Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiMail 7.0.0 CLI Reference
    7.0.0
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    antispam trusted

    antispam trusted

    Use these commands to configure both the IP addresses of mail transfer agents (MTAs) that are trusted to insert genuine Received: message headers, and the IP addresses of MTAs that perform antispam scans before the FortiMail unit.

    Received: message headers are inserted by each MTA that handles an email message in route to its destination. The IP addresses in those headers can be used as part of FortiGuard Antispam and DNSBL antispam checks, and SPF and DKIM sender validation. However, they should only be used if you trust that the Received: header added by an MTA is not fake — spam-producing MTAs sometimes insert fake headers containing the IP addresses of legitimate MTAs in an attempt to circumvent antispam measures.

    If you trust that Received: headers containing specific IP addresses are always genuine, you can add those IP addresses to the mta list.

    Note that private network addresses, defined in RFC 1918, are never checked and do not need to be excluded using config antispam trusted mta.

    Similarly, if you can trust that a previous mail hop has already scanned the email for spam, you can add its IP address to the antispam-mta list to omit deep header scans for email that has already been evaluated by that MTA, thereby improving performance.

    Syntax

    config antispam trusted {mta | antispam-mta}

    edit <smtp_ipv4/mask>

    end

    Variable

    Description

    Default

    <smtp_ipv4/mask>

    Enter the IP address and netmask of an MTA.

    Related topics

    antispam bounce-verification

    antispam deepheader-analysis

    antispam greylist exempt

    antispam quarantine-report

    antispam settings

    Previous
    Next

    antispam trusted

    antispam trusted

    Use these commands to configure both the IP addresses of mail transfer agents (MTAs) that are trusted to insert genuine Received: message headers, and the IP addresses of MTAs that perform antispam scans before the FortiMail unit.

    Received: message headers are inserted by each MTA that handles an email message in route to its destination. The IP addresses in those headers can be used as part of FortiGuard Antispam and DNSBL antispam checks, and SPF and DKIM sender validation. However, they should only be used if you trust that the Received: header added by an MTA is not fake — spam-producing MTAs sometimes insert fake headers containing the IP addresses of legitimate MTAs in an attempt to circumvent antispam measures.

    If you trust that Received: headers containing specific IP addresses are always genuine, you can add those IP addresses to the mta list.

    Note that private network addresses, defined in RFC 1918, are never checked and do not need to be excluded using config antispam trusted mta.

    Similarly, if you can trust that a previous mail hop has already scanned the email for spam, you can add its IP address to the antispam-mta list to omit deep header scans for email that has already been evaluated by that MTA, thereby improving performance.

    Syntax

    config antispam trusted {mta | antispam-mta}

    edit <smtp_ipv4/mask>

    end

    Variable

    Description

    Default

    <smtp_ipv4/mask>

    Enter the IP address and netmask of an MTA.

    Related topics

    antispam bounce-verification

    antispam deepheader-analysis

    antispam greylist exempt

    antispam quarantine-report

    antispam settings

    Previous
    Next