FortiMail: How to Download Oversized Email Attachments

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin

When an email message exceeds the maximum allowed size, it’s usually blocked by default. The message size limit settings can be found in the following three places:

  • Content profiles — Under Profile > Content > Scan Options, you can specify both the message size limits and the actions to take. 
  • Domain settings — Under Domain & User > Domain > Advance Settings > Other, you can also specify the size limit at the domain level. The default size limit is 10MB. Oversized messages will be blocked. 
  • Session profiles — Under Profile > Session > SMTP Limits, you can specify the message size limits used this session profile. Again, the default size limit is 10MB. Oversized messages will be blocked. 

However, in some cases, you may not want to block the files. For instance, you may want the employees in your organization to send bigger files to each other.

In this case, you can use the content profile to catch the email, quarantine the email, and then notify the recipient to download the email attachments from their personal quarantines.

The following example shows how to send and dowload email messages up to 25MB. 

 
 

Configuring MS Exchange

This example assumes that you use MS Exchange Server 2010 as your mail server.

First you need to configure the mail server to allow messages up to 25MB, for example. 

  1. In the Exchange Management Console (EMC), go to mail flow > receive connectors.
  2. Select your transport hub and then select Edit.
  3. Make sure the Maximum receive message size (MB) is at least 25 and then select save.
  4. Go to mail flow > send connectors.
  5. Select the appropriate connector and select Edit.
  6. Make sure the Maximum send message size (MB) is at least 25 and then select save.
  7. Double-click Outbound Internet Email.
  8. Enter 25000 in the Maximum message size field.
  9. Go to Recipients > Mailboxes.
  10. Select your user mailbox and then select Edit.
  11. In the mailbox properties section, select Mailbox Features.
  12. Select View details in the Message Size Restrictions area. 
  13. Enter 25000 for both the sent and received message fields.
  14. Select OK and then select Save to save the changes.

Configuring FortiMail Notification Profiles

Now we’ll need to configure FortiMail to send a notification message instructing the recipient where to obtain the file from quarantine.

  1. Go to Profile > Notification > Notification.
  2. Select New to create a notification and name it “OversizedMessageReceived”.
  3. Select Generic from the Type dropdown menu.
  4. Activate only the Recipient(s) radial button.
  5. Select New in the Email template section.
  6. Name the template “Oversized” and select OK.
  7. Select Edit to modify the newly created template.
  8. Fill in the email template by copy and pasting the following text and entering it in indicated field.

    Subject: Oversized Message from %%ORIG_ENVELOPE_FROM%% has been sent to quarantine

    From: %%NOTIFY_FROM%%

    To: %%NOTIFY_TO%%

    Envelope from: %%NOTIFY_FROM%%

    Envelope to: %%ORIG_ENVELOPE_TO%%

    Content HTML: 

    You have received an email that exceeds the 25 MB file size limitation. The file has been routed to your quarantine mailbox.

    If you recognize the sender of this message, visit your quarantine mailbox to open the message and download the attachment.

    Do not release the message, since it will be rejected at the internal mail server.

    If you do not see the message in your quarantine, select the UNRELEASED popup in the upper right corner and change it to RELEASED.

    MESSAGE DETAILS

    To: %%ORIG_TO%%
    From: %%ORIG_FROM%%
    Subject: %%ORIG_SUBJECT%%
    Time: %%ORIG_DATE%%

    Content Text:

    You have received an email that exceeds the 25 MB file size limitations. The file has been routed to your quarantine mailbox.

    If you recognize the sender of this message, visit your quarantine mailbox to open the message and download the attachment: https://myfortimail.mycompany.com/m/webmail/Webmail.html#/mailbox/Bulk

    Do not release the message, since it will be rejected at the internal mail server.

    If you do not see the message in your quarantine, select the UNRELEASED popup in the upper right corner and change it to RELEASED.

    MESSAGE DETAILS

    ———————————————————-

    To:%%ORIG_TO%%

    From:%%ORIG_FROM%%

    Subject: %%ORIG_SUBJECT%%

  9. Select OK and then Create.

Configuring the FortiMail Content Profiles and Recipient Policies

Now we’ll need to create a content profile to use the notification action, and an inbound recipient policy to use the content profile.

  1. Go to Profile > Content > Action.
  2. Select New.
  3. In the Profile name section, enter “px-oversized-to-quarantine”.
  4. Enable Notify with profile and select the “OversizedMessageReceived” profile created previously from the dropdown menu.
  5. Enable Final action and select Personal quarantine from the dropdown menu.
  6. Select Create.
  7. Go to Policy > Recipient Policy > Inbound.
  8. Markdown or remember every policy that contains an active content policy.
  9. Go to Profile > Content > Content.
  10. Select the content policy previously mentioned and select Clone. In our example we’ve cloned both the CF-Inbound profile and the ctnt profile. 
  11. Provide the policy the same name but add “-LargeMsgQuarantine” at the end.
  12. Select the newly created clone and then select Edit.
  13. Expand Scan Options and set the maximum message size to 25000, and set the action to “px-oversized-to-quarantine”. 
  14. Go to Policy > Recipeint Policy > Inbound
  15. Edit each policy that has a content filter.
  16. Change the content policy to the new LargeMsgQuarantine policy.

 

Increasing Size Limits in Domain Settings and Session Profiles

As mentioned in the beggining of this document, the defaul size limt is 10MB in both domain settings and session profile settings. And the rule is that the smallest setting will take effect. Therefore, you must increase the size limits in domain settings and session profiles. 

  1. Go to Domain & User > Domain > Domain.
  2. Select a domain and then select Edit.
  3. Expand the Advanced Settings and select Other.
  4. Enter 204800 in the Maximum message size section.
  5. Select OK and repeat this process for each domain.
  6. Go to Policy > IP Policy > IP Policy.
  7. Select the the name of the inbound session profile (px-inbound-session in this case).
  8. Expand the SMTP Limits section and enter 204800 in the Cap Message Size field.

Testing

Now you can try to send an email message with a 20MB attachment and see how the recipient get the notication. 

 

 

 

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin