FortiMail Email Filtering

Course 221
(FortiMail v5.2)

Course Objectives

Upon completion of this course, you will have:

A comprehensive understanding of the design, configuration,
management and maintenance required to deploy FortiMail Email
Security appliances
Hands-on experience configuring fully featured email security
solutions

Prerequisites

Sound knowledge of email protocols and email routing principles

Working knowledge of emailing systems

Housekeeping

Schedule
Start/Stop
Breaks
Lunch

Facilities access
Food and beverage
restrictions

Washrooms
Fire exits
Telephones
Smoking
Cell phones
Safety

Agenda
FortiMail Overview
System Configuration
Email Setup
Access Control and Inspection
Antispam
Session Monitoring
Content Inspection and Archiving
Securing Communications
LDAP
Diagnostics

FortiMail Overview

FortiMail
Industry-leading multi-layered messaging security platform for
organizations of all sizes
Advanced bi-directional filtering (incoming and outgoing)
Flexible deployment mode
Up to date email protection guaranteed by Fortinet FortiGuard

Key Benefits
Out of the box Identity Based Encryption for secure delivery
DLP module to detect accidental or intentional loss of confidential or
regulated data
Endpoint traffic analysis to block spamming endpoints
No per-user or per-mailbox pricing
Only messaging security solution on the market to support Transparent
inspection

FortiMail Deployment Options

FortiMail can be deployed in three operational modes:
Gateway
Transparent
Server

Gateway Mode (default)

Inbound and outbound proxy mail transfer agent (MTA) services
for existing email servers
A DNS MX record change redirects email traffic to the FortiMail
unit for content inspection
Local email users

Internal email
server

Remote email
users

FIREWALL

FortiMail in Gateway mode

Transparent Mode
Email traffic is intercepted even though the destination IP is not the
FortiMail unit
Email traffic is inspected and then transmitted to the destination
email server for delivery
No need to change the DNS MX record
Local email users
Internal email
server

FortiMail in Transparent
mode

External email
server

Remote email
users

Server Mode
Full-featured SMTP mail server with mail security functionalities
Email traffic is received, inspected, and then delivered to user
mailboxes
Local email users

Remote email users

FIREWALL

FortiMail in Server mode

FortiMail Family
Appliance based
FortiMail 60D
FortiMail 200D
FortiMail 400C
Fortimail 1000D
FortiMail 3000C
FortiMail 3000D

Virtual Appliances
VM00, VM01, VM02, VM04 e VM08

VM04
Network Interfaces

1/4

vCPU / Memory

4 / 8GB

Total Hard Drive Capacity

4 TB

RAID Storage Management

N/A

Email Domains

800

Recipient-Base Policies (domain/system) 1500 / 7500

Server Mode Mailboxes

1500

Profiles (domain/system)

50 / 600

Email Routing
(100 KB Message / Hr)

306k / Hr

Email Basics Overview - Terms

MTA >>Mail Transfer Agent (Router)

MUA >>Mail User Agent (Host)
MAA >>Mail Access Agent (User auth & retrieval)
DNS >>MX Records (Routes)
SMTP>>Simple Mail Transfer Protocol (RFC 2821)
HELO or EHLO, MAIL, RCPT, DATA, RSET, NOOP,
QUIT
3-digit server response codes: 2xx, 3xx, 4xx, 5xx

RFC 821 >>Original SMTP

RFC 1869 >>ESMTP (Extended SMTP)

15

Email Basics Overview - Terms

Mail Relay
Intermediate hop
Another MTA configured for forwarding
Open Relay no restrictions on external senders

More SMTP commands (RFC 2554, 2920, 3207)

Not supported by all mail servers
AUTH, STARTTLS, PIPELINING, VRFY, EXPN
Note that VRFY and EXPN are frequently disabled on Internet
accessible mail servers
This provides privacy protection and prevents directory harvesting
attacks

16

Email Basics Overview - Sending Email

17

Email Basics Overview - Retrieving Email (POP)

Email Basics Overview - Receiving Email (IMAP)

Email Basics Overview - Message Flow