FortiMail 7.4.0 w najnowszym wydaniu jest już dostępny – a w nim wiele poprawek i nowości między innymi integracja z Google Workspace, MS365 skanowanie poczty wychodzącej dla Cousin Domain, kontrola skanowania w czasie rzeczywistym dla poszczególnego konta MS365 i wiele innych o których dowiedzieć można się w niniejszym artykule.
Aktualnie wspierane modele:
| FortiMail | 200F, 2000E, 2000F, 3000E, 3000F, 3200E, 400F, 900F |
| FortiMail VM |
|
Co nowego?:
Antispam/Antivirus
| Feature | Description |
|---|---|
| BEC Enhancements |
|
| QR Code URL in Attachment | Added QR code URL scan in email attachment. Only inline QR codes were scanned before. |
| More Passwords Sent To FortiSandbox | Send a list of possible passwords for all files and URLs to FortiSanbox to scan password-protected files downloaded from file sharing URLs in email. |
| Google Workspace Email Clawback | Integrate with Google Workspace to scan email, similar to MS365 support. |
| FortiGuard Outbreak as Antispam/Content Profile Action | If enabled, the email will be deferred and sent to the spam outbreak queue. |
| Zip Bomb Compression Ratio | New GUI control and CLI command to set the maximum compression ratio to scan the zip bomb. |
| Cousin Domain Enhancement | In addition to inbound email, outbound email scan is supported. A new „look-alike” type is also added. |
| MS365 Per-Account Scan Control | Added real-time scan control to each account. |
System
| Feature | Description |
|---|---|
| HA Configuration Enhancement |
|
| Active-Active HA Specific Changes |
|
| Support Multiple IDPs for SAML SSO | Multiple IDPs are supported to facilitate admin GUI and webmail logon. |
| ISDB Support | Support ISDB as source type in IP-based policies. |
| SMTPUTF8 Support | Support this standard defined in RFC 6530-6533. |
| Fallback to IBE on TLS Failure | The ability to fallback automatically to IBE if TLS encryption fails ensures that all email is sent encrypted, even the IBE action is not triggerred in the content/DLP profile. |
| MS365 System Quarantine Release
Enhancement |
Added the following CLI command:
config cloud-api setting set system-quarantine-release-original {enable | disable} end Keep system quarantine email on both MS Exchange hidden folder and FortiMail. When it is released, move it from the hidden folder of Exchange. For details, see the FortiMail CLI Reference. |
| Azure AD Support for MS365 Users | Added support for the importation of Azure AD user group membership when configuring MS365 accounts. |
| Customized Disclaimers | Use customized messages in domain disclaimer settings. |
| Support Customized Content in Bounce Email | Support email template customization for DSNs. |
| Support Proxy for FortiGuard Antispam Query | Tunnel AV update requests and FortiGuard antispam queries through a web proxy. |
| Support Proxy for Shorten URL Service | (CLI only option) Added support for shorten URL service in a web proxy. |
| Alibaba Cloud Support | New cloud platform support. |
| Automatic Removal of Inactive Accounts | Automatically remove any accounts deemed inactive after a specified number days. |
| Domain Level Disk Quota | Support domain level quota in server mode. Only user level was supported before. |
| Defer Delivery Action | Added defer delivery action in antispam and content action profiles. |
| Read/Update Permission for Admin Users | Added new read/write permission in the admin profile. |
| Elliptic Curve Key | Added support for Elliptic Curve key type when generating a certificate signing request. |
| Access Control Delivery ID in Event Log | Added ACL delivery ID to event logs. |
| Certificate SSH Key | New CLI command to support certificate SSH key:
config system admin edit „admin” set ssh-certificate <cert-string> end |
| Disclaimer in Outlook Appointment Email | Add disclaimer into Outlook appointment email/calendar part. |
| DKIM Signing for DSNs | Support DKIM signing for DSNs and other system generated notification email. |
| Block/Safe List HA Synchronization Enhancement | In Active-Active HA mode, block/safe list changes on a secondary unit will be pushed to the primary unit and then populated to other secondary units. |
| Repeat Offender Control for Web Service | Added exempt IP list, so it can bypass repeat HTTP attack control. |
| User Preference Enhancements |
|
| 2FA Improvement | FortiToken will be sent automatically after users enter login credentials. Users need to manually enter „Push” before. |
| CLI Console Improvement | New CLI console on the admin GUI. |
| Inline Attachment Replacement Message | Add attachment replacement message inline like disclaimer. It was not inline but replaced the attachment part before. |
| Message ID in Notification Email | Displays Message-ID in notification template/email. |
| Recipient Policy Move Action | Enable Move action in all display modes regardless of domain selection. It was enabled only when all policies displayed belong to a single domain before. |
Webmail
| Feature | Description |
|---|---|
| Email Address Auto Completion | Add outgoing email address to personal address book for auto completion next time. |
| Address Book Search Enhancement | Ability to run search against most address book columns (email, display name, title, phone, etc.). It was restricted to email and display name before. |
| Display Columns | Ability to customize display columns, allowing user to select additional columns to display. Only display name and email are shown before. |
| Email Tags | Tags are customizable, color coded, and sorted with importance. |
| Mobile Device View | Improved webmail view on mobile devices. |
Rozwiązane problemy:
Antispam/Antivirus
| Bug ID | Description |
|---|---|
| 867667 | SPF check is not performed before trusted MTA, when „Received” chain is broken. |
| 876426 | In some cases, SPF check may not work properly. |
| 882498 | Attachments with passwords containing a dot (.) cannot be decrypted. |
| 890410 | DKIM results are not recorded in the Authentication-Results header. |
| 896458 | Microsoft OneNote files are detected as plain/text instead of application/octet-stream by the content filter. |
| 859815 | In some cases, impersonation exemption may be ignored. |
| 904712 | Regex validator error regarding case sensitivity. |
| 867221 | Personal safelist is ignored if the safelisted sender typed the same naming schema of the internal user while sending the mail. |
| 921181 | Some phishing URLs cannot be parsed. |
| 902812 | Personal quarantine mail cannot be released when the mail subject is encoded. |
| 917444 | Multiple DMARC reports are incorrectly generated for all domains. |
| 923787 | In some cases, random hyperlinks may be generated after the content profile scan. |
| 923805 | URLs are sent to FortiSandbox despite the category is not selected in the URL filter profile. |
| 888653 | IPv6 IP policies are not matched when the message size is above 10MB. |
Mail Delivery
| Bug ID | Description |
|---|---|
| 880743 | Some email may become expired in Microsoft 365 view. |
| 925041 | In some cases, some outgoing email are stuck in the queue. |
System
| Bug ID | Description |
|---|---|
| 906766 | After upgrading to v7.2.3 release, the block/safe lists become invisible and uneditable. |
| 909330 | Timezone is not updated with the daylight saving time (DST) change. |
| 911143 | SMTP daemon restarts when there is an virus DB update going on. |
| 883012 | In HA mode, changes to the block list and safelist via webmail on the secondary unit does not take effect. |
| 876817 | In HA mode, some email may not be viewable or released in the centralized monitor. |
| 880226 | In HA mode, local mail user password change via webmail on the secondary unit does not take effect. |
| 880313 | Insert disclaimer action does not work for DMARC None check. |
| 873052 | Unable to add secondary account through API. |
| 900005 | Deleting email from system quarantine won’t free up disk space. |
| 893587 | Domain admins cannot release multiple messages from the history log. |
| 901891 | Associated domain user data is not backed up with CLI command „execute formatmaildisk-backup„. |
| 860445 | Unable to release email from the folders under system quarantine. |
| 918867 | Abnormal memory consumption increase when creating AV file signatures. |
| 903260 | A system reboot is required for DMARC report settings to take effect. |
| 921653 | The /var/spool folder is not cleaned up properly and thus causes high mail disk usage and SMTP connection rejection. |
| 821855 | FortiMail 3K HA running 7.0.3 won’t accept configuration changes via GUI or CLI. |
Log and Report
| Bug ID | Description |
|---|---|
| 910217 | Scheduled scan in Microsoft 365 View is not logged. |
| 795420 | More granular AV/AS log fields to improve search efficiency on FortiAnalyzer. |
| 876785 | When a new mail statistics report is created with a specific sender domain, the report may keep loading when editing. |
Admin GUI/Webmail
| Bug ID | Description |
|---|---|
| 911598 | „Show Remote Content” does not show inline images for email in domain quarantine. |
| 912126 | Font viewed in webmail Sent folder is different from the font used when composing email. |
| 904873 | Fail to open attachments of secondary accounts. |
| 890913 | Domain admins cannot view release logs under release log search. |
| 876756 | The administrator list cannot be sorted by status (enabled or disabled). |
| 871670 | When admin web access is disabled, new IBE user registration page displays incorrectly. |
| 924193 | Characters in the system quarantine list may not be displayed properly. |
Notatki producenta: FortiMail 7.4.0
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
