SlideShare une entreprise Scribd logo
1  sur  10
Télécharger pour lire hors ligne
FortiMail®
Secure Messaging Platform
Release Notes
v4.0 MR3
Table of Contents
1 FortiMail v4.0 MR3 Release.........................................................................................................................................................2
1.1 Summary of Enhancements and New Features..........................................................................................................................................2
2 Special Notices..................................................................................................................................................................................4
2.1 TFTP Firmware Install...........................................................................................................................................................................................4
2.2 Monitor Settings for Web User Interface.......................................................................................................................................................4
2.3 Recommended Web Browsers............................................................................................................................................................................4
2.4 FortiGuard AntiSpam Service Port Change..................................................................................................................................................4
3 Firmware Upgrade Information ................................................................................................................................................5
3.1 Before and After Firmware Upgrades ............................................................................................................................................................5
3.2 Upgrade Path .............................................................................................................................................................................................................5
3.2.1 For Any Older v3.0 Release...............................................................................................................................................................................5
3.2.2 For Any v4.0 Release............................................................................................................................................................................................5
3.3 Firmware Downgrade............................................................................................................................................................................................5
3.3.1 Downgrading from v4.0 MR3 to v4.0 MR2, MR1 or v4.0 GA Releases..........................................................................................5
3.3.2 Downgrading from v4.0 to v3.0 Releases ..................................................................................................................................................6
4 Resolved Issues................................................................................................................................................................................7
4.1 Web User Interface..................................................................................................................................................................................................7
4.2 System............................................................................................................................................................................................................................7
4.3 AntiSpam......................................................................................................................................................................................................................7
4.4 MTA.................................................................................................................................................................................................................................7
4.5 Webmail........................................................................................................................................................................................................................7
4.6 CLI....................................................................................................................................................................................................................................8
5 Image Checksums............................................................................................................................................................................9
Change Log
Date Change Description
2012-02-7 Initial release.
Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet
names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance
metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network
environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet
disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel,
with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees.
Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication
shall be applicable.
Support will be provided to customers who have purchased a valid support contract. All registered customers with valid support contracts may enter
their support tickets via the support site:
https://support.fortinet.com
7 February 20122
1 FortiMail v4.0 MR3 Release
This document provides installation instructions, and addresses issues and caveats for FortiMail v4.0 MR3 Release (Build
486).
Model FortiMail v4.0 MR3 Release Status
FortiMail-100
FortiMail-100C
FortiMail-400
FortiMail-400B
FortiMail-400C
FortiMail-2000
FortiMail-2000A
FortiMail-2000B
FortiMail-3000C
FortiMail-4000A
FortiMail-5001A
FortiMail-5002B
FortiMail-VM
FortiMail firmware builds are available for all models.
Please visit http://docs.fortinet.com/fmail.html for additional FortiMail documentation.
1.1 Summary of Enhancements and New Features
The following list highlights some new features and enhancements in the v4.0 MR3 release. For more information, see
the FortiMail Install Guide, FortiMail CLI Guide, FortiMail online help or FortiMail Administration Guide.
 Add new 400C platform
 64-bit OS on 3000C and 5002B platforms
 IPv6 Support
 Logical interface support – Now you can configure VLAN sub-interfaces, redundant interfaces, and loopback
interfaces on the FortiMail physical interfaces.
 CLI console on web UI – The Java Script console has been added under Monitor > System Status.
 Check FortiGuard IP query during connection phase – This will improve FortiMail performance.
 Antivirus action profile enhancement – System quarantine action has been added. You can also choose not to
replace the infected part of email for analysis and other purposes.
 Content action profile enhancement – System quarantine and notification actions have been added.
 Disclaimer insertion exclusion list – You can choose not to insert the disclaimer for some email senders or
recipients as you specify.
 Mail user authentication without domain name – Users under the default domain can be authenticated without
entering the domain part in their user names.
 Address book access control on webmail – The resource profile can control end-user access to system- and
domain-level address books.
 User notification profile – This profile can notify an administrator or email users about the actions that FortiMail
takes against email messages. It can be used in content action profiles, antispam action profiles, and antivirus action
profiles.
 Outbound mail rate limiting based on sender email addresses – Under domain settings, an option has been
added to limit the number of email messages or data volume a user can send per half hour.
 Trash folder auto-deletion – This is configurable in a resource profile.
 IP groups in IP-based policies – Now you can use IP groups as the source and destination IP addresses.
 Treat phishing URI as spam URI – This is configurable in an antispam profile.
 Indicator for messages that have been released from quarantine – Web UI includes an indicator to show the
quarantined messages that have been released. This is under Monitor > Quarantine > Personal Quarantine. Open a
mailbox and go to the Filter field.
 Option to BCC quarantine released email – Added BCC action in action profiles to inform administrators when a
quarantined message is released. This will help administrators to research false positives.
7 February 20123
 IBE user auto-enrollment restriction – When configuring IBE authentication, if you specify that all users (wildcard
*) need to authenticate through an LDAP profile, then users will not be asked nor allowed to register.
 Categorized system quarantine folders – Now there are three folders in the system quarantine: a Virus folder
containing email caught by antivirus profiles, a Bulk folder containing email caught by antispam profiles, and a
Content folder containing email caught by content profiles.
 Allow customization of domain HELO/EHLO details – Provide ability to customize HELO/EHLO string on a per-
domain basis.
 Transparent proxy performance enhancement for hidden connections – The proxy now handles SMTP
connections more efficiently.
 Support MSA port (587) in transparent mode – Previously, FortiMail in transparent mode only processes email
traffic on port 25. Now it will also pick up SMTP traffic on port 587.
 Webmail enhancements – You can now download multiple messages at a time, customize the login page, use the
HTML format signature, and configure auto reply options.
 New CLI commands to enable/disable SMTP/POP3/IMAP services – Commands have been added under “config
system mailserver”. For details, see the FortiMail CLI Guide.
 Scan redirected URI – If an email contains a shortened URI that redirects to another URI, the FortiMail unit is able to
send a HTTP request to the shortened URI to get the redirected URI and scan it against the FortiGuard AntiSpam
database. By default, this function is enabled. To use it, you need to open your HTTP port to allow the FortiMail unit
to send request for scanning the redirected URI. If you do not want to use this feature, disable “uri-redirect-lookup”
under the “config system fortiguard antispam” command.
7 February 20124
2 Special Notices
2.1 TFTP Firmware Install
Using TFTP via the serial console to install firmware during system boot time will erase all current FortiMail configurations
and replace them with factory default settings.
2.2 Monitor Settings for Web User Interface
Fortinet recommends setting your monitor to a screen resolution of at least 1280x1024. This allows for all objects in the
web UI to be viewed properly.
2.3 Recommended Web Browsers
 Internet Explorer 7 or higher
 Firefox 3.5 or higher
 Safari 4 or higher
 Adobe Flash Player 9 or higher plug-in is required to display the mail statistics charts.
2.4 FortiGuard AntiSpam Service Port Change
In FortiMail v3.0, queries made to the FortiGuard AntiSpam Service were accomplished using port 8889. In FortiMail
v4.0, the FortiGuard AntiSpam Service port number is configurable. The default is port 53, with port 8888 and 8889
available as options.
7 February 20125
3 Firmware Upgrade Information
3.1 Before and After Firmware Upgrades
Before any firmware upgrade/downgrade:
 FortiMail Configuration – Save a copy of your FortiMail configuration (including replacement messages) by going to
Maintenance > System > Configuration.
After any firmware upgrade/downgrade:
 Web UI Display – If you are using the web UI, clear the browser cache prior to login on the FortiMail unit to ensure
proper display of the web UI screens.
 Update AV definitions – The antivirus signatures included with an image upgrade may be older than those currently
available from the Fortinet FortiGuard Distribution Network (FDN). Fortinet recommends performing an immediate AV
signature update as soon as possible after upgrading. Consult the FortiMail Administration Guide for detailed
procedures.
3.2 Upgrade Path
3.2.1 For Any Older v3.0 Release
Any v3.0 release older than v3.0 MR5 Patch 4

v3.0 MR5 Patch 4 (Build 531)

v4.0 GA Patch 5 (Build 146)
(Note: This step is for upgrade from GUI only. If you upgrade from CLI, skip this step)

v4.0 MR3 (Build 486)
3.2.2 For Any v4.0 Release
Any v4.0 GA, v4.0 MR1, or v4.0 MR2 release

v4.0 MR3 (Build 486)
After every upgrade, verify that the build number and branch point match the image that was loaded. To do this, go to
Monitor > System Status > Status.
3.3 Firmware Downgrade
3.3.1 Downgrading from v4.0 MR3 to v4.0 MR2, MR1 or v4.0 GA Releases
Downgrading from v4.0 MR3 to v4.0 MR2, MR1 or v4.0 GA releases is not fully supported. If you have to downgrade,
follow these steps:
1. Back up the MR2 configuration.
2. Install the MR1 or GA image.
3. In the CLI, enter “execute factoryreset” to reset the FortiMail unit to factory defaults.
4. Configure the unit’s IP address and other network settings.
5. Reload the MR2 backup configuration if needed.
7 February 20126
3.3.2 Downgrading from v4.0 to v3.0 Releases
FortiMail firmware downgrade directly from v4.0 to v3.0 is not supported. If you install v3.0 firmware on a v4.0 FortiMail
unit, all configuration and mail data will be erased.
In addition, you can only clean-install the v3.0 firmware by using serial console connection. For details, see the FortiMail
Administration Guide.
After you install the v3.0 firmware:
1. In the CLI, enter “execute formatmaildisk”, “execute formatlogdisk”, and “execute factoryreset” to format the hard disk
and reset the FortiMail unit to factory defaults.
2. Configure the unit’s IP address and other network settings.
3. Reload the v3.0 configuration if needed.
7 February 20127
4 Resolved Issues
4.1 Web User Interface
Description: When adding an IP address under Pofile > Group > IP Group, an IP address without a netmask can cause
IP address errors after saving.
Bug ID: 156748
4.2 System
Description: Wrong destination IP address in a static route may be deleted after system reboot.
Bug ID: 158401
Description: When processing multipart MIME messages that contain empty parts, FortiMail removes the empty part, but
incorrectly adds a blank line after the boundary string.
Bug ID: 149516
4.3 AntiSpam
Description: Sender reputation score increases when an ACL bypass rule is matched.
Bug ID: 160417
Description: If Microsoft Office attachment file type checking is enabled in a content profile under Profile > Content >
Content, some Microsoft Office files may be incorrectly blocked.
Bug ID: 153465
Description: FortiMail should not check recipient domains in authenticated sessions.
Bug ID: 150052
Description: Add validation for sender reputation score ranges.
Bug ID: 150311
Description: When “Reject if recipient and HELO domain match but sender domain is different” is enabled in a session
profile, this three-way check incorrectly matches the substring in the recipient address.
Bug ID: 147690
4.4 MTA
Description: Some email with Microsoft Word attachments can crash the mailfilterd process.
Bug ID: 159540
Description: Some PDF attachments may cause mailfilterd crashes.
Bug ID: 148196
4.5 Webmail
Description: Webmail displays the date and time in English format even when it is set to other languages.
Bug ID: 145362
7 February 20128
4.6 CLI
Description: The “get system status” command should show if the FortiMail platform is running a 32-bit or 64-bit OS.
Bug ID: 157144
7 February 20129
5 Image Checksums
The MD5 checksums for the firmware images are available at the Fortinet Customer Service and Support website
(https://support.fortinet.com).
1. Log on to the web site.
2. Click "Firmware Image Checksums" in the Download section.
3. For “File Name”, enter the firmware image file name.
4. Click “Get Checksum Code”.
(End of Release Notes.)

Contenu connexe

En vedette

Alphorm.com Formation VMware Workstation 11
Alphorm.com Formation VMware Workstation 11 Alphorm.com Formation VMware Workstation 11
Alphorm.com Formation VMware Workstation 11 Alphorm
 
Alphorm.com Support de la Formation VMware vSphere 6 - Clustering HA, DRS et ...
Alphorm.com Support de la Formation VMware vSphere 6 - Clustering HA, DRS et ...Alphorm.com Support de la Formation VMware vSphere 6 - Clustering HA, DRS et ...
Alphorm.com Support de la Formation VMware vSphere 6 - Clustering HA, DRS et ...Alphorm
 
Alphorm.com Formation LXC
Alphorm.com  Formation LXCAlphorm.com  Formation LXC
Alphorm.com Formation LXCAlphorm
 
Alphorm.com Support de la formation Vmware Esxi 6.0
Alphorm.com Support de la formation Vmware Esxi 6.0Alphorm.com Support de la formation Vmware Esxi 6.0
Alphorm.com Support de la formation Vmware Esxi 6.0Alphorm
 
Alphorm.com Formation CEHV9 II
Alphorm.com Formation CEHV9 IIAlphorm.com Formation CEHV9 II
Alphorm.com Formation CEHV9 IIAlphorm
 
alphorm.com - Formation VMware vSphere 5
alphorm.com - Formation VMware vSphere 5alphorm.com - Formation VMware vSphere 5
alphorm.com - Formation VMware vSphere 5Alphorm
 

En vedette (9)

Alphorm.com Formation VMware Workstation 11
Alphorm.com Formation VMware Workstation 11 Alphorm.com Formation VMware Workstation 11
Alphorm.com Formation VMware Workstation 11
 
Ccna4
Ccna4Ccna4
Ccna4
 
Alphorm.com Support de la Formation VMware vSphere 6 - Clustering HA, DRS et ...
Alphorm.com Support de la Formation VMware vSphere 6 - Clustering HA, DRS et ...Alphorm.com Support de la Formation VMware vSphere 6 - Clustering HA, DRS et ...
Alphorm.com Support de la Formation VMware vSphere 6 - Clustering HA, DRS et ...
 
Alphorm.com Formation LXC
Alphorm.com  Formation LXCAlphorm.com  Formation LXC
Alphorm.com Formation LXC
 
Alphorm.com Support de la formation Vmware Esxi 6.0
Alphorm.com Support de la formation Vmware Esxi 6.0Alphorm.com Support de la formation Vmware Esxi 6.0
Alphorm.com Support de la formation Vmware Esxi 6.0
 
Alphorm.com Formation CEHV9 II
Alphorm.com Formation CEHV9 IIAlphorm.com Formation CEHV9 II
Alphorm.com Formation CEHV9 II
 
MPLS
MPLSMPLS
MPLS
 
alphorm.com - Formation VMware vSphere 5
alphorm.com - Formation VMware vSphere 5alphorm.com - Formation VMware vSphere 5
alphorm.com - Formation VMware vSphere 5
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 

Similaire à Forti mail v40-mr3-release-notes

Magento 2 Review Reminder Extension By ITORIS INC
Magento 2 Review Reminder Extension By ITORIS INCMagento 2 Review Reminder Extension By ITORIS INC
Magento 2 Review Reminder Extension By ITORIS INCItexus LLC
 
Magento 2 Out Of Stock Notification From ITORIS INC
Magento 2 Out Of Stock Notification From ITORIS INCMagento 2 Out Of Stock Notification From ITORIS INC
Magento 2 Out Of Stock Notification From ITORIS INCItexus LLC
 
Forti analyzer vm-v-mware-install-guide-licencia
Forti analyzer vm-v-mware-install-guide-licenciaForti analyzer vm-v-mware-install-guide-licencia
Forti analyzer vm-v-mware-install-guide-licenciaMarco LANDA
 
Pandora FMS: Blackberry Exchange Monitoring
Pandora FMS: Blackberry Exchange MonitoringPandora FMS: Blackberry Exchange Monitoring
Pandora FMS: Blackberry Exchange MonitoringPandora FMS
 
Magento 2 Questions And Answers Extension by IToris inc.
Magento 2 Questions And Answers Extension by IToris inc.Magento 2 Questions And Answers Extension by IToris inc.
Magento 2 Questions And Answers Extension by IToris inc.Itexus LLC
 
Pandora FMS: End to End Exchange Plugin
Pandora FMS: End to End Exchange PluginPandora FMS: End to End Exchange Plugin
Pandora FMS: End to End Exchange PluginPandora FMS
 
Magento 2 Pending Registration Extension By ITORIS INC.
Magento 2 Pending Registration Extension By ITORIS INC.Magento 2 Pending Registration Extension By ITORIS INC.
Magento 2 Pending Registration Extension By ITORIS INC.Itexus LLC
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Forefront Protection for Office Overview
Forefront Protection for Office OverviewForefront Protection for Office Overview
Forefront Protection for Office OverviewCurtis Parker
 
Pandora FMS: Exchange OWA Plugin
Pandora FMS: Exchange OWA PluginPandora FMS: Exchange OWA Plugin
Pandora FMS: Exchange OWA PluginPandora FMS
 
Cambium ptp500 series 05 02 system release note
Cambium ptp500 series 05 02 system release noteCambium ptp500 series 05 02 system release note
Cambium ptp500 series 05 02 system release noteAdvantec Distribution
 
Cambium ptp500 series 05 02 system release note
Cambium ptp500 series 05 02 system release noteCambium ptp500 series 05 02 system release note
Cambium ptp500 series 05 02 system release noteAdvantec Distribution
 
SOFTWARE REQUIREMENTS SPECIFICATION.pdf
SOFTWARE REQUIREMENTS SPECIFICATION.pdfSOFTWARE REQUIREMENTS SPECIFICATION.pdf
SOFTWARE REQUIREMENTS SPECIFICATION.pdfFarDeen11
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysisCARMEN ALCIVAR
 
Mail store server4 manual-en
Mail store server4 manual-enMail store server4 manual-en
Mail store server4 manual-enguest8e6971
 
Critical spare parts mail notification system for lg
Critical spare parts mail notification system for lgCritical spare parts mail notification system for lg
Critical spare parts mail notification system for lgVaibhav Sharma
 

Similaire à Forti mail v40-mr3-release-notes (20)

Magento 2 Review Reminder Extension By ITORIS INC
Magento 2 Review Reminder Extension By ITORIS INCMagento 2 Review Reminder Extension By ITORIS INC
Magento 2 Review Reminder Extension By ITORIS INC
 
Magento 2 Out Of Stock Notification From ITORIS INC
Magento 2 Out Of Stock Notification From ITORIS INCMagento 2 Out Of Stock Notification From ITORIS INC
Magento 2 Out Of Stock Notification From ITORIS INC
 
Forti analyzer vm-v-mware-install-guide-licencia
Forti analyzer vm-v-mware-install-guide-licenciaForti analyzer vm-v-mware-install-guide-licencia
Forti analyzer vm-v-mware-install-guide-licencia
 
Pandora FMS: Blackberry Exchange Monitoring
Pandora FMS: Blackberry Exchange MonitoringPandora FMS: Blackberry Exchange Monitoring
Pandora FMS: Blackberry Exchange Monitoring
 
Magento 2 Questions And Answers Extension by IToris inc.
Magento 2 Questions And Answers Extension by IToris inc.Magento 2 Questions And Answers Extension by IToris inc.
Magento 2 Questions And Answers Extension by IToris inc.
 
Pandora FMS: End to End Exchange Plugin
Pandora FMS: End to End Exchange PluginPandora FMS: End to End Exchange Plugin
Pandora FMS: End to End Exchange Plugin
 
Esa configuration guide (1)
Esa configuration guide (1)Esa configuration guide (1)
Esa configuration guide (1)
 
Magento 2 Pending Registration Extension By ITORIS INC.
Magento 2 Pending Registration Extension By ITORIS INC.Magento 2 Pending Registration Extension By ITORIS INC.
Magento 2 Pending Registration Extension By ITORIS INC.
 
Security Function
Security FunctionSecurity Function
Security Function
 
Forefront Protection for Office Overview
Forefront Protection for Office OverviewForefront Protection for Office Overview
Forefront Protection for Office Overview
 
Pandora FMS: Exchange OWA Plugin
Pandora FMS: Exchange OWA PluginPandora FMS: Exchange OWA Plugin
Pandora FMS: Exchange OWA Plugin
 
Cambium ptp500 series 05 02 system release note
Cambium ptp500 series 05 02 system release noteCambium ptp500 series 05 02 system release note
Cambium ptp500 series 05 02 system release note
 
Cambium ptp500 series 05 02 system release note
Cambium ptp500 series 05 02 system release noteCambium ptp500 series 05 02 system release note
Cambium ptp500 series 05 02 system release note
 
SOFTWARE REQUIREMENTS SPECIFICATION.pdf
SOFTWARE REQUIREMENTS SPECIFICATION.pdfSOFTWARE REQUIREMENTS SPECIFICATION.pdf
SOFTWARE REQUIREMENTS SPECIFICATION.pdf
 
Information security policy
Information security policyInformation security policy
Information security policy
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysis
 
Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)
 
Mail store server4 manual-en
Mail store server4 manual-enMail store server4 manual-en
Mail store server4 manual-en
 
Aruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guide
 
Critical spare parts mail notification system for lg
Critical spare parts mail notification system for lgCritical spare parts mail notification system for lg
Critical spare parts mail notification system for lg
 

Forti mail v40-mr3-release-notes

  • 2. Table of Contents 1 FortiMail v4.0 MR3 Release.........................................................................................................................................................2 1.1 Summary of Enhancements and New Features..........................................................................................................................................2 2 Special Notices..................................................................................................................................................................................4 2.1 TFTP Firmware Install...........................................................................................................................................................................................4 2.2 Monitor Settings for Web User Interface.......................................................................................................................................................4 2.3 Recommended Web Browsers............................................................................................................................................................................4 2.4 FortiGuard AntiSpam Service Port Change..................................................................................................................................................4 3 Firmware Upgrade Information ................................................................................................................................................5 3.1 Before and After Firmware Upgrades ............................................................................................................................................................5 3.2 Upgrade Path .............................................................................................................................................................................................................5 3.2.1 For Any Older v3.0 Release...............................................................................................................................................................................5 3.2.2 For Any v4.0 Release............................................................................................................................................................................................5 3.3 Firmware Downgrade............................................................................................................................................................................................5 3.3.1 Downgrading from v4.0 MR3 to v4.0 MR2, MR1 or v4.0 GA Releases..........................................................................................5 3.3.2 Downgrading from v4.0 to v3.0 Releases ..................................................................................................................................................6 4 Resolved Issues................................................................................................................................................................................7 4.1 Web User Interface..................................................................................................................................................................................................7 4.2 System............................................................................................................................................................................................................................7 4.3 AntiSpam......................................................................................................................................................................................................................7 4.4 MTA.................................................................................................................................................................................................................................7 4.5 Webmail........................................................................................................................................................................................................................7 4.6 CLI....................................................................................................................................................................................................................................8 5 Image Checksums............................................................................................................................................................................9 Change Log Date Change Description 2012-02-7 Initial release. Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Support will be provided to customers who have purchased a valid support contract. All registered customers with valid support contracts may enter their support tickets via the support site: https://support.fortinet.com
  • 3. 7 February 20122 1 FortiMail v4.0 MR3 Release This document provides installation instructions, and addresses issues and caveats for FortiMail v4.0 MR3 Release (Build 486). Model FortiMail v4.0 MR3 Release Status FortiMail-100 FortiMail-100C FortiMail-400 FortiMail-400B FortiMail-400C FortiMail-2000 FortiMail-2000A FortiMail-2000B FortiMail-3000C FortiMail-4000A FortiMail-5001A FortiMail-5002B FortiMail-VM FortiMail firmware builds are available for all models. Please visit http://docs.fortinet.com/fmail.html for additional FortiMail documentation. 1.1 Summary of Enhancements and New Features The following list highlights some new features and enhancements in the v4.0 MR3 release. For more information, see the FortiMail Install Guide, FortiMail CLI Guide, FortiMail online help or FortiMail Administration Guide.  Add new 400C platform  64-bit OS on 3000C and 5002B platforms  IPv6 Support  Logical interface support – Now you can configure VLAN sub-interfaces, redundant interfaces, and loopback interfaces on the FortiMail physical interfaces.  CLI console on web UI – The Java Script console has been added under Monitor > System Status.  Check FortiGuard IP query during connection phase – This will improve FortiMail performance.  Antivirus action profile enhancement – System quarantine action has been added. You can also choose not to replace the infected part of email for analysis and other purposes.  Content action profile enhancement – System quarantine and notification actions have been added.  Disclaimer insertion exclusion list – You can choose not to insert the disclaimer for some email senders or recipients as you specify.  Mail user authentication without domain name – Users under the default domain can be authenticated without entering the domain part in their user names.  Address book access control on webmail – The resource profile can control end-user access to system- and domain-level address books.  User notification profile – This profile can notify an administrator or email users about the actions that FortiMail takes against email messages. It can be used in content action profiles, antispam action profiles, and antivirus action profiles.  Outbound mail rate limiting based on sender email addresses – Under domain settings, an option has been added to limit the number of email messages or data volume a user can send per half hour.  Trash folder auto-deletion – This is configurable in a resource profile.  IP groups in IP-based policies – Now you can use IP groups as the source and destination IP addresses.  Treat phishing URI as spam URI – This is configurable in an antispam profile.  Indicator for messages that have been released from quarantine – Web UI includes an indicator to show the quarantined messages that have been released. This is under Monitor > Quarantine > Personal Quarantine. Open a mailbox and go to the Filter field.  Option to BCC quarantine released email – Added BCC action in action profiles to inform administrators when a quarantined message is released. This will help administrators to research false positives.
  • 4. 7 February 20123  IBE user auto-enrollment restriction – When configuring IBE authentication, if you specify that all users (wildcard *) need to authenticate through an LDAP profile, then users will not be asked nor allowed to register.  Categorized system quarantine folders – Now there are three folders in the system quarantine: a Virus folder containing email caught by antivirus profiles, a Bulk folder containing email caught by antispam profiles, and a Content folder containing email caught by content profiles.  Allow customization of domain HELO/EHLO details – Provide ability to customize HELO/EHLO string on a per- domain basis.  Transparent proxy performance enhancement for hidden connections – The proxy now handles SMTP connections more efficiently.  Support MSA port (587) in transparent mode – Previously, FortiMail in transparent mode only processes email traffic on port 25. Now it will also pick up SMTP traffic on port 587.  Webmail enhancements – You can now download multiple messages at a time, customize the login page, use the HTML format signature, and configure auto reply options.  New CLI commands to enable/disable SMTP/POP3/IMAP services – Commands have been added under “config system mailserver”. For details, see the FortiMail CLI Guide.  Scan redirected URI – If an email contains a shortened URI that redirects to another URI, the FortiMail unit is able to send a HTTP request to the shortened URI to get the redirected URI and scan it against the FortiGuard AntiSpam database. By default, this function is enabled. To use it, you need to open your HTTP port to allow the FortiMail unit to send request for scanning the redirected URI. If you do not want to use this feature, disable “uri-redirect-lookup” under the “config system fortiguard antispam” command.
  • 5. 7 February 20124 2 Special Notices 2.1 TFTP Firmware Install Using TFTP via the serial console to install firmware during system boot time will erase all current FortiMail configurations and replace them with factory default settings. 2.2 Monitor Settings for Web User Interface Fortinet recommends setting your monitor to a screen resolution of at least 1280x1024. This allows for all objects in the web UI to be viewed properly. 2.3 Recommended Web Browsers  Internet Explorer 7 or higher  Firefox 3.5 or higher  Safari 4 or higher  Adobe Flash Player 9 or higher plug-in is required to display the mail statistics charts. 2.4 FortiGuard AntiSpam Service Port Change In FortiMail v3.0, queries made to the FortiGuard AntiSpam Service were accomplished using port 8889. In FortiMail v4.0, the FortiGuard AntiSpam Service port number is configurable. The default is port 53, with port 8888 and 8889 available as options.
  • 6. 7 February 20125 3 Firmware Upgrade Information 3.1 Before and After Firmware Upgrades Before any firmware upgrade/downgrade:  FortiMail Configuration – Save a copy of your FortiMail configuration (including replacement messages) by going to Maintenance > System > Configuration. After any firmware upgrade/downgrade:  Web UI Display – If you are using the web UI, clear the browser cache prior to login on the FortiMail unit to ensure proper display of the web UI screens.  Update AV definitions – The antivirus signatures included with an image upgrade may be older than those currently available from the Fortinet FortiGuard Distribution Network (FDN). Fortinet recommends performing an immediate AV signature update as soon as possible after upgrading. Consult the FortiMail Administration Guide for detailed procedures. 3.2 Upgrade Path 3.2.1 For Any Older v3.0 Release Any v3.0 release older than v3.0 MR5 Patch 4  v3.0 MR5 Patch 4 (Build 531)  v4.0 GA Patch 5 (Build 146) (Note: This step is for upgrade from GUI only. If you upgrade from CLI, skip this step)  v4.0 MR3 (Build 486) 3.2.2 For Any v4.0 Release Any v4.0 GA, v4.0 MR1, or v4.0 MR2 release  v4.0 MR3 (Build 486) After every upgrade, verify that the build number and branch point match the image that was loaded. To do this, go to Monitor > System Status > Status. 3.3 Firmware Downgrade 3.3.1 Downgrading from v4.0 MR3 to v4.0 MR2, MR1 or v4.0 GA Releases Downgrading from v4.0 MR3 to v4.0 MR2, MR1 or v4.0 GA releases is not fully supported. If you have to downgrade, follow these steps: 1. Back up the MR2 configuration. 2. Install the MR1 or GA image. 3. In the CLI, enter “execute factoryreset” to reset the FortiMail unit to factory defaults. 4. Configure the unit’s IP address and other network settings. 5. Reload the MR2 backup configuration if needed.
  • 7. 7 February 20126 3.3.2 Downgrading from v4.0 to v3.0 Releases FortiMail firmware downgrade directly from v4.0 to v3.0 is not supported. If you install v3.0 firmware on a v4.0 FortiMail unit, all configuration and mail data will be erased. In addition, you can only clean-install the v3.0 firmware by using serial console connection. For details, see the FortiMail Administration Guide. After you install the v3.0 firmware: 1. In the CLI, enter “execute formatmaildisk”, “execute formatlogdisk”, and “execute factoryreset” to format the hard disk and reset the FortiMail unit to factory defaults. 2. Configure the unit’s IP address and other network settings. 3. Reload the v3.0 configuration if needed.
  • 8. 7 February 20127 4 Resolved Issues 4.1 Web User Interface Description: When adding an IP address under Pofile > Group > IP Group, an IP address without a netmask can cause IP address errors after saving. Bug ID: 156748 4.2 System Description: Wrong destination IP address in a static route may be deleted after system reboot. Bug ID: 158401 Description: When processing multipart MIME messages that contain empty parts, FortiMail removes the empty part, but incorrectly adds a blank line after the boundary string. Bug ID: 149516 4.3 AntiSpam Description: Sender reputation score increases when an ACL bypass rule is matched. Bug ID: 160417 Description: If Microsoft Office attachment file type checking is enabled in a content profile under Profile > Content > Content, some Microsoft Office files may be incorrectly blocked. Bug ID: 153465 Description: FortiMail should not check recipient domains in authenticated sessions. Bug ID: 150052 Description: Add validation for sender reputation score ranges. Bug ID: 150311 Description: When “Reject if recipient and HELO domain match but sender domain is different” is enabled in a session profile, this three-way check incorrectly matches the substring in the recipient address. Bug ID: 147690 4.4 MTA Description: Some email with Microsoft Word attachments can crash the mailfilterd process. Bug ID: 159540 Description: Some PDF attachments may cause mailfilterd crashes. Bug ID: 148196 4.5 Webmail Description: Webmail displays the date and time in English format even when it is set to other languages. Bug ID: 145362
  • 9. 7 February 20128 4.6 CLI Description: The “get system status” command should show if the FortiMail platform is running a 32-bit or 64-bit OS. Bug ID: 157144
  • 10. 7 February 20129 5 Image Checksums The MD5 checksums for the firmware images are available at the Fortinet Customer Service and Support website (https://support.fortinet.com). 1. Log on to the web site. 2. Click "Firmware Image Checksums" in the Download section. 3. For “File Name”, enter the firmware image file name. 4. Click “Get Checksum Code”. (End of Release Notes.)