cache-mpercent <percentage_int>

Enter the percentage of memory the antispam cache is allowed to use in percentage. The range is 1-15%.

cache-status {enable | disable}

Enable cache and specify the cache time to live (TTL) to improve performance. Also configure cache ttl <ttl_int> and cache-mpercent <percentage_int>.

cache ttl <ttl_int>

Enter the TTL in seconds for cache entries. If the entry is not refreshed before this time, then it expires and is removed from cache.

outbreak-protection-level {disable | high | low | medium}

Select the threshold level for spam outbreak protection. Higher levels mean stricter filtering.

This feature temporarily holds email for a certain period of time (see outbreak-protection-period) if the enabled FortiGuard Antispam check (block-IP and/or URL filter) returns no result. After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard antispam service to update its database in cases a spam outbreak occurs.

Conversely, in order to reduce the types of email to be deferred for outbreak, set this command to low.

outbreak-protection-period <minutes_int>

Specify how long (in minutes) FortiMail will hold email before it query the FortiGuard server for the second time.

port {443 | 53 | 8888}

Enter the port number used to communicate with the FortiGuard Antispam query servers.

protocol {udp | https}

Enter the protocol used to communicate with the FortiGuard servers.

query-timeout <timeout_int>

Enter the timeout value for the FortiMail unit to query the FortiGuard Antispam query server.

server-location {any | usa}

Select which geographic regions of FortiGuard servers to use if required by regulatory compliance or for network performance.

server-override-ip {<host_fqdn> | <host_ipv4>}

If server-override-status {enable | disable} is enable, enter the IP address of the public or private FortiGuard Antispam query server that overrides the default query server to which the FortiMail unit connects.

server-override-status {enable | disable}

Enable to override the default FortiGuard Antispam query server to which the FortiMail unit connects to and checks for antispam signatures.

submission-handling-type {admin-review | direct-to-fortiguard}

Select whether you want an administrator to manually review spam sample submissions, or you want them to be sent directly to FortiGuard.

submission-per-domain {enable | disable}

If you have multiple protected domains, enable this option to allow domain administrators to view spam sample submissions for their own domain.

submission-ham-addr <not-spam-sample_email>

Enter the email address that will receive samples of normal email (not spam).

Note: Sample submission email addresses must:

• Not be the same.

• Be reserved only for samples of spam and non-spam; they should not receive any other email.

submission-retention <days_int>

Enter a number of days between 0-60, after which the sample spam submission will be deleted.

submission-spam-addr <spam-sample_email>

Enter the email address that will receive samples of spam email.

Note: Sample submission email addresses must:

• Not be the same.

• Be reserved only for samples of spam and non-spam; they should not receive any other email.

submission-status {enable | disable}

Enable to submit samples of spam and non-spam that were not detected correctly to FortiGuard or your FortiMail administrators. This information can be used to improve the catch rate.

Users can submit samples of spam and non-spam via the Report Spam plugin for Microsoft Outlook. The plugin is available for download at https://support.fortinet.com/. To review the submitted samples, go to Monitor > Quarantine > Sample Submission.

status {enable | disable}

Enable to query to the FortiGuard Distribution Network (FDN) for FortiGuard Antispam ratings.

This option must be enabled for antispam profiles where the FortiGuard Antispam scan is enabled to have an effect.

threshold-ip-connect {1 | 2 | 3}

When you configure the FortiGuard IP reputation check under sender reputation in a session profile, if you select the client connection option, FortiGuard Antispam Service determines if the IP address of the SMTP server is blocklisted during the connection phase.

FortiGuard categorizes the blocklisted IP addresses into three levels: level 3 has bad reputation; level 2 has worse reputation; and level 1 has the worst reputation. To avoid false positives, you can specify which level to block. Enter the threshold to block email whose rating is equal to or worse than that level.

For example, if you want to block level 1 and level 2 but not level 3, enter 2.