Deploying FortiMail Server Mode

FortiMail can acts as a standalone SMTP mail server when running in server mode.  This recipe guides you through the process of setting up your FortiMail unit as a mail server.

Important: Many of these steps require your FortiMail web interface to be running in advanced mode.

Accessing Server Mode

Before any advanced configuration, you must enable Server Mode in the FortiMail web interface.

  1. Ensure your computer’s IP address is on the same subnet as FortiMail’s default IP address (192.168.1.99).
  2. Access the FortiMail web interface. FortiMail port1’s default IP address is 192.168.1.99. To access FortiMail’s web UI, make sure your PC’s IP address is on the same subnet as FortiMail (ex. 192.168.1.98). Access this URL from a web browser: https://192.168.1.99/admin. The “/admin” portion of the URL is important.
  3. Enter “admin” for the user name. Leave the password blank.
  4. Navigate to Monitor > System Status > Status and change the Operation Mode dropdown menu to Server.
  5. Select the Quick Start Wizard button and follow the onscreen instructions.
 
1-1 Server Mode
Accessing Server Mode from the dropdown menu.

 

Configuring DNS records

In order for external MTAs to deliver email to the FortiMail unit, you must configure the public MX record for each protected domain to indicate that the FortiMail unit is its email server. 

If your FortiMail unit will relay outgoing email, you should also configure the public reverse DNS record. The public IP address of the FortiMail unit, or the virtual IP address on a firewall or router that maps to the private IP address of the FortiMail unit, should be globally resolvable into the FortiMail unit’s FQDN. If it is not, reverse DNS lookups by external SMTP servers will fail.

For example, if the public network IP address of the FortiMail unit is 10.10.10.1, a public DNS server’s reverse DNS zone file for the 10.10.10.0/24 subnet might contain:

1 IN PTR fortimail.example.com.

where fortimail.example.com is the FQDN of the FortiMail unit. 

Configuring firewall policies

You must configure the policies of your firewall to allow for traffic. For more information on how to create firewall policies, see your firewall documentation.

Adding email user accounts

Create one email user account for each protected domain to verify connectivity for the domain.

  1. Navigate to User > User > User .
  2. Select example.com from the Domain list.
  3. Select New to add an email user.
  4. Enter the user name of the email address that will be locally deliverable on the FortiMail unit (user1@example.com).
  5. Enter your password for the account.
  6. Enter the name of the user as it should appear in a MUA (Test User1).
  7. Select Create for a new user or OK for an existing user.
 
4-1-Adding a User
Adding a new user.
 

Configuring MUAs to use FortiMail

Configure the email clients of local and remote email users to use the FortiMail unit as their outgoing mail server (SMTP)/MTA. For local email users, this is the FortiMail IP address (192.168.1.5), for remote email users, this is the virtual IP address on the wan1 network interface of the FortiGate unit that maps to the FortiMail unit (10.10.10.1) or fortimail.example.com.

Configure email clients to authenticate with the email user’s user name and password for outgoing mail. The user name is the email user’s entire email address, including the domain name portion, such as user1@example.com. 

 

Testing the Installation

Send an email message by using the illustrated paths to test the installation.

 
FortiMail Server Mode Deployment Paths
The installation paths.

Share this recipe:

Facebooktwittergoogle_pluslinkedin

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.