Fortinet white logo
Fortinet white logo

CLI Reference

system fortiguard antispam

system fortiguard antispam

Use this command to configure how the FortiMail unit will connect to the FortiGuard servers to query for antispam signatures. Unlike the antivirus updates, FortiMail cannot query FortiGuard antispam service via a web proxy. If there is a web proxy before FortiMail, you have to use a FortiManager unit locally as an override server.

Syntax

config system fortiguard antispam

set cache-mpercent <percentage_int>

set cache-status {enable | disable}

set cache ttl <ttl_int>

set hostname {<fqdn_str> | <host_ipv4>}

set outbreak-protection-level {disable | high | low | medium}

set outbreak-protection-period <minutes>

set port {443 | 53 | 8888}

set protocol {udp | https}

set query-timeout <timeout_int>

set action-rbl <action-profile_name>

set server-override-ip <ipv4>

set server-override-status {enable | disable}

set status {enable | disable}

set threshold-ip-connect <integer>

set url-redirect-lookup {enable | disable}

end

Variable

Description

Default

cache-mpercent <percentage_int>

Enter the percentage of memory the antispam cache is allowed to use in percentage. The range is 1-15%.

2

cache-status {enable | disable}

Enable cache and specify the cache time to live (TTL) to improve performance.

enable

cache ttl <ttl_int>

Enter the TTL in seconds for cache entries.

300

hostname {<fqdn_str> | <host_ipv4>}

Enter an IP address or a fully qualified domain name (FQDN) to override the default FortiGuard Antispam query server.

antispam.fortigate.com

outbreak-protection-level {disable | high | low | medium}

Specify a spam outbreak protection level. Higher levels mean stricter filtering.

This feature temporarily holds email for a certain period of time (see outbreak-protection-period) if the enabled FortiGuard antispam check (block-IP and/or URL filter) returns no result. After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard antispam service to update its database in cases a spam outbreak occurs.

Conversely, in order to reduce the types of email to be deferred for outbreak, set this command to low.

medium

outbreak-protection-period <minutes>

Specify how long (in minutes) FortiMail will hold email before it query the FortiGuard server for the second time.

30

port {443 | 53 | 8888}

Enter the port number used to communicate with the FortiGuard Antispam query servers.

53

protocol {udp | https}

Enter the protocol used to communicate with the FortiGuard servers.

query-timeout <timeout_int>

Enter the timeout value for the FortiMail unit to query the FortiGuard Antispam query server.

7

server-location

Limit the FortiGuard servers to certain locations.

server-override-ip <ipv4>

If server-override-status is enable, enter the IP address of the public or private FortiGuard Antispam query server that overrides the default query server to which the FortiMail unit connects.

server-override-status {enable | disable}

Enable to override the default FortiGuard Antispam query server to which the FortiMail unit connects to and checks for antispam signatures.

disable

status {enable | disable}

Enable to query to the FortiGuard Distribution Network (FDN) for FortiGuard Antispam ratings.

This option must be enabled for antispam profiles where the FortiGuard Antispam scan is enabled to have an effect.

enable

threshold-ip-connect <integer>

When you configure the FortiGuard IP reputation check under Sender Reputation in a session profile, if you choose the "When client connect" option, that means you want the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted during the connection phase.

FortiGuard categorizes the blocklisted IP addresses into three levels -- level 3 has bad reputation; level 2 has worse reputation; and level 1 has the worst reputation. To help prevent false positives, you can choose to this command to specify which level to block.

<integer> is the level number: 1, 2, or 3. The default setting is 3, which means all levels will be blocked. If you want to block level 1 and level 2 but not level 3, you set it to 2.

3

url-redirect-lookup {enable | disable}

If an email contains a shortened URL that redirects to another URL, the FortiMail unit is able to send a request to the shortened URL to get the redirected URL and scan it against the FortiGuard AntiSpam database. By default, this function is enabled. To use it, you need to open your HTTP port to allow the FortiMail unit to send request for scanning the redirected URL.

enable

Related topics

system fortiguard antivirus

update

system fortiguard antispam

system fortiguard antispam

Use this command to configure how the FortiMail unit will connect to the FortiGuard servers to query for antispam signatures. Unlike the antivirus updates, FortiMail cannot query FortiGuard antispam service via a web proxy. If there is a web proxy before FortiMail, you have to use a FortiManager unit locally as an override server.

Syntax

config system fortiguard antispam

set cache-mpercent <percentage_int>

set cache-status {enable | disable}

set cache ttl <ttl_int>

set hostname {<fqdn_str> | <host_ipv4>}

set outbreak-protection-level {disable | high | low | medium}

set outbreak-protection-period <minutes>

set port {443 | 53 | 8888}

set protocol {udp | https}

set query-timeout <timeout_int>

set action-rbl <action-profile_name>

set server-override-ip <ipv4>

set server-override-status {enable | disable}

set status {enable | disable}

set threshold-ip-connect <integer>

set url-redirect-lookup {enable | disable}

end

Variable

Description

Default

cache-mpercent <percentage_int>

Enter the percentage of memory the antispam cache is allowed to use in percentage. The range is 1-15%.

2

cache-status {enable | disable}

Enable cache and specify the cache time to live (TTL) to improve performance.

enable

cache ttl <ttl_int>

Enter the TTL in seconds for cache entries.

300

hostname {<fqdn_str> | <host_ipv4>}

Enter an IP address or a fully qualified domain name (FQDN) to override the default FortiGuard Antispam query server.

antispam.fortigate.com

outbreak-protection-level {disable | high | low | medium}

Specify a spam outbreak protection level. Higher levels mean stricter filtering.

This feature temporarily holds email for a certain period of time (see outbreak-protection-period) if the enabled FortiGuard antispam check (block-IP and/or URL filter) returns no result. After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard antispam service to update its database in cases a spam outbreak occurs.

Conversely, in order to reduce the types of email to be deferred for outbreak, set this command to low.

medium

outbreak-protection-period <minutes>

Specify how long (in minutes) FortiMail will hold email before it query the FortiGuard server for the second time.

30

port {443 | 53 | 8888}

Enter the port number used to communicate with the FortiGuard Antispam query servers.

53

protocol {udp | https}

Enter the protocol used to communicate with the FortiGuard servers.

query-timeout <timeout_int>

Enter the timeout value for the FortiMail unit to query the FortiGuard Antispam query server.

7

server-location

Limit the FortiGuard servers to certain locations.

server-override-ip <ipv4>

If server-override-status is enable, enter the IP address of the public or private FortiGuard Antispam query server that overrides the default query server to which the FortiMail unit connects.

server-override-status {enable | disable}

Enable to override the default FortiGuard Antispam query server to which the FortiMail unit connects to and checks for antispam signatures.

disable

status {enable | disable}

Enable to query to the FortiGuard Distribution Network (FDN) for FortiGuard Antispam ratings.

This option must be enabled for antispam profiles where the FortiGuard Antispam scan is enabled to have an effect.

enable

threshold-ip-connect <integer>

When you configure the FortiGuard IP reputation check under Sender Reputation in a session profile, if you choose the "When client connect" option, that means you want the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted during the connection phase.

FortiGuard categorizes the blocklisted IP addresses into three levels -- level 3 has bad reputation; level 2 has worse reputation; and level 1 has the worst reputation. To help prevent false positives, you can choose to this command to specify which level to block.

<integer> is the level number: 1, 2, or 3. The default setting is 3, which means all levels will be blocked. If you want to block level 1 and level 2 but not level 3, you set it to 2.

3

url-redirect-lookup {enable | disable}

If an email contains a shortened URL that redirects to another URL, the FortiMail unit is able to send a request to the shortened URL to get the redirected URL and scan it against the FortiGuard AntiSpam database. By default, this function is enabled. To use it, you need to open your HTTP port to allow the FortiMail unit to send request for scanning the redirected URL.

enable

Related topics

system fortiguard antivirus

update