Cloud Unit Configuration in FortiMail


This recipe guides you through the process of configuring and testing emails for your protected domain. 

 The following procedures only work if your unit is operating in Gateway or Transparent mode. 

 Configuring Incoming Email Relaying

First we’ll need to configure the email destination of the FortiMail cloud unit.

  1. Go to Domain & User > Domain > Domain.
  2. Select a domain and then select Edit.
  3. Select Host from the Relay type dropdown menu if you know the IPs or the hostnames of your receiving server 
  4. Enter the SMTP server and Fallback server.
  5. Select OK.

Note: When the FML cloud unit is provisioned, the incoming email relaying configuration is set up according to information provided in the section “Receiving Mail Servers Addresses” and “Protected Domain Names” of the provisioning file. 


 Testing Incoming Emails Without Changing Public MX Records

Next we’ll test the FML cloud units ability to deliver incoming emails to a test a user without changing your public MX record. This process is optional. If you plan on changing your public MX, skip to the next section.

A Linux PC with shell available is required.

  1. Send a test email to your domain with these commands:

    Note: Lines beginning “–>>” are shell commands. Do not enter “–>>”. Assume your assigned FML cloud unit’s host name is
    Note: The test user you use should exist on the server. The email address in the “mail from” and “rcpt to” commands must be surrounded by angle brackets “<…>”.

    -->>telnet 25
    220 ESMTP Smtpd; [Date and Time] -->>ehlo Hello [public ip of], pleased to meet you
    250-SIZE 10485760
    250 HELP
    -->>mail from: <>
    250 2.1.0 <>... Sender ok
    -->>rcpt to: <>
    250 2.1.5 <>... Recipient ok
    354 Enter mail, end with "." on a line by itself
    -->>Subject: Test
    250 2.0.0 u0XXXXXX000000-u0XXXXXX000000 Message accepted for delivery
    221 2.0.0 closing connection
    Connection closed by foreign host

  2. Check the mailbox of the user “” to see if they received the email.

If you did not receive the email, refer to the FML log to see the reason and modify your configuration or tests accordingly. The problem may likely be due to the improper configuration of the relaying email server.


 Testing Incoming Emails After Changing your Public MX

Now we’ll need to change your public MX record to the hostname of the FML cloud unit and test incoming emails. Incoming emails to your domain from internet are delivered to the host of the public MX record for your domain. 

  1. Assuming your current public MX record is “ 86400 IN MX 10” change it to “example.come 86400 IN MX”
  2. Test incoming emails using whatever email client software you desire. It is important you use an email client software so your PC can correctly resolve the public MX record of your domain.
  3. Check the mailbox of the user “” to confirm the testing was successful.

If you cannot receive the email, refer to the FML log to see the reason and modify your configuration accordingly. It is possible it could be because the relaying email server is not configured correctly, in which case you would need to reattempt the initial Configure Incoming Email Relaying section.