Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Configure MTA adapter

The MTA adapter requires a contract. The Dashboard System Information widget shows the MTA Contract status.

To configure the MTA adapter:
  1. Go to Scan Input > Adapter.
  2. Select the MTA adapter and click Edit.
  3. Enable the adapter.

  4. Configure the following settings and then click Apply.

    URL number to extract from email body

    Maximum number of URLs to be extracted from one email body.

    Tag For Suspicious/Malicious Mails

    If the email scan result is malicious or suspicious, this text is prefixed to the email subject line. The next hop email server can act accordingly.

    Email Scan Timeout (Minutes)

    Maximum time FortiSandbox waits for scan result. If there is no result after timeout, the email is released to recipient.

    Message Size Limit (mb)

    Maximum size of email to accept to scan.

    Disk Usage Upper Limit(%)

    Maximum percentage disk space used before MTA stops scanning emails and only routes emails.

    Relay Emails for Domain Names

    Domain names of email server to be relayed from this FortiSandbox. When FortiSandbox receives these emails and finishes scan, FortiSandbox relays these emails if they are clean, or quarantines them if malicious.

    Next Hop Mail Server Name

    IP address or domain name of email server to relay to for relayed emails.

    Local Interface

    Select the local interface.

    Local SMTP Port

    Specify the local SMTP port.

    Quarantine emails whose content has the following ratings

    Select the ratings of emails to quarantine.

    Send alert email to receivers when email is quarantined

    When email is quarantined, send alert email as configured.

    Email Sender

    The From field of alert email sent.

    Email Subject

    Email subject line of alert email sent.

    Email Content Template

    Text in alert email body.

To process quarantined emails:
  1. Go to Scan Input > Adapter.

    If there are malicious and suspicious emails, the number of quarantined emails is displayed beside the MTA adapter name.

  2. Click the Quarantined link to display the list of quarantined emails.

    • To view job details, click the View Details icon.
    • To download the job files as a zip file, click the Download Email File icon.
    • To preview the original email, click the Preview Email icon.
    • To release the quarantined email to recipient, select the emails and click the Release Email icon.
    • To delete the quarantined email, select the emails and click the Delete Email icon.

Using MTA in HA-Cluster

In HA-Cluster, the MTA adapter is only available in the master node.

Configuration is the same as on a standalone device. When the master node receives MTA jobs, depending on workload and VM association, it distributes the jobs to itself or slave nodes.

Note

In a cluster, configure the Local Interface to the interface of the cluster IP address so that the primary slave can take over the configuration in a failover.

To view jobs in a cluster, go to HA-Cluster > Job Summary.

To view logs in the master node, go to Log & Report > Job Events.

To view logs in a slave node, go to Log & Report > All Events.

Configure MTA adapter

The MTA adapter requires a contract. The Dashboard System Information widget shows the MTA Contract status.

To configure the MTA adapter:
  1. Go to Scan Input > Adapter.
  2. Select the MTA adapter and click Edit.
  3. Enable the adapter.

  4. Configure the following settings and then click Apply.

    URL number to extract from email body

    Maximum number of URLs to be extracted from one email body.

    Tag For Suspicious/Malicious Mails

    If the email scan result is malicious or suspicious, this text is prefixed to the email subject line. The next hop email server can act accordingly.

    Email Scan Timeout (Minutes)

    Maximum time FortiSandbox waits for scan result. If there is no result after timeout, the email is released to recipient.

    Message Size Limit (mb)

    Maximum size of email to accept to scan.

    Disk Usage Upper Limit(%)

    Maximum percentage disk space used before MTA stops scanning emails and only routes emails.

    Relay Emails for Domain Names

    Domain names of email server to be relayed from this FortiSandbox. When FortiSandbox receives these emails and finishes scan, FortiSandbox relays these emails if they are clean, or quarantines them if malicious.

    Next Hop Mail Server Name

    IP address or domain name of email server to relay to for relayed emails.

    Local Interface

    Select the local interface.

    Local SMTP Port

    Specify the local SMTP port.

    Quarantine emails whose content has the following ratings

    Select the ratings of emails to quarantine.

    Send alert email to receivers when email is quarantined

    When email is quarantined, send alert email as configured.

    Email Sender

    The From field of alert email sent.

    Email Subject

    Email subject line of alert email sent.

    Email Content Template

    Text in alert email body.

To process quarantined emails:
  1. Go to Scan Input > Adapter.

    If there are malicious and suspicious emails, the number of quarantined emails is displayed beside the MTA adapter name.

  2. Click the Quarantined link to display the list of quarantined emails.

    • To view job details, click the View Details icon.
    • To download the job files as a zip file, click the Download Email File icon.
    • To preview the original email, click the Preview Email icon.
    • To release the quarantined email to recipient, select the emails and click the Release Email icon.
    • To delete the quarantined email, select the emails and click the Delete Email icon.

Using MTA in HA-Cluster

In HA-Cluster, the MTA adapter is only available in the master node.

Configuration is the same as on a standalone device. When the master node receives MTA jobs, depending on workload and VM association, it distributes the jobs to itself or slave nodes.

Note

In a cluster, configure the Local Interface to the interface of the cluster IP address so that the primary slave can take over the configuration in a failover.

To view jobs in a cluster, go to HA-Cluster > Job Summary.

To view logs in the master node, go to Log & Report > Job Events.

To view logs in a slave node, go to Log & Report > All Events.