antispam trusted
Use these commands to configure both the IP addresses of mail transfer agents (MTAs) that are trusted to insert genuine Received:
message headers, and the IP addresses of MTAs that perform antispam scans before the FortiMail unit.
Received:
message headers are inserted by each MTA that handles an email message in route to its destination. The IP addresses in those headers can be used as part of FortiGuard Antispam and DNSBL antispam checks, and SPF and DKIM sender validation. However, they should only be used if you trust that the Received:
header added by an MTA is not fake — spam-producing MTAs sometimes insert fake headers containing the IP addresses of legitimate MTAs in an attempt to circumvent antispam measures.
If you trust that Received:
headers containing specific IP addresses are always genuine, you can add those IP addresses to the mta
list.
Note that private network addresses, defined in RFC 1918, are never checked and do not need to be excluded using config antispam trusted mta
.
Relatedly, if you can trust that a previous mail hop has already scanned the email for spam, you can add its IP address to the antispam-mta
list to omit deep header scans for email that has already been evaluated by that MTA, thereby improving performance.
Syntax
config antispam trusted {mta | antispam-mta}
edit <smtp_ipv4/mask>
end
Variable |
Description |
Default |
Enter the IP address and netmask of an MTA. |
No default. |