policy recipient
Use this command to create recipient-based policies based on the inbound or outbound directionality of an email message with respect to the protected domain.
Syntax
config policy recipient
edit <policy_int>
set auth-access-options {pop3 | smtp-auth | smtp-diff-identity | web}
set certificate-required {yes | no}
set direction {incoming | outgoing}
set pkiauth {enable | disable}
set profile-antispam <antispam-profile_name>
set profile-antivirus <antivirus-profile_name>
set profile-auth-type {imap | ldap | none | pop3 | radius | smtp}
set profile-content <content-profile_name>
set profile-dlp <profile_name>
set profile-ldap <ldap-profile_name>
set profile-resource <profile_name>
set recipient-domain <domain_str>
set recipient-name <local-part_str>
set recipient-pattern-regex <string>
set recipient-type {email-address-group | ldap-group | regexp | user}
set sender-domain <domain_str>
set sender-name <local-part_str>
set sender-pattern-regex <string>
set sender-type {email-address-group | ldap-group | regexp | user}
set smtp-diff-identity {enable | disable}
set smtp-diff-identity-ldap {enable | disable}
set smtp-diff-identity-ldap-profile <profile_name>
end
Variable |
Description |
Default |
Enter the index number of the recipient-based policy. |
|
|
auth-access-options {pop3 | smtp-auth | smtp-diff-identity | web} |
Enter the method that email users matching this policy use to retrieve the contents of their per-recipient spam quarantine.
Note: Entering this option allows, but does not require, SMTP authentication. To enforce SMTP authentication for connecting SMTP clients, ensure that all access control rules require authentication. |
|
If the email user’s web browser does not provide a valid personal certificate, the FortiMail unit will fall back to standard user name and password-style authentication. To require valid certificates only and disallow password-style fallback, enter |
no |
|
Optionally, enter a comment for the recipient policy. |
|
|
Select the mail traffic direction. |
incoming |
|
Enable if you want to allow email users to log in to their per-recipient spam quarantine by presenting a certificate rather than a user name and password. |
disable |
|
If |
|
|
Enter the name of an antispam profile, if any, that this policy will apply. |
|
|
Enter the name of an antivirus profile, if any, that this policy will apply. |
|
|
profile-auth-type {imap | ldap | none | pop3 | radius | smtp} |
Enter the type of the authentication profile that this policy will apply. The command |
none |
Enter the name of the DLP profile that you want to apply to connections matching the policy. |
|
|
Enter the name of the content profile that you want to apply to connections matching the policy. |
|
|
Enter the name of the resource profile that you want to apply to connections matching the policy. |
|
|
If |
|
|
Enter the domain part of recipient email address to define recipient ( |
|
|
Enter the local part of recipient email address to define recipient ( |
|
|
Define the recipient email address regular expression pattern. This option is only available when |
.* |
|
recipient-type {email-address-group | ldap-group | regexp | user} |
Enter one of the following ways to define recipient ( If you enter |
user |
Define the sender email address regular expression pattern. This option is only available when |
.* |
|
Enter the domain part of sender email address to define sender ( |
|
|
Enter the local part of sender email address to define sender ( |
|
|
sender-type {email-address-group | ldap-group | regexp | user} |
Enter one of the following ways to define sender ( If you enter |
user |
Enable to allow the SMTP client to send email using a different sender email address (MAIL FROM:) than the user name that they used to authenticate. Disable to require that the sender email address in the SMTP envelope match the authenticated user name. This option is applicable only if |
enable |
|
Enable to allow the SMTP client to verify SMTP sender identity with LDAP for authenticated email. This option is applicable only if |
disable |
|
Enter the LDAP profile name for SMTP sender identity verification. This option is applicable only if |
|
|
Enable to apply this policy. |
enable |