Access Control Rules:
--> Access control rules, sometimes also called the access control list or ACL, specify whether the FortiMail unit will process and relay/proxy, reject, or discard email messages in SMTP sessions.
--> Access Control rules prevents the fortimail becoming the open relay to protect the reputation of organization Email Server
--> Access Control Rules are the first thing the fortimail starts evaluating in the policies once the Fortimail receives any email from outside (Internet) or Inside (SMTP Servers)
--> Access Control Rules can only check following attributes or parameters in the SMTP Session:
i) Sender Email Address in SMTP envelope
ii) Recipient Email Address in SMTP Envelope
iii) Authentication
iv) Session Encryption
--> There is a default Access Control Rule inbuilt on the Fortimail:
i) If the Recipient email address belongs to Protected domain then fortimail relays the email to Exchange/SMTP Servers in Protected domain
ii) If the Recipient email address does not belong to protected domain then fortimail rejects the email
--> Access Control Rules are also used to enforce authentication on SMTP Sessions or SMTP traffic. If your fortimail is running in Gateway mode then this setting is rarely used unless you want to secure the traffic between SMTP Servers and Fortimail.
--> Following are the actions you can configure on the Fortimail:
i) Reject: Email will be rejected and notified to the sender
ii) Discard: Email will be dropped without notifying to the sender
iii) Relay: Email will be forwarded without greylisting on the fortimail ( Anti-Spam/Anti-Virus checks are performed)
iv) Safe: Email will be forwarded with greylisting on the fortimail ( Anti-Virus checks are performed)
v) Receive: To apply the TLS profile for outbound emails.
Access Control is divided into two sections:
Access Control Receive:
--> To list out any IP/IP Group or LDAP Group or Host that is allowed to RELAY the emails through Fortimail i.e. emails that are going out to the Internet.
--> The IP Group usually your own SMTP Servers/Exchange Servers, But it can also be some of the application servers that send marketing emails to the Internet outside using Fortimail.
--> The Action for the above is RELAY.
Access Control Delivery:
--> To apply TLS Profiles on the outbound emails to enforce certain TLS-settings, e.g. minimum TLS-version allowed or similar.
--> The Action for the above is RECEIVE
Best Regards,
Kareem
0 comments:
Post a Comment