backend-verify <time_str>

Enter the time of day at which FortiMail will automatically remove invalid per-recipient quarantines. Use the format hh:mm:ss, where hh is the hour according to a 24-hour clock, mm is the minute, and ss is the second.

For example, to begin automatic invalid quarantine removal at 5:30 PM, enter 17:30:00.

bayesian-is-not-spam <local-part_str>

Enter the local-part portion of the email address at which the FortiMail unit will receive email messages that correct false positives.

For example, if the local domain name of the FortiMail unit is example.com and you want to correct the assessment of a previously scanned spam that was actually legitimate email by sending control messages to is-not-spam@example.com, you would enter is-not-spam.

bayesian-is-spam <local-part_str>

Enter the local-part portion of the email address at which the FortiMail unit will receive email messages that correct false negatives.

For example, if the local domain name of the FortiMail unit is example.com and you want to correct the assessment of a previously scanned email that was actually spam by sending control messages to is-spam@example.com, you would enter is-spam.

bayesian-learn-is-not-spam <local-part_str>

Enter the local-part portion of the email address at which the FortiMail unit will receive email messages that train it to recognize legitimate email.

Unlike the is-not-spam email address, this email address will receive email that has not been previously seen by the Bayesian scanner.

For example, if the local domain name of the FortiMail unit is example.com and you want to train the Bayesian database to recognize legitimate email by sending control messages to learn-is-not-spam@example.com, you would enter learn-is-not-spam.

bayesian-learn-is-spam <local-part_str>

Enter the local-part portion of the email address at which the FortiMail unit will receive email messages that train it to recognize spam.

Unlike the is-spam email address, this email address will receive spam that has not been previously seen by the Bayesian scanner.

For example, if the local domain name of the FortiMail unit is example.com and you want to train the Bayesian database to recognize spam by sending control messages to learn-is-spam@example.com, you would enter learn-is-spam.

bayesian-training-group <local-part_str>

Enter the local-part portion of the email address that FortiMail administrators can use as their sender email address when forwarding email to the “learn is spam" email address or “learn is not spam" email address. Training messages sent from this sender email address will be used to train the global or per-domain Bayesian database (whichever is selected in the protected domain) but will not train any per-user Bayesian database.

In contrast, if a FortiMail administrator were to forward email using their own email address (rather than the training group email address) as the sender email address, and per-user Bayesian databases were enabled in the corresponding incoming antispam profile, the FortiMail unit would also apply the training message to their own per-user Bayesian database.

blocklist-action {as-profile | discard | reject}

Select the action that FortiMail performs when an email arrives from or(for per-session profile recipient blocklists) is destined for a blocklisted email address, mail domain, or IP address:

• as-profile: Apply the action selected in the antispam profile. See profile antispam-action.

• discard: Accept the message but delete and do not deliver it, without notifying the SMTP client.

• reject: Reject the message, returning an SMTP error code to the SMTP client.

This setting affects email that matches any system-wide, per-domain, per-session profile, or per-user blocklist.

bounce-verification-action {as-profile | discard | reject}

Select the action that FortiMail will perform if it receives a bounce address tag that is invalid, either:

• as-profile: Apply the action selected in the antispam profile. See profile antispam-action.

• discard: Accept the message but then delete it without notifying the SMTP client.

• reject: Reject the message, replying to the SMTP client with an SMTP rejection code.

bounce-verification-auto-delete-policy {never | one-month | one-year | six-months | three-months}

Inactive keys will be removed after being unused for the selected time period, either:

• never: Never automatically delete an unused key.

• one-month: Delete a key when it hasn’t been used for 1 month.

• three-months: Delete a key when it hasn’t been used for 3 months.

• six-months: Delete a key when it hasn’t been used for 6 months.

• one-year: Delete a key when it hasn’t been used for 12 months.

The active key will not be automatically removed.

bounce-verification-status {enable | disable}

Enable or disable bounce address tagging and verification. Also configure bounce-verification-action {as-profile | discard | reject}, etc.

Tag verification can be bypassed in IP profiles and protected domains.

bounce-verification-tagexpiry <days_int>

Enter the number of days an email tag is valid. When this time elapses, FortiMail will treat the tag as invalid.

Valid range is from 3 to 30 days.

carrier-endpoint-acct-response {enable | disable}

Enable or disable endpoint account validation on the RADIUS server.

carrier-endpoint-acct-secret <password_str>

Enter the shared secret for RADIUS account response and request validation.

carrier-endpoint-acct-validate {enable | disable}

Enable or disable validating shared secret of account requests.

carrier-endpoint-attribute {Acct-Authentic ... Vendor-Specific)

Type the RADIUS account attribute associated with the endpoint user ID. If you have more than one RADIUS server and each server uses different account attribute for the endpoint user ID, you can specify up to five attributes with this command. For example, a 3G mobile network may use the “Calling-Station-ID” attribute while an ADSL network may use the “User-Name” attribute.

A carrier end point is any device on the periphery of a carrier’s or Internet service provider’s (ISP) network. It could be a subscriber’s GSM cellular phone, wireless PDA, or computer using DSL service.

Unlike MTAs, computers in homes and small offices and mobile devices such as laptops and cellular phones that send email may not have a static IP address. Cellular phones’ IP addresses especially may change very frequently. After a device leaves the network or changes its IP address, its dynamic IP address may be reused by another device. Because of this, a sender reputation score that is directly associated with an SMTP client’s IP address may not function well. A device sending spam could start again with a clean sender reputation score simply by rejoining the network to get another IP address, and an innocent device could be accidentally blocklisted when it receives an IP address that was previously used by a spammer.

carrier-endpoint-blocklist-window-size {15m | 30m | 60m | 90m | 120m | 240m | 360m | 480m | 1440m}

Enter the amount of previous time, in minutes, whose score-increasing events will be used to calculate the current endpoint reputation score.

For example, if the window is 15m (15 minutes), detections of spam or viruses 0-15 minutes ago would count towards the current score; detections of spam or viruses older than 15 minutes ago would not count towards the current score.

carrier-endpoint-framed-ip-attr {Framed-IP-
Address | Login-IP-Host | Login-IPv6-Host | NAS-IP-Address | NAS-IPv6-Address}

Specify the RADIUS attribute whose value will be used as the endpoint user IP address.

By default, the endpoint user IP address uses the value of RADIUS attribute 8 (framed IP address).

However, if the endpoint IP address uses the value from different RADIUS attribute name/number other than attribute 8, you can specify the corresponding attribute number with this command.

You can use the command diagnose debug application msisdn to capture RADIUS packets and find out what attribute name/number is used to hold the IP address value.

Note that you can specify multiple values, such as both IPv4 and IPv6 attributes.

carrier-endpoint-framed-ip-order {host-order | network-order}

Select which method to use for endpoint IP address formatting, either:

• host-order: Format IP addresses in host order. The host portion is at the beginning, such as 1.1.168.192.
• network-order: Format IP addresses in network order. The network portion is at the beggining, such as 192.168.1.1.

carrier-endpoint-radius-port <port_int>

Type the RADIUS server port for carrier endpoint account requests.

carrier-endpoint-status {enable | disable}

Enable endpoint reputation scan for traffic examined by the session profile.

This command starts the endpoint reputation daemon. You must start this daemon for the endpoint reputation feature to work.

delete-ctrl-account <local-part_str>

Use this command to configure the email addresses through which email users can delete email from their per-recipient quarantines.

Enter the local-part portion of the email address at which the FortiMail unit will receive email messages that control deletion of email from per-recipient quarantines.

For example, if the local domain name of the FortiMail unit is example.com and you want to delete email by sending control messages to quar_delete@example.com, you would enter quar_delete.

dynamic-safe-list-domain <domain_str>

Enter the domain name of the dynamic safe list.

dynamic-safe-list-state {enable | disable}

Enable the dynamic safe list.

greylist-capacity <maximum_int>

Enter the maximum number of greylist items in the greylist. New items that would otherwise cause the greylist database to grow larger than the capacity will instead overwrite the oldest item.

To determine the default value and acceptable range for your FortiMail model, enter a question mark ( ? ).

greylist-check-level {disable | enable | low | high}

Greylist scanning blocks spam based on the behavior of the sending server, rather than the content of the messages. When receiving an email from an unknown server, the FortiMail unit will temporarily reject the message. If the mail is legitimate, the originating server will try to send it again later (RFC 2821), at which time the FortiMail unit will accept it. Spammers will typically abandon further delivery attempts in order to maximize spam throughput.

Enable/disable greylist check, or set how aggressively to perform greylist check: high or low.

The high level setting greylists all messages from unknown MTAs, while the low level setting will selectively greylist based on the age and reputation of the MTAs: the trusted MTAs will not be greylisted whereas the new untrusted MTAs will be greylisted.

greylist-delay <minutes_int>

Enter the length in minutes of the greylist delay period.

For the initial delivery attempt, if no manual greylist entry (exemption) matches the email message, the FortiMail unit creates a pending automatic greylist entry, and replies with a temporary failure code. During the greylist delay period after this initial delivery attempt, the FortiMail unit continues to reply to additional delivery attempts with a temporary failure code.

After the greylist delay period elapses and before the pending entry expires (during the greylist-init-expiry-period <hours_int>, also known as the greylist window), any additional delivery attempts will confirm the entry and convert it to an individual automatic greylist entry. The greylist scanner will then allow delivery of subsequent matching email messages.

Valid range is from 1 to 120.

greylist-init-expiry-period <hours_int>

Enter the period of time in hours after the greylist-delay <minutes_int>, during which pending greylist entries will be confirmed and converted into automatic greylist entries if the SMTP client retries delivery.

The valid range is between 4 to 24 hours.

greylist-ttl <ttl_int>

Enter the time to live (TTL) that determines the maximum amount of time that unused automatic greylist entries will be retained.

Expiration dates of automatic greylist entries are determined by adding the TTL to the date and time of the previous matching delivery attempt. Each time an email message matches the entry, the life of the entry is prolonged; in this way, entries that are in active use do not expire.

If the TTL elapses without an email message matching the automatic greylist entry, the entry expires and the greylist scanner removes the entry.

The valid range is between 1 to 60 days.

impersonation-analysis-level {aggressive | strict}

Select how to inspect the sender email addresses and display names for impersonation, either:

• aggressive: Check the email domain in the display name in message headers (From:).

• strict: Do not check the email domain in the display name.

For example, if an entry is:

Display name: John Smith

Email address: john.smith@example.com

and example.com is a protected domain, then the aggressive setting will block:

• "John Smith" <spammer@example.net>

• "John.Smith@example.com" <spammer@example.net>

• "OtherUser@example.com" <spammer@example.net>

but the strict setting will not block the last combination.

impersonation-analysis {manual dynamic}

Select which mappings between display names and email addresses to use for impersonation analysis:

• manual: the mappings between display names and email addresses that you manually enter in config profile impersonation.

• dynamic: Use the mappings automatically learned by the FortiMail mail statistics service from outgoing messages. To enable this service, configure mailstat-service {enable | disable}.

qr-code-image-max-size <kb_int>

Enter the maximum size (in kilobytes) to scan for QR code images that contain known spam URLs.

qr-code-url-scan-archive {enable | disable}

Enable scanning for QR code images in archive attachments such as ZIP files.

This setting applies only if attachment-image is selected in qr-code-url-scan-option {attachment-image inline-image}

Note: Top level of nested archive only. Password-protected archives not supported.

qr-code-url-scan-option {attachment-image inline-image}

Select which location(s) to scan for QR code images that contain known spam URLs.

• inline-image: Embedded inline, in the email body.
• attachment-image: Email attachments. If you want to scan for QR code images inside of other files, also configure qr-code-url-scan-archive {enable | disable} and qr-code-url-scan-pdf {enable | disable}.

qr-code-url-scan-pdf-max-page <limit_int>

Enter the maximum number of pages that FortiMail will scan in each Adobe PDF document attachment.

Note: Scanning more pages can decrease throughput speed.

qr-code-url-scan-pdf {enable | disable}

Enable scanning for QR code images in Adobe PDF document attachments. Also configure qr-code-url-scan-pdf-max-page <limit_int> and scan-pdf {enable | disable}

If you want to scan PDFs inside of archives, also configure qr-code-url-scan-archive {enable | disable}.

This setting applies only if attachment-image is selected in qr-code-url-scan-option {attachment-image inline-image}

qr-code-url-scan-status {enable | disable}

Enable to scan for QR code images that contain known spam URLs. Also configure qr-code-image-max-size <kb_int> and qr-code-url-scan-option {attachment-image inline-image}.

If a QR code is found, then it is scanned by URL filtering methods if they are enabled, such as FortiSandbox and FortiGuard URL filtering.

release-ctrl-account <local-part_str>

Use this command to configure the email addresses through which email users can release email from their per-recipient quarantines.

Enter the local-part portion of the email address at which the FortiMail unit will receive email messages that control deletion of email from per-recipient quarantines.

For example, if the local domain name of the FortiMail unit is example.com and you want to delete email by sending control messages to quar_delete@example.com, you would enter quar_delete.

safe-block-list-entry-auto-aging-status {enable | disable}

Enable to automatically delete unused entries in the safe lists and block lists that are older than safe-block-list-entry-retention safe <days_int>.

Disable to manually manage the contents of the safe lists and block list entries by going to Security > Block/Safe List > System and clicking Cleanup.

This setting applies only if safe-block-list-tracking-status {enable | disable} is enabled.

safe-block-list-entry-retention safe <days_int>

Enter how long, in days, to keep unused older entries in the system and domain safe lists and block lists. Valid range is from 1 to 365 days.

This setting applies only if safe-block-list-tracking-status {enable | disable} and safe-block-list-entry-auto-aging-status {enable | disable} are enabled.

safe-block-list-precedence {system session domain personal}

Enter, in order from greatest to least, the precedence of the levels of safe lists and block lists that will be used to decide which one to use if multiple lists could apply.

For example, if you want email users to be able to use their own lists to supersede the protected domain's lists, you could move personal before domain:

system session personal domain

safe-block-list-tracking-status {enable | disable}

Enable to track blocklist and safelist usage statistics, depending on which ones you select in:

• system-domain-list-tracking-status {enable | disable} (system and domain)

• user-list-ctrl-status {enable | disable} (personal)

Usage information is also used by safe-block-list-entry-auto-aging-status {enable | disable}.

For details, see safe list and block list details in the FortiMail Administration Guide.

safelist-bypass-sender-auth {enable | disable}

Enable to bypass sender authentication mechanism (SPF/DMARC/DKIM) for safelisted senders.

When disabled, if the scan result of SPF, DKIM, or DMARC is a failure, and the sender is safelisted, the result of SPF, DKIM, and DMARC takes precedence.

safelist-check-header-reply-to {enable | disable}

Enable to use the Reply-To: message header to identify safelisted senders.

Disable this setting or do not use safelisting if you want to harden security.

Many message headers are easy to fake (including the sender email address From: and Reply-To:). For details and more secure alternatives, see safe list details in the FortiMail Administration Guide.

scan-action-preference {single-action | multi-action}

Either apply only the first matching antispam filter, or multiple matching antispam filters, where each matching antispam filter action is applied until the final action is found.

session-profile-rate-control-interval <minutes_int>

Enter a time interval in minutes for these session profile rate controls:

• conn-concurrent <connections_int>

• number-of-messages <limit_int>

• number-of-recipients <limit_int>

Valid range is 5 to 120.

spf-lookup-limit <limit_int>

Enter the maximum number of DNS lookups to make for a domain's SPF record. If the limit is exceeded, an SPF permanent error occurs, unless you enable spf-perm-error-as-failure {enable | disable}.

Multiple DNS lookups may be required for FortiMail to get a valid SPF record for normal reasons such as SPF includes and redirects. However the number could be abnormal if a domain's DNS records are not configured correctly (such as having multiple SPF entries per domain, or too many SPF redirects). You can increase this limit as a temporary workaround. For RFC compliance, enter 10.

Valid range is 10 to 20.

spf-perm-error-as-failure {enable | disable}

Enable for FortiMail to treat SPF permanent errors as a failure, which means the host is not authorized to send messages. This affects the sender reputation score. FortiMail also reports the failure to FortiGuard Antispam.

SPF permanent errors can occur if the domain exceeds spf-lookup-limit <limit_int>, but also for other reasons, such as no SPF entry or invalid SPF syntax.

This setting affects SPF scans such as spf-perm-error-status {enable | disable} and spf-validation {enable | disable | bypass}.

system-domain-list-tracking-status {enable | disable}

Enable to track usage statistics for the system-wide and domain-specific safe lists and block lists.

• System-wide — Creation time, last hit time, hit count. To view these statistics, go to Security > Block/Safe List > System.

• Domain-specific — Percentage of entries used relative to the maximum number in each list. To view these statistics, go to Security > Block/Safe List > Domain.

This setting applies only if safe-block-list-tracking-status {enable | disable} is enabled.

url-checking {aggressive | extreme | strict}

If you enable a FortiGuard scan or SURBL scan in an antispam profile, then FortiMail scans for blocklisted URLs in the email message body.

Types of URLs that URL filtering can scan include:

• Absolute URLs — URL syntax with scheme name (protocol), such as http, https, and ftp. They often only include a domain name. Example: https://www.example.com
• Reference URLs — No scheme name. Example: example.com

URLs in email can also be written in plain text instead of as clickable HTML links. While not technically a URL, the domain name of the sender can also be inspected.

By default, FortiMail scans for absolute URLs only. If you need to improve the spam catch rate or reduce false positives, you can change this. Select which to scan for.

• strict: Absolute URLs only.

  Note: Websites without “http” or “https” but starting with “www” are also treated as absolute URLs. Example: www.example.com

• aggressive: Like strict, but also inspect reference URLs. Also check the domain name of the sender in the SMTP envelope (MAIL FROM:) and message header (From: and Reply-To:).

• extreme: Like aggressive, but also inspect URLs in plain text format.

user-list-auto-cleanup-retention <days_int>

Enter how long, in days, to keep entries in the personal safe lists and block lists that have duplicates in the system-wide or domain-specific lists.

This setting is used only if user-list-auto-cleanup-status {enable | disable} is enabled.