Fortinet black logo

CLI Reference

system fortiguard antispam

system fortiguard antispam

Use this command to configure how the FortiMail unit will connect to the FortiGuard servers to query for antispam signatures. Unlike the antivirus updates, FortiMail cannot query FortiGuard antispam service via a web proxy. If there is a web proxy before FortiMail, you have to use a FortiManager unit locally as an override server.

Syntax

config system fortiguard antispam

set cache-mpercent <percentage_int>

set cache-status {enable | disable}

set cache ttl <ttl_int>

set hostname {<fqdn_str> | <host_ipv4>}

set outbreak-protection-level {disable | high | low | medium}

set outbreak-protection-period <minutes>

set port {443 | 53 | 8888}

set protocol {udp | https}

set query-timeout <seconds>

set action-rbl <action-profile_name>

set server-override-ip <ipv4>

set server-override-status {enable | disable}

set status {enable | disable}

set uri-redirect-lookup {enable | disable}

end

Variable

Description

Default

cache-mpercent <percentage_int>

Enter the percentage of memory the antispam cache is allowed to use in percentage. The range is 1-15%.

2

cache-status {enable | disable}

Enable cache and specify the cache time to live (TTL) to improve performance.

enable

cache ttl <ttl_int>

Enter the TTL in seconds for cache entries.

300

hostname {<fqdn_str> | <host_ipv4>}

Enter an IP address or a fully qualified domain name (FQDN) to override the default FortiGuard Antispam query server.

antispam.fortigate.com

outbreak-protection-level {disable | high | low | medium}

Specify a spam outbreak protection level. Higher levels mean stricter filtering.

This feature temporarily holds email for a certain period of time (see outbreak-protection-period) if the enabled FortiGuard antispam check (block-IP and/or URI filter) returns no result. After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard antispam service to update its database in cases a spam outbreak occurs.

Conversely, in order to reduce the types of email to be deferred for outbreak, set this command to low.

medium

outbreak-protection-period <minutes>

Specify how long (in minutes) FortiMail will hold email before it query the FortiGuard server for the second time.

30

port {443 | 53 | 8888}

Enter the port number used to communicate with the FortiGuard Antispam query servers.

53

protocol {udp | https}

Enter the protocol used to communicate with the FortiGuard servers.

query-timeout <seconds>

Enter the timeout value (in seconds) for the FortiMail unit to query the FortiGuard Antispam query server.

7

server-location

Limit the FortiGuard servers to certain locations.

server-override-ip <ipv4>

If server-override-status is enable, enter the IP address of the public or private FortiGuard Antispam query server that overrides the default query server to which the FortiMail unit connects.

server-override-status {enable | disable}

Enable to override the default FortiGuard Antispam query server to which the FortiMail unit connects to and checks for antispam signatures.

disable

status {enable | disable}

Enable to query to the FortiGuard Distribution Network (FDN) for FortiGuard Antispam ratings.

This option must be enabled for antispam profiles where the FortiGuard Antispam scan is enabled to have an effect.

enable

uri-redirect-lookup {enable | disable}

If an email contains a shortened URI that redirects to another URI, the FortiMail unit is able to send a request to the shortened URI to get the redirected URI and scan it against the FortiGuard AntiSpam database. By default, this function is enabled. To use it, you need to open your HTTP port to allow the FortiMail unit to send request for scanning the redirected URI.

enable

Related topics

system fortiguard antivirus

update

system fortiguard antispam

Use this command to configure how the FortiMail unit will connect to the FortiGuard servers to query for antispam signatures. Unlike the antivirus updates, FortiMail cannot query FortiGuard antispam service via a web proxy. If there is a web proxy before FortiMail, you have to use a FortiManager unit locally as an override server.

Syntax

config system fortiguard antispam

set cache-mpercent <percentage_int>

set cache-status {enable | disable}

set cache ttl <ttl_int>

set hostname {<fqdn_str> | <host_ipv4>}

set outbreak-protection-level {disable | high | low | medium}

set outbreak-protection-period <minutes>

set port {443 | 53 | 8888}

set protocol {udp | https}

set query-timeout <seconds>

set action-rbl <action-profile_name>

set server-override-ip <ipv4>

set server-override-status {enable | disable}

set status {enable | disable}

set uri-redirect-lookup {enable | disable}

end

Variable

Description

Default

cache-mpercent <percentage_int>

Enter the percentage of memory the antispam cache is allowed to use in percentage. The range is 1-15%.

2

cache-status {enable | disable}

Enable cache and specify the cache time to live (TTL) to improve performance.

enable

cache ttl <ttl_int>

Enter the TTL in seconds for cache entries.

300

hostname {<fqdn_str> | <host_ipv4>}

Enter an IP address or a fully qualified domain name (FQDN) to override the default FortiGuard Antispam query server.

antispam.fortigate.com

outbreak-protection-level {disable | high | low | medium}

Specify a spam outbreak protection level. Higher levels mean stricter filtering.

This feature temporarily holds email for a certain period of time (see outbreak-protection-period) if the enabled FortiGuard antispam check (block-IP and/or URI filter) returns no result. After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard antispam service to update its database in cases a spam outbreak occurs.

Conversely, in order to reduce the types of email to be deferred for outbreak, set this command to low.

medium

outbreak-protection-period <minutes>

Specify how long (in minutes) FortiMail will hold email before it query the FortiGuard server for the second time.

30

port {443 | 53 | 8888}

Enter the port number used to communicate with the FortiGuard Antispam query servers.

53

protocol {udp | https}

Enter the protocol used to communicate with the FortiGuard servers.

query-timeout <seconds>

Enter the timeout value (in seconds) for the FortiMail unit to query the FortiGuard Antispam query server.

7

server-location

Limit the FortiGuard servers to certain locations.

server-override-ip <ipv4>

If server-override-status is enable, enter the IP address of the public or private FortiGuard Antispam query server that overrides the default query server to which the FortiMail unit connects.

server-override-status {enable | disable}

Enable to override the default FortiGuard Antispam query server to which the FortiMail unit connects to and checks for antispam signatures.

disable

status {enable | disable}

Enable to query to the FortiGuard Distribution Network (FDN) for FortiGuard Antispam ratings.

This option must be enabled for antispam profiles where the FortiGuard Antispam scan is enabled to have an effect.

enable

uri-redirect-lookup {enable | disable}

If an email contains a shortened URI that redirects to another URI, the FortiMail unit is able to send a request to the shortened URI to get the redirected URI and scan it against the FortiGuard AntiSpam database. By default, this function is enabled. To use it, you need to open your HTTP port to allow the FortiMail unit to send request for scanning the redirected URI.

enable

Related topics

system fortiguard antivirus

update