to their customers, FortiMail appliances offer high performance email routing and robust features for high availability.

Fortinet FortiMail provides multiple operating modes to choose from including API support for Microsoft 365, Server Mode, Gateway Mode and Transparent Mode.

This report talks about basic setup of FortiMail Server. This report includes the following sections:
1. Part 1: Basic Concept for Sending Emails.
2. Part 2: Basic Setup of FortiMail.
3. Part 3: Access Control and Policies
4. Part 4: Sessions Management.
5. Part 5: FortiMail Authentication.
6. Part 6: Content Filtering.
7. Part 7: System Maintenance.
8. Part 8: Troubleshooting.
9. Part 9: Data Loss Prevention.
10. Part 10: Email Archiving.
11. Part 11: AntiVirus.
12. Part 12: AntiSpam.
13. Part 13:  Personal Quarantine Management.
14. Part 14:  Transparent Mode.
15. Part 15: Quick Guide for FortiMail Hardware Package Installation.
16. Part 16: Tutorial 1-Registering FortiMail Demo Account.
17. Part 17: Tutorial 2-Installing FortiMail in VMWare.
18. Part 18: Tutorial 3- Configuring FortiMail Using the Web Based Control Panel.
19. Part 19: Tutorial 4 - Creating AntiVirus, AntiSpam, Content Filtering and Session Profiles.
20. Part 20: Tutorial 5-Testing Access Control Rules.
21. Part 21: Tutorial 6- Testing Recipient Policies.
22. Part 22: Tutorial 7- Testing IP Policy.
23. Part 23: Tutorial 8 - Testing Relay Host.
24. Part 24: Tutorial 9- FortiMail Gateway Mode.
25. Part 25: Tutorial 10- FortiMail Transparent Mode.
26. Part 26: Tutorial 11- Authentication.
27. Part 27: Tutorial 12- Creating NFS Server in Ubuntu Linux Machine.
28. Part 28: Tutorial 13-Muting the NFS share from Windows.
30. Part 29: Tutorial 14- Configuration and Mail Data Backup.
29. Part 30: Tutorial 15- Upgrading the Forti IOS Images through TFTP Server.
30. Part 31: References.

• Language: English
• Publisher: Dr. Hidaia Mahmood Alassouli
• Release date: Dec 14, 2022
• ISBN: 9791222034720

Book preview

Basic Setup of FortiMail Mail Server

By

Dr. Hidaia Mahmood Alassouli

Hidaia_alassoli@hotmail.com

While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

Basic Setup of FortiMail Mail Server

Copyright © 2022 Dr. Hidaia Mahmood Alassouli

Written by Dr. Hidaia Mahmood Alassouli.

1. Introduction:

Email is a critical tool for everyday business communication and productivity. Fortinet's email security solution - FortiMail delivers advanced multi-layered protection against the full spectrum of email-borne threats. Powered by FortiGuard Labs threat intelligence and integrated into the Fortinet Security Fabric, FortiMail helps your organization prevent, detect, and respond to email-based threats including spam, phishing, malware, zero-day threats, impersonation, and Business Email Compromise (BEC) attacks.

FortiMail virtual machines provide complete flexibility and portability for organizations wishing to deploy email security infrastructure into a private or public cloud setting. FortiMail virtual machines provide powerful scalability and ease-of-deployment.

For organizations wishing to deploy email protection in an on-premise setting or for service providers who wish to extend email services to their customers, FortiMail appliances offer high performance email routing and robust features for high availability.

Fortinet FortiMail provides multiple operating modes to choose from including API support for Microsoft 365, Server Mode, Gateway Mode and Transparent Mode.

This report talks about basic setup of FortiMail Server. This report includes the following sections:

1. Part 1: Basic Concept for Sending Emails.

2. Part 2: Basic Setup of FortiMail.

3. Part 3: Access Control and Policies

4. Part 4: Sessions Management.

5. Part 5: FortiMail Authentication.

6. Part 6: Content Filtering.

7. Part 7: System Maintenance.

8. Part 8: Troubleshooting.

9. Part 9: Data Loss Prevention.

10. Part 10: Email Archiving.

11. Part 11: AntiVirus.

12. Part 12: AntiSpam.

13. Part 13:  Personal Quarantine Management.

14. Part 14:  Transparent Mode.

15. Part 15: Quick Guide for FortiMail Hardware Package Installation.

16. Part 16: Tutorial 1-Registering FortiMail Demo Account.

17. Part 17: Tutorial 2-Installing FortiMail in VMWare.

18. Part 18: Tutorial 3- Configuring FortiMail Using the Web Based Control Panel.

19. Part 19: Tutorial 4 - Creating AntiVirus, AntiSpam, Content Filtering and Session Profiles.

20. Part 20: Tutorial 5-Testing Access Control Rules.

21. Part 21: Tutorial 6- Testing Recipient Policies.

22. Part 22: Tutorial 7- Testing IP Policy.

23. Part 23: Tutorial 8 - Testing Relay Host.

24. Part 24: Tutorial 9- FortiMail Gateway Mode.

25. Part 25: Tutorial 10- FortiMail Transparent Mode.

26. Part 26: Tutorial 11- Authentication.

27. Part 27: Tutorial 12- Creating NFS Server in Ubuntu Linux Machine.

28. Part 28: Tutorial 13-Muting the NFS share from Windows.

30. Part 29: Tutorial 14- Configuration and Mail Data Backup.

29. Part 30: Tutorial 15- Upgrading the Forti IOS Images through TFTP Server.

30. Part 31: References.

2. Part 1: Basic Concept for Sending Emails:

a) Sending and Receiving Emails:

1. Sending Emails:

The MUA connects to local mail server

The MTA performs a DNS MX record lookup on domain portion of the recipient address.

The local MTA connects to remote MTA and transit the message

The remote MTA delivers the message to user mailbox of the destination mail server.

Example that user1 at example1.org wants to send email to b at example3.com. send the pos.example.org is local email server for the sender, the email will go through pos.exampl1.org to send the email to destination.

The post.example1.org queries the public DNS MX record for post.example3.com and uses the entries with lowest preference which in this case relay.eample2.net with preference value 50. The relay.example2.net also queries the DNS server. This time the smallest preference is mail.example3.com. So relay.example2.net will forward the email to mail.example3.com.

Finally, user b@example3.com uses the email from mail.example3.com.

b) SMTP Standards:

1. Email in internet follows standard called SMTP, The SMTP protocol first submitted in 1982 under RFC 821.

2. Although many subsequent extensions, SMTP remains true to its name. It is relatively simple protocol with limited number of commands and responses. The SMTP commands in this slide shows how client, usually MUA or intermediary MTA performs various tasks.

3. Servers that can support ESMTP can be requested to use encryption of email body to use encryption using transport layer security TLS.

4. This slide shows the commands that are typically used between client and server during email exchange. It starts with client, sending MTA or MUA, initiating TCP session on port TC 25. If TCP session is established, the SMTP session is established when the server which is the receiving MTA presents the banner. The client then presents HELLO message with the server acknowledges. At this point the client is free to start SMTP transections by providing the envelope addresses. The client uses data command to indicate start of message, which includes the header and body. The message header can include much more information than that shown in slide. The client sends single period in new line to indicate end of message. Server acknowledges the end of SMTP transection. To end SMTP session, the client sends quit message which is acknowledged by server. Then the TCP session turns down.

5. The only exception to this interaction is between the Microsoft outlook and Microsoft exchange servers which use a Microsoft property protocol called messaging application programming interface Mappy. Mappy is used for both email transmission and retrieval between Microsoft outlook and Microsoft exchange.

6. A message header can contain a lot of useful information. Each email client has its own procedure to view the message header of single email. Message headers are often used to gather information or troubleshoot email issues. The content of message header remains intact when the email is forwarded as an attachment. Forwarding the email destroys the original message header because the MUA creates new header from new point of origin. One of the most important parts of an email is received header. Every time the email is generated by MUA which reverses the MTA a received header is added. At minimum the received header contains the IP address of the sender if it is the first hop or the receiver if it is intermediary hop as well as the day and time the email processed by hop. Depending on the vendor, the MTA sometimes add session ID for the email as well as TLS version and cipher information if applicable. The received headers are added on top of each other. The bottom shows when email starts its journey. And the top show where the email is currently located. As well as received headers, other information on message header includes MIME header and contents headers and subject

c) SMTP Authentication:

1. Original RFC for SMTP did not include any requirements for security mechanisms. Email was transmitted in plain text by unauthenticated users. The Auth extension is added in order to verify the sender identity. MTAs that support ESMTP can enforce authentications to ensure only authorized users can send emails. This verifies only the sender identity for outbound emails from protected domains. But will not prevent spoofing through inbound emails coming from external mail servers.

2. SMTPS implements a layer of security using TLS encryption. But it was never standardized.

3. MTAs need to maintain separate ports for encrypted sessions. Because SMTP uses port 25, SMTPS uses port 465 or 587.

4. Connections made using SMTP port and TLS negotiations occur after SMTP session is established. If both sides agree, a secure connection is established and the remaining data exchanged securely. Many ESMTP servers enforce start TLS for encryption. This means that the recipient MTA accepts the envelop addresses mail from and rcpt to only after TLS is established.

5. In SMTP over TLS, the initial connection is made on standard SMTP TCP port. The client can be MUA or MTA transmits EHLO message and is presented with list of extensions that represent the set of supported extensions on the server side of connection. If START TLS is present in the list and if the client wants secure connection, the client responds with STARTTLS, this initiates the TLS negotiation between the two points. After secure connection is established, the remaining SMTP traffic is encrypted over the network.

6. In SMTPs the server and client start SMTP session which is fully encrypted on TLS tunnel.

d) Retrieving Emails:

1. POP is used to download new messages, and stores them locally in