Fortinet Fortimail 3 0 Mr4 Users Manual CLI Reference 3.0 MR4 to the manual 67199fd6-0e6e-4219-bbae-c1b445333241 2015-02-09
: Fortinet Fortinet-Fortimail-3-0-Mr4-Users-Manual-551685 fortinet-fortimail-3-0-mr4-users-manual-551685 fortinet pdf
Open the PDF directly: View PDF .Page Count: 368
CLI REFERENCE
FortiMail™ Secure Messaging Platform
Version 3.0 MR4
Note: The History sections in the command entries are intended to record
changes in FortiMail 3.0 CLI commands with each release of the product.
Although these sections show all commands as new for version 3.0, many of
the commands existed in previous versions of FortiMail firmware.
www.fortinet.com
�FortiMail™ Secure Messaging Platform CLI Reference
Version 3.0 MR4
14 August 2008
06-30004-0420-20080814
© Copyright 2008 Fortinet, Inc. All rights reserved. No part of this
publication including text, examples, diagrams or illustrations may be
reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose,
without prior written permission of Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC,
FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat
Management System, FortiGuard, FortiGuard-Antispam, FortiGuardAntivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer,
FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter,
FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of
Fortinet, Inc. in the United States and/or other countries. The names of
actual companies and products mentioned herein may be the trademarks
of their respective owners.
�Contents
Contents
Introduction ....................................................................................... 15
About the FortiMail Secure Messaging Platform........................................... 15
About this document........................................................................................ 15
Document conventions................................................................................. 16
FortiMail documentation .................................................................................. 17
Fortinet Tools and Documentation CD ......................................................... 17
Fortinet Knowledge Center ......................................................................... 17
Comments on Fortinet technical documentation ......................................... 18
Customer service and technical support ....................................................... 18
What’s new ........................................................................................ 19
Using the CLI ..................................................................................... 21
CLI command syntax........................................................................................ 21
Connecting to the CLI ...................................................................................... 22
Connecting to the FortiMail unit console ...................................................... 22
Setting administrative access for SSH or Telnet .......................................... 23
Connecting to the FortiMail CLI using SSH.................................................. 23
Connecting to the FortiMail CLI using Telnet ............................................... 24
CLI command branches ................................................................................... 24
execute............................................................................................... 25
backup config ................................................................................................... 26
checklogdisk ..................................................................................................... 27
checkmaildisk ................................................................................................... 28
clearqueue......................................................................................................... 29
factoryreset ....................................................................................................... 30
formatlogdisk .................................................................................................... 31
formatmaildisk .................................................................................................. 32
formatmaildisk_backup.................................................................................... 33
maintain ............................................................................................................. 34
nslookup............................................................................................................ 35
partitionlogdisk................................................................................................. 36
ping .................................................................................................................... 37
ping-option ........................................................................................................ 38
reboot................................................................................................................. 39
reload ................................................................................................................. 40
restore................................................................................................................ 41
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
3
�Contents
shutdown........................................................................................................... 42
smtptest............................................................................................................. 43
telnettest............................................................................................................ 44
traceroute .......................................................................................................... 45
update config .................................................................................................... 46
updatecenter updatenow ................................................................................. 47
get....................................................................................................... 49
alertemail configuration................................................................................... 50
alertemail setting .............................................................................................. 51
antivirus............................................................................................................. 52
as........................................................................................................................ 53
auth .................................................................................................................... 56
av........................................................................................................................ 57
config................................................................................................................. 58
console .............................................................................................................. 59
fshd status ........................................................................................................ 60
ip_policy ............................................................................................................ 61
ip_pool............................................................................................................... 62
ip_profile ........................................................................................................... 63
ldap_profile ....................................................................................................... 65
limits .................................................................................................................. 66
log elog.............................................................................................................. 67
log logsetting .................................................................................................... 68
log msisdn......................................................................................................... 69
log policy........................................................................................................... 70
log query ........................................................................................................... 71
log reportconfig ................................................................................................ 72
log view ............................................................................................................. 73
mailserver.......................................................................................................... 74
mailserver access............................................................................................. 75
mailserver archive ............................................................................................ 76
mailserver localdomains.................................................................................. 77
mailserver smtp ................................................................................................ 78
mailserver systemquarantine.......................................................................... 79
misc profile ....................................................................................................... 80
out_content ....................................................................................................... 81
4
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�Contents
out_policy.......................................................................................................... 82
out_profile ......................................................................................................... 83
policy ................................................................................................................. 84
spam deepheader ............................................................................................. 85
spam heuristic rules......................................................................................... 86
spam retrieval policy ........................................................................................ 87
system ............................................................................................................... 88
user .................................................................................................................... 90
userpolicy.......................................................................................................... 91
set ....................................................................................................... 93
alertemail configuration mailto ....................................................................... 94
alertemail deferq ............................................................................................... 95
alertemail setting option .................................................................................. 96
antivirus............................................................................................................. 97
as blacklistaction.............................................................................................. 98
as bounceverify ................................................................................................ 99
as control autorelease.................................................................................... 100
as control bayesian ........................................................................................ 101
as greylist ........................................................................................................ 103
as mms_reputation......................................................................................... 105
as profile delete .............................................................................................. 106
as profile modify actions ............................................................................... 107
as profile modify auto-release....................................................................... 108
as profile modify bannedword....................................................................... 109
as profile modify bannedwordlist ................................................................. 110
as profile modify bayesian............................................................................. 111
as profile modify deepheader........................................................................ 112
as profile modify dictionary........................................................................... 113
as profile modify dnsbl .................................................................................. 114
as profile modify dnsblserver........................................................................ 115
as profile modify forgedip.............................................................................. 116
as profile modify fortishield........................................................................... 117
as profile modify greylist ............................................................................... 118
as profile modify heuristic ............................................................................. 119
as profile modify imagespam ........................................................................ 120
as profile modify individualaction scanner.................................................. 121
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
5
�Contents
as profile modify quarantine ......................................................................... 122
as profile modify rewrite_rcpt ....................................................................... 123
as profile modify scanoptions....................................................................... 124
as profile modify surbl ................................................................................... 125
as profile modify surblserver ........................................................................ 126
as profile modify tags .................................................................................... 127
as profile modify virus ................................................................................... 128
as profile modify whitelistword..................................................................... 129
as profile modify whitelistwordlist................................................................ 130
as spamreport................................................................................................. 131
as trusted ........................................................................................................ 132
auth imap rename-to ...................................................................................... 133
auth imap server............................................................................................. 134
auth pop3 rename-to ...................................................................................... 135
auth pop3 server............................................................................................. 136
auth radius rename-to.................................................................................... 137
auth radius server .......................................................................................... 138
auth smtp rename-to ...................................................................................... 139
auth smtp server............................................................................................. 140
av delete .......................................................................................................... 141
av modify actions ........................................................................................... 142
av modify heuristic......................................................................................... 143
av modify heuristic heuristic_action ............................................................ 144
av modify scanner .......................................................................................... 145
av rename-to ................................................................................................... 146
console ............................................................................................................ 147
content delete ................................................................................................. 148
content modify action .................................................................................... 149
content modify bypass_on_auth .................................................................. 150
content modify defersize ............................................................................... 151
content modify filetype .................................................................................. 152
content modify monitor ................................................................................. 153
content modify monitor action...................................................................... 154
fshd .................................................................................................................. 156
6
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�Contents
ip_policy .......................................................................................................... 157
Syntax ........................................................................................................ 157
History ........................................................................................................ 157
Related topics ............................................................................................ 157
ip_policy action............................................................................................... 158
Syntax ........................................................................................................ 158
History ........................................................................................................ 158
Related topics ............................................................................................ 158
ip_policy as ..................................................................................................... 159
Syntax ........................................................................................................ 159
History ........................................................................................................ 159
Related topics ............................................................................................ 159
ip_policy auth.................................................................................................. 160
Syntax ........................................................................................................ 160
History ........................................................................................................ 160
Related topics ............................................................................................ 160
ip_policy av ..................................................................................................... 161
Syntax ........................................................................................................ 161
History ........................................................................................................ 161
Related topics ............................................................................................ 161
ip_policy content ............................................................................................ 162
Syntax ........................................................................................................ 162
History ........................................................................................................ 162
Related topics ............................................................................................ 162
ip_policy delete............................................................................................... 163
Syntax ........................................................................................................ 163
History ........................................................................................................ 163
Related topics ............................................................................................ 163
ip_policy exclusive ......................................................................................... 164
Syntax ........................................................................................................ 164
History ........................................................................................................ 164
Related topics ............................................................................................ 164
ip_policy ip ...................................................................................................... 165
Syntax ........................................................................................................ 165
History ........................................................................................................ 165
Related topics ............................................................................................ 165
ip_policy match (gateway and server modes) ............................................. 166
Syntax ........................................................................................................ 166
History ........................................................................................................ 166
Related topics ............................................................................................ 166
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
7
�Contents
ip_policy match (transparent mode)............................................................. 167
Syntax ........................................................................................................ 167
History........................................................................................................ 167
Related topics ............................................................................................ 167
ip_policy move................................................................................................ 168
Syntax ........................................................................................................ 168
History........................................................................................................ 168
Related topics ............................................................................................ 168
ip_policy smtp ................................................................................................ 169
Syntax ........................................................................................................ 169
History........................................................................................................ 169
Related topics ............................................................................................ 169
ip_pool............................................................................................................. 170
ip_pool add_entry........................................................................................... 171
ip_pool del_entry............................................................................................ 172
ip_pool delete ................................................................................................. 173
.......................................................................................................................... 174
ip_profile check .............................................................................................. 175
ip_profile connection ..................................................................................... 177
ip_profile delete .............................................................................................. 178
ip_profile error ................................................................................................ 179
ip_profile headermanipulation ...................................................................... 180
ip_profile limit ................................................................................................. 181
ip_profile list ................................................................................................... 182
ip_profile mms_reputation ............................................................................ 183
ip_profile rename............................................................................................ 184
ip_profile senderreputation ........................................................................... 185
ip_profile sendervalidation............................................................................ 186
ip_profile_setting rate_control...................................................................... 188
ldap_profile profile asav ................................................................................ 189
ldap_profile clearallcache.............................................................................. 190
ldap_profile profile auth................................................................................. 191
ldap_profile profile clearcache...................................................................... 192
ldap_profile profile fallback_server .............................................................. 193
ldap_profile profile group .............................................................................. 194
ldap_profile profile option ............................................................................. 195
ldap_profile profile pwd ................................................................................. 196
ldap_profile profile routing............................................................................ 197
8
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�Contents
ldap_profile profile server.............................................................................. 198
ldap_profile profile user................................................................................. 199
limits domain-level ......................................................................................... 201
limits system-level general ............................................................................ 202
limits system-level groups............................................................................. 203
limits system-level mail-users....................................................................... 204
limits system-level other-profiles.................................................................. 205
limits system-level policies ........................................................................... 206
.......................................................................................................................... 207
log msisdn....................................................................................................... 208
log policy destination event .......................................................................... 209
log policy destination history........................................................................ 210
log policy destination spam .......................................................................... 211
log policy destination virus ........................................................................... 212
log reportconfig direction .............................................................................. 213
log reportconfig domain ................................................................................ 214
log reportconfig mailto................................................................................... 215
log reportconfig period .................................................................................. 216
log reportconfig qry........................................................................................ 217
log reportconfig schedule hour..................................................................... 218
log setting console ......................................................................................... 219
log setting local .............................................................................................. 220
log setting syslog ........................................................................................... 221
log view fields ................................................................................................. 223
log view loglevel ............................................................................................. 224
mailserver access........................................................................................... 225
mailserver archive account ........................................................................... 227
mailserver archive exemptlist ....................................................................... 228
mailserver archive local quota ...................................................................... 229
mailserver archive policy............................................................................... 230
mailserver archive remote ............................................................................. 231
mailserver deadmail ....................................................................................... 232
mailserver portnumber................................................................................... 233
mailserver proxy smtp interface ................................................................... 234
mailserver proxy smtp unknown................................................................... 235
mailserver relayserver.................................................................................... 236
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
9
�Contents
mailserver smtp deferbigmsg ....................................................................... 237
mailserver smtp delivery ............................................................................... 238
mailserver smtp dsn_..................................................................................... 239
mailserver smtp ldap_domain_check........................................................... 240
mailserver smtp queue .................................................................................. 241
mailserver smtpauth ...................................................................................... 242
mailserver smtpssl ......................................................................................... 243
mailserver smtp storage ................................................................................ 244
mailserver smtp storage cquar ..................................................................... 245
mailserver systemquarantine........................................................................ 247
misc profile delete .......................................................................................... 248
misc profile modify quota.............................................................................. 249
misc profile modify userstatus ..................................................................... 250
misc profile modify webmailaccess ............................................................. 251
misc profile rename-to ................................................................................... 252
out_content delete.......................................................................................... 253
out_content modify action............................................................................. 254
out_content modify bypass_on_auth........................................................... 255
out_content modify filetype........................................................................... 256
out_content modify monitor action .............................................................. 257
out_content modify monitor.......................................................................... 258
out_policy profile delete ................................................................................ 260
out_policy modify........................................................................................... 261
out_policy move-to......................................................................................... 262
out_policy rename-to ..................................................................................... 263
out_profile profile delete................................................................................ 264
out_profile profile modify actions................................................................. 265
out_profile profile modify bannedword........................................................ 266
out_profile profile modify bannedwordlist................................................... 267
out_profile profile modify bayesian.............................................................. 268
out_profile profile modify deepheader ......................................................... 269
out_profile profile modify dictionary ............................................................ 270
out_profile profile modify dnsbl.................................................................... 271
out_profile profile modify dnsblserver......................................................... 272
out_profile profile modify fortishield............................................................ 273
out_profile profile modify greylist ................................................................ 274
10
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�Contents
out_profile profile modify heuristic .............................................................. 275
out_profile profile modify imagespam.......................................................... 276
out_profile profile modify individualaction scanner ................................... 277
out_profile profile modify scanoptions ........................................................ 278
out_profile profile modify surbl..................................................................... 279
out_profile profile modify surblserver.......................................................... 280
out_profile profile modify tags ...................................................................... 281
out_profile profile modify virus..................................................................... 282
out_profile profile modify whitelistword ...................................................... 283
out_profile profile modify whitelistwordlist ................................................. 284
out_profile profile rename-to......................................................................... 285
policy delete .................................................................................................... 287
policy modify add_association ..................................................................... 288
policy modify bverify_addr ............................................................................ 289
policy modify fallback .................................................................................... 290
policy modify ip .............................................................................................. 291
policy modify is_subdomain ......................................................................... 292
policy modify ldap .......................................................................................... 293
policy modify mxflag ...................................................................................... 294
policy modify tp .............................................................................................. 295
policy modify user .......................................................................................... 296
policy modify verify_addr .............................................................................. 297
policy modify rename-to ................................................................................ 298
spam deepheader ........................................................................................... 299
spam retrieval policy ...................................................................................... 300
system admin.................................................................................................. 301
system appearance ........................................................................................ 302
system autoupdate pushaddressoverride ................................................... 303
system autoupdate pushupdate.................................................................... 304
system autoupdate schedule ........................................................................ 305
system autoupdate tunneling........................................................................ 306
system ddns.................................................................................................... 307
system disclaimer allowdomain.................................................................... 308
system disclaimer incoming.......................................................................... 309
system disclaimer outgoing .......................................................................... 310
system dns ...................................................................................................... 311
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
11
�Contents
system fortimanager ...................................................................................... 312
system ha config ............................................................................................ 313
system ha {cpeer | interface | peer | secondary-interface | secondary-peer} .
314
system ha data................................................................................................ 318
system ha datadir ........................................................................................... 319
system ha lservice.......................................................................................... 320
system ha mode ............................................................................................. 321
system ha monitor.......................................................................................... 322
system ha on-failure....................................................................................... 324
system ha passwd.......................................................................................... 325
system ha remote-as-heartbeat .................................................................... 326
system ha {restart | restore | resync} ........................................................... 327
system ha rservice ......................................................................................... 328
system ha takeover ........................................................................................ 330
system hostname ........................................................................................... 333
system interface config ................................................................................. 334
system interface mode dhcp ......................................................................... 335
system interface mode static ........................................................................ 336
system opmode .............................................................................................. 337
system option ................................................................................................. 338
system route number ..................................................................................... 339
system snmp community .............................................................................. 340
system snmp {sysinfo | threshold}............................................................... 342
system time manual ....................................................................................... 343
system time ntp .............................................................................................. 344
system usrgrp................................................................................................. 345
user .................................................................................................................. 346
user pki............................................................................................................ 347
userpolicy delete ............................................................................................ 348
userpolicy modify........................................................................................... 349
userpolicy move-to......................................................................................... 350
userpolicy rename-to ..................................................................................... 351
unset ................................................................................................ 353
alertemail configuration................................................................................. 354
ldap_profile ..................................................................................................... 355
12
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�Contents
log reportconfig .............................................................................................. 356
mailserver........................................................................................................ 357
system ............................................................................................................. 358
user (transparent and gateway) .................................................................... 359
user (server) .................................................................................................... 360
Index................................................................................................. 361
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
13
�Contents
14
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�Introduction
About the FortiMail Secure Messaging Platform
Introduction
This chapter introduces you to the FortiMail™ Secure Messaging Platform and
the following topics:
•
About the FortiMail Secure Messaging Platform
•
About this document
•
FortiMail documentation
•
Customer service and technical support
About the FortiMail Secure Messaging Platform
Each FortiMail unit is an integrated hardware and software solution that provides
powerful and flexible logging and reporting, antispam, antivirus, and email
archiving capabilities to incoming and outgoing email traffic. The FortiMail unit has
reliable and high performance features for detecting and blocking spam
messages and malicious attachments. Built on Fortinet’s FortiOS™, the FortiMail
antivirus technology extends full content inspection capabilities to detect the most
advanced email threats.
About this document
This document describes how to use the Fortinet Command Line Interface (CLI).
The following chapters appear in this document:
•
Using the CLI describes how to connect to and use the Fortinet command-line
interface (CLI).
•
execute is an alphabetically-ordered reference to the execute commands.
These commands perform immediate actions on the FortiMail unit, such as
configuration backup or unit reset.
•
get is an alphabetically-ordered reference to the get commands. These
commands display information about FortiMail unit configuration and status.
•
set is an alphabetically-ordered reference to the set commands. These
commands configure all aspects of FortiMail unit operation.
•
unset is an alphabetically-ordered reference to the unset commands. These
commands remove configurations such as alert email settings, LDAP profiles,
logging and email server settings.
Note: Diagnose commands are also available from the FortiMail CLI. These commands are
used to display system information and for debugging. Diagnose commands are intended
for advanced users only, and they are not covered in this document. Contact Fortinet
technical support before using these commands.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
15
�About this document
Introduction
Document conventions
The following document conventions are used in this guide:
•
In the examples, private IP addresses are used for both private and public IP
addresses.
•
Notes and Cautions are used to provide important information:
Note: Highlights useful additional information.
!
Caution: Warns you about commands or procedures that could have unexpected or
undesirable results including loss of data or damage to equipment.
Typographic conventions
Fortinet documentation uses the following typographical conventions:
Convention
Example
Keyboard input
In the Gateway Name field, type a name for the remote VPN
peer or client (for example, Central_Office_1).
CLI command syntax
execute restore config
Document names
FortiMail Administration Guide
File content
Firewall
Authentication
You must authenticate to use this
service.
Menu commands
Go to Anti-Spam > Greylist > Exempt and select Create
New.
Program output
Welcome!
Variables
•
•
•
•
16
indicates an ASCII string variable keyword.
indicates an integer variable
keyword.
indicates an IP address variable keyword.
vertical bar and braces {|} separate mutually exclusive
required keywords
For example:
set system opmode {gateway | transparent
| server}
This example indicates you can enter set system
opmode gateway or set system opmode
transparent or set system opmode server
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�Introduction
FortiMail documentation
FortiMail documentation
Information about the FortiMail unit is available from the following guides:
•
FortiMail QuickStart Guides
Provides basic information about connecting and installing a FortiMail unit. A
separate guide is available for each FortiMail model.
•
FortiMail Administration Guide
Introduces the product and describes how to configure and manage a FortiMail
unit, including how to create profiles and policies, configure antispam and
antivirus filters, create user accounts, configure email archiving, and set up
logging and reporting.
•
FortiMail CLI Reference
Describes how to use the FortiMail CLI and contains a reference of all
FortiMail CLI commands.
•
FortiMail Log Message Reference
Available exclusively from the Fortinet Knowledge Center, the FortiMail Log
Message Reference describes the structure of FortiMail log messages and
provides information about the log messages that are generated by FortiMail
units.
•
FortiMail Installation Guide
Describes how to set up the FortiMail unit in transparent, gateway, or server
mode.
•
FortiMail online help
Provides a searchable version of the Administration Guide in HTML format.
You can access online help from the web-based manager as you work.
•
FortiMail Webmail online help
Describes how to use the FortiMail web-based email client, including how to
send and receive email, how to add, import, and export addresses, how to
configure message display preferences, and how to manage quarantined
email.
•
FortiMail User Guides
Provides information that the FortiMail end users need to know in order to take
advantage of the services provided by the FortiMail unit. These guides are
included as chapters in the FortiMail Administration Guide, allowing the
administrator to provide information on only the enabled features.
Fortinet Tools and Documentation CD
All Fortinet documentation is available on the Fortinet Tools and Documentation
CD shipped with your Fortinet product. The documents on this CD are current at
shipping time. For up-to-date versions of Fortinet documentation visit the Fortinet
Technical Documentation web site at http://docs.forticare.com.
Fortinet Knowledge Center
Additional Fortinet technical documentation is available from the Fortinet
Knowledge Center. The knowledge center contains troubleshooting and how-to
articles, FAQs, technical notes, a glossary, and more. Visit the Fortinet Knowledge
Center at http://kc.forticare.com.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
17
�Customer service and technical support
Introduction
Comments on Fortinet technical documentation
Please send information about any errors or omissions in this document, or any
Fortinet technical documentation, to techdoc@fortinet.com.
Customer service and technical support
Fortinet Technical Support provides services designed to make sure that your
Fortinet systems install quickly, configure easily, and operate reliably in your
network.
Please visit the Fortinet Technical Support web site at http://support.fortinet.com
to learn about the technical support services that Fortinet provides.
18
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�What’s new
What’s new
The table below lists commands which have changed since the previous release, 3.0 MR3.
Command
Change
execute partitionlogdisk
New command. Sets the size of the hard disk
partition to use as the log disk. Remaining hard
disk space is used as the mail disk.
set as bounceverify
New command. Configures verification of
delivery status notification (DSN) email.
set as mms_reputation
New command. Sets the window of time during
which detection of multimedia message service
(MMS) spam will affect the sender reputation of
the end user ID (MSISDN).
set as profile modify rewrite_rcpt
New command. Configure rewriting of the
recipient email address located in the envelope
if the email message is detected as spam.
set ip_profile headermanipulation
New command. Removes specified message
headers.
set ip_profile mms_reputation
New command. Enables or disables detection
of spam based upon the sender reputation of
the end user ID (MSISDN) for multimedia
message service (MMS) email messages, and
configures its detection threshold and duration.
set ip_profile sendervalidation
bypassbounceverify
New keyword. Enables or disables bypass of
verification of delivery status notification (DSN)
email.
set ip_profile_setting rate_control
New command. Selects whether to rate control
email messages by either the number of email
messages or the number of SMTP connections.
set mailserver access ... authenticated
New keyword. Selects whether to apply the
access control rule to only authenticated SMTP
sessions, or regardless of authentication
status.
set mailserver access ... tlsprofile
New keyword. Selects the name of a transport
layer security (TLS) profile to apply to SMTP
sessions governed by this access control rule.
set mailserver smtp ldap_domain_check
New command. Enables or disables use of an
LDAP query to verify the existence of a domain
and to automatically associate it with a
protected domain.
set mailserver smtpauth smtp
New keyword. Enables or disables SMTP
authentication.
set mailserver smtpauth smtpovertls
New keyword. Enables or disables transport
layer security (TLS) authentication for SMTP.
set mailserver smtpauth smtps
New keyword. Enables or disables SMTPS
authentication.
set policy modify add_association
New command. Configures domain
associations, which associate a domain name
with the settings for an existing protected
domain.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
19
�What’s new
20
Command
Change
set system fortimanager
New command. Configures remote
administration by and automatic configuration
backups to a FortiManager system.
set user pki
New command. Configures public key
infrastructure (PKI) authentication for email
users and FortiMail administrators.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�Using the CLI
CLI command syntax
Using the CLI
This section describes how to connect to and use the FortiMail command line
interface (CLI). You can use CLI commands to view all FortiMail system
information and to change all system configuration settings.
This section contains the following topics:
•
CLI command syntax
•
Connecting to the CLI
•
CLI command branches
CLI command syntax
This guide uses the following conventions to describe command syntax.
•
Angle brackets < > to indicate variables.
For example:
set console page
You enter:
set console page 40
The various types of variables include:
indicates an ASCII string.
indicates an integer string that is a decimal number.
indicates a dotted decimal IPv4 address.
indicates a dotted decimal IPv4 netmask.
indicates a dotted decimal IPv4 address followed by a
dotted decimal IPv4 netmask (e.g. 192.168.1.99 255.255.255.0)
indicates a dotted decimal IPv4 address followed by a
CIDR notation IPv4 netmask (e.g. 192.168.1.99/24)
indicates an IPv6 address.
indicates an IPv6 netmask.
indicates an IPv6 address followed by an IPv6 netmask.
•
Vertical bar and braces {|} separate alternative, mutually exclusive required
keywords.
For example:
set system opmode {gateway | server | transparent}
You can enter set system opmode gateway or set system opmode
server or set system opmode transparent.
•
Square brackets [ ] to indicate that a keyword or variable is optional.
For example:
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
21
�Connecting to the CLI
Using the CLI
set policy modify fallbackhost
[fallbackport ]
The fallback host address is required, and a fallback port is optional
•
A space to separate options that can be entered in any combination and must
be separated by spaces.
For example:
set allowaccess {ping https ssh snmp http telnet}
You can enter any of the following:
set allowaccess ping
set allowaccess ping https ssh
set allowaccess https ping ssh
set allowaccess snmp
In most cases to make changes to lists that contain options separated by
spaces, you need to retype the whole list including all the options you want to
apply and excluding all the options you want to remove.
Connecting to the CLI
You can use a direct console connection, SSH, or Telnet to connect to the
FortiMail unit CLI.
Connecting to the FortiMail unit console
To connect to the FortiMail console, you require:
•
A computer with an available com port.
•
A null modem cable to connect the FortiMail console port.
•
Terminal emulation software such as HyperTerminal for Windows.
Note: The following procedure describes how to connect to the FortiMail CLI using
Windows HyperTerminal software. You can use any terminal emulation program.
To connect to the FortiMail unit console
1
Connect the FortiMail console port to the available communications port on your
computer.
2
Make sure the FortiMail unit is powered on.
3
Start HyperTerminal, enter a name for the connection, and select OK.
4
Configure HyperTerminal to connect directly to the communications port on the
computer to which you have connected the FortiMail console port.
5
Select OK.
6
Select the following port settings and select OK.
Bits per second 9600
22
Data bits
8
Parity
None
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�Using the CLI
Connecting to the CLI
Stop bits
1
Flow control
None
7
Press Enter to connect to the FortiMail CLI.
8
A prompt appears:
FortiMail-400 login:
9
10
Type a valid administrator name and press Enter.
Type the password for this administrator and press Enter.
The following prompt appears:
Welcome!
You have connected to the FortiLog CLI, and you can enter CLI commands.
Setting administrative access for SSH or Telnet
To configure the FortiMail unit to accept SSH or Telnet connections, you must set
administrative access to SSH or Telnet for the FortiMail interface to which your
management computer connects. To use the web-based manager to configure
FortiMail interfaces for SSH or Telnet access, see “Interface settings” in the
“Configuring FortiMail system settings” chapter of the FortiMail Administration
Guide.
To use the CLI to configure SSH or Telnet access
1
Connect and log into the CLI using the FortiMail console port and your terminal
emulation software.
2
Use the following command to configure an interface to accept SSH connections:
set system interface config allowaccess ssh
end
3
Use the following command to configure an interface to accept Telnet
connections:
set system interface config allowaccess
telnet
4
To confirm that you have configured SSH or Telnet access correctly, enter the
following command to view the access settings for the interface:
get system interface
The CLI displays the settings, including the management access settings, for the
configured interfaces.
Connecting to the FortiMail CLI using SSH
Secure Shell (SSH) provides strong secure authentication and secure
communications to the FortiMail CLI from your internal network or the internet.
Once the FortiMail unit is configured to accept SSH connections, you can run an
SSH client on your management computer and use this client to connect to the
FortiMail CLI.
Note: The FortiMail unit supports the following encryption algorithms for SSH access:
3DES and Blowfish.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
23
�CLI command branches
Using the CLI
To connect to the CLI using SSH
1
Install and start an SSH client.
2
Connect to the FortiMail interface that is configured for SSH connections.
3
Type a valid administrator name and press Enter.
4
Type the password for this administrator and press Enter.
The FortiMail model name followed by a # is Displayed.
You have connected to the FortiMail CLI, and you can enter CLI commands.
Connecting to the FortiMail CLI using Telnet
You can use Telnet to connect to the FortiMail CLI from your internal network or
the Internet. Once the FortiMail unit is configured to accept Telnet connections,
you can run a Telnet client on your management computer and use this client to
connect to the FortiLog CLI.
!
Caution: Telnet is not a secure access method. SSH should be used to access the FortiLog
CLI from the internet or any other unprotected network.
To connect to the CLI using Telnet
1
Install and start a Telnet client.
2
Connect to the FortiMail interface that is configured for Telnet connections.
3
Type a valid administrator name and press Enter.
4
Type the password for this administrator and press Enter.
You have connected to the FortiMail CLI, and you can enter CLI commands.
CLI command branches
The FortiGate command-line interface consists of four command branches:
•
Use execute to run static commands on the FortiMail unit. Examples include
resetting the device, formatting the hard drive, and pinging other devices from
the FortiMail unit’s network interfaces.
For a complete execute command list, see “execute” on page 25.
•
Use get to display system status information. The get command can be
used to display the current value of items configured with the set command.
•
Use set to configure the FortiMail unit. All of the configuration allowed in the
GUI can also be accomplished using the set command. Some extra options
not available in the GUI are also available with the set command.
For a complete get command list, see “get” on page 49.
For a complete set command list, see “set” on page 93.
•
Use unset to return settings to their default values.
For a complete unset command list, see “unset” on page 353.
24
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
execute
Use execute commands to perform maintenance operations on your FortiMail unit or to perform
network test operations such as ping or traceroute.
This chapter describes the following execute commands:
backup config
ping-option
checklogdisk
reboot
checkmaildisk
reload
clearqueue
restore
factoryreset
shutdown
formatlogdisk
smtptest
formatmaildisk
telnettest
formatmaildisk_backup
traceroute
maintain
update config
nslookup
updatecenter updatenow
partitionlogdisk
ping
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
25
�backup config
execute
backup config
Use this command to back up system settings to a TFTP server.
Syntax
execute backup config
is the filename for the backup on the TFTP server
is the IP address of the TFTP server
History
FortiMail v3.0
New.
Related topics
•
26
execute restore
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
checklogdisk
checklogdisk
When recommended by Customer Support, use this command to find and correct errors on the log
disk. Logging is suspended while this command is running.
Syntax
execute checklogdisk
History
FortiMail v3.0
New.
Related topics
•
execute checkmaildisk
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
27
�checkmaildisk
execute
checkmaildisk
When recommended by Customer Support, use this command to find and correct errors on the mail
disk. Actions are reported at the command prompt. If the check can’t fix something automatically, it
presents a list of options for the admin to select from.
Mail functions are suspended while this command is running.
Syntax
execute checkmaildisk
History
FortiMail v3.0
New.
FortiMail v3.0 MR3 Renamed from checkspooldisk.
Related topics
•
28
execute checklogdisk
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
clearqueue
clearqueue
Select to remove all messages from the deferred queue.
Syntax
execute clearqueue
History
FortiMail v3.0 MR3 New.
Related topics
•
execute checklogdisk
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
29
�factoryreset
execute
factoryreset
Use this command to restore the factory default settings.
This will delete your configuration.
Syntax
execute factoryreset
History
FortiMail v3.0
30
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
formatlogdisk
formatlogdisk
Use this command to reformat the local log hard disk to enhance performance.
This will delete the logs on the log disk.
Syntax
execute formatlogdisk
History
FortiMail v3.0
New.
Related topics
•
execute formatmaildisk
•
execute formatmaildisk_backup
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
31
�formatmaildisk
execute
formatmaildisk
Use this command to reformat the local email disk to enhance performance after you have backed up
the mail database to the log disk with execute formatmaildisk_backup.
This will delete your mail database.
Syntax
execute formatmaildisk
History
FortiMail v3.0
New.
Related topics
•
32
execute formatmaildisk_backup
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
formatmaildisk_backup
formatmaildisk_backup
Use this command to back up the mail database to the log disk, and then format the local mail disk.
This will enhance performance on the mail disk.
Syntax
execute formatmaildisk_backup
History
FortiMail v3.0
New.
Related topics
•
execute formatmaildisk
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
33
�maintain
execute
maintain
Use this command to perform maintenance on mail queues by deleting out-of-date messages.
Syntax
execute maintain mailqueue clear age []
messages this age or older will be cleared, and can be from 1 hour to 10 years.
can be one of h, d, m, or y for hours, days, months, or years respectively.
The default is 24h.
Example
This example will clear messages that are 23 days old and older.
execute maintain mailqueue clear age 23d
History
FortiMail v3.0 MR3 New.
Related topics
•
34
execute clearqueue
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
nslookup
nslookup
Use this command to perform a name server lookup on the specified host or MX record.
Syntax
execute nslookup {host | mx}
can be an IP address or a fully qualified domain name.
History
FortiMail v3.0
New.
Related topics
•
execute ping
•
execute traceroute
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
35
�partitionlogdisk
execute
partitionlogdisk
Use this command to adjust the ratio of disk space allocated to the logs and mail. By default, 75% of
the disk space is allocated to mail and 25% to logs.
Syntax
execute partitionlogdisk
is the percentage of the total disk space allocated to log files. Specify any value between
10 and 90. The remainder is allocated to mail.
!
Caution: Executing this command formats the FortiMail disks. This operation deletes all mail and log
data.
History
FortiMail v3.0 MR4 New.
Related topics
36
•
execute formatlogdisk
•
execute formatmaildisk
•
execute formatmaildisk_backup
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
ping
ping
Use this command to ping the specified host name or host IP address.
Syntax
execute ping { | }
History
FortiMail v3.0
New.
Related topics
•
execute ping-option
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
37
�ping-option
execute
ping-option
Use this command to configure the ping function behavior settings.
Syntax
execute ping-option
Option
Description
Default
data-size
Enter datagram size in bytes.
56
df-bit {yes | no}
Enter yes to set the DF bit in the IP header to prevent the ICMP no
packet from being fragmented. Setting df-bit to no allows the
ICMP packet to be fragmented.
pattern
Enter a pattern to fill the optional data buffer at the end of the
ICMP packet, for example 00ffaabb. The size of the buffer is
specified using the data_size parameter. This allows you to
send out packets of different sizes for testing the effect of
packet size on the connection.
repeat-count
Enter the number of times to repeat the ping. The value must be 5
greater than 0.
source {auto | }
Select the interface from which the ping is sent. Enter either
auto or the interface IP address.
auto
timeout
Enter the ping response timeout in seconds.
2
tos
Enter the IP type-of-service option value, one of:
• default
0
• lowcost
minimize cost
• lowdelay
minimize delay
• reliability
maximize reliability
• throughput
maximize throughput
default
ttl
Enter the time-to-live (TTL) value.
64
validate-reply {yes | no} Enter yes to validate ping replies.
no
View the current ping option settings.
view-settings
None
N/A
History
FortiMail v3.0
New.
Related topics
•
38
execute ping
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
reboot
reboot
Use this command to restart the FortiMail unit.
Syntax
execute reboot
History
FortiMail v3.0
New.
Related topics
•
execute reload
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
39
�reload
execute
reload
If you set your console to batch mode, use this command to flush the current configuration from
system memory and reload the configuration from a saved configuration file.
Syntax
execute reload
History
FortiMail v3.0
New.
Related topics
•
40
execute reboot
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
restore
restore
Use this command to restore system configuration or firmware from a TFTP server.
Syntax
execute restore {config | image}
Enter config to restore system settings or image to restore system firmware image.
is the name of the configuration file on the TFTP server.
is the IP address of the TFTP server.
History
FortiMail v3.0
New.
Related topics
•
execute backup config
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
41
�shutdown
execute
shutdown
Use this command to prepare the FortiMail unit to be powered down. This command clears all buffers
and writes all cached data to disk. Power off the FortiMail unit only after issuing this command to
prevent possible data loss.
Syntax
execute shutdown
History
FortiMail v3.0
New.
Related topics
•
42
execute reboot
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
smtptest
smtptest
Use this command to test connectivity to an SMTP server.
Syntax
execute smtptest domain
is the IP address of the SMTP server
[:port] is the optional port number to connect to the SMTP server.
is the name of the domain on the SMTP server to connect to.
Example
This example tests the connection to an SMTP server at 192.168.100.2 on port 25 to the example.com
domain.
execute smtptest 192.168.100.2:25 domain example.com
History
FortiMail v3.0 MR3 New.
Related topics
•
execute reboot
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
43
�telnettest
execute
telnettest
Use this command to attempt a telnet connection to the specified host IP address.
Syntax
execute telnettest
If you do not specify a port number, port 23 is used.
History
FortiMail v3.0
44
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
traceroute
traceroute
Use this command to trace the route to the specified host IP address.
Syntax
execute traceroute
History
FortiMail v3.0
New.
Related topics
•
execute maintain
•
execute ping
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
45
�update config
execute
update config
Use this command to request a configuration update from the FortiManager server.
Syntax
execute update config
History
FortiMail v3.0
46
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�execute
updatecenter updatenow
updatecenter updatenow
Use this command to manually initiate a virus definition update.
Syntax
execute updatecenter updatenow
History
FortiMail v3.0
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
47
�updatecenter updatenow
48
execute
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
get
alertemail configuration
mailserver
alertemail setting
mailserver access
antivirus
mailserver archive
as
mailserver localdomains
auth
mailserver smtp
av
mailserver systemquarantine
config
misc profile
console
out_content
fshd status
out_policy
ip_policy
out_profile
ip_pool
policy
ip_profile
spam deepheader
ldap_profile
spam heuristic rules
limits
spam retrieval policy
log elog
system
log logsetting
user
log msisdn
userpolicy
log policy
log query
log reportconfig
log view
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
49
�alertemail configuration
get
alertemail configuration
Use this command to view the alert email recipients. The command displays the SMTP server address,
SMTP user name, SMTP authentication status, encrypted SMTP password, and the email addresses
used to send the alert.
Syntax
get alertemail configuration
History
FortiMail v3.0
New.
Related topics
•
50
get alertemail setting
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
alertemail setting
alertemail setting
Use this command to view the alert email configuration. This command displays what is enabled or
disabled for:
•
virus incidents
•
critical events
•
disk full
•
archiving failure
•
HA events
•
dictionary corruption
•
system quarantine quota full
Syntax
get alertemail configuration
Example
FortiMail-400 # get alertemail setting
Alert email setting:
alert email for antivirus:
alert email for critical events:
alert email for disk full:
alert email for archiving failure:
alert email for HA events:
alert email for Dictionary corruption:
alert email for system quarantine quota
alert email for Defer queue:
disabled
disabled
enabled
enabled
disabled
disabled
is full: disabled
enabled
History
FortiMail v3.0
New.
Related topics
•
get alertemail configuration
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
51
�antivirus
get
antivirus
Use this command to display whether antivirus scanning is enabled. This is available only in server
mode.
Syntax
get antivirus
Example
FEServer # get antivirus
global antivirus scanning is enabled
History
FortiMail v3.0
52
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
as
as
Use this command to display information about your antispam configuration.
Syntax
get as
Option
Description
blacklistaction
Display the action set for blacklisted items.
control autorelease
Display the spam auto release and auto delete account names.
control bayesian
Display the Bayesian training account names.
greylist
Display the greylist settings, including the TTL, greylist period, initial expiry
period, capacity, and exempt address list.
profile
Display the settings of an antispam profile.
spamreport
Display the quarantine spam report settings.
trusted antispam-mta
Display the IP addresses on the antispam-MTA list.
trusted mta
Display the IP addresses on the MTA list.
Examples
FortiMail-400 # get as blacklistaction
blacklist action: reject
FortiMail-400 # get as control autorelease
autorelease account is release-ctrl
autodelete account is delete
FortiMail-400 # get as control bayesian
"is spam" account is is-spam
"is not spam" account is is-not-spam
"learn is spam" account is learn-is-spam
"learn is not spam" account is learn-is-not-spam
"training group" account is default-grp
FortiMail-400 # get as greylist
TTL: 10 (day)
Greylist period: 20 (minute)
Initial expiry period: 4 (hour)
Capacity: 40000
Greylist exempt:
FortiMail-400 # get as profile profile2
Antispam profiles
id=3, name=profile2
Heuristic filtering: enabled
action: default
lower level: -15.000000
upper level: 5.000000
Bayesian filtering: enabled
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
53
�as
get
action: default
use personal database: disabled
Accept training from users: disabled
Use other techniques for auto training: disabled
Deepheader filtering: disabled
action: default
check black ip: enabled
headers analysis: enabled
Dictionary filtering: disabled
action: default
dictionary profile: unknown(-1)
FortiGuard-Antispam filtering: disabled
action: default
FortiGuard-Antispam checkip: disabled
Dnsbl server lookup: disabled
action: default
Surbl server lookup: disabled
action: default
Banned word scanning: disabled
action: default
Whitelist word scanning: disabled
Greylist message senders: disabled
Treat message with virus as spam: disabled
action: default
Check forged IP in incoming emails: disabled
action: default
Check image spam in incoming emails: disabled
action: default
Check image spam aggressively: disabled
Scan conditions:
maxsize: 0
bypass_on_auth:
disabled
attachment types:
pdf: disabled
Actions:
discard reject
subject tagging: disabled, tag=""
header tagging: disabled, tag=""
quarantine is: enabled
auto delete: enabled, number of days=7
auto release of quarantined emails by email: disabled
auto release of quarantined emails by web: disabled
add the sender of a released message to personal white list:
disabled
allow users to automatically update personal White list from sent
emails: disabled
FortiMail-400 # get as spamreport
time of day: 00:00
interval: these hours:
Web Release Hostname is empty
Web Release through HTTPS is enabled
54
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
as
History
FortiMail v3.0
New.
FortiMail v3.0 MR3 Added trusted antispam-mta and trusted mta commands.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
55
�auth
get
auth
Use this command to display authentication settings by protocol: IMAP, POP3, RADIUS, SMTP. This is
available in transparent and gateway modes only.
Syntax
get auth {imap | pop3 | radius | smtp}
History
FortiMail v3.0
56
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
av
av
Use this command to display the settings of an antivirus profile.
Syntax
get av
Example
FortiMail-400 # get av avprofile1
Antivirus profiles
id=2, name=avprofile1
AV Scanner: enabled
AV actions:
Heuristic scanning: disabled
Heuristic actions:
History
FortiMail v3.0
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
57
�config
get
config
Use this command to display the current FortiMail unit configuration.
Syntax
get config []
is an optional search string. If the string contains spaces, enclose it in single
quotation marks (' ').
If you specify a search string, the command displays only the lines in the configuration file that contain
that string. Otherwise, the command lists the entire configuration.
History
FortiMail v3.0
58
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
console
console
Use this command to display console settings: the number of lines per page, the mode of operation,
and the baud rate of the command line console.
Syntax
get console
Example
FortiMail-400 # get console
Page number: 24
Console mode: Line
Console baudrate: default
History
FortiMail v3.0
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
59
�fshd status
get
fshd status
Use this command to display the FortiGuard settings on the FortiMail unit.
Syntax
get fshd status
Example
FortiMail-400 # get
Fortishield service
Fortishield service
Fortishield service
Fortishield service
fshd status
status: enabled
cache status: enabled
cache ttl: 600
hostname antispam.fortigate.com
History
FortiMail v3.0
60
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
ip_policy
ip_policy
Use this command to list information about IP policies.
Syntax
get ip_policy []
If you do not specify a policy number, the command provides a list of the IP policies, by name and
number. If you specify a policy number, the command lists detailed information about that policy.
Example
FortiMail-400 # get ip_policy 0
smtpin configuration 0
matches: from 0.0.0.0/0, to 0.0.0.0/0
action: SCAN
ip profile: 'session_strict'
exclusive: this profile can be overriden by a recipient profile
SMTP: is disabled, and difference are NOT allowed
History
FortiMail v3.0
New.
Related topics
•
get ip_profile
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
61
�ip_pool
get
ip_pool
Use this command to list information about IP pool policies.
Syntax
get ip_pool {}
If you do not specify a policy name, the command returns a list of the IP pool policies, by name and ID
number. If you specify a policy name, the command lists the IP ranges defined in the policy.
History
FortiMail v3.0 MR3 New.
Related topics
62
•
get ip_profile
•
set ip_pool
•
set ip_pool add_entry
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
ip_profile
ip_profile
Use this command to list information about IP profiles.
Syntax
get ip_profile []
If you do not specify a profile name, the command provides a list of the IP profiles.
If you specify a profile name, the command lists detailed information about that IP profile.
Example
FortiMail-400 # get ip_profile session_loose
smtpin configuration for "session_loose"
connection: rate limiting per IP is disabled
this box will NOT be hidden from the server
connection limiting per IP is disabled
total connection limiting is disabled
preventing connections to blacklisted SMTP is disabled
idle timeout is disabled
session: checking HELO/EHLO chars is disabled
HELO/EHLO rewrite is disabled
disallowing encrypted links is disabled
allow pipelining NO
strict synax checking is disabled
splice is disabled
ACK EOM before anti-spam is disabled
Send DSN to sender when spam detected is disabled
(for unauthorised links)
checking sender domain is disabled
checking recipient domain is disabled
reject empty domains is disabled
open relay checking is disabled
RCPT/HELO/MAIL domain check is disabled
limits: max number of recipients per email is 500
no helo/ehlo per session
no email per session
max supported message size is 10485760
max supported header size is 32768
no NOOP restrictions
no RSET restrictions
errors: no "free" errors
there is no initial error delay
subsequent errors use the initial delay
the link will not disconnect because of errors
lists: sender white list checking is disabled
sender black list checking is disabled
recipient white list checking is disabled
recipient black list checking is disabled
sender reputation: sender reputation list checking is disabled
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
63
�ip_profile
get
History
FortiMail v3.0
New.
Related topics
•
64
get ip_policy
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
ldap_profile
ldap_profile
Use this command to display all the settings of the specified LDAP profile.
Syntax
get ldap_profile profile
is the LDAP profile name.
To see a list of LDAP profiles, enter get ldap_profile profile ?.
History
FortiMail v3.0
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
65
�limits
get
limits
Use this command to display all the settings of the limits command.
Syntax
get limits
is the LDAP profile name.
To see a list of LDAP profiles, enter get ldap_profile profile ?.
Example
If you enter the gets limits command on a FortiMail-400 unit, the output will be similar to this:
FortiMail-400 # get limits
domain level limits
domains with 2 tier admin
admins per domain
policies per domain
profiles per domain
25
5
40
5
(25
(5
(40
(5
)
)
)
)
[500]
[5]
[40]
[5]
system level limits
admin count
20
(20
) [20]
total domains
500
(500 ) [500]
total user groups
100
(100 ) [100]
members per user group
50
(50
) [50]
profile count
50
(50
) [50]
ip policy count
40
(40
) [40]
outgoing policy count
500
(500 ) [500]
as profile count
*175
(*175 ) [175]
av profile count
*175
(*175 ) [175]
content profile count
*175
(*175 ) [175]
ip profile count
*175
(*175 ) [175]
all shared memory size
13954552 (13954552) [268435456] bytes
dynamic shared memory size 10273300 (10273300) [268435456] bytes
(numbers in brackets indicates value to use on next reboot)
[numbers in square brackets indicates maximum allowable values]
(numbers preceeded by * are automatically calculated)
History
FortiMail v3.0 MR3 New.
Related topics
66
•
set limits domain-level
•
set limits system-level general
•
set limits system-level groups
•
set limits system-level mail-users
•
set limits system-level other-profiles
•
set limits system-level policies
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
log elog
log elog
FortiMail v3.0
New.
Use this command to display the event log messages that have been saved to local hard disk or
remote syslog server.
Syntax
get log elog
History
FortiMail v3.0
New.
Related topics
•
set log policy destination event
•
set log setting local
•
set log setting syslog
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
67
�log logsetting
get
log logsetting
Use this command to display:
•
the log to locations and whether logging to that location is turned on or off.
•
the log severity level for each log location
•
log file size
•
log time
•
log option setting when disk is full
Syntax
get log logsetting
Example
FortiMail-400 # get log logsetting
Log to remote syslog server 1: OFF :514 level: emergency facility: kern
CSV:OFF
Log to remote syslog server 2: OFF :514 level: emergency facility: kern
CSV:OFF
Log to Console:
OFF level: emergency
Log to Local Host:
ON level: information
Log file size: 10 Megabytes
Log time: 10 days
When reaching log file size or log time:
Overwrite
History
FortiMail v3.0
New.
Related topics
68
•
set log setting local
•
set
•
set log setting syslog
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
log msisdn
log msisdn
Use this command to find out if the MSISDN column is enabled.
Use the set log msisdn command to enable the MSISDN column to display in Log & Report >
Logging.
Syntax
get log msisdn
History
FortiMail v3.0 MR3 New.
Related topics
•
set log msisdn
•
set log view fields
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
69
�log policy
get
log policy
Use this command to display information about log policies by destination and log type.
Syntax
To view which types of logging are enabled for each destination:
get log policy
To view detailed information about which types of logging are enabled for a destination:
get log policy [destination {syslog [number
] | local | console}]
To view detailed information about a particular type of logging enabled for a destination:
get log policy [destination {syslog number | local | console}
{event | history | spam | virus}]
Example
FortiMail-400 # get log policy destination syslog number 1 event
syslog 1 event:
status: enable
configuration:
ON
ha:
OFF
login:
ON
pop3:
ON
smtp:
ON
system:
ON
updatefailed:
ON
updatesucceeded: OFF
webmail:
ON
History
FortiMail v3.0
New.
Related topics
70
•
set log policy destination event
•
set log policy destination spam
•
set log policy destination virus
•
set log setting local
•
set
•
set log setting syslog
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
log query
log query
Use this command to display all available log query reports, for example,
Top_Remote_Virus_Domain_by_Hour_of_Day. The total number of query reports displays at the
bottom of the list.
Syntax
get log query
History
FortiMail v3.0
New.
Related topics
•
set log reportconfig qry
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
71
�log reportconfig
get
log reportconfig
Use this command to display the settings in a saved log report configuration. The two default reports
that become available after setting up your FortiGate unit with the quick start wizard, are also available
for this command.
Syntax
get log reportconfig
is the log report configuration name. For a list of all saved log report
configurations, enter “?” as the name.
History
FortiMail v3.0
New.
FortiMail v3.0 MR3 The keywords, predefined_report_yesterday and
predefined_report_last_week were added.
Related topics
72
•
set log reportconfig direction
•
set log reportconfig domain
•
set log reportconfig mailto
•
set log reportconfig period
•
set log reportconfig qry
•
set log reportconfig schedule hour
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
log view
log view
Use this command to display what columns display in Log & Report > Logging for event, history,
spam, and virus logs.
Use the set log view command to set the fields to display and the log severity level.
Syntax
get log view {event | history | spam | virus}
History
FortiMail v3.0
New.
Related topics
•
set log view fields
•
set log view loglevel
•
set log policy destination event
•
set log policy destination spam
•
set log policy destination virus
•
set log policy destination history
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
73
�mailserver
get
mailserver
Use this command to display the FortiMail email system settings.
Syntax
get mailserver
Example
FortiMail-400 # get mailserver
dead mail kept:
mail storage:
Centralized Quarantine:
maximum message size:
POP3 server port:
SMTP authentication:
SMTP over SSL:
SMTP server port:
SMTPS server port:
1 days
local disk
Disabled
10 MB
110
enabled
disabled
25
465
Relay server disabled
History
FortiMail v3.0
New.
FortiMail v3.0 MR3 Updated output.
Related topics
74
•
get mailserver access
•
get mailserver archive
•
get mailserver localdomains
•
get mailserver smtp
•
get mailserver systemquarantine
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
mailserver access
mailserver access
Use this command to display the permissions for sending and receiving email for each domain.
Syntax
get mailserver access
History
FortiMail v3.0
New.
Related topics
•
get mailserver
•
get mailserver archive
•
get mailserver localdomains
•
get mailserver smtp
•
get mailserver systemquarantine
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
75
�mailserver archive
get
mailserver archive
Use this command to display information about email archiving.
Syntax
To view email archiving account settings:
get mailserver archive
For other information:
get mailserver archive {exemptlist | local | policy | remote}
Option
Description
exemptlist
Display the archiving policy exceptions that exempt certain email from being archived.
local
Display the disk quota for archiving to the local hard disk.
policy
Display the email archiving policies.
remote
Display the settings for remote archiving via FTP or SFTP.
Example
This example shows the output without options.
FortiMail-400 # get mailserver archive
email archiving destination: local
email archiving account:
archive
email archiving forward:
email archiving status:
disabled
Mailbox rotate size:
100 Megabytes
Mailbox rotate time:
7 Days
When reaching disk quota:
Overwrite
History
FortiMail v3.0
New.
Related topics
76
•
get mailserver
•
get mailserver access
•
get mailserver localdomains
•
get mailserver smtp
•
get mailserver systemquarantine
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
mailserver localdomains
mailserver localdomains
Use this command to display information about the domains added to the FortiMail unit. This is
available in server mode only.
Syntax
get mailserver localdomain
History
FortiMail v3.0
New.
Related topics
•
get mailserver
•
get mailserver access
•
get mailserver archive
•
get mailserver smtp
•
get mailserver systemquarantine
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
77
�mailserver smtp
get
mailserver smtp
Use this command to display settings for SMTP email.
Syntax
get mailserver smtp
Variables
Description
Enter the setting, one of:
deferbigmsg
Display the times to start and stop delivering messages
deferred because of their size.
dsn_displayname
Display the sender name used in DSN messages.
dsn_sender
Display the sender address used in DSN messages.
queue
Display the parameter settings for time outs and retries for
undelivered mail in queues.
History
FortiMail v3.0
New.
FortiMail v3.0 MR2 Added queue keyword.
Related topics
78
•
get mailserver
•
get mailserver access
•
get mailserver archive
•
get mailserver localdomains
•
get mailserver systemquarantine
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
mailserver systemquarantine
mailserver systemquarantine
Use this command to display the system quarantine settings. The system quarantine is used for mail
matching content profiles.
Syntax
get mailserver systemquarantine
Example
FortiMail-400 # get mailserver systemquarantine
system(content) quarantine account:
systemquarantine
system(content) quarantine forward:
system(content) quarantine disk quota: 1 GB
system(content) quarantine rotate size: 100 Megabytes
system(content) quarantine rotate time: 7 Days
When reaching disk quota:
Overwrite
History
FortiMail v3.0
New.
Related topics
•
get mailserver
•
get mailserver access
•
get mailserver archive
•
get mailserver localdomains
•
get mailserver smtp
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
79
�misc profile
get
misc profile
Use this command to display the misc profile settings. Available in server mode only.
Syntax
get misc []
If you do not specify a profile name, the command displays information for all misc profiles.
Example
FEServer # get misc profile misc_def
Misc profiles
id=0, name=misc_def
User Account Status: enabled
Webmail Access: enabled
disk quota: 100
History
FortiMail v3.0
80
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
out_content
out_content
Use this command to display outgoing content profile settings.
Syntax
get out_content []
is the name of an outgoing content profile.
If you do not specify a profile, the command shows the settings of all outgoing content profiles.
History
FortiMail v3.0
New.
Related topics
•
get out_policy
•
get out_profile
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
81
�out_policy
get
out_policy
Use this command to display outgoing recipient-based policy settings.
Syntax
get out_policy []
is the name of an outgoing policy.
If you do not specify a policy, the command shows the settings of all outgoing policies.
History
FortiMail v3.0
New.
Related topics
82
•
get out_content
•
get out_profile
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
out_profile
out_profile
Use this command to display outgoing antispam profile settings.
Syntax
get out_profile []
is the name of an outgoing antispam profile.
If you do not specify a profile, the command shows the settings of all outgoing profiles.
History
FortiMail v3.0
New.
Related topics
•
get out_content
•
get out_policy
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
83
�policy
get
policy
Use this command to display incoming recipient-based policies for domains. This is available only in
transparent and gateway modes.
Syntax
get policy []
is the domain’s fully-qualified domain name.
If you do not specify a domain, the command shows the policies of all domains.
History
FortiMail v3.0
New.
Related topics
•
84
get out_policy
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
spam deepheader
spam deepheader
Use this command to display the deep header scan settings.
Syntax
get spam deepheader
Example
FortiMail-400 # get spam deepheader
Deep header scanner setting:
Confidence degree : 95.000000
IP list of trusted server:
Trusted IP list :
History
FortiMail v3.0 MR1 New.
Related topics
•
set as profile modify deepheader
•
set out_profile profile modify deepheader
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
85
�spam heuristic rules
get
spam heuristic rules
Use this command to display the total number of heuristic antispam rules. The number of rules can
change as the FortiGuard service updates the heuristic rule set.
Syntax
get spam heuristic rules
Example
FortiMail-400 # get spam heuristic rules
The total amount of rules is: 88
History
FortiMail v3.0
New.
FortiMail v3.0 MR1 Removed keywords desc, disabled, index, modified, name, status,
because the heuristic rules are now maintained by the FortiGuard service.
Related topics
86
•
set as profile modify heuristic
•
set out_profile profile modify heuristic
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
spam retrieval policy
spam retrieval policy
Use this command to display spam retrieval policy information for a domain. This is available in
transparent and gateway modes only.
Syntax
get spam retrieval policy
is the fully qualified domain name.
History
FortiMail v3.0
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
87
�system
get
system
Use this command to display system information.
Syntax
get system -
88
-
Description
admin
Display the current list of FortiMail administrator accounts including the
user name, the IP address and netmask from which this account can
manage the FortiMail unit, and the account read and write permissions.
appearance
Display the product name and bottom logo URL for the system logon
page.
autoupdate
Display the antivirus engine version, antivirus definition version, update
configuration, and update status.
ddns
Display the dynamic DNS information.
disclaimer
Display settings for header and body disclaimers for both incoming and
outgoing email.
dns
Display the IP addresses of the primary and secondary DNS servers that
the FortiMail unit uses for DNS lookups.
ha
Display HA status and configuration information for a FortiMail unit
operating in active-passive or config only HA mode. If the FortiMail unit is
operating in active-passive HA mode, the command displays the HA
original and effective mode (also known as the HA configured and
effective operating modes respectively), HA main and daemon
configuration settings, and also lists peers in the HA group. If the FortiMail
unit is operating in config only HA mode this command displays the HA
mode (cmaster or cslave) and HA main and daemon configuration
settings. If the FortiMail unit is operating in config only HA mode this
command also displays the master configuration.
hwraid
Display the RAID settings.
interface
Display the configuration and status of all FortiMail unit network
interfaces.
kernel
Display the kernel parameter configuration.
localdomainname
Display the name of the local domain.
monitor
Display the network interface monitoring configuration and status.
objver
Display the antivirus engine and virus definition versions, contract expiry
date, and last update attempt result information.
option
Display system options, including system idle timeout, authentication
timeout, and language for the web-based manager.
performance
Display the FortiMail unit system performance, including CPU usage,
memory usage, and uptime.
route table
Display the FortiMail unit static routing table. For each route in the routing
table, the command displays the route number, the destination IP address
and netmask, and the gateways and interface for each static route.
serialno
Display the FortiMail unit serial number.
snmp community
Display the configuration and status of each defined SNMP community
including community name, status, hosts, queries, traps, and events
configured.
snmp sysinfo
Display the SNMP system information including the location, description
and contact information for this FortiMail unit. This information is
associated with the FortiMail unit’s SNMP information when it is being
managed.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
system
-
Description
snmp threshold
Displays the SNMP threshold settings for available traps such as CPU
usage, and memory usage.
status
Display system status information.
time ntp
Display the NTP configuration, including whether NTP is enabled, the
NTP server IP address, and the NTP synchronization interval.
time time
Display the system date, time, time zone, and whether daylight saving
time is enabled.
usrgrp domain
Display a list of the configured domain names.
usrgrp domain [
]
Display the user groups, including members of each user group, for the
specified domain.
History
FortiMail v3.0
New.
FortiMail v3.0 MR3 Added ddns, and localdomainname keywords.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
89
�user
get
user
Use this command to display information about users.
Syntax
get user -
-
Description
alias
Display each user alias name and the included members.
group
Display each user group name and the included members.
This is available only in server mode.
ldap map
This is available only in server mode.
mail
Display email accounts information, including user names and display
names. This is available in server mode only.
map
Display a list of user mappings.
This is available only in gateway and transparent modes.
History
FortiMail v3.0
New.
Related topics
•
90
get userpolicy
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�get
userpolicy
userpolicy
Use this command to display the policy for a specified user. This is available in server mode only.
Syntax
get userpolicy
is the user name.
History
FortiMail v3.0
New.
Related topics
•
get user
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
91
�userpolicy
92
get
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
set
This chapter describes the following commands:
alertemail configuration mailto
mailserver access
alertemail deferq
mailserver archive ...
alertemail setting option
mailserver deadmail
antivirus
mailserver portnumber
as blacklistaction
mailserver proxy smtp interface
as control autorelease, as control bayesian
mailserver proxy smtp unknown
as greylist
mailserver relayserver
as profile delete
mailserver smtp ...
as profile modify ...
mailserver systemquarantine
as spamreport
misc profile delete
as trusted
misc profile modify ...
auth imap rename-to, auth imap server
misc profile rename-to
auth pop3 rename-to, auth pop3 server
out_content delete
auth radius rename-to, auth radius server
out_content modify ...
auth smtp rename-to, auth smtp server
out_policy profile delete
av delete
out_policy modify
av modify ...
out_policy move-to, out_policy rename-to
av rename-to
out_profile profile delete
console
out_profile profile modify ...
content delete, content modify ...
out_profile profile rename-to
fshd
policy delete
ip_policy ...
policy modify ...
ip_pool ...
spam deepheader
ip_profile ...
spam retrieval policy
ldap_profile ...
system ...
limits ...
user
log msisdn
userpolicy delete
log policy destination ...
userpolicy modify
log reportconfig ...
userpolicy move-to
log setting ...
userpolicy rename-to
log view fields, log view loglevel
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
93
�alertemail configuration mailto
set
alertemail configuration mailto
Use this command to set the email addresses of up to three alert email recipients.
Syntax
To set email recipients:
set alertemail configuration mailto []
[]
To remove all email recipients:
set alertemail configuration mailto none
Variables
Description
Default
Enter an email address in the form, name@emaildomain. You can add No default.
only three email addresses.
History
FortiMail v2.8
New.
Related topics
94
•
set alertemail deferq
•
set alertemail setting option
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
alertemail deferq
alertemail deferq
Use this command to configure the deferred email queue alert email conditions. You can set the
number of deferred messages that trigger an alert email message, and how frequently the size of the
deferred queue is monitored. This is effective only if alertemail setting option deferq is set.
Syntax
set alertemail deferq trigger interval
Variables
Description
Default
Set the size that the deferred email queue must reach to cause an alert 10 000
email to be sent. The range is 1 to 99999.
Set the interval in minutes between checks of deferred queue size. This 30
can be any number greater than zero.
History
FortiMail v2.8
New.
Related topics
•
set alertemail configuration mailto
•
set alertemail setting option
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
95
�alertemail setting option
set
alertemail setting option
Use this command to set which alert email events are enabled. To disable all alert email events, use
the none option.
Syntax
set alertemail setting option { | none}
Variables
Description
Default
A space-delimited list of events that trigger alert email.
Valid options are:
No default.
virusincidents
Viruses detected.
critical
FortiMail unit detects a system error.
diskfull
The FortiMail unit hard disk is full.
archivefailure
Archiving to the remote host has failed.
ha
There is High Availability (HA) activity on the
FortiMail unit.
quotafull
An account reached its disk quota.
dictionary
A dictionary is corrupt.
systemquarantine
System quarantine reached its quota.
deferq
The deferred mail queue exceeds the
number of messages specified in set
alertemail deferq trigger.
none
No events.
Example
To enable alert email for full hard disk and account quota reached
set alertemail setting option diskfull quotafull
History
FortiMail v2.8
New.
Related topics
96
•
set alertemail configuration mailto
•
set alertemail deferq
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
antivirus
antivirus
Use this command to enable or disable antivirus scanning. This command is available in server mode
only.
Syntax
set antivirus {enable | disable}
History
FortiMail v3.0
New.
Related topics
•
set ip_policy as
•
set policy modify user
•
set out_policy modify
•
set userpolicy modify
•
get antivirus
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
97
�as blacklistaction
set
as blacklistaction
Use these commands to set the action to take when an email message arrives from a blacklisted email
address, domain, or IP address. This setting affects mail matching all three levels of black lists:
system, session, and user.
Syntax
set as blacklistaction {reject | discard | profile}
Keywords and Variables Description
Default
reject
Reject the message and return an error to the computer attempting to
deliver it.
discard
Accept the message but discard it without notifying the sending system.
profile
Use the setting in the anti-spam profile active for the blacklisted message.
reject
History
FortiMail v3.0
New.
Related topics
•
98
set as profile modify whitelistword
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as bounceverify
as bounceverify
Use these commands to configure the bounce verification feature.
Spammers sometimes use the email addresses of others as the from address in their spam email
messages. When the spam cannot be delivered, a delivery status notification message, or a bounce
message, is returned to the sender, which in this case isn’t the real sender. Because the invalid
bounce message is from a valid mail server, it can be very difficult to detect as invalid.
You can combat this problem with bounce verification.
Syntax
set
set
set
set
set
as
as
as
as
as
bounceverify
bounceverify
bounceverify
bounceverify
bounceverify
action {discard | reject | profile}
autodeletepolicy {0 | 1 | 2 | 3 | 4}
keys {activate | add | delete}
status {enable | disable}
tagexpiry
Keywords and Variables Description
action {discard |
reject | profile}
Default
If a bounce message is invalid, this setting determines what the FortiMail
unit will do with it.
• discard will have the FortiMail unit accept the message and silently
delete it. Neither the sender nor the recipient will be informed.
• reject will have FortiMail unit reject the message. The system attempting
delivery will receive an error.
• profile will have the FortiMail unit use the action set in the applicable
antispam profile.
autodeletepolicy
Inactive keys will be removed after being unused for the selected time
{0 | 1 | 2 | 3 | 4} period.
• 0. Never automatically delete an unused key.
• 1. Delete a key when it hasn’t been used for 1 month.
• 2. Delete a key when it hasn’t been used for 3 months.
• 3. Delete a key when it hasn’t been used for 6 months.
• 4. Delete a key when it hasn’t been used for 12 months.
The active key will not be automatically removed.
keys {activate |
add | delete}
Bounce verification keys can be activated, added, and deleted.
• activate allows you to specify which key will be used to generate email
message tags. Only one key can be active.
• add allows you to create a new key by entering the key string.
• delete allows you to delete an existing key by entering the key string.
status {enable |
disable}
Enable or disable bounce verification. Tag checking can be bypassed in
each ip profile.
tagexpiry
Enter the number of days an email tag is valid. When this time elapses, the
FortiMail unit will treated the tag as invalid.
History
FortiMail v3.0 MR4 New.
Related topics
•
set ip_profile sendervalidation
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
99
�as control autorelease
set
as control autorelease
Use these commands to set the control account names used to delete or release email messages from
quarantine.
Syntax
set as control autorelease {delete | release}
Keywords and Variables Description
Default
delete
This keyword sets the email address ID used to delete quarantined delete-ctrl
messages.
release
This keyword sets the email address ID used to release
quarantined messages.
This is an email address ID. It is not a full email address, but only
the portion before the @ symbol.
release-ctrl
The autorelease address IDs do not include a domain. The sender must use the domain appearing in
their email address. This allows the autorelease address IDs to be valid for any domain configured on
the FortiMail unit.
Example
To make the addresses more descriptive by setting the delete account ID to quarantine_delete
and the release account to quarantine_release, enter these two commands:
set as control autorelease delete quarantine_delete
set as control autorelease release quarantine_release
A user with the email address user1@example.com would delete message from their quarantine by
sending deletion requests to quarantine_delete@example.com. Similarly, this user would release
quarantined email by sending release request messages to quarantine_release@example.com.
History
FortiMail v3.0
New.
Related topics
100
•
set spam retrieval policy
•
set as spamreport
•
set as profile modify quarantine
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as control bayesian
as control bayesian
Use these commands to set the names for Bayesian control accounts.
Syntax
set
set
set
set
set
as
as
as
as
as
control
control
control
control
control
bayesian
bayesian
bayesian
bayesian
bayesian
is-spam
is-not-spam
learn-is-spam
learn-is-not-spam
training-group
Keywords and Variables Description
Default
is-spam
FortiMail end users can send spam messages that were
incorrectly treated as non-spam to this account to inform
the Bayesian antispam check of its mistake.
is-spam
is-not-spam
FortiMail end users can send non-spam messages that
were incorrectly treated as spam to this account to inform
the Bayesian antispam check of its mistake.
is-not-spam
learn-is-spam
End users send known spam to this account to train the
FortiMail unit.
Based on the sender’s email address, the FortiMail unit
uses the information received to train the sender’s
Bayesian database.
learn-is-spam
learn-is-not-spam
End users send existing non-spam email to this account to
train the FortiMail unit.
Based on the sender’s email address, the FortiMail unit
uses the information received to train the sender’s
Bayesian database.
learn-is-not-spam
training-group
This account contains a system-wide spam database set up default-grp
by the administrator.
Using this account name as the “from” address, the
administrator sends confirmed spam to the “learn-is-spam”
user account and good email to the “learn-is -not -spam”
user account to do group Bayesian training.
If an individual user’s Bayesian database does not contain
sufficient information for spam scanning, it will use the data
received from the training group user account to scan
spam.
This is the name for this account. Users send messages to the email address
composed of this name, followed by “@”, followed by the email domain.
This is the ‘from’ name used when sending mail to one of the other four accounts.
Mail can be sent to correct incorrectly categorized mail, or to train the Bayesian
database with new mail. Administrators send messages from the email address
composed of this name, followed by “@”, followed by the email domain.
Example
An administrator wants to change two of the Bayesian control account names. He knows his users will
be better able to remember the addresses user to train the database with new messages if they
include the word ‘train’:
The learn-is-spam command becomes train-is-spam and the learn-is-not-spam command becomes
train-is-not-spam. To make these changes, enter these commands:
set as control bayesian learn-is-spam train-is-spam
set as control bayesian learn-is-not-spam train-is-not-spam
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
101
�as control bayesian
set
A user with the email address user1@example.com who received a spam message not marked as
spam would send it to is-spam@example.com to inform the Bayesian database of its error. Similarly, a
good message incorrectly marked as spam would be forwarded to is-not-spam@example.com. These
two control address IDs are the defaults, and the domain is taken from the user’s email address
domain.
The two control address IDs the administrator modified are for training the Bayesian database with
messages that have not been examined by the Bayesian filter. The user with the email address
user1@example.com would submit spam messages to train-is-spam@example.com and good
messages to train-is-not-spam@example.com.
To perform group training of the example.com group database or the global database (which ever is
enabled) without similarly training his own user database, the administrator would send spam
messages to train-is-spam@example.com and good messages to train-is-not-spam@example.com,
from training-group@example.com instead of his own email address.
Similarly, incorrectly classified messages can be submitted to the group/global database by the
administrator using the training-group@example ‘from’ address to prevent these corrections from
affecting his personal Bayesian database.
History
FortiMail v3.0
New.
Related topics
102
•
set as profile modify bayesian
•
set as profile modify actions
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as greylist
as greylist
Use these command to configure the greylist settings.
Syntax
set
set
set
set
set
as
as
as
as
as
greylist
greylist
greylist
greylist
greylist
capacity
exempt {add | delete}
greylistperiod
initial_expiry_period
ttl
Keywords and Variables
Description
Default
capacity
Use this command to set the maximum number of greylist items
varies
stored in the greylist database. New items causing the greylist
database to grow larger than the set capacity will overwrite the oldest
item.
• is the maximum number of items in the greylist
database.
The default value and acceptable range varies by FortiMail model. To
display the currently set capacity, use the get as greylist
command.
To determine the available capacity range for your FortiMail model,
enter a question mark for the capacity value and execute the
command.
exempt {add | delete}
Use this command to add or delete addresses from the greylist
exemption list.
• can be an email address, IP address, a subnet, or a
domain.
greylistperiod
Use this command to set the length of time the FortiMail unit will
20
continue to reject messages with an unknown to/from/IP. After this
time expires, any resend attempts will have the to/from/IP data added
to the greylist and subsequent messages will be delivered
immediately.
• is the greylisting period in minutes. Acceptable
values range from 1 to 120 minutes.
initial_expiry_period
Use this command to set the length of time after the initial message 4
that the FortiMail unit will keep record of a message with an unknown
to/from/IP. If the mail server resends a message before the initial
expiry period expires, it will be accepted. If the message is received
after the initial expiry period, the FortiMail treats the delivery as new
and rejects the message with a temporary fail.
Note that both the greylist period and the initial expiry period are
calculated from the time the first message is received and a
temporary fail is returned. Consequently, a 20 minute greylist period
and a 4 hour initial expiry period will result on a 3 hours and 40
minutes window for delivery of the message to fulfill the greylist
requirements and be accepted.
• is the initial expiry period in hours. Acceptable values
range from 4 to 24 hours.
ttl
Use this command to set the greylist time-to-live (TTL) value. TTL
determines how long the to/from/IP data will be retained in the
FortiMail unit’s greylist. When the entry expires, it is removed and
new messages are again rejected until the sending server attempts
to deliver the message again.
• is the time to live in days. Acceptable values range
from 1 to 60 days.
10
History
FortiMail v3.0
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
103
�as greylist
set
Related topics
•
104
set as profile modify greylist
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as mms_reputation
as mms_reputation
The MMS Reputation menu enables you to configure MSISDN blacklisting and whitelisting.
When used on a mobile phone network, the FortiMail unit can examine text messages for spam. If a
user sends multiple spam messages, all messages from the user will be blocked for a time. The
number of spam messages and the length of time further messages will be blocked are configurable.
MSISDN reputation is enabled in the session profile. The auto blacklist score trigger, and the auto
blacklist duration are configured in the session profile.
Syntax
set as mms_reputation settings autoblacklist window
Keywords and Variables Description
window
Default
MSISDN reputation functions by detecting whether a sender is responsible 15
for more than a certain number of spam messages within the auto blacklist
window duration. This duration is set by specifying the Auto blacklist
Window Size in minutes.
History
FortiMail v3.0 MR4 New.
Related topics
•
set ip_profile mms_reputation
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
105
�as profile delete
set
as profile delete
Use this command to delete an antispam profile.
Syntax
set as profile delete
is the name of the profile.
History
FortiMail v3.0
106
New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify actions
as profile modify actions
Use these commands to modify the actions of an antispam profile.
Reject, discard, and forward are mutually exclusive. No more than one can be enabled at any time. If
the specified profile does not exist, it is created.
Syntax
set
set
set
set
set
as
as
as
as
as
profile
profile
profile
profile
profile
modify
modify
modify
modify
modify
actions
actions
actions
actions
actions
discard {enable | disable}
emailaddr
forward {enable | disable}
reject {enable | disable}
summary {enable | disable}
Keywords and Variables
Description
This is the name of the antispam profile.
discard {enable | disable} Enable or disable discarding spam without sending reject
responses to the senders.
emailaddr
Enter the email address to which messages are forwarded
when forwarding is enabled.
forward {enable | disable} Enable or disable forwarding of spam messages.
reject {enable | disable}
Enable or disable the FortiMail unit to reject spam and send
reject responses to the sending system.
Default
disable
No default
disable
disable
summary {enable | disable} Enable or disable the generation of a report for users who have enable
quarantined spam.
History
FortiMail v3.0
New.
Related topics
•
set as profile modify quarantine
•
set as profile modify individualaction scanner
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
107
�as profile modify auto-release
set
as profile modify auto-release
Use these commands to configure the auto-release settings for an antispam profile.
Syntax
set as profile modify auto-release {enable | disable}
[webrelease {enable | disable} [autowhitelist {enable | disable}]]
Keywords and variables
Description
Default
Enter the name of the antispam profile to modify.
auto-release
{enable | disable}
Auto-release enables the user to release or delete quarantined spam
via email.
webrelease
{enable | disable}
Webrelease enables the user to release or delete quarantined spam via disable
HTTP, with a click from the spam report.
autowhitelist
{enable | disable}
Autowhitelist examines messages the user sends and automatically
adds the destination email addresses to their personal white list.
enable
disable
History
FortiMail v3.0
New.
Related topics
108
•
set as control autorelease
•
set as profile modify quarantine
•
set as profile modify whitelistword
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify bannedword
as profile modify bannedword
Use this command to enable or disable banned word filtering for the specified profile.
Syntax
set as profile modify bannedword {enable | disable}
is the name of the profile. By default, banned word scanning is disabled.
History
FortiMail v3.0
New.
Related topics
•
set as profile modify bannedwordlist
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
109
�as profile modify bannedwordlist
set
as profile modify bannedwordlist
Use these commands to modify the banned word list for an antispam profile.
Syntax
set as profile
set as profile
set as profile
set as profile
modify bannedwordlist add
modify bannedwordlist delete
modify bannedwordlist move-to
modify bannedwordlist rename-to
Keywords and variables Description
Enter the name of the antispam profile to modify.
The word entry you want to modify in the profile’s banned word list.
add
Add the new banned word.
delete
Delete the banned word.
move-to
Change the position of the word in the banned word list. Each word is numbered, the
first is 1, the second 2, and so on.
• is the word’s new position.
rename-to Change the word entry.
History
FortiMail v3.0
New.
Related topics
•
110
set as profile modify bannedword
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify bayesian
as profile modify bayesian
Use these commands to configure Bayesian spam filtering for an antispam profile.
Syntax
set
set
set
set
as
as
as
as
profile
profile
profile
profile
modify
modify
modify
modify
bayesian
bayesian
bayesian
bayesian
autotrain {enable | disable}
scanner {enable | disable}
userdb {enable | disable}
usertrain {enable | disable}
Keywords and variables Description
Default
Enter the name of the antispam profile to modify.
autotrain
{enable | disable}
Enable or disable the use of FortiGuard-Antispam and SURBL filtering
results to train a user Bayesian database that does not have 200 nonspam email entries and 100 spam entries and is therefore not ready to
classify email.
enable
scanner
{enable | disable}
Enable or disable Bayesian filtering for the specified profile.
disable
userdb
{enable | disable}
Enable or disable the use of user Bayesian databases.
disable
usertrain
{enable | disable}
Enable or disable the acceptance of training messages from users.
enable
History
FortiMail v3.0
New.
Related topics
•
set as control bayesian
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
111
�as profile modify deepheader
set
as profile modify deepheader
Use this command to enable or disable deep header scanning or for the specified profile. The two
separate checks that make up the deep header scan can also be individually enabled or disabled.
Syntax
set as profile modify deepheader scanner {enable | disable}
set as profile modify deepheader checkip {enable | disable}
set as profile modify deepheader headeranalysis
{enable | disable}
Keywords and variables Description
Default
Enter the name of the antispam profile to modify.
scanner
{enable | disable}
Enable or disable the deep header scan for the specified profile.
disable
checkip
{enable | disable}
Enable or disable the black IP portion of the deep header scan for the
specified profile.
disable
headeranalysis
{enable | disable}
Enable or disable the headers analysis portion of the deep header scan
for the specified profile.
disable
History
FortiMail v3.0
New.
FortiMail v3.0 MR1
checkip and headeranalysis added.
Related topics
112
•
set as profile modify actions
•
set as profile modify deepheader
•
set as profile modify individualaction scanner
•
set out_profile profile modify deepheader
•
get spam deepheader
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify dictionary
as profile modify dictionary
Use these commands to configure dictionary scans for an antivirus profile. If the any of the words
appearing in the specified dictionary are detected in an email message, the message is treated as
spam.
Syntax
set as profile modify dictionary dict_profile
set as profile modify dictionary scanner {enable | disable}
Keywords and variables
Description
Default
Enter the name of the antispam profile to modify.
dict_profile
Select the dictionary profile to be used for dictionary scans.
• is the dictionary profile number.
No default
scanner
{enable | disable}
Enable or disable dictionary scanning for the specified profile.
disable
History
FortiMail v3.0
New.
Related topics
•
set as profile modify actions
•
set as profile modify individualaction scanner
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
113
�as profile modify dnsbl
set
as profile modify dnsbl
Use this command to enable or disable communication with the DNSBL servers to scan email for the
specified profile. IP addresses defined as private network addresses by RFC 1918 are not checked.
Syntax
set as profile modify dnsbl {enable | disable}
is the name of the profile. By default, the DNSBL lookup is disabled.
History
FortiMail v3.0
New.
Related topics
•
114
set as profile modify dnsblserver
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify dnsblserver
as profile modify dnsblserver
Use these commands to modify the DNSBL server list for an antispam profile.
Syntax
set as profile
set as profile
set as profile
set as profile
modify
modify
modify
modify
dnsblserver
dnsblserver
dnsblserver
dnsblserver
add
delete
move-to
rename-to
Keywords and variables Description
Enter the name of the antispam profile to modify.
The DNSBL server entry you want to modify in the profile.
add
Add the new DNSBL server.
delete
Delete the DNSBL server.
move-to
Change the position of the DNSBL server in the server list. Each entry is numbered,
the first is 1, the second 2, and so on.
• is the entry’s new position.
rename-to Change the DNSBL server hostname.
History
FortiMail v3.0
New.
Related topics
•
set as profile modify dnsbl
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
115
�as profile modify forgedip
set
as profile modify forgedip
Use this command to enable or disable forged IP checking for an antispam profile.
Syntax
set as profile modify forgedip {enable | disable}
is the name of the profile. By default, forged IP checking is disabled.
History
FortiMail v3.0
New.
Related topics
116
•
set as profile modify actions
•
set as profile modify individualaction scanner
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify fortishield
as profile modify fortishield
Use these commands to configure FortiGuard Antispam functions for an antispam profile.
Syntax
set as profile modify fortishield checkip {enable | disable}
set as profile modify fortishield scanner {enable | disable}
Keywords and variables Description
Default
Enter the name of the antispam profile to modify.
checkip
{enable | disable}
Enable or disable FortiGuard-Antispam IP address checking for the
specified profile. IP addresses defined as private network addresses by
RFC 1918 are not checked.
disable
scanner
{enable | disable}
Enable or disable FortiGuard-Antispam scanning for the specified profile.
disable
History
FortiMail v3.0
New.
Related topics
•
set fshd
•
set as profile modify actions
•
set as profile modify individualaction scanner
•
set fshd
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
117
�as profile modify greylist
set
as profile modify greylist
Use this command to enable or disable greylisting for an antispam profile.
Syntax
set as profile modify greylist {enable | disable}
is the name of the profile. By default, greylisting is disabled.
History
FortiMail v3.0
New.
Related topics
118
•
set as greylist
•
set as profile modify actions
•
set as profile modify individualaction scanner
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify heuristic
as profile modify heuristic
Use these commands to configure heuristic scanning for an antispam profile.
Syntax
set as profile modify heuristic lower-level
set as profile modify heuristic scanner {enable | disable}
set as profile modify heuristic upper-level
Keywords and variables Description
Default
Enter the name of the antispam profile to modify.
lower-level
Enter the lower level threshold for heuristic scanning for the specified -20.000000
profile.
scanner
{enable | disable}
Enable or disable heuristic scanning for the specified profile.
rules-percentage
Specify the percentage of the total number of heuristic rules that will 25
be used to examine the message. A larger percentage requires more
system resources.
upper-level
Enter the upper level threshold for heuristic scanning for the specified 10.000000
profile.
disable
History
FortiMail v3.0
New.
FortiMail v3.0 MR1 Added rules-percentage keyword.
Related topics
•
set as profile modify actions
•
set as profile modify individualaction scanner
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
119
�as profile modify imagespam
set
as profile modify imagespam
Use these commands to configure an antispam profile to identify spam messages in which the text is
stored as an embedded graphics file.
Syntax
set set as profile modify imagespam aggressive
{enable | disable}
set set as profile modify imagespam scanner {enable | disable}
Keywords and variables Description
Default
Enter the name of the antispam profile to modify.
aggressive
{enable | disable}
Enable or disable more intensive examination of email messages
containing images.
This option will also force the examination of image file attachments in
addition to embedded images. The additional scanning workload could
affect performance with traffic containing image files.
disable
scanner
{enable | disable}
Enable or disable scanning of email for image-based spam messages.
disable
History
FortiMail v3.0
New.
Related topics
120
•
set as profile modify actions
•
set as profile modify individualaction scanner
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify individualaction scanner
as profile modify individualaction scanner
Use these commands to set the action each spam detection method takes for messages detected as
spam.
Syntax
set as profile modify individualaction
[scanner {bannedword | bayesian | deepheader | dictionary | forgedip |
fortishield | heuristic | imagespam | dnsbl | surbl | virus}]
[action {default | subject | reject | discard | forward | quarantine}]
Keywords and variables
Description
Default
Enter the name of the antispam profile to modify.
scanner {bannedword |
bayesian | deepheader
| dictionary |
forgedip | fortishield
| heuristic |
imagespam | dnsbl |
surbl | virus}
Select the spam detection method.
action {default |
subject | reject |
discard | forward |
quarantine}
Select the action to take when spam is detected.
default
• Set default to use the default action set with theset as
profile modify actions command.
• Set subject to tag the message subject.
• Set reject to reject the message and return an error to the
sending system.
• Set discard to accept the message and delete it without informing
the sending system.
• Set forward to have messages forwarded to the email address
set with the emailaddr keyword of the set as profile
modify actions command.
• Set quarantine to divert spam to the user’s spam quarantine.
No default
History
FortiMail v3.0
New.
Related topics
•
set as profile modify actions
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
121
�as profile modify quarantine
set
as profile modify quarantine
Use these commands to configure quarantine settings for an antispam profile.
Syntax
set as profile modify quarantine days
set as profile modify quarantine queue {enable | disable}
Keywords and variables Description
Default
Enter the name of the antispam profile to modify.
days
Enter the number of days to keep the quarantined email for the specified
profile. Enter 0 to disable.
0
queue
{enable | disable}
Enable or disable the storage of spam in the quarantine for the specified
profile.
disable
History
FortiMail v3.0
New.
Related topics
122
•
set as control autorelease
•
set as spamreport
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify rewrite_rcpt
as profile modify rewrite_rcpt
The rewrite recipient email address feature allows the FortiMail unit to change the recipient email
address if the message is detected as spam. Use these commands to configure the recipient email
address rewrite feature.
Syntax
set as profile modify rewrite_rcpt {enable | disable}
set as profile modify rewrite_rcpt set_part {local | domain}
{none | prefix | replace | suffix} value
Keywords and variables Description
Default
Enter the name of the antispam profile to modify.
rewrite_rcpt
{enable | disable}
Enable to allow the FortiMail unit to replace the recipient email address if disable
the message is detected as spam.
set_part {local |
domain}
Select the portion of the email address to configure. The changes to the
local part (before the ‘@’) and the domain part (after the ‘@’) are
configured separately.
Note that both parts can be configured separately if changes to both parts
are required.
{none | prefix |
replace | suffix}
For each part, select:
• None: The FortiMail unit will not change the specified part of the email
address.
• Prefix: The text you specify with the value keyword will be added to
the beginning of the specified part of the email message.
• Suffix: The text you specify with the value keyword will be added to
the end of the specified part of the email message.
• Replace: The text you specify with the value keyword will replace the
specified part of the email message.
value Enter the text string to be added or used to replace the specified part of
the email address. If no message replacement is specified, the value
keyword is not necessary.
History
FortiMail v3.0 MR4 New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
123
�as profile modify scanoptions
set
as profile modify scanoptions
Use these commands to configure the antispam scanning options.
Syntax
set as profile modify scanoptions attachment_type pdf {enable
| disable}
set as profile modify scanoptions bypass_on_auth {enable |
disable}
set as profile modify scanoptions maxsize
Keywords and variables Description
Default
Enter the name of the antispam profile to modify.
attachment_type pdf Enable to allow the FortiMail unit scan the first page of PDF attachments. disable
{enable | disable} The PDF option allows the heuristic, banned word, and image spam
scanning techniques to examine the contents of PDF files.
If none of these three scanners are enabled, the PDF option will have no
effect.
bypass_on_auth
{enable | disable}
Enable or disable the bypassing of spam scanning when an SMTP
sender is authenticated.
disable
maxsize
Enter the maximum message size, in bytes, that the FortiMail unit will
scan for spam. Messages with sizes exceeding the set limit will not be
scanned for spam.
Enter 0 to scan all messages regardless of size.
0
History
FortiMail v3.0
New.
FortiMail v3.0 MR1 attachment_type pdf added.
Related topics
124
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify surbl
as profile modify surbl
Use this command to enable or disable the checking of mail against defined SURBL servers for an
antispam profile.
Syntax
set as profile modify surbl {enable | disable}
is the name of the profile. By default, SURBL scanning is disabled.
History
FortiMail v3.0
New.
Related topics
•
set as profile modify surblserver
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
125
�as profile modify surblserver
set
as profile modify surblserver
Use these commands to configure the SURBL server list of an antispam profile.
Syntax
set as profile
set as profile
set as profile
set as profile
modify
modify
modify
modify
surblserver
surblserver
surblserver
surblserver
add
delete
move-to
rename-to
Keywords and variables Description
Enter the name of the antispam profile to modify.
The SURBL server entry you want to modify in the profile.
add
Add the new SURBL server.
delete
Delete the SURBL server.
move-to
Change the position of the SURBL server in the server list. Each entry is numbered,
the first is 1, the second 2, and so on. is the entry’s new position.
rename-to Change the SURBL server hostname.
History
FortiMail v3.0
New.
Related topics
•
126
set as profile modify surbl
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814
�set
as profile modify tags
as profile modify tags
Use these commands to configure header and subject tagging for an antispam profile.
Syntax
set
set
set
set
as
as
as
as
profile
profile
profile
profile
modify
modify
modify
modify
tags
tags
tags
tags
htag
header {enable | disable}
stag
subject {enable | disable}
Keywords and variables Description
Default
Enter the name of the antispam profile to modify.
htag 
.