Fortinet white logo
Fortinet white logo

CLI Reference

antispam trusted

antispam trusted

Use these commands to configure both the IP addresses of mail transfer agents (MTAs) that are trusted to insert genuine Received: message headers, and the IP addresses of MTAs that perform antispam scans before the FortiMail unit.

Received: message headers are inserted by each MTA that handles an email message in route to its destination. The IP addresses in those headers can be used as part of FortiGuard Antispam and DNSBL antispam checks, and SPF and DKIM sender validation. However, they should only be used if you trust that the Received: header added by an MTA is not fake — spam-producing MTAs sometimes insert fake headers containing the IP addresses of legitimate MTAs in an attempt to circumvent antispam measures.

If you trust that Received: headers containing specific IP addresses are always genuine, you can add those IP addresses to the mta list.

Note that private network addresses, defined in RFC 1918, are never checked and do not need to be excluded using config antispam trusted mta.

Relatedly, if you can trust that a previous mail hop has already scanned the email for spam, you can add its IP address to the antispam-mta list to omit deep header scans for email that has already been evaluated by that MTA, thereby improving performance.

Syntax

config antispam trusted {mta | antispam-mta}

edit <smtp_ipv4/mask>

end

Variable

Description

Default

<smtp_ipv4/mask>

Enter the IP address and netmask of an MTA.

No default.

Related topics

antispam bounce-verification

antispam deepheader-analysis

antispam greylist exempt

antispam quarantine-report

antispam settings

antispam trusted

antispam trusted

Use these commands to configure both the IP addresses of mail transfer agents (MTAs) that are trusted to insert genuine Received: message headers, and the IP addresses of MTAs that perform antispam scans before the FortiMail unit.

Received: message headers are inserted by each MTA that handles an email message in route to its destination. The IP addresses in those headers can be used as part of FortiGuard Antispam and DNSBL antispam checks, and SPF and DKIM sender validation. However, they should only be used if you trust that the Received: header added by an MTA is not fake — spam-producing MTAs sometimes insert fake headers containing the IP addresses of legitimate MTAs in an attempt to circumvent antispam measures.

If you trust that Received: headers containing specific IP addresses are always genuine, you can add those IP addresses to the mta list.

Note that private network addresses, defined in RFC 1918, are never checked and do not need to be excluded using config antispam trusted mta.

Relatedly, if you can trust that a previous mail hop has already scanned the email for spam, you can add its IP address to the antispam-mta list to omit deep header scans for email that has already been evaluated by that MTA, thereby improving performance.

Syntax

config antispam trusted {mta | antispam-mta}

edit <smtp_ipv4/mask>

end

Variable

Description

Default

<smtp_ipv4/mask>

Enter the IP address and netmask of an MTA.

No default.

Related topics

antispam bounce-verification

antispam deepheader-analysis

antispam greylist exempt

antispam quarantine-report

antispam settings