Fortinet black logo

CLI Reference

Home FortiMail 7.4.2 CLI Reference

cloud-api profile weighted-analysis

7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.7
7.0.6
7.0.5
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.0
6.0.4
6.0.3
6.0.1
6.0.0
5.4.9
5.4.8
5.4.6
5.4.5
5.4.4
5.4.3
5.4.0
Copy Link
Copy Doc ID 66ae5ae2-c1e5-11ee-8c42-fa163e15d75b:299907
Download PDF

cloud-api profile weighted-analysis

Use this command to configure weighted analysis profiles for the administrator account of the Microsoft 365 and Google Workspace domain. To avoid false positives and false negatives, you can adjust the scores ("weight") of each type of suspicious behavior, and the total score threshold that an email must reach to be categorized as spam.

To use a weighted analysis profile, select it in an antispam profile.

Syntax

config profile weighted-analysis

edit <profile_name>

set comment <comment_str>

config rule

edit <order_index>

set name <rule_name>

set status {enable | disable}

set action <profile_name>

set threshold <score_float>

set action-keyword-score <score_float>

set cousin-domain-score <score_float>

set dictionary-profile <profile_name>

set dictionary-threshold <score_int>

set intelligent-analysis-score <score_float>

set malformed-email-score <score_float>

set sender-alignment-score <score_float>

set suspicious-character-score <score_float>

set url-profile <profile_name>

set url-profile-score <score_float>

next

end

next

end

Syntax

Variable

Description

Default

<profile_name>

Enter the name of the weighted-analysis profile.

comment <comment_str>

Enter a descriptive comment.

<order_index>

Enter the numerical order of the rule in the profile.

name <rule_name> Enter a name for the rule.

status {enable | disable}

Enable or disable the rule.

enable
action <profile_name> Enter the name of an action profile.

threshold <score_float>

Enter the minimum total score that triggers the action.

The total score is determined by adding the scores of all categories (suspicious character, etc.) in the weighted analysis rule.

50.000000
action-keyword-score <score_float> Enter a weight-adjusted score for dictionary profile matches.

10.000000
cousin-domain-score <score_float> Enter a weight-adjusted score for domain name impersonation. See also profile cousin-domain.

10.000000

dictionary-profile <profile_name>

Enter the name of a dictionary profile.

The dictionary profile contains keywords (for example, "Click here", "Transfer", "Money", "Dollars", "Bank account", etc.) that ask the user to perform an action that typically only spammers ask for, and therefore are suspicious.

dictionary-threshold <score_int>

Enter a weight-adjusted score for dictionary profile matches.

1

intelligent-analysis-score <score_float>

Enter a weight-adjusted score for intelligent analysis detections.

Multiple factors contribute to and inform the intelligent analysis condition, in order to detect fewer false positive results, including SPF, DKIM, DMARC, alignment of sender addresses in the message header (From: and Reply-To:), new web filter domains, header analysis, and malformed emails.

50.000000
malformed-email-score <score_float>

Enter a weight-adjusted score for malformed emails.

Malformed emails are those emails that contain malformed data in the email structure, header, or body. For more information, see RFC 7103.

10.000000

sender-alignment-score <score_float>

Enter a weight-adjusted score for sender domain mismatches.

Sender alignment compares the domain name of the sender email address in the message header (From:) and SMTP envelope (MAIL FROM:) to look for a mismatch, which is typical of spam.

10.000000

suspicious-character-score <score_float>

Enter a weight-adjusted score for suspicious characters.

Protects against internationalized domain name (IDN) homograph attacks. If domain names in URLs, sender email addresses, or recipient email addresses have Unicode characters that are from different languages yet look similar (for example, A looks similar in Cyrillic, Greek, and Latin alphabets), then an attacker could trick the user into using a fraudulent website or email. FortiMail detects these as suspicious.

10.000000

url-profile <profile_name>

Enter the name of a URL category profile.

unrated
url-profile-score <score_float> Enter a weight-adjusted score for URL category profile matches.

10.000000
Previous
Next

cloud-api profile weighted-analysis

Use this command to configure weighted analysis profiles for the administrator account of the Microsoft 365 and Google Workspace domain. To avoid false positives and false negatives, you can adjust the scores ("weight") of each type of suspicious behavior, and the total score threshold that an email must reach to be categorized as spam.

To use a weighted analysis profile, select it in an antispam profile.

Syntax

config profile weighted-analysis

edit <profile_name>

set comment <comment_str>

config rule

edit <order_index>

set name <rule_name>

set status {enable | disable}

set action <profile_name>

set threshold <score_float>

set action-keyword-score <score_float>

set cousin-domain-score <score_float>

set dictionary-profile <profile_name>

set dictionary-threshold <score_int>

set intelligent-analysis-score <score_float>

set malformed-email-score <score_float>

set sender-alignment-score <score_float>

set suspicious-character-score <score_float>

set url-profile <profile_name>

set url-profile-score <score_float>

next

end

next

end

Syntax

Variable

Description

Default

<profile_name>

Enter the name of the weighted-analysis profile.

comment <comment_str>

Enter a descriptive comment.

<order_index>

Enter the numerical order of the rule in the profile.

name <rule_name> Enter a name for the rule.

status {enable | disable}

Enable or disable the rule.

enable
action <profile_name> Enter the name of an action profile.

threshold <score_float>

Enter the minimum total score that triggers the action.

The total score is determined by adding the scores of all categories (suspicious character, etc.) in the weighted analysis rule.

50.000000
action-keyword-score <score_float> Enter a weight-adjusted score for dictionary profile matches.

10.000000
cousin-domain-score <score_float> Enter a weight-adjusted score for domain name impersonation. See also profile cousin-domain.

10.000000

dictionary-profile <profile_name>

Enter the name of a dictionary profile.

The dictionary profile contains keywords (for example, "Click here", "Transfer", "Money", "Dollars", "Bank account", etc.) that ask the user to perform an action that typically only spammers ask for, and therefore are suspicious.

dictionary-threshold <score_int>

Enter a weight-adjusted score for dictionary profile matches.

1

intelligent-analysis-score <score_float>

Enter a weight-adjusted score for intelligent analysis detections.

Multiple factors contribute to and inform the intelligent analysis condition, in order to detect fewer false positive results, including SPF, DKIM, DMARC, alignment of sender addresses in the message header (From: and Reply-To:), new web filter domains, header analysis, and malformed emails.

50.000000
malformed-email-score <score_float>

Enter a weight-adjusted score for malformed emails.

Malformed emails are those emails that contain malformed data in the email structure, header, or body. For more information, see RFC 7103.

10.000000

sender-alignment-score <score_float>

Enter a weight-adjusted score for sender domain mismatches.

Sender alignment compares the domain name of the sender email address in the message header (From:) and SMTP envelope (MAIL FROM:) to look for a mismatch, which is typical of spam.

10.000000

suspicious-character-score <score_float>

Enter a weight-adjusted score for suspicious characters.

Protects against internationalized domain name (IDN) homograph attacks. If domain names in URLs, sender email addresses, or recipient email addresses have Unicode characters that are from different languages yet look similar (for example, A looks similar in Cyrillic, Greek, and Latin alphabets), then an attacker could trick the user into using a fraudulent website or email. FortiMail detects these as suspicious.

10.000000

url-profile <profile_name>

Enter the name of a URL category profile.

unrated
url-profile-score <score_float> Enter a weight-adjusted score for URL category profile matches.

10.000000
Previous
Next