policy ip
Use this command to create policies that apply profiles to SMTP connections based upon the IP addresses of SMTP clients and/or servers.
Syntax
config policy ip
edit <policy_int>
set action {proxy-bypass | reject | scan | temp-fail}
set client-ip-group <group_name>
set client-type {ip-address |ip-group | ip-pool}
set comment
set exclusive {enable | disable}
set profile-antispam <antispam-profile_name>
set profile-antivirus <antivirus-profile_name>
set profile-content <content-profile_name>
set profile-dlp
set profile-ip-pool <ip-pool_name>
set profile-session <session-profile_name>
set server-ip-group <group_name>
set server <smtp-server_ipv4mask>
set server-ip-pool <ip-pool_str>
set server-type {ip-address | ip-group | ip-pool}
set smtp-diff-identity {enable | disable}
set smtp-diff-identity-ldap-profile
set use-for-smtp-auth {enable | disable}
end
Variable |
Description |
Default |
Enter the index number of the IP-based policy. |
|
|
Enter an action for this policy:
|
scan |
|
Enter the IP group of the SMTP client to whose connections this policy will apply. This option only appears if you enter |
|
|
Enter the IP address and subnet mask of the SMTP client to whose connections this policy will apply. To match all clients, enter |
192.168.224.15 255.255.255.255 |
|
Enter the client type. |
ip-address |
|
Enter a brief comment for the IP policy. |
|
|
Enable to omit evaluation of matches with recipient-based policies, causing the FortiMail unit to disregard applicable recipient-based policies and apply only the IP-based policy. Disable to apply any matching recipient-based policy in addition to the IP-based policy. Any profiles selected in the recipient-based policy will override those selected in the IP-based policy. |
disable |
|
Enter the name of an outgoing antispam profile, if any, that this policy will apply. |
|
|
Enter the name of an antivirus profile, if any, that this policy will apply. |
|
|
profile-auth-type {imap | ldap | none | pop3 | radius | smtp} |
Enter the type of the authentication profile that this policy will apply. The command |
|
Enter the name of the content profile that you want to apply to connections matching the policy. |
|
|
Enter the name of the DLP profile for this policy. |
|
|
Enter the name of the IP pool profile that you want to apply to connections matching the policy. |
|
|
Enter the name of the session profile that you want to apply to connections matching the policy. |
|
|
Enter the name of the IP group profile that you want to apply to connections matching the policy. This option is only available when the |
|
|
Enter the IP address and subnet mask of the SMTP server to whose connections this policy will apply. To match all servers, enter This option applies only for FortiMail units operating in transparent mode. For other modes, the FortiMail unit receives the SMTP connection, and therefore acts as the server. |
0.0.0.0 0.0.0.0 |
|
Enter the name of the ip pool to whose connections this policy will apply. This option is only available when the |
|
|
Enter the SMTP server type o whose connections this policy will apply. Also configure server <smtp-server_ipv4mask>, server-ip-group <group_name>, and server-ip-pool <ip-pool_str>. |
ip-address |
|
Enable to allow the SMTP client to send email using a different sender email address ( Disable to require that the sender email address in the SMTP envelope match the authenticated user name. |
disable |
|
Verify SMTP sender identity with LDAP for authenticated email. |
disable |
|
LDAP profile for SMTP sender identity verification. |
disable |
|
Enable to apply this policy. |
enable |
|
Enable to authenticate SMTP connections using the authentication profile configured in sensitive-data {...}. |
disable |