system fortiguard antispam
Use this command to configure how the FortiMail unit will connect to the FortiGuard servers to query for antispam signatures. Unlike the antivirus updates, FortiMail cannot query FortiGuard antispam service via a web proxy. If there is a web proxy before FortiMail, you have to use a FortiManager unit locally as an override server.
Syntax
config system fortiguard antispam
set cache-mpercent <percentage_int>
set cache-status {enable | disable}
set cache ttl <ttl_int>
set hostname {<fqdn_str> | <host_ipv4>}
set outbreak-protection-level {disable | high | low | medium}
set outbreak-protection-period <minutes>
set port {443 | 53 | 8888}
set protocol {udp | https}
set query-timeout <timeout_int>
set action-rbl <action-profile_name>
set server-override-ip <ipv4>
set server-override-status {enable | disable}
set status {enable | disable}
set threshold-ip-connect <integer>
set url-redirect-lookup {enable | disable}
end
cache-mpercent <percentage_int>
|
Enter the percentage of memory the antispam cache is allowed to use in percentage. The range is 1-15%.
|
2
|
cache-status {enable | disable}
|
Enable cache and specify the cache time to live (TTL) to improve performance.
|
enable
|
cache ttl <ttl_int>
|
Enter the TTL in seconds for cache entries.
|
300
|
hostname {<fqdn_str> | <host_ipv4>}
|
Enter an IP address or a fully qualified domain name (FQDN) to override the default FortiGuard Antispam query server.
|
antispam.fortigate.com
|
outbreak-protection-level {disable | high | low | medium}
|
Specify a spam outbreak protection level. Higher levels mean stricter filtering.
This feature temporarily holds email for a certain period of time (see outbreak-protection-period ) if the enabled FortiGuard antispam check (block-IP and/or URL filter) returns no result. After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard antispam service to update its database in cases a spam outbreak occurs.
Conversely, in order to reduce the types of email to be deferred for outbreak, set this command to low .
|
medium
|
outbreak-protection-period <minutes>
|
Specify how long (in minutes) FortiMail will hold email before it query the FortiGuard server for the second time.
|
30
|
port {443 | 53 | 8888}
|
Enter the port number used to communicate with the FortiGuard Antispam query servers.
|
53
|
protocol {udp | https}
|
Enter the protocol used to communicate with the FortiGuard servers.
|
|
query-timeout <timeout_int>
|
Enter the timeout value for the FortiMail unit to query the FortiGuard Antispam query server.
|
7
|
server-location
|
Limit the FortiGuard servers to certain locations.
|
|
server-override-ip <ipv4>
|
If server-override-status is enable , enter the IP address of the public or private FortiGuard Antispam query server that overrides the default query server to which the FortiMail unit connects.
|
|
server-override-status {enable | disable}
|
Enable to override the default FortiGuard Antispam query server to which the FortiMail unit connects to and checks for antispam signatures.
|
disable
|
status {enable | disable}
|
Enable to query to the FortiGuard Distribution Network (FDN) for FortiGuard Antispam ratings.
This option must be enabled for antispam profiles where the FortiGuard Antispam scan is enabled to have an effect.
|
enable
|
threshold-ip-connect <integer>
|
When you configure the FortiGuard IP reputation check under Sender Reputation in a session profile, if you choose the "When client connect" option, that means you want the FortiGuard Antispam Service to determine if the IP address of the SMTP server is blocklisted during the connection phase.
FortiGuard categorizes the blocklisted IP addresses into three levels -- level 3 has bad reputation; level 2 has worse reputation; and level 1 has the worst reputation. To help prevent false positives, you can choose to this command to specify which level to block.
<integer> is the level number: 1, 2, or 3. The default setting is 3, which means all levels will be blocked. If you want to block level 1 and level 2 but not level 3, you set it to 2.
|
3
|
url-redirect-lookup {enable | disable}
|
If an email contains a shortened URL that redirects to another URL, the FortiMail unit is able to send a request to the shortened URL to get the redirected URL and scan it against the FortiGuard AntiSpam database. By default, this function is enabled. To use it, you need to open your HTTP port to allow the FortiMail unit to send request for scanning the redirected URL.
|
enable
|
Related topics
system fortiguard antivirus
update