antispam trusted
Use these commands to configure the IP addresses of mail transfer agents (MTAs) that are trusted to:
-
insert genuine
Received:message headers -
perform antispam scans before the FortiMail system.
Received: message headers contain the IP addresses of each MTA that handles an email in route to its destination. The IP addresses can be used by FortiGuard Antispam and DNSBL antispam checks, and SPF and DKIM sender validation. However, they should only be used if you trust that the Received: header added by an MTA is genuine because spam-producing MTAs sometimes insert fake headers containing the IP addresses of legitimate MTAs in an attempt to circumvent antispam measures. Generally, trusted MTAs should only be ones that you control. You can use this command to specify which MTAs can be trusted.
For example, if your protected domains are hosted on Microsoft 365 (Exchange Online) and use SMTP connectors to integrate with FortiMail, then you may trust that the Microsoft 365 MTAs insert valid message headers.
|
Private network addresses, defined in RFC 1918, are not globally unique identifiers, and therefore are not checked. Trusted MTA lists must use the MTA's public IP address instead. |
Similarly, if you can trust that a previous mail hop has already scanned the email for spam, you can add its IP address to the antispam MTA list to omit deep header scans for email that has already been evaluated by that MTA, thereby improving performance.
Syntax
config antispam trusted mta
edit {<smtp_ipv4/mask> | <smtp_ipv6/mask>}
end
config antispam trusted antispam-mta
edit {<smtp_ipv4/mask> | <smtp_ipv6/mask>}
end
|
Variable |
Description |
Default |
|
Enter the IP address and netmask of a trusted MTA. |
|