Course 221 - FortiMail Email Filtering

Overview

FortiMail Email Filtering

Course 221
FortiMail v5.0

2013 Fortinet Inc. All rights reserved.

The information contained herein is subject to change without notice. No part of this publication including text, examples, diagrams
1
or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical
or otherwise, for any purpose, without prior written permission of Fortinet Inc. 06-50000-0221-20130726

Course Objectives
Upon completion of this course you will be able to:
Configure, manage and maintain a FortiMail appliance
Implement various FortiMail unit security features
Use FortiMail unit logging to monitor system operation and troubleshoot issues
Configure available FortiMail operation modes and select a suitable deployment
for your network
Design and configure fully featured email security solutions

06-50000-0221-20130726

Course 221 - FortiMail Email Filtering

Overview

Prerequisites
Sound knowledge of email protocols and email routing principles
Working knowledge of emailing systems

Housekeeping

Washrooms
Fire exits
Telephones
Smoking
Cell phones
Safety

Schedule
Start/Stop
Breaks
Lunch

Facilities access
Food and beverage
restrictions

06-50000-0221-20130726

Course 221 - FortiMail Email Filtering

Overview

Introductions
Tell us a little about yourself:
Your name
Network and mail security experience
Fortinet product experience
Your expectations for this course

Agenda
FortiMail Overview
System Configuration
Email Setup
Access Control and Inspection
Antispam
Session Monitoring
Content Inspection and Archiving
Securing Communications
LDAP
Troubleshooting and Maintenance
Transparent Mode
High Availability
Server Mode
6

06-50000-0221-20130726

Course 221 - FortiMail Email Filtering

Overview

FortiMail Overview
Module 1

2013 Fortinet Inc. All rights reserved.

The information contained herein is subject to change without notice. No part of this publication including text, examples, diagrams
7
or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical
or otherwise, for any purpose, without prior written permission of Fortinet Inc. 06-50000-0221-20130726

Module Objectives
By the end of this module, you will be able to:
Identify the key features of a FortiMail appliance
Describe the various FortiMail unit operation modes and determine which modes
best suit their own deployment needs
Recall basic email terminology, message flow, as well as the protocols and
processes for sending and receiving email

06-50000-0221-20130726

Course 221 - FortiMail Email Filtering

Overview

FortiMail
Industry-leading multi-layered messaging security platform for
organizations of all sizes
Advanced bi-directional filtering (incoming and outgoing)
Flexible deployment mode
Up to date email protection guaranteed by Fortinet FortiGuard

Key Benefits
Out of the box identity based encryption (IBE) for secure delivery
DLP module to detect accidental or intentional loss of confidential or
regulated data
Endpoint traffic analysis to block spamming endpoints
No per-user or per-mailbox pricing
Only messaging security solution on the market to support transparent
mode inspection

10

06-50000-0221-20130726

Course 221 - FortiMail Email Filtering

Overview

FortiMail Deployment Options

The FortiMail device can be deployed in three operational modes:
Gateway
Transparent
Server

11

Gateway Mode (default)

Inbound and outbound proxy mail transfer agent (MTA) services for
existing email servers
A DNS MX record change (or VIP change on Firewall) redirects email
traffic to the FortiMail unit for content inspection
Local email users

Internal email
server

Remote email
users
FortiGate UTM
gateway or other
firewall

FortiMail in Gateway mode

12

06-50000-0221-20130726

Course 221 - FortiMail Email Filtering

Overview

Transparent Mode
Email traffic is intercepted even though the destination IP is not the
FortiMail unit
Email traffic is inspected and then transmitted to the destination email
server for delivery
No need to change the DNS MX record
Port1 and Port2 bridged
Local email users
External email
server

Internal email
server

Remote email
users

FortiMail in Transparent mode

13

Server Mode
Full-featured SMTP mail server with mail security functionalities
Email traffic is received, inspected, and then delivered to user
mailboxes
Local email users

Remote email users

FortiGate UTM gateway or

other firewall

FortiMail in Server mode

14

06-50000-0221-20130726

Course 221 - FortiMail Email Filtering

Overview

Supported Platforms
Appliance based
FortiMail-100C
FortiMail-200D
FortiMail-400B, 400C
FortiMail-2000A, 2000B
FortiMail-3000C, 3000D
FortiMail-4000A
FortiMail-5001A
FortiMail-5002B

Virtual Appliances
FortiMail-VM
Note: 1000c model coming soon. Refer to www.fortinet.com for up to date releases
15

FortiMail 100C
10/100 Interfaces

10/100/1000

Storage

1 TB

RAID Storage Management

N/A

Email Domains

50

Small to medium business

Recipient-Based Policies (Domain/System) 60/300

Server Mode Mailboxes

200

Profiles (Domain/System)

50/60

Email Routing
( 3KB Message / Hr)

90,000

16

06-50000-0221-20130726

Course 221 - FortiMail Email Filtering

Overview

FortiMail-200D
10/100/1000 Ports

Storage

1 TB

RAID Storage Management

N/A

Email Domains

50

Recipient-Based Policies
(Domain/System)

60/300

Server Mode Mailboxes

200

Profiles (Domain/System)

50/60

Email Routing
( 3KB Message / Hr)

200,000

Small to medium business

17

FortiMail-400C
10/100/1000 RJ45

Storage

2 X 1TB (Max
2TB)

RAID Storage Management

Software
0,1

Email Domains

500

Recipient-Based Policies
(Domain/System)

600/3000

Server Mode Mailboxes

1000

Profiles (Domain/System)

50/200

Email Routing
(3 KB Message / Hr)

400,000

Small to medium business

18

06-50000-0221-20130726

Course 221 - FortiMail Email Filtering

Overview

FortiMail-2000B
10/100/1000 Ports

Storage

2TB (Max
6TB)

RAID Storage Management

Hardware
1, 5, 10, 50

Email Domains

5000

Recipient-Based Policies
(Domain/System)

1500/7500

Server Mode Mailboxes

3000

Profiles
(Domain/System)

50/600

Email Routing
(3 KB Message / Hr)

1.5 Million

Large enterprise, carriers

and service providers

19

FortiMail-3000C
Gigabit Fiber SFP Ports

10/100/1000 Ports

Storage

2TB (Max
6TB)

RAID Storage Management

Hardware
1, 5, 10, 50

Email Domains

5000

Recipient-Based Policies
(Domain/System)

1500/7500

Server Mode Mailboxes

3000

Profiles
(Domain/System)

50/600

Email Routing
(3 KB Message / Hr)

2.0 Million

Large enterprise, carriers

and service providers

20

06-50000-0221-20130726

10

Course 221 - FortiMail Email Filtering

Overview

FortiMail-3000D
Gigabit Fiber SFP interface

10/100/1000 RJ45 Ports

Storage

2TB X2 (Max
4TB)

RAID Storage Management

Hardware
1, 5, 10, 50

Email Domains

5000

Recipient-Based Policies
(Domain/System)

1500/7500

Server Mode Mailboxes

3000

Profiles
(Domain/System)

50/600

Email Routing
(3 KB Message / Hr)

2.0 Million

Large enterprise, carriers

and service providers

21

FortiMail 5002B
10/100/1000 Interfaces

Internal Backplane Base

Storage

1 X 146GB
HDD

RAID Storage Management

N/A

Email Domains

10000

Recipient-Base Policies
(Domain/System)

1500/7500

Server Mode Mailboxes

3000

Profiles
(Domain/System)

50/600

Email Routing
(3 KB Message / Hr)

2.3 Million

Large enterprise, carriers

and service providers

22

06-50000-0221-20130726

11

Course 221 - FortiMail Email Filtering

Overview

Virtual Appliance Resource

FortiMail Virtual
Appliances

VM01

Hypervisor
supported versions

VM02

VM04

VM08

VMWare ESXi/ESX/4.0/4.1/5.0

Maximum vCPUs

Maximum vNICs

Virtual Machine
Storage (Min/Max)

50GB/1TB 50GB/1TB 50GB/2TB

50GB/2TB

Virtual Machine
Memory (Min/Max)

1GB/2GB

1GB/12GB

1GB/4GB

1GB/6GB

23

Email Basics Overview - Terms

MTA >> Mail Transfer Agent (Router)
MUA >> Mail User Agent (Host)
MAA >> Mail Access Agent (User auth & retrieval)
DNS >> MX Records (Routes)
SMTP >> Simple Mail Transfer Protocol (RFC 2821)
HELO or EHLO, MAIL, RCPT, DATA, RSET, NOOP, QUIT
3-digit server response codes: 2xx, 3xx, 4xx, 5xx

RFC 821 >> Original SMTP

RFC 1869 >> ESMTP (Extended SMTP)

24

06-50000-0221-20130726

12

Course 221 - FortiMail Email Filtering

Overview

Email Basics Overview - Terms

Mail Relay
Intermediate hop
Another MTA configured for forwarding
Open Relay no restrictions on external senders

More SMTP commands (RFC 2554, 2920, 3207)

Not supported by all mail servers
AUTH, STARTTLS, PIPELINING, VRFY, EXPN
Note that VRFY and EXPN are frequently disabled on Internet accessible mail servers
This provides privacy protection and prevents directory harvesting attacks

25

Email Basics Overview - Sending Email

Recipient: B@example3.com
Sending Process:
1. DNS look-up for MX record (performed
by MTA not the client)
Equivalent to performing
nslookup type=MX example3.com

2. Connect to remote mail server

3. Deliver message

MUA
(mail client)

MTA
(mail server)

26

06-50000-0221-20130726

13

Course 221 - FortiMail Email Filtering

Overview

Email Basics Overview - Retrieving Email (POP)

Post Office Protocol (POP) allows mail clients to download email from
remote servers and save those messages locally
RFC 1939 POP3 (version 3)
TCP/110 or TCP/995 (SSL/TLS)
SSL/TLS are commonly supported and used to encrypt entire session
If going over port 110 username and password sent in cleartext

States: Authentication > Transaction > Update

Authentication: username and password exchange (cleartext!)
Transaction: list, download, delete messages
Update: delete flagged message, session clean-up

APOP, KPOP provides secure authentication but requires server/client

support (password encrypted via MD5 hash, still over port 110)
27

Email Basics Overview - Receiving Email (IMAP)

Internet Message Access Protocol (IMAP) allows mail client
applications to access remotely stored messages
Message kept on mail server

RFC 2060 IMAP4rev1

TCP/143 (clear or TLS) or TCP/993 (SSL)
States: Not Authenticated > Authen. <=> Selected > Logout
Authentication of username and password also cleartext (over port 143)!

SSL/TLS most common way to secure connection

28

06-50000-0221-20130726

14

Course 221 - FortiMail Email Filtering

Overview

Email Basics Overview - Message Flow

4
1

2
6
;; ANSWER SECTION:
example3.com
3600
example3.com
3600

IN
IN

MX
MX

50 relay.example2.net
100 mail.example3.com

;; ANSWER SECTION:
example3.com
3600
example3.com
3600

IN
IN

MX
MX

50 mail.example3.com
100 relay.example2.net

29

06-50000-0221-20130726

15