FortiMail v5.0.

0 GA
Release Notes

FortiMail v5.0.0 GA Release Notes February 26, 2013 Copyright 2013 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Technical Documentation Knowledge Base Customer Service & Support Training Services FortiGuard Document Feedback

docs.fortinet.com kb.fortinet.com support.fortinet.com training.fortinet.com fortiguard.com techdocs@fortinet.com

Table of Contents
Introduction ...................................................................................................... 4
Supported Platforms ........................................................................................... 4

New Features ................................................................................................... 5

Hardware ............................................................................................................ 5 Antispam ............................................................................................................. 5 Antivirus .............................................................................................................. 5 Content scan....................................................................................................... 5 IBE/secure mail enhancements ........................................................................... 6 MTA .................................................................................................................... 6 Server mode ....................................................................................................... 6 System ................................................................................................................ 6 Log and report .................................................................................................... 7

Special Notices ................................................................................................ 8

TFTP firmware install........................................................................................... 8 Monitor settings for web UI ................................................................................. 8 Recommended web browsers ............................................................................ 8

Firmware Upgrade/Downgrade Information ................................................. 9

Before and after any firmware upgrade/downgrade ............................................ 9 Upgrade path ...................................................................................................... 9 Firmware downgrade .......................................................................................... 9

Resolved Issues ............................................................................................. 11

Antispam ........................................................................................................... 11 MTA .................................................................................................................. 11 Webmail ............................................................................................................ 11 Management GUI .............................................................................................. 11 System .............................................................................................................. 12 Log and Report ................................................................................................. 12

Image Checksums ......................................................................................... 14

Fortinet Technologies Inc.

FortiMail v5.0.0 GA Release Notes

Introduction
This document provides a summary of new features, support information, upgrade/downgrade instructions, and resolved issues in FortiMail v5.0.0 GA release build 0107.

Supported Platforms
FortiMail v5.0.0 GA release supports the following platforms: FortiMail-100C FortiMail-200D FortiMail-400B FortiMail-400C FortiMail-2000A FortiMail-2000B FortiMail-3000C FortiMail-3000D FortiMail-4000A FortiMail-5001A FortiMail-5002B FortiMail-VM

Fortinet Technologies Inc.

FortiMail v5.0.0 GA Release Notes

New Features
The following list highlights some new features and enhancements in FortiMaIl v5.0.0 GA release.

Hardware
A new 3000D platform is supported in this release.

Antispam
Extended URL blocking by category
Extended FortiGuard URL filtering service to block URLs by categories, such as child abuse, adult content, malware distribution and so on. This option is under Profile > AntiSpam > URI Filter on the GUI.

Detection of suspicious newsletter email

Newsletters and other marketing campaigns are not spam, but some people may not want to receive them. Now you can take actions, such as blocking and tagging, against such email.

Exempt domains/hosts for bounce back tagging and verification

Under AntiSpam > Bounce Verification, domains can be exempted from bounce back tagging (for outbound email) and hosts can be exempted from verification (for inbound email).

Antivirus
Zip bomb protection
Zip bomb, or decompression bomb, is a malicious archive file designed to crash the system or program reading it. This option is added under Profile > AntiVirus on the GUI.

Grayware scan
Improved antivirus granularity with added options to scan for grayware (such as adware, spyware, trackware, and other malicious software) when enabling antivirus scanning under Profile > Antivirus > Antivirus.

Content scan
Limit on number of email attachments
Ability to limit the number of attachments allowed per email under Profile > Content > Other Setting on the GUI.

Compressed attachment scan

Added ability for the content engine to scan contents of files in compressed attachments. This option is added under Profile > Content > Content Monitoring and Filtering.
Fortinet Technologies Inc. 5 FortiMail v5.0.0 GA Release Notes

IBE/secure mail enhancements

Added multiple question support for IBE user registration, improved language support on IBE webmail, and added IBE email read/unread notifications.

MTA
Improved MTA controls, such as address rewriting, mail routing, access control, DSN, and remote logging can now be configured in session profiles and applied to IP-based policies.

Server mode
Calendar server and address book enhancement in server mode
Calendar clients, such as Microsoft Outlook and Thunderbird Lightning, can now connect to FortiMail and share calendars. Mail clients can connect to FortiMail to retrieve the address book through LDAP.

Mail server enhancements to accommodate MSSP billing model

Added domain-level control for email account limit, user disk usage quota, and mail access (POP3, IMAP, full webmail access, and limited webmail access).

Webmail access control for mobile users

Ability to block mobile users from accessing their mail via webmail. This option is added to the resource profile settings in server mode.

Mail server migration tool

Added the ability to import user information and mail data from your existing mail server to FortiMail.

System
Scheduled configuration backup
Configuration can be backed up to a remote FTP/SFTP server on a scheduled basis.

LDAP authentication support for administrator login

FortiMail administrators can authenticate through the LDAP server when logging on to FortiMail. This option is added to the administrator settings under System > Administrator > Administrator.

Interface link monitoring

To prevent mail messages from being accepted and queued when they cannot be delivered due to interface failure; the failure of one interface can be propagated to other interfaces. This option is under System > Network > Link Monitor on the GUI.

Fortinet Technologies Inc.

FortiMail v5.0.0 GA Release Notes

Comment fields in policies

Comment textbox added to policy and ACL configuration. The comments are displayed as tooltips in the policy and ACL ID column.

Log and report

Log failed SMTP authentications
Added authentication failure events to history and antispam logs. A new log classifier SMTP Auth Failure was also added.

Policy IDs and protected domains in history logs

IDs of the matched access control rules, IP-based policies and recipient-based policies can be recorded in history logs. If the recipient-based policy is incoming, the protected domain name will be also be logged.

Fortinet Technologies Inc.

FortiMail v5.0.0 GA Release Notes

Special Notices
TFTP firmware install
Using TFTP via the serial console to install firmware during system boot time will erase all current FortiMail configurations and replace them with factory default settings.

Monitor settings for web UI

Fortinet recommends setting your monitor to a screen resolution of at least 1280x1024. This allows for all objects in the web UI to be viewed properly.

Recommended web browsers

Internet Explorer 7 or higher Firefox 3.5 or higher Safari 4 or higher Chrome 22 to 25 Adobe Flash Player 9 or higher plug-in required to display statistics charts

Fortinet Technologies Inc.

FortiMail v5.0.0 GA Release Notes

Firmware Upgrade/Downgrade Information

Before and after any firmware upgrade/downgrade
Before any firmware upgrade/downgrade, save a copy of your FortiMail configuration (including replacement messages) by going to Maintenance > System > Configuration. After any firmware upgrade/downgrade: o o If you are using the web UI, clear the browser cache prior to login on the FortiMail unit to ensure proper display of the web UI screens. The antivirus signatures included with an image upgrade may be older than those currently available from the Fortinet FortiGuard Distribution Network (FDN). Fortinet recommends performing an immediate AV signature update as soon as possible after upgrading. Consult the FortiMail Administration Guide for detailed procedures.

Upgrade path
For any older v3.0 release
Any v3.0 release older than v3.0 MR5 Patch 4 v3.0 MR5 Patch 4 (Build 531) v4.0 GA Patch 5 (Build 146) V5.0 GA (Build 107)

For any v4.0 release

Any v4.0 GA, MR1, MR2 or MR3 release V5.0 GA (Build 107)

After every upgrade, verify that the build number and branch point match the image that was loaded. To do this, go to Monitor > System Status > Status.

Firmware downgrade
Downgrading from v5.0 GA to v4.0 releases
Downgrading from v5.0 GA to any v4.0 release is not fully supported. If you have to downgrade, follow these steps: 1. Back up the v5.0 configuration. 2. Install the older v4.0 image.

Fortinet Technologies Inc.

FortiMail v5.0.0 GA Release Notes

3. In the CLI, enter execute factoryreset to reset the FortiMail unit to factory defaults. 4. Configure the device IP address and other network settings. 5. Reload the v5.0 backup configuration if needed.

Downgrading from v5.0 GA to v3.0 releases

FortiMail firmware downgrade directly from v5.0 to v3.0 is not supported. If you install v3.0 firmware on a v5.0 FortiMail unit, all configuration and mail data will be erased. In addition, you can only clean-install the v3.0 firmware by using serial console connection. For details, see the FortiMail Administration Guide. After you install the v3.0 firmware: 1. In the CLI, enter execute formatmaildisk, execute formatlogdisk, and execute factoryreset to format the hard disk and reset the FortiMail unit to factory defaults. 2. Configure the device IP address and other network settings. 3. Reload the v3.0 configuration if needed.

Fortinet Technologies Inc.

10

FortiMail v5.0.0 GA Release Notes

Resolved Issues
This section lists the resolved issues in this release, but is not a complete list. For inquires about a particular bug, please contact Fortinet Technical Support.

Antispam
Table 1: Resolved antispam issues Bug ID 196294 Description Email with digital signature is detected as having an application/octetstream attachment. URI of International Domain Name (IDN) should be handled correctly.

169329

MTA
Table 2: Resolved MTA issues Bug ID 170898 191557 191970 Description Spam reports should be sent to LDAP group owners, not the individuals. SMTP session limit does not apply to the proxy in transparent mode. Headers of original email should not be inserted in IBE pull notification and push email. Mailfilterd was not able to handle email address with single quotes during address mapping lookup.

197777

Webmail
Table 3: Resolved webmail issues Bug ID 195985 Description Webmail users should not be allowed to change the From field when composing email.

Management GUI
Table 4: Resolved GUI issues Bug ID 192680
Fortinet Technologies Inc.

Description Under System > High Availability > Configuration, the On failure action
11 FortiMail v5.0.0 GA Release Notes

cannot be changed. 192002 No more than 23 IP addresses can be created in an IP group under Profile > Group > IP Group. Domain level disclaimers in incoming and outgoing message headers should not allow spaces. In server mode webmail, disk usage information (percentage) does not update without re-login after some email are deleted.

176388

167710

System
Table 5: Resolved system issues Bug ID 191439 183355 Description More granular control for administrator access is required. Mailfilterd sub-process may get stuck and consume too much CPU resource, thus defer SMTP connections. IBE database HA synchronization stops working periodically and does not recover. Under System > High Availability > Configuration, changes to the On failure action take no effect. Haysyncd process may exit unexpectedly on the HA slave unit. TLS profiles are not checked properly in access control delivery policies. In transparent mode, email with auth NTLM is altered by the FortiMail proxy. In transparent mode, the SMTP proxy may retrieve incorrect session profile configurations. DNS cache is not cleaned after DNS server changes. Mailfilterd may crash at image scan.

193918

192680

194589 194419 194858

195051

195489 196330

Log and Report

Table 6: Resolved log and report issues Bug ID 193044 Description In transparent mode, some history log fields are not populated properly if the session is rejected by the remote server. In config only HA, event HA logs on the slave unit has inconsistent timestamp.
12 FortiMail v5.0.0 GA Release Notes

114253

Fortinet Technologies Inc.

175896

Deleting a report folder and individual reports in the folder at the same time may cause an error message.

Fortinet Technologies Inc.

13

FortiMail v5.0.0 GA Release Notes

Image Checksums
The MD5 checksums for all Fortinet software and firmware releases are available at the Fortinet Customer Service and Support website (https://support.fortinet.com). 1. Log on to the web site. 2. Click Firmware Image Checksums in the Download section. 3. For File Name, enter the firmware image file name, including the extension. 4. Click Get Checksum Code.

Fortinet Technologies Inc.

14

FortiMail v5.0.0 GA Release Notes

Fortinet Technologies Inc.

15

FortiMail v5.0.0 GA Release Notes