Connecting Microsoft Exchange

This page includes:

• Connecting Microsoft Exchange
  • About connecting Microsoft Exchange email services
  • Maximum email size limitations
  • A bit more about integrating with Microsoft Exchange
  • The Microsoft Exchange onboarding process
  • Flow chart diagram

About connecting Microsoft Exchange email services

You can integrate FortiMail Workspace Security with Microsoft Exchange. This enables FortiMail Workspace Security to protect all incoming mail to Microsoft Exchange. [Refers to Microsoft Exchange On-Premises]

• Integration with Microsoft Exchange requires an MX record change.

• With the "Exchange" integration method, remediation is not available.

• With the "Exchange" integration method, FortiMail Workspace Security will protect all users in the account - it is not possible to specify groups, email accounts, or users to protect.

• With the "Exchange" integration method, scanning of outbound emails is not available.

• The "Exchange" integration method can be used to protect accounts that have Exchange Online Kiosk licenses.

Maximum email size limitations

When using the Exchange integration method, FortiMail Workspace Security scans email messages up to a maximum size of 40 MB [including attachments]. If a message exceeds 40 MB, the email will not be sent, and a Non-Delivery Report (NDR) or bounce notification will be generated. This NDR will indicate that the message size limit was exceeded [for example: "552 Message is too long"]. The NDR will be sent to the sender [return-path address].

Note: Due to external technical limitations, the 40 MB limitation can't be increased. We recommend that you limit receiving email attachments up to 30 MB in size. Files that are larger than 30 MB should be shared using a different file sharing service, such as Microsoft OneDrive or Google Drive.

A bit more about integrating with Microsoft Exchange

Onboarding process

• Customer onboarding entails adding the domain name and verifying a TXT record in the system.

• During the onboarding process, you'll need to add the next hop (MX record) so that FortiMail Workspace Security knows where to deliver the email after scanning.

Email flow overview

• All inbound emails are directed straight to the FortiMail Workspace Security scanner upon arrival.

Scanning and response

• Clean: Clean emails verified by FortiMail Workspace Security are sent back to the configured server (Next SMTP).

• Spam: Emails identified as spam by FortiMail Workspace Security are sent back to the configured server (Next SMTP).

  • For servers utilizing header-based rules to redirect spam to the Junk Email folder, you can append the "X-PERCEPTION-POINT-SPAM: FAIL" header.

  • In Exchange 2013/2019, this can be accomplished through transport rules.

• Malicious: Emails identified as malicious are blocked and are not forwarded to the next server.

Note: With the "Exchange" integration method, remediation is not available. This means that if an email was initially assigned a clean verdict, which was later changed to malicious, the email will not be removed from the user's Inbox.

The Microsoft Exchange onboarding process

Perform the following procedures to integrate Microsoft Exchange with FortiMail Workspace Security:

Flow chart diagram

Hover your cursor over the graphic below to enlarge it

See also: 

• FortiMail Workspace Security