Fortinet FortiMail 3.0 MR4 Cli Reference Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiMail 3.0 MR4
  6. Cli reference manual
Fortinet FortiMail 3.0 MR4 Cli Reference Manual

Fortinet FortiMail 3.0 MR4 Cli Reference Manual

Secure messaging platform
Hide thumbs
Table of Contents

Advertisement

Quick Links

C L I R E F E R E N C E
FortiMail™ Secure Messaging Platform
Version 3.0 MR4
Note: The History sections in the command entries are intended to record
changes in FortiMail 3.0 CLI commands with each release of the product.
Although these sections show all commands as new for version 3.0, many of
the commands existed in previous versions of FortiMail firmware.
www.fortinet.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiMail 3.0 MR4 and is the answer not in the manual?

Questions and answers

Related Manuals for Fortinet FortiMail 3.0 MR4

Summary of Contents for Fortinet FortiMail 3.0 MR4

  • Page 1 Note: The History sections in the command entries are intended to record changes in FortiMail 3.0 CLI commands with each release of the product. Although these sections show all commands as new for version 3.0, many of the commands existed in previous versions of FortiMail firmware. www.fortinet.com...
  • Page 2 Version 3.0 MR4 14 August 2008 06-30004-0420-20080814 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

  • Page 3: Table Of Contents

    About the FortiMail Secure Messaging Platform... 15 About this document... 15 Document conventions... 16 FortiMail documentation ... 17 Fortinet Tools and Documentation CD ... 17 Fortinet Knowledge Center ... 17 Comments on Fortinet technical documentation ... 18 Customer service and technical support ... 18 What’s new ...
  • Page 4 Contents shutdown... 42 smtptest... 43 telnettest... 44 traceroute ... 45 update config ... 46 updatecenter updatenow ... 47 get... 49 alertemail configuration... 50 alertemail setting ... 51 antivirus... 52 as... 53 auth ... 56 av... 57 config... 58 console ... 59 fshd status ...
  • Page 5 Contents out_policy... 82 out_profile ... 83 policy ... 84 spam deepheader ... 85 spam heuristic rules... 86 spam retrieval policy ... 87 system ... 88 user ... 90 userpolicy... 91 set ... 93 alertemail configuration mailto ... 94 alertemail deferq ... 95 alertemail setting option ...
  • Page 6 Contents as profile modify quarantine ... 122 as profile modify rewrite_rcpt ... 123 as profile modify scanoptions... 124 as profile modify surbl ... 125 as profile modify surblserver ... 126 as profile modify tags ... 127 as profile modify virus ... 128 as profile modify whitelistword...
  • Page 7 Contents ip_policy ... 157 Syntax ... 157 History ... 157 Related topics ... 157 ip_policy action... 158 Syntax ... 158 History ... 158 Related topics ... 158 ip_policy as ... 159 Syntax ... 159 History ... 159 Related topics ... 159 ip_policy auth...
  • Page 8 ip_policy match (transparent mode)... 167 Syntax ... 167 History... 167 Related topics ... 167 ip_policy move... 168 Syntax ... 168 History... 168 Related topics ... 168 ip_policy smtp ... 169 Syntax ... 169 History... 169 Related topics ... 169 ip_pool... 170 ip_pool add_entry...
  • Page 9 Contents ldap_profile profile server... 198 ldap_profile profile user... 199 limits domain-level ... 201 limits system-level general ... 202 limits system-level groups... 203 limits system-level mail-users... 204 limits system-level other-profiles... 205 limits system-level policies ... 206 ... 207 log msisdn... 208 log policy destination event ...
  • Page 10 Contents mailserver smtp deferbigmsg ... 237 mailserver smtp delivery ... 238 mailserver smtp dsn_... 239 mailserver smtp ldap_domain_check... 240 mailserver smtp queue ... 241 mailserver smtpauth ... 242 mailserver smtpssl ... 243 mailserver smtp storage ... 244 mailserver smtp storage cquar ... 245 mailserver systemquarantine...
  • Page 11 Contents out_profile profile modify heuristic ... 275 out_profile profile modify imagespam... 276 out_profile profile modify individualaction scanner ... 277 out_profile profile modify scanoptions ... 278 out_profile profile modify surbl... 279 out_profile profile modify surblserver... 280 out_profile profile modify tags ... 281 out_profile profile modify virus...
  • Page 12 Contents system fortimanager ... 312 system ha config ... 313 system ha {cpeer | interface | peer | secondary-interface | secondary-peer} . system ha data... 318 system ha datadir ... 319 system ha lservice... 320 system ha mode ... 321 system ha monitor...
  • Page 13 Contents log reportconfig ... 356 mailserver... 357 system ... 358 user (transparent and gateway) ... 359 user (server) ... 360 Index... 361 FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...
  • Page 14 Contents FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 15: Introduction

    Note: Diagnose commands are also available from the FortiMail CLI. These commands are used to display system information and for debugging. Diagnose commands are intended for advanced users only, and they are not covered in this document. Contact Fortinet technical support before using these commands.

  • Page 16: Document Conventions

    Note: Highlights useful additional information. Caution: Warns you about commands or procedures that could have unexpected or undesirable results including loss of data or damage to equipment. Typographic conventions Fortinet documentation uses the following typographical conventions: Convention Example Keyboard input In the Gateway Name field, type a name for the remote VPN peer or client (for example, Central_Office_1).

  • Page 17: Fortimail Documentation

    Fortinet Tools and Documentation CD All Fortinet documentation is available on the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For up-to-date versions of Fortinet documentation visit the Fortinet Technical Documentation web site at http://docs.forticare.com.

  • Page 18: Comments On Fortinet Technical Documentation

    Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network.

  • Page 19: What's New

    What’s new What’s new The table below lists commands which have changed since the previous release, 3.0 MR3. Command execute partitionlogdisk set as bounceverify set as mms_reputation set as profile modify rewrite_rcpt set ip_profile headermanipulation set ip_profile mms_reputation set ip_profile sendervalidation bypassbounceverify set ip_profile_setting rate_control set mailserver access...
  • Page 20 Command set system fortimanager set user pki Change New command. Configures remote administration by and automatic configuration backups to a FortiManager system. New command. Configures public key infrastructure (PKI) authentication for email users and FortiMail administrators. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference What’s new 06-30004-0420-20080814...

  • Page 21: Using The Cli

    Using the CLI Using the CLI This section describes how to connect to and use the FortiMail command line interface (CLI). You can use CLI commands to view all FortiMail system information and to change all system configuration settings. This section contains the following topics: •...

  • Page 22: Connecting To The Cli

    Connecting to the CLI Connecting to the CLI Connecting to the FortiMail unit console set policy <fqdn> modify fallbackhost <host_ipv4> [fallbackport <port>] The fallback host address is required, and a fallback port is optional • A space to separate options that can be entered in any combination and must be separated by spaces.

  • Page 23: Setting Administrative Access For Ssh Or Telnet

    Using the CLI Stop bits Flow control Press Enter to connect to the FortiMail CLI. A prompt appears: FortiMail-400 login: Type a valid administrator name and press Enter. Type the password for this administrator and press Enter. The following prompt appears: Welcome! You have connected to the FortiLog CLI, and you can enter CLI commands.

  • Page 24: Connecting To The Fortimail Cli Using Telnet

    CLI command branches Connecting to the FortiMail CLI using Telnet CLI command branches To connect to the CLI using SSH Install and start an SSH client. Connect to the FortiMail interface that is configured for SSH connections. Type a valid administrator name and press Enter. Type the password for this administrator and press Enter.

  • Page 25: Execute

    execute execute Use execute commands to perform maintenance operations on your FortiMail unit or to perform network test operations such as ping or traceroute. This chapter describes the following execute commands: backup config checklogdisk checkmaildisk clearqueue factoryreset formatlogdisk formatmaildisk formatmaildisk_backup maintain nslookup partitionlogdisk...

  • Page 26: Backup Config

    backup config backup config Use this command to back up system settings to a TFTP server. Syntax execute backup config <name_str> <server_ipv4> <name_str> is the filename for the backup on the TFTP server <server_ipv4> is the IP address of the TFTP server History FortiMail v3.0 New.

  • Page 27: Checklogdisk

    execute checklogdisk When recommended by Customer Support, use this command to find and correct errors on the log disk. Logging is suspended while this command is running. Syntax execute checklogdisk History FortiMail v3.0 New. Related topics • execute checkmaildisk FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 checklogdisk...

  • Page 28: Checkmaildisk

    checkmaildisk checkmaildisk When recommended by Customer Support, use this command to find and correct errors on the mail disk. Actions are reported at the command prompt. If the check can’t fix something automatically, it presents a list of options for the admin to select from. Mail functions are suspended while this command is running.

  • Page 29: Clearqueue

    execute clearqueue Select to remove all messages from the deferred queue. Syntax execute clearqueue History FortiMail v3.0 MR3 New. Related topics • execute checklogdisk FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 clearqueue...

  • Page 30: Factoryreset

    factoryreset execute factoryreset se this command to restore the factory default settings. This will delete your configuration. Syntax execute factoryreset History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 31: Formatlogdisk

    execute formatlogdisk se this command to reformat the local log hard disk to enhance performance. This will delete the logs on the log disk. Syntax execute formatlogdisk History FortiMail v3.0 New. Related topics • execute formatmaildisk • execute formatmaildisk_backup FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 formatlogdisk...

  • Page 32: Formatmaildisk

    formatmaildisk formatmaildisk Use this command to reformat the local email disk to enhance performance after you have backed up the mail database to the log disk with execute formatmaildisk_backup. This will delete your mail database. Syntax execute formatmaildisk History FortiMail v3.0 New.

  • Page 33: Formatmaildisk_Backup

    execute formatmaildisk_backup se this command to back up the mail database to the log disk, and then format the local mail disk. This will enhance performance on the mail disk. Syntax execute formatmaildisk_backup History FortiMail v3.0 New. Related topics • execute formatmaildisk FortiMail™...

  • Page 34: Maintain

    maintain maintain se this command to perform maintenance on mail queues by deleting out-of-date messages. Syntax execute maintain mailqueue clear age <age>[<unit>] <age> messages this age or older will be cleared, and can be from 1 hour to 10 years. <unit>...

  • Page 35: Nslookup

    execute nslookup se this command to perform a name server lookup on the specified host or MX record. Syntax execute nslookup {host | mx} <name_server> <name_server> can be an IP address or a fully qualified domain name. History FortiMail v3.0 New.

  • Page 36: Partitionlogdisk

    partitionlogdisk partitionlogdisk se this command to adjust the ratio of disk space allocated to the logs and mail. By default, 75% of the disk space is allocated to mail and 25% to logs. Syntax execute partitionlogdisk <log_int> <log_int> is the percentage of the total disk space allocated to log files. Specify any value between 10 and 90.

  • Page 37: Ping

    execute ping se this command to ping the specified host name or host IP address. Syntax execute ping {<host_name> | <host_ipv4>} History FortiMail v3.0 New. Related topics • execute ping-option FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 ping...

  • Page 38: Ping-Option

    ping-option ping-option se this command to configure the ping function behavior settings. Syntax execute ping-option <option> Option data-size <bytes> df-bit {yes | no} pattern <hex_pattern> repeat-count <integer> source {auto | <ipv4>} timeout <seconds> tos <tos_value> ttl <TTL_integer> validate-reply {yes | no} Enter yes to validate ping replies. view-settings History FortiMail v3.0...

  • Page 39: Reboot

    execute reboot se this command to restart the FortiMail unit. Syntax execute reboot History FortiMail v3.0 New. Related topics • execute reload FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 reboot...

  • Page 40: Reload

    reload reload If you set your console to batch mode, use this command to flush the current configuration from system memory and reload the configuration from a saved configuration file. Syntax execute reload History FortiMail v3.0 New. Related topics • execute reboot FortiMail™...

  • Page 41: Restore

    execute restore se this command to restore system configuration or firmware from a TFTP server. Syntax execute restore {config | image} <name_str> <server_ipv4> Enter config to restore system settings or image to restore system firmware image. <name_str> is the name of the configuration file on the TFTP server. <server_ipv4>...

  • Page 42: Shutdown

    shutdown shutdown se this command to prepare the FortiMail unit to be powered down. This command clears all buffers and writes all cached data to disk. Power off the FortiMail unit only after issuing this command to prevent possible data loss. Syntax execute shutdown History...

  • Page 43: Smtptest

    execute smtptest se this command to test connectivity to an SMTP server. Syntax execute smtptest <ipv4_addr[:port]> domain <domain_str> <ipv4_addr> is the IP address of the SMTP server [:port] is the optional port number to connect to the SMTP server. <domain_str> is the name of the domain on the SMTP server to connect to. Example This example tests the connection to an SMTP server at 192.168.100.2 on port 25 to the example.com domain.

  • Page 44: Telnettest

    telnettest execute telnettest Use this command to attempt a telnet connection to the specified host IP address. Syntax execute telnettest <host_ipv4[:port]> If you do not specify a port number, port 23 is used. History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 45: Traceroute

    execute traceroute se this command to trace the route to the specified host IP address. Syntax execute traceroute <host_ipv4> History FortiMail v3.0 New. Related topics • execute maintain • execute ping FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 traceroute...

  • Page 46: Update Config

    update config execute update config Use this command to request a configuration update from the FortiManager server. Syntax execute update config History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 47: Updatecenter Updatenow

    execute updatecenter updatenow Use this command to manually initiate a virus definition update. Syntax execute updatecenter updatenow History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 updatecenter updatenow...
  • Page 48 updatecenter updatenow execute FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 49: Get

    alertemail configuration alertemail setting antivirus auth config console fshd status ip_policy ip_pool ip_profile ldap_profile limits log elog log logsetting log msisdn log policy log query log reportconfig log view FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 mailserver mailserver access mailserver archive mailserver localdomains...

  • Page 50: Alertemail Configuration

    alertemail configuration alertemail configuration Use this command to view the alert email recipients. The command displays the SMTP server address, SMTP user name, SMTP authentication status, encrypted SMTP password, and the email addresses used to send the alert. Syntax get alertemail configuration History FortiMail v3.0 New.

  • Page 51: Alertemail Setting

    alertemail setting Use this command to view the alert email configuration. This command displays what is enabled or disabled for: • virus incidents • critical events • disk full • archiving failure • HA events • dictionary corruption • system quarantine quota full Syntax get alertemail configuration Example...

  • Page 52: Antivirus

    antivirus antivirus Use this command to display whether antivirus scanning is enabled. This is available only in server mode. Syntax get antivirus Example FEServer # get antivirus global antivirus scanning is enabled History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...
  • Page 53 Use this command to display information about your antispam configuration. Syntax get as <option> Option blacklistaction control autorelease control bayesian greylist profile <profile_name> spamreport trusted antispam-mta trusted mta Examples FortiMail-400 # get as blacklistaction blacklist action: reject FortiMail-400 # get as control autorelease autorelease account is release-ctrl autodelete account is delete FortiMail-400 # get as control bayesian...
  • Page 54 action: default use personal database: disabled Accept training from users: disabled Use other techniques for auto training: disabled Deepheader filtering: disabled action: default check black ip: enabled headers analysis: enabled Dictionary filtering: disabled action: default dictionary profile: unknown(-1) FortiGuard-Antispam filtering: disabled action: default FortiGuard-Antispam checkip: disabled Dnsbl server lookup: disabled...
  • Page 55 History FortiMail v3.0 New. FortiMail v3.0 MR3 Added trusted antispam-mta and trusted mta commands. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 56: Auth

    auth auth Use this command to display authentication settings by protocol: IMAP, POP3, RADIUS, SMTP. This is available in transparent and gateway modes only. Syntax get auth {imap | pop3 | radius | smtp} History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...
  • Page 57 Use this command to display the settings of an antivirus profile. Syntax get av <profile_name> Example FortiMail-400 # get av avprofile1 Antivirus profiles id=2, name=avprofile1 AV Scanner: enabled AV actions: Heuristic scanning: Heuristic actions: History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 disabled...

  • Page 58: Config

    config config Use this command to display the current FortiMail unit configuration. Syntax get config [<search_string>] <search_string> is an optional search string. If the string contains spaces, enclose it in single quotation marks (' '). If you specify a search string, the command displays only the lines in the configuration file that contain that string.

  • Page 59: Console

    console Use this command to display console settings: the number of lines per page, the mode of operation, and the baud rate of the command line console. Syntax get console Example FortiMail-400 # get console Page number: 24 Console mode: Line Console baudrate: default History FortiMail v3.0...

  • Page 60: Fshd Status

    fshd status fshd status Use this command to display the FortiGuard settings on the FortiMail unit. Syntax get fshd status Example FortiMail-400 # get fshd status Fortishield service status: enabled Fortishield service cache status: enabled Fortishield service cache ttl: 600 Fortishield service hostname antispam.fortigate.com History FortiMail v3.0...

  • Page 61: Ip_Policy

    ip_policy Use this command to list information about IP policies. Syntax get ip_policy [<policy_number>] If you do not specify a policy number, the command provides a list of the IP policies, by name and number. If you specify a policy number, the command lists detailed information about that policy. Example FortiMail-400 # get ip_policy 0 smtpin configuration 0...

  • Page 62: Ip_Pool

    ip_pool ip_pool Use this command to list information about IP pool policies. Syntax get ip_pool {<name_str>} If you do not specify a policy name, the command returns a list of the IP pool policies, by name and ID number. If you specify a policy name, the command lists the IP ranges defined in the policy. History FortiMail v3.0 MR3 New.

  • Page 63: Ip_Profile

    ip_profile Use this command to list information about IP profiles. Syntax get ip_profile [<profile_name>] If you do not specify a profile name, the command provides a list of the IP profiles. If you specify a profile name, the command lists detailed information about that IP profile. Example FortiMail-400 # get ip_profile session_loose smtpin configuration for "session_loose"...
  • Page 64 ip_profile History FortiMail v3.0 New. Related topics • get ip_policy FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 65: Ldap_Profile

    ldap_profile Use this command to display all the settings of the specified LDAP profile. Syntax get ldap_profile profile <name_str> <name_str> is the LDAP profile name. To see a list of LDAP profiles, enter get ldap_profile profile ?. History FortiMail v3.0 New.

  • Page 66: Limits

    limits limits Use this command to display all the settings of the limits command. Syntax get limits <name_str> is the LDAP profile name. To see a list of LDAP profiles, enter get ldap_profile profile ?. Example If you enter the gets limits command on a FortiMail-400 unit, the output will be similar to this: FortiMail-400 # get limits domain level limits domains with 2 tier admin...

  • Page 67: Log Elog

    log elog FortiMail v3.0 New. Use this command to display the event log messages that have been saved to local hard disk or remote syslog server. Syntax get log elog History FortiMail v3.0 New. Related topics • set log policy destination event •...

  • Page 68: Log Logsetting

    log logsetting log logsetting Use this command to display: • the log to locations and whether logging to that location is turned on or off. • the log severity level for each log location • log file size • log time •...

  • Page 69: Log Msisdn

    log msisdn Use this command to find out if the MSISDN column is enabled. Use the set log msisdn command to enable the MSISDN column to display in Log & Report > Logging. Syntax get log msisdn History FortiMail v3.0 MR3 New. Related topics •...

  • Page 70: Log Policy

    log policy log policy Use this command to display information about log policies by destination and log type. Syntax To view which types of logging are enabled for each destination: get log policy To view detailed information about which types of logging are enabled for a destination: get log policy [destination {syslog [number <integer>] | local | console}] To view detailed information about a particular type of logging enabled for a destination:...

  • Page 71: Log Query

    log query Use this command to display all available log query reports, for example, Top_Remote_Virus_Domain_by_Hour_of_Day. The total number of query reports displays at the bottom of the list. Syntax get log query History FortiMail v3.0 New. Related topics • set log reportconfig qry FortiMail™...

  • Page 72: Log Reportconfig

    log reportconfig log reportconfig Use this command to display the settings in a saved log report configuration. The two default reports that become available after setting up your FortiGate unit with the quick start wizard, are also available for this command. Syntax get log reportconfig <config_name_str>...

  • Page 73: Log View

    log view Use this command to display what columns display in Log & Report > Logging for event, history, spam, and virus logs. Use the set log view command to set the fields to display and the log severity level. Syntax get log view {event | history | spam | virus} History...

  • Page 74: Mailserver

    mailserver mailserver Use this command to display the FortiMail email system settings. Syntax get mailserver Example FortiMail-400 # get mailserver dead mail kept: mail storage: Centralized Quarantine: maximum message size: POP3 server port: SMTP authentication: SMTP over SSL: SMTP server port: SMTPS server port: Relay server disabled History...

  • Page 75: Mailserver Access

    mailserver access Use this command to display the permissions for sending and receiving email for each domain. Syntax get mailserver access History FortiMail v3.0 New. Related topics • get mailserver • get mailserver archive • get mailserver localdomains • get mailserver smtp •...

  • Page 76: Mailserver Archive

    mailserver archive mailserver archive Use this command to display information about email archiving. Syntax To view email archiving account settings: get mailserver archive For other information: get mailserver archive {exemptlist | local | policy | remote} Option Description Display the archiving policy exceptions that exempt certain email from being archived. exemptlist Display the disk quota for archiving to the local hard disk.

  • Page 77: Mailserver Localdomains

    mailserver localdomains Use this command to display information about the domains added to the FortiMail unit. This is available in server mode only. Syntax get mailserver localdomain History FortiMail v3.0 New. Related topics • get mailserver • get mailserver access •...

  • Page 78: Mailserver Smtp

    mailserver smtp mailserver smtp Use this command to display settings for SMTP email. Syntax get mailserver smtp <setting> Variables <setting> History FortiMail v3.0 New. FortiMail v3.0 MR2 Added queue keyword. Related topics • get mailserver • get mailserver access • get mailserver archive •...

  • Page 79: Mailserver Systemquarantine

    mailserver systemquarantine Use this command to display the system quarantine settings. The system quarantine is used for mail matching content profiles. Syntax get mailserver systemquarantine Example FortiMail-400 # get mailserver systemquarantine system(content) quarantine account: system(content) quarantine forward: system(content) quarantine disk quota: system(content) quarantine rotate size: 100 Megabytes system(content) quarantine rotate time: 7 Days When reaching disk quota:...

  • Page 80: Misc Profile

    misc profile misc profile Use this command to display the misc profile settings. Available in server mode only. Syntax get misc [<profile_name>] If you do not specify a profile name, the command displays information for all misc profiles. Example FEServer # get misc profile misc_def Misc profiles id=0, name=misc_def User Account Status:...

  • Page 81: Out_Content

    out_content Use this command to display outgoing content profile settings. Syntax get out_content [<name_str>] <name_str> is the name of an outgoing content profile. If you do not specify a profile, the command shows the settings of all outgoing content profiles. History FortiMail v3.0 New.

  • Page 82: Out_Policy

    out_policy out_policy Use this command to display outgoing recipient-based policy settings. Syntax get out_policy [<name_str>] <name_str> is the name of an outgoing policy. If you do not specify a policy, the command shows the settings of all outgoing policies. History FortiMail v3.0 New.

  • Page 83: Out_Profile

    out_profile Use this command to display outgoing antispam profile settings. Syntax get out_profile [<name_str>] <name_str> is the name of an outgoing antispam profile. If you do not specify a profile, the command shows the settings of all outgoing profiles. History FortiMail v3.0 New.

  • Page 84: Policy

    policy policy Use this command to display incoming recipient-based policies for domains. This is available only in transparent and gateway modes. Syntax get policy [<fqdn>] <fqdn> is the domain’s fully-qualified domain name. If you do not specify a domain, the command shows the policies of all domains. History FortiMail v3.0 New.

  • Page 85: Spam Deepheader

    spam deepheader Use this command to display the deep header scan settings. Syntax get spam deepheader Example FortiMail-400 # get spam deepheader Deep header scanner setting: Confidence degree : 95.000000 IP list of trusted server: Trusted IP list : History FortiMail v3.0 MR1 New.

  • Page 86: Spam Heuristic Rules

    spam heuristic rules spam heuristic rules Use this command to display the total number of heuristic antispam rules. The number of rules can change as the FortiGuard service updates the heuristic rule set. Syntax get spam heuristic rules Example FortiMail-400 # get spam heuristic rules The total amount of rules is: 88 History FortiMail v3.0...

  • Page 87: Spam Retrieval Policy

    spam retrieval policy Use this command to display spam retrieval policy information for a domain. This is available in transparent and gateway modes only. Syntax get spam retrieval policy <fqdn_str> <fqdn_str> is the fully qualified domain name. History FortiMail v3.0 New.

  • Page 88: System

    system system Use this command to display system information. Syntax get system <item> <item> admin appearance autoupdate ddns disclaimer hwraid interface kernel localdomainname monitor objver option performance route table serialno snmp community snmp sysinfo Description Display the current list of FortiMail administrator accounts including the user name, the IP address and netmask from which this account can manage the FortiMail unit, and the account read and write permissions.
  • Page 89 <item> snmp threshold status time ntp time time usrgrp domain usrgrp domain [<name_str>] History FortiMail v3.0 New. FortiMail v3.0 MR3 Added ddns, and localdomainname keywords. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 Description Displays the SNMP threshold settings for available traps such as CPU usage, and memory usage.

  • Page 90: User

    user user Use this command to display information about users. Syntax get user <item> <item> alias group ldap map mail History FortiMail v3.0 New. Related topics • get userpolicy Description Display each user alias name and the included members. Display each user group name and the included members. This is available only in server mode.

  • Page 91: Userpolicy

    userpolicy Use this command to display the policy for a specified user. This is available in server mode only. Syntax get userpolicy <name_str> <name_str> is the user name. History FortiMail v3.0 New. Related topics • get user FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 userpolicy...
  • Page 92 userpolicy FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 93: Set

    This chapter describes the following commands: alertemail configuration mailto alertemail deferq alertemail setting option antivirus as blacklistaction as control autorelease, as control bayesian as greylist as profile delete as profile modify as spamreport as trusted auth imap rename-to, auth imap server auth pop3 rename-to, auth pop3 server...

  • Page 94: Alertemail Configuration Mailto

    alertemail configuration mailto alertemail configuration mailto Use this command to set the email addresses of up to three alert email recipients. Syntax To set email recipients: set alertemail configuration mailto <recipient1> [<recipient2>] [<recipient3>] To remove all email recipients: set alertemail configuration mailto none Variables <recipient1>...

  • Page 95: Alertemail Deferq

    alertemail deferq Use this command to configure the deferred email queue alert email conditions. You can set the number of deferred messages that trigger an alert email message, and how frequently the size of the deferred queue is monitored. This is effective only if alertemail setting option deferq is set. Syntax set alertemail deferq trigger <trigger_value>...

  • Page 96: Alertemail Setting Option

    alertemail setting option alertemail setting option Use this command to set which alert email events are enabled. To disable all alert email events, use the none option. Syntax set alertemail setting option {<option_list> | none} Variables <option_list> Example To enable alert email for full hard disk and account quota reached set alertemail setting option diskfull quotafull History FortiMail v2.8...

  • Page 97: Antivirus

    antivirus Use this command to enable or disable antivirus scanning. This command is available in server mode only. Syntax set antivirus {enable | disable} History FortiMail v3.0 New. Related topics • set ip_policy as • set policy modify user • set out_policy modify •...

  • Page 98: As Blacklistaction

    as blacklistaction as blacklistaction Use these commands to set the action to take when an email message arrives from a blacklisted email address, domain, or IP address. This setting affects mail matching all three levels of black lists: system, session, and user. Syntax set as blacklistaction {reject | discard | profile} Keywords and Variables Description...

  • Page 99: As Bounceverify

    as bounceverify Use these commands to configure the bounce verification feature. Spammers sometimes use the email addresses of others as the from address in their spam email messages. When the spam cannot be delivered, a delivery status notification message, or a bounce message, is returned to the sender, which in this case isn’t the real sender.

  • Page 100: As Control Autorelease

    as control autorelease as control autorelease Use these commands to set the control account names used to delete or release email messages from quarantine. Syntax set as control autorelease {delete | release} <control_account> Keywords and Variables Description delete release <control_account> The autorelease address IDs do not include a domain.

  • Page 101: As Control Bayesian

    as control bayesian Use these commands to set the names for Bayesian control accounts. Syntax set as control bayesian is-spam <name_str> set as control bayesian is-not-spam <name_str> set as control bayesian learn-is-spam <name_str> set as control bayesian learn-is-not-spam <name_str> set as control bayesian training-group <sender_str> Keywords and Variables Description FortiMail end users can send spam messages that were is-spam...
  • Page 102 as control bayesian A user with the email address user1@example.com who received a spam message not marked as spam would send it to is-spam@example.com to inform the Bayesian database of its error. Similarly, a good message incorrectly marked as spam would be forwarded to is-not-spam@example.com. These two control address IDs are the defaults, and the domain is taken from the user’s email address domain.

  • Page 103: As Greylist

    as greylist Use these command to configure the greylist settings. Syntax set as greylist capacity <cap_int> set as greylist exempt {add | delete} <address> set as greylist greylistperiod <period_int> set as greylist initial_expiry_period <exp_int> set as greylist ttl <ttl_int> Keywords and Variables capacity <cap_int>...
  • Page 104 as greylist Related topics • set as profile modify greylist FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 105: As Mms_Reputation

    as mms_reputation The MMS Reputation menu enables you to configure MSISDN blacklisting and whitelisting. When used on a mobile phone network, the FortiMail unit can examine text messages for spam. If a user sends multiple spam messages, all messages from the user will be blocked for a time. The number of spam messages and the length of time further messages will be blocked are configurable.

  • Page 106: As Profile Delete

    as profile delete as profile delete Use this command to delete an antispam profile. Syntax set as profile <name_str> delete <name_str> is the name of the profile. History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 107: As Profile Modify Actions

    as profile modify actions Use these commands to modify the actions of an antispam profile. Reject, discard, and forward are mutually exclusive. No more than one can be enabled at any time. If the specified profile does not exist, it is created. Syntax set as profile <name_str>...

  • Page 108: As Profile Modify Auto-Release

    as profile modify auto-release as profile modify auto-release Use these commands to configure the auto-release settings for an antispam profile. Syntax set as profile <name_str> modify auto-release {enable | disable} [webrelease {enable | disable} [autowhitelist {enable | disable}]] Keywords and variables <name_str>...

  • Page 109: As Profile Modify Bannedword

    as profile modify bannedword Use this command to enable or disable banned word filtering for the specified profile. Syntax set as profile <name_str> modify bannedword {enable | disable} <name_str> is the name of the profile. By default, banned word scanning is disabled. History FortiMail v3.0 New.

  • Page 110: As Profile Modify Bannedwordlist

    as profile modify bannedwordlist as profile modify bannedwordlist Use these commands to modify the banned word list for an antispam profile. Syntax set as profile <name_str> modify bannedwordlist <word_str> add set as profile <name_str> modify bannedwordlist <word_str> delete set as profile <name_str> modify bannedwordlist <word_str> move-to <position_int>...

  • Page 111: As Profile Modify Bayesian

    as profile modify bayesian Use these commands to configure Bayesian spam filtering for an antispam profile. Syntax set as profile <name_str> modify bayesian autotrain {enable | disable} set as profile <name_str> modify bayesian scanner {enable | disable} set as profile <name_str> modify bayesian userdb {enable | disable} set as profile <name_str>...

  • Page 112: As Profile Modify Deepheader

    as profile modify deepheader as profile modify deepheader Use this command to enable or disable deep header scanning or for the specified profile. The two separate checks that make up the deep header scan can also be individually enabled or disabled. Syntax set as profile <name_str>...

  • Page 113: As Profile Modify Dictionary

    as profile modify dictionary Use these commands to configure dictionary scans for an antivirus profile. If the any of the words appearing in the specified dictionary are detected in an email message, the message is treated as spam. Syntax set as profile <name_str> modify dictionary dict_profile <dict_int> set as profile <name_str>...

  • Page 114: As Profile Modify Dnsbl

    as profile modify dnsbl as profile modify dnsbl Use this command to enable or disable communication with the DNSBL servers to scan email for the specified profile. IP addresses defined as private network addresses by RFC 1918 are not checked. Syntax set as profile <name_str>...

  • Page 115: As Profile Modify Dnsblserver

    as profile modify dnsblserver Use these commands to modify the DNSBL server list for an antispam profile. Syntax set as profile <name_str> modify dnsblserver <host_str> add set as profile <name_str> modify dnsblserver <host_str> delete set as profile <name_str> modify dnsblserver <host_str> move-to <new_int> set as profile <name_str>...

  • Page 116: As Profile Modify Forgedip

    as profile modify forgedip as profile modify forgedip Use this command to enable or disable forged IP checking for an antispam profile. Syntax set as profile <name_str> modify forgedip {enable | disable} <name_str> is the name of the profile. By default, forged IP checking is disabled. History FortiMail v3.0 New.

  • Page 117: As Profile Modify Fortishield

    as profile modify fortishield Use these commands to configure FortiGuard Antispam functions for an antispam profile. Syntax set as profile <name_str> modify fortishield checkip {enable | disable} set as profile <name_str> modify fortishield scanner {enable | disable} Keywords and variables Description Enter the name of the antispam profile to modify.

  • Page 118: As Profile Modify Greylist

    as profile modify greylist as profile modify greylist Use this command to enable or disable greylisting for an antispam profile. Syntax set as profile <name_str> modify greylist {enable | disable} <name_str> is the name of the profile. By default, greylisting is disabled. History FortiMail v3.0 New.

  • Page 119: As Profile Modify Heuristic

    as profile modify heuristic Use these commands to configure heuristic scanning for an antispam profile. Syntax set as profile <name_str> modify heuristic lower-level <lower_int> set as profile <name_str> modify heuristic scanner {enable | disable} set as profile <name_str> modify heuristic upper-level <upper_int> Keywords and variables Description Enter the name of the antispam profile to modify.

  • Page 120: As Profile Modify Imagespam

    as profile modify imagespam as profile modify imagespam Use these commands to configure an antispam profile to identify spam messages in which the text is stored as an embedded graphics file. Syntax set set as profile <name_str> modify imagespam aggressive {enable | disable} set set as profile <name_str>...

  • Page 121: As Profile Modify Individualaction Scanner

    as profile modify individualaction scanner Use these commands to set the action each spam detection method takes for messages detected as spam. Syntax set as profile <name_str> modify individualaction [scanner {bannedword | bayesian | deepheader | dictionary | forgedip | fortishield | heuristic | imagespam | dnsbl | surbl | virus}] [action {default | subject | reject | discard | forward | quarantine}] Keywords and variables...

  • Page 122: As Profile Modify Quarantine

    as profile modify quarantine as profile modify quarantine Use these commands to configure quarantine settings for an antispam profile. Syntax set as profile <name_str> modify quarantine days <days_int> set as profile <name_str> modify quarantine queue {enable | disable} Keywords and variables Description <name_str>...

  • Page 123: As Profile Modify Rewrite_Rcpt

    as profile modify rewrite_rcpt The rewrite recipient email address feature allows the FortiMail unit to change the recipient email address if the message is detected as spam. Use these commands to configure the recipient email address rewrite feature. Syntax set as profile <name_str> modify rewrite_rcpt {enable | disable} set as profile <name_str>...

  • Page 124: As Profile Modify Scanoptions

    as profile modify scanoptions as profile modify scanoptions Use these commands to configure the antispam scanning options. Syntax set as profile <name_str> modify scanoptions attachment_type pdf {enable | disable} set as profile <name_str> modify scanoptions bypass_on_auth {enable | disable} set as profile <name_str> modify scanoptions maxsize <size_int> Keywords and variables Description <name_str>...

  • Page 125: As Profile Modify Surbl

    as profile modify surbl Use this command to enable or disable the checking of mail against defined SURBL servers for an antispam profile. Syntax set as profile <name_str> modify surbl {enable | disable} <name_str> is the name of the profile. By default, SURBL scanning is disabled. History FortiMail v3.0 New.

  • Page 126: As Profile Modify Surblserver

    as profile modify surblserver as profile modify surblserver Use these commands to configure the SURBL server list of an antispam profile. Syntax set as profile <name_str> modify surblserver <host_str> add set as profile <name_str> modify surblserver <host_str> delete set as profile <name_str> modify surblserver <host_str> move-to <new_int> set as profile <name_str>...

  • Page 127: As Profile Modify Tags

    as profile modify tags Use these commands to configure header and subject tagging for an antispam profile. Syntax set as profile <name_str> modify tags htag <tag_str> set as profile <name_str> modify tags header {enable | disable} set as profile <name_str> modify tags stag <tag_str> set as profile <name_str>...

  • Page 128: As Profile Modify Virus

    as profile modify virus as profile modify virus Use this command to enable or disable treating messages with a virus as spam. Syntax set as profile <name_str> modify virus {enable | disable} By default, this setting is disabled. History FortiMail v3.0 New.

  • Page 129: As Profile Modify Whitelistword

    as profile modify whitelistword Use this command to enable or disable white list word checking in the specified incoming antispam profile. Syntax set as profile <name_str> modify whitelistword {enable | disable} By default, this setting is disabled. History FortiMail v3.0 MR3 New. Related topics •...

  • Page 130: As Profile Modify Whitelistwordlist

    as profile modify whitelistwordlist as profile modify whitelistwordlist Use this command to add, delete, or modify white list words for the specified antispam profile. Syntax set as profile <name_str> modify whitelistwordlist <word_str> add subject {enable | disable} body {enable | disable} set as profile <name_str>...

  • Page 131: As Spamreport

    as spamreport Use these commands to configure spam reports. Syntax set as spamreport hostname <host_str> set as spamreport https {enable | disable} set as spamreport interval <option> set as spamreport timeofday <time_str> set as spamreport webaccess_expiry_period <hours_int> Keywords and variables Description hostname <host_str>...

  • Page 132: As Trusted

    as trusted as trusted Use these commands to configure trusted MTA addresses. If there are any servers within your network that mail travels through before reaching the FortiMail unit, the addresses of these servers would be checked as part of the antispam scans. If spam mail cannot be introduced by these servers, you can exclude them from the antispam checks.

  • Page 133: Auth Imap Rename-To

    auth imap rename-to Use this command to rename an IMAP authentication profile. Syntax set auth imap <name_str> rename-to <new_str> Keywords and Variables Description This is the name of the IMAP authentication profile. <name_str> Enter the new name of the IMAP authentication profile. <new_str>...

  • Page 134: Auth Imap Server

    auth imap server auth imap server Use this command to create or modify the server properties of an IMAP authentication profile. Syntax set auth imap <name_str> server {<host_str> | <server_ipv4>} port <port_int> [option {ssl secure tls domain}] Keywords and Variables Description <name_str>...

  • Page 135: Auth Pop3 Rename-To

    auth pop3 rename-to Use this command to rename a POP3 authentication profile. Syntax set auth pop3 <name_str> rename-to <new_str> Keywords and Variables Description This is the name of the POP3 authentication profile. <name_str> Enter the new name of the POP3 authentication profile. <new_str>...

  • Page 136: Auth Pop3 Server

    auth pop3 server auth pop3 server Use this command to create or modify the server properties of an POP3 authentication profile Syntax set auth pop3 <name_str> server {<host_str> | <server_ipv4>} port <port_int> [option {ssl secure tls domain}] Keywords and Variables Description <name_str>...

  • Page 137: Auth Radius Rename-To

    auth radius rename-to Use this command to rename a Radius authentication profile. Syntax set auth radius <name_str> rename-to <new_str> Keywords and Variables Description This is the name of the Radius authentication profile. <name_str> Enter the new name of the Radius authentication profile. <new_str>...

  • Page 138: Auth Radius Server

    auth radius server auth radius server Use this command to create or modify the server properties of a Radius authentication profile. Syntax set auth radius <name_str> server {<host_str> | <server_ipv4>} secret <password_str> domain {enable | disable} Keywords and Variables Description <name_str>...

  • Page 139: Auth Smtp Rename-To

    auth smtp rename-to Use this command to rename an SMTP authentication profile. Syntax set auth smtp <name_str> rename-to <new_str> Keywords and Variables Description This is the name of the SMTP authentication profile. <name_str> Enter the new name of the SMTP authentication profile. <new_str>...

  • Page 140: Auth Smtp Server

    auth smtp server auth smtp server Use this command to create or modify the server properties of an SMTP authentication profile. Syntax set auth smtp <name_str> server {<host_str> | <server_ipv4>} port <port_number> [option {ssl secure tls domain}] Keywords and Variables Description <name_str>...

  • Page 141: Av Delete

    av delete Use this command to delete antivirus profiles. Syntax set av <av_prof_name> delete where <av_prof_name> is the name of an antivirus profile. History FortiMail v3.0 New. Related topics • set alertemail deferq • set av modify heuristic • set av modify heuristic heuristic_action •...

  • Page 142: Av Modify Actions

    av modify actions av modify actions Use this command to select, for a specified antivirus profile, the action taken when the FortiMail unit detects an infected email message. Specify reject to reject the email message and return an error. Specify discard to simply discard the message after receipt. Syntax set av <av_prof_name>...

  • Page 143: Av Modify Heuristic

    av modify heuristic Use this command to enable or disable heuristic scanning for the specified antivirus profile. Syntax set av <av_prof_name> modify heuristic {enable | disable} <av_prof_name> is the name of the antivirus profile you are configuring. If this is not the name of an existing profile, a new profile is created.

  • Page 144: Av Modify Heuristic Heuristic_Action

    av modify heuristic heuristic_action av modify heuristic heuristic_action Use this command to specify how this antivirus profile handles email messages that contain an infected attachment, as detected through heuristics. The options are: • Disable both discard and reject. FortiMail replaces the infected attachment. •...

  • Page 145: Av Modify Scanner

    av modify scanner Use this command to enable or disable antivirus scanning for the specified profile. Syntax set av <av_prof_name> modify scanner {enable | disable} <av_prof_name> is the name of the antivirus profile you are configuring. If this is not the name of an existing profile, a new profile is created.

  • Page 146: Av Rename-To

    av rename-to av rename-to Use this command to enable or disable antivirus scanning for the specified profile. Syntax set av <av_prof_name> rename-to <newname_str> <av_prof_name> is the name of the antivirus profile to rename. <newname_str> is the new name. History FortiMail v3.0 New.

  • Page 147: Console

    console Use set console to configure console settings. Syntax set console baudrate {9600 | 19200 | 38400 | 57600 | 115200} mode {batch | line} page <line_int> Commands baudrate {9600 | 19200 | 38400 | 57600 | 115200} mode {batch | line} page <line_int>...

  • Page 148: Content Delete

    content delete content delete Use this command to delete a content profile. Syntax set content <name_str> delete <name_str> is the name of the content profile. History FortiMail v3.0 New. Related topics • set content modify filetype • set content modify monitor FortiMail™...

  • Page 149: Content Modify Action

    content modify action Use this command to select the action to be taken on messages matching the specified content profile. Syntax set content <name_str> modify action {treat_as_spam | reject| discard | replace | quarantine | forward} [forwardaddr <addr_str>] Keywords and Variables Description This is the name of the content profile.

  • Page 150: Content Modify Bypass_On_Auth

    content modify bypass_on_auth content modify bypass_on_auth Use this command to allow messages to bypass the content filters if SMTP authorization is enabled and the delivering system successfully authenticates. Syntax set content <name_str> modify bypass_on_auth {enable | disable} <name_str> is the name of the content profile. History FortiMail v3.0 New.

  • Page 151: Content Modify Defersize

    content modify defersize Use this command to set the minimum size of files that will be held for later content scanning. Syntax set content <name_str> modify defersize <size_int> Keywords and Variables Description This is the name of the content profile. <name_str>...

  • Page 152: Content Modify Filetype

    content modify filetype content modify filetype Use this command to block email attachments that match the specified file type. Syntax set content <name_str> modify filetype <filetype_str> {blocked | not-blocked} Keywords and Variables Description <name_str> <filetype_str> {blocked | not-blocked} History FortiMail v3.0 New.

  • Page 153: Content Modify Monitor

    content modify monitor Use this command to configure content monitor profiles. Syntax set content <name_str> modify monitor <profile_int> delete set content <name_str> modify monitor <profile_int> dict_profile <dict_int> set content <name_str> modify monitor <profile_int> {enable | disable} set content <name_str> modify monitor <profile_int> moveto <new_int> set content <name_str>...

  • Page 154: Content Modify Monitor Action

    content modify monitor action content modify monitor action Use this command to select the action to be taken with messages matching the specified content monitor profile. Syntax set content <name_str> modify monitor <profile_int> action {none | discard | forward | quarantine | reject | replace | review | treat_as_spam} Keywords and Variables Description <name_str>...
  • Page 155 content modify monitor action FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 156: Fshd

    fshd fshd Use set fshd to configure FortiGuard service on the FortiMail unit. Syntax set fshd cache status {enabled | disabled} set fshd cache ttl <ttl_int> set fshd hostname <hostname_str> set fshd status {enabled | disabled} Commands cache status {enabled | disabled} cache ttl <ttl_int>...

  • Page 157: Ip_Policy

    ip_policy Use this command to create a new IP policy. Policies are referenced by number, indicating their position in the policy list. Numbering starts with 0 for the first policy. New policies must be created at the end of the current list (the next number in sequence).

  • Page 158: Ip_Policy Action

    ip_policy action ip_policy action Use this command to set the default action to be applied to a connection matching the specified IP policy. Syntax set ip_policy <policy_int> action {scan | reject | tempfail} Keywords and Variables Description <policy_int> scan reject tempfail History FortiMail v3.0...

  • Page 159: Ip_Policy As

    ip_policy as Use this command to set the antispam profile to be applied to traffic controlled by the specified IP policy. Syntax set ip_policy <policy_int> as <name_str> Keywords and Variables Description Enter the IP policy number. <policy_int> Enter the name of the antispam profile. <name_str>...

  • Page 160: Ip_Policy Auth

    ip_policy auth ip_policy auth Use this command to set the authentication type and profile to be applied to the specified IP policy. Syntax set ip_policy <policy_int> auth imap <name_str> set ip_policy <policy_int> auth pop3 <name_str> set ip_policy <policy_int> auth radius <name_str> set ip_policy <policy_int>...

  • Page 161: Ip_Policy Av

    ip_policy av Use this command to set the antivirus profile to be applied to traffic controlled by the specified IP policy. Syntax set ip_policy <policy_int> av <name_str> Keywords and Variables Description Enter the IP policy number. <policy_int> Enter the name of the antivirus profile. <name_str>...

  • Page 162: Ip_Policy Content

    ip_policy content ip_policy content Use this command to set the antivirus profile to be applied to traffic controlled by the specified IP policy. Syntax set ip_policy <policy_int> content <name_str> Keywords and Variables Description <policy_int> <name_str> History FortiMail v3.0 New. Related topics •...

  • Page 163: Ip_Policy Delete

    ip_policy delete Use this command to delete an IP policy. Policies are referenced by number, indicating their position in the policy list. Numbering starts with 0 for the first policy. Syntax set ip_policy <policy_int> delete <policy_int> is the IP policy number. History FortiMail v3.0 New.

  • Page 164: Ip_Policy Exclusive

    ip_policy exclusive ip_policy exclusive Use this command to disable any checks for recipient-based policy matches while this IP-based policy is in effect. The IP-based profile will be applied and matching recipient-based profiles ignored. Syntax set ip_policy <policy_int> exclusive {enable | disable} <policy_int>...

  • Page 165: Ip_Policy Ip

    ip_policy ip Use this command to set the session profile to be applied to the specified IP policy. Syntax set ip_policy <policy_int> ip <name_str> Keywords and variables Description Enter the IP policy number. <policy_int> Enter the name of the session profile. <name_str>...

  • Page 166: Ip_Policy Match (Gateway And Server Modes)

    ip_policy match (gateway and server modes) ip_policy match (gateway and server modes) Use this command to set the client IP address. The IP policy applies to traffic exchanged when this client establishes a connection. Syntax set ip_policy <policy_int> match <client_ipv4/mask> Keywords and variables <policy_int>...

  • Page 167: Ip_Policy Match (Transparent Mode)

    ip_policy match (transparent mode) Use this command to set the client and server IP addresses. The IP policy applies to traffic exchanged when the client connected to the server. In the context of this command, the client is the system initiating the connection and the server is the system receiving the connection attempt.

  • Page 168: Ip_Policy Move

    ip_policy move ip_policy move Use this command to move an IP-based policy from one position in the list to another. Syntax set ip_policy <policy_int> move <new_int> Keywords and variables Description <policy_int> <new_int> History FortiMail v3.0 New. Related topics • set ip_policy •...

  • Page 169: Ip_Policy Smtp

    ip_policy smtp Use this command to configure the use of other authentication types for SMTP. Syntax set ip_policy <policy_integer> smtp {enable | disable} set ip_policy <policy_integer> smtp enable [{enable | disable}] Keywords and variables <policy_int> {enable | disable} [{enable | disable}] If authentication is enabled, choose to enable or disable the sender being allowed to History FortiMail v3.0 New.

  • Page 170: Ip_Pool

    ip_pool ip_pool Use this command to add create a new IP pool profile. Syntax set ip_pool <name_str> Keywords and Variables <name_str> History FortiMail v3.0 MR3 New. Related topics • set ip_pool add_entry • set ip_pool del_entry • set ip_pool delete •...

  • Page 171: Ip_Pool Add_Entry

    ip_pool add_entry Use this command to add a range of IP addresses to an IP pool profile. Syntax set ip_pool <name_str> add_entry <ipv4> <size_int> Keywords and Variables <name_str> <ipv4> <size_int> History FortiMail v3.0 MR3 New. Related topics • set ip_pool •...

  • Page 172: Ip_Pool Del_Entry

    ip_pool del_entry ip_pool del_entry Use this command to delete an IP address range from an IP pool profile. Syntax set ip_pool <name_str> del_entry <rangeID_int> Keywords and Variables <name_str> <rangeID_int> History FortiMail v3.0 MR3 Related topics • set ip_pool • set ip_pool add_entry •...

  • Page 173: Ip_Pool Delete

    ip_pool delete Use this command to delete an IP pool profile. Syntax set ip_pool <name_str> delete Keywords and Variables <name_str> History FortiMail v3.0 MR3 New. Related topics • set ip_pool • set ip_pool add_entry • set ip_pool del_entry • get ip_pool FortiMail™...
  • Page 174 FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 175: Ip_Profile Check

    ip_profile check Use these commands to configure various session checks. Syntax set ip_profile <name_str> check 3_way {enable | disable} set ip_profile <name_str> check allow_pipelining {no | loose | strict} set ip_profile <name_str> check domain {enable | disable} set ip_profile <name_str> check eom_ack {enable | disable} set ip_profile <name_str>...
  • Page 176 ip_profile check Keywords and Variables Description send_dsn {enable | disable} sender {enable | disable} splice {enable | disable} <integer> {seconds | kilobytes} stop_empty_domains {enable | disable} stop_encrypted {enable | disable} syntax {enable | disable} History FortiMail v3.0 New. Related topics •...

  • Page 177: Ip_Profile Connection

    ip_profile connection Use these commands to configure various session connection attributes. Syntax set ip_profile <name_str> connection concurrent <con_int> set ip_profile <name_str> connection hide {enable | disable} set ip_profile <name_str> connection idle_timeout <int> set ip_profile <name_str> connection rate <con_int> <time_int> set ip_profile <name_str> connection stop_blacklisted {enable | disable} set ip_profile <name_str>...

  • Page 178: Ip_Profile Delete

    ip_profile delete ip_profile delete Use this command to delete a session profile. Syntax set ip_profile <name_str> delete <name_str> is the name of the profile. History FortiMail v3.0 New. Related topics • set ip_profile rename FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 179: Ip_Profile Error

    ip_profile error Use these commands to set the parameters related to session communication error penalties. Syntax set ip_profile <name_str> error free <int> set ip_profile <name_str> error initial_delay <int> set ip_profile <name_str> error increment <int> set ip_profile <name_str> error total <int> Keywords and Variables Description Enter the name of the session profile.

  • Page 180: Ip_Profile Headermanipulation

    ip_profile headermanipulation ip_profile headermanipulation Use these commands to have the FortiMail unit remove headers you specify from email messages. Syntax set ip_profile <name_str> headermanipulation remove_received {enable | disable} set ip_profile <name_str> headermanipulation remove_header {enable | disable} set ip_profile <name_str> headermanipulation headerlist add <key_str> set ip_profile <name_str>...

  • Page 181: Ip_Profile Limit

    ip_profile limit Use these commands to set the parameters related to session communication limits. Syntax set ip_profile <name_str> limit noop <int> set ip_profile <name_str> limit rset <int> set ip_profile <name_str> limit emails <int> set ip_profile <name_str> limit header_size <int> set ip_profile <name_str> limit helo <int> set ip_profile <name_str>...

  • Page 182: Ip_Profile List

    ip_profile list ip_profile list Use these commands to enable or disable the session white and black lists. Syntax set ip_profile <name_str> list black {enable | disable} set ip_profile <name_str> list to_black {enable | disable} set ip_profile <name_str> list to_white {enable | disable} set ip_profile <name_str>...

  • Page 183: Ip_Profile Mms_Reputation

    ip_profile mms_reputation The MMS Reputation menu enables you to configure MSISDN blacklisting and whitelisting. When used on a mobile phone network, the FortiMail unit can examine text messages for spam. If a user sends multiple spam messages, all messages from the user will be blocked for a time. The number of spam messages and the length of time further messages will be blocked are configurable.

  • Page 184: Ip_Profile Rename

    ip_profile rename ip_profile rename Use this command to rename an existing session profile. Syntax set ip_profile <name_str> rename <new_str> Keywords and Variables Description <name_str> rename <new_str> History FortiMail v3.0 New. Related topics • set ip_profile delete Enter the name of the session profile. Enter the new name of the specified session profile.

  • Page 185: Ip_Profile Senderreputation

    ip_profile senderreputation Use these commands to configure the sender reputation feature. Syntax set ip_profile <name_str> senderreputation reject <int> set ip_profile <name_str> senderreputation status {enable | disable} set ip_profile <name_str> senderreputation tempfail <int> set ip_profile <name_str> senderreputation throttle <int> set ip_profile <name_str> senderreputation throttle_number <int> set ip_profile <name_str>...

  • Page 186: Ip_Profile Sendervalidation

    ip_profile sendervalidation ip_profile sendervalidation The sender validation options allow confirmation of sender and message validity. Syntax set ip_profile <name_str> sendervalidation authenticated {enable | disable} set ip_profile <name_str> sendervalidation bypassbounceverify {enable | disable} set ip_profile <name_str> sendervalidation dkim {enable | disable} set ip_profile <name_str>...
  • Page 187 Related topics • set ip_profile check • set ip_profile connection • set ip_profile error • set ip_profile limit • set ip_profile list FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 ip_profile sendervalidation...

  • Page 188: Ip_Profile_Setting Rate_Control

    ip_profile_setting rate_control ip_profile_setting rate_control The rate control option enables you to control the rate at which email messages can be sent, either by the number of SMTP connections or the number of email messages. Syntax set ip_profile_setting rate_control {connection | message} Keywords and Variables rate_control {connection | message}...

  • Page 189: Ldap_Profile Profile Asav

    ldap_profile profile asav Use these commands to enable the FortiMail unit to query an LDAP server for user antivirus and antispam parameters. Syntax set ldap_profile profile <name_str> asav antispam <as_str> set ldap_profile profile <name_str> asav antivirus <av_str> set ldap_profile profile <name_str> asav asavstate {enable | disable} Keywords and Variables Description Enter the name of the LDAP profile.

  • Page 190: Ldap_Profile Clearallcache

    ldap_profile clearallcache ldap_profile clearallcache Use this command to clear all LDAP profile caches. Syntax set ldap_profile clearallcache History FortiMail v3.0 MR3 New. Related topics • set ldap_profile profile clearcache • set ldap_profile profile option • unset ldap_profile FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 191: Ldap_Profile Profile Auth

    ldap_profile profile auth Use these commands to configure the way the way users are authenticated. Syntax set ldap_profile profile <name_str> auth authstate {enable | disable} set ldap_profile profile <name_str> auth cnidname <cnid_str> set ldap_profile profile <name_str> auth cnidstatus {enable | disable} set ldap_profile profile <name_str>...

  • Page 192: Ldap_Profile Profile Clearcache

    ldap_profile profile clearcache ldap_profile profile clearcache Use this command to clear the cache of the specified LDAP profile. Syntax set ldap_profile profile <name_str> clearcache History FortiMail v3.0 MR3 New. Related topics • set ldap_profile clearallcache • set ldap_profile profile auth •...

  • Page 193: Ldap_Profile Profile Fallback_Server

    ldap_profile profile fallback_server Use this command to configure an LDAP fallback server. If the server defined in the Server Name/IP field is unreachable and a fallback server is defined, the FortiMail unit will connect to the fallback server to submit its query. To clear the fallback server, issue the command with an empty server name as shown in the syntax examples.

  • Page 194: Ldap_Profile Profile Group

    ldap_profile profile group ldap_profile profile group Use these commands to configure an LDAP group query. Syntax set ldap_profile profile <name_str> group groupstate {enable | disable} set ldap_profile profile <name_str> group groupstate {enable | disable} virtual {enable | disable} memberofattribute <attr_str> relativename {enable | disable} basedn <basedn_str>...

  • Page 195: Ldap_Profile Profile Option

    ldap_profile profile option Use these commands to configure the advanced LDAP profile options. Syntax set ldap_profile profile <name_str> option cachestate {enable | disable} set ldap_profile profile <name_str> option cachettl <ttl_int> set ldap_profile profile <name_str> option timelimit <timeout_int> set ldap_profile profile <name_str> option unauthbind {enable | disable} set ldap_profile profile <name_str>...

  • Page 196: Ldap_Profile Profile Pwd

    ldap_profile profile pwd ldap_profile profile pwd Use these commands to configure webmail password options. Syntax set ldap_profile profile <name_str> pwd webmailschema {openldap | activedirectory | <schema_str>} set ldap_profile profile <name_str> pwd webmailstatus {enable | disable} Keywords and Variables Description <name_str> webmailschema {openldap | activedirectory |...

  • Page 197: Ldap_Profile Profile Routing

    ldap_profile profile routing Use these commands to configure mail routing options if each user’s LDAP profile contains mail routing information. Syntax set ldap_profile profile <name_str> routing addr <route_str> set ldap_profile profile <name_str> routing host <host_str> set ldap_profile profile <name_str> routing routingstate {enable | disable} Keywords and Variables Description Enter the name of the LDAP profile.

  • Page 198: Ldap_Profile Profile Server

    ldap_profile profile server ldap_profile profile server Use these commands to configure information about the LDAP server. Syntax set ldap_profile profile <name_str> server {<host_str> | <server_ipv4>} [port <port_int> [secure {none | ssl}]] Keywords and Variables Description <name_str> server {<host_str> | <server_ipv4>} port <port_int>...

  • Page 199: Ldap_Profile Profile User

    ldap_profile profile user Use these commands to configure user query options for the FortiMail unit to query the LDAP server. Syntax set ldap_profile profile <name_str> user basedn <basedn_str> set ldap_profile profile <name_str> user binddn <binddn_str> set ldap_profile profile <name_str> user bindpw <bindpw_str> set ldap_profile profile <name_str>...
  • Page 200 ldap_profile profile user • unset ldap_profile FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 201: Limits Domain-Level

    limits domain-level Use this command to fine tune the domain-related maximum values on your FortiMail unit. The syntax requires that the four values be entered every time the command is executed. Even if you only want to change one value, all four must be entered. Entering 0 for any value resets it to the default.

  • Page 202: Limits System-Level General

    limits system-level general limits system-level general Use this command to fine tune the general system maximum values on your FortiMail unit. The syntax requires the three values be entered every time the command is executed. Even if you only want to change one value, all three must be entered. Entering 0 for any value resets it to the default. The new values will take effect when the FortiMail unit is restarted.

  • Page 203: Limits System-Level Groups

    limits system-level groups Use this command to fine tune the group-related maximum values on your FortiMail unit. The syntax requires the two values be entered every time the command is executed. Even if you only want to change one value, both must be entered. Entering 0 for any value resets it to the default. The new values will take effect when the FortiMail unit is restarted.

  • Page 204: Limits System-Level Mail-Users

    limits system-level mail-users limits system-level mail-users Use this command to adjust the maximum number of mail users that can be created on your FortiMail unit. The new value will take effect when the FortiMail unit is restarted. Syntax set limits system-level mail-users <users_int> Keywords and Variables Description <users_int>...

  • Page 205: Limits System-Level Other-Profiles

    limits system-level other-profiles Use this command to fine tune some of the profile-related maximum values on your FortiMail unit. The syntax requires that the five values be entered every time the command is executed. Even if you only want to change one value, all five must be entered. Entering 0 for any value resets it to the default.

  • Page 206: Limits System-Level Policies

    limits system-level policies limits system-level policies Use this command to fine tune the policy-related maximum values on your FortiMail unit. The syntax requires the two values be entered every time the command is executed. Even if you only want to change one value, both must be entered. Entering 0 for any value resets it to the default. The new values will take effect when the FortiMail unit is restarted.
  • Page 207 FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 208: Log Msisdn

    log msisdn log msisdn Use this command to display the MSISDN column in Log & Report > Logging, in the web-based manager. The MSISDN column displays only when this command is enabled. Syntax To enable the MSISDN column to display in Log & Report > Logging set log msisdn {enable | disable} History FortiMail v3.0 MR3 New.

  • Page 209: Log Policy Destination Event

    log policy destination event Use this command to enable and log events to a device. You need to enable event logging before selecting what events to log to a device. Syntax To enable and configure events for a device set log policy destination {console | local | syslog} event status enable set log policy destination {console | local | syslog} event category [configuration ha imap login pop3 smtp system updatefailed updatesucceeded webmail none]...

  • Page 210: Log Policy Destination History

    log policy destination history log policy destination history Use this command to enable history logs to a device. Syntax To enable history logs set log policy destination {console | local | syslog} history status enable Keywords/Variables status {enable | disable} History FortiMail v2.8 New.

  • Page 211: Log Policy Destination Spam

    log policy destination spam Use this command to enable and log spam events for a device. You need to enable spam logging before selecting spam events. Syntax To enable logging of spam events for a device set log policy destination {console | local | syslog} spam status enable set log policy destination {console | local | syslog} spam category detected Keywords/Variables...

  • Page 212: Log Policy Destination Virus

    log policy destination virus log policy destination virus Use this command to enable and log virus events for a device. You need to enable virus logging before selecting virus events. Syntax To enable logging of virus events for a device set log policy destination {console | local | syslog} virus status enable set log policy destination {console | local | syslog} virus category infected...

  • Page 213: Log Reportconfig Direction

    log reportconfig direction Use this command to configure what types of emails the report will contain. Syntax To configure the report direction set log reportconfig <reportconfigname> direction {both | incoming | outgoing} Keywords/Variables {both | incoming | outgoing} History FortiMail v2.8 New.

  • Page 214: Log Reportconfig Domain

    log reportconfig domain log reportconfig domain Use this command to configure what domain or domains the report will contain. Syntax To configure the report domain set log reportconfig <reportconfigname> domain <ALL> set log reportconfig <reportconfigname> domain <domain_name1> [<domain_name2>, <domain_name3>,...] Keywords/Variables <ALL>...

  • Page 215: Log Reportconfig Mailto

    log reportconfig mailto Use this command to configure the email addresses you want to send the generated report to. Syntax To configure the email addresses to send the generated report to set log reportconfig <reportconfigname> mailto <email_addr1> [<email_addr2>, <email_addr3> ...] format {html | pdf} Keywords/Variables <email_addr1>...

  • Page 216: Log Reportconfig Period

    log reportconfig period log reportconfig period Use this command to configure the time frame of logs you want included in the report. Syntax To configure the period of time for the report set log reportconfig <reportconfigname> period from <YYYY-MM-DD-HH> to <YYYY-MM-DD-HH>...

  • Page 217: Log Reportconfig Qry

    log reportconfig qry Use this command to enable the type of query you want included in the report, such as email statistic messages by day. Syntax To enable queries for the report set log reportconfig <reportconfigname> <qry> [<query_str1>, <query_str2>, <query_str3>, ...] {enable | disable} Keywords/Variables <qry>...

  • Page 218: Log Reportconfig Schedule Hour

    log reportconfig schedule hour log reportconfig schedule hour Use this command to schedule when the report is automatically generated. Syntax To configure the schedule set log reportconfig <reportconfigname> schedule hour {daily | days <days_str> | dates <dates_integer>} set log reportconfig <reportconfigname> schedule off Keywords/Variables schedule hour {daily | days <days_str>...

  • Page 219: Log Setting Console

    log setting console Use this command to configure logging to the console. Syntax To configure logging to the console set log setting console status {enable | disable} set log setting console loglevel <severity_integer> Keywords/Variables status {enable | disable} loglevel <severity_integer> History FortiMail v2.8 New.

  • Page 220: Log Setting Local

    log setting local log setting local Use this command to configure logging to the local FortiMail hard disk. Syntax To configure logging to the local hard disk set log setting local status {enable | disable} set log setting local diskfull {overwrite | nolog} set log setting local filesz <file-sz_integer>...

  • Page 221: Log Setting Syslog

    log setting syslog Use this command to configure logging to the Syslog server. Syntax To configure logging to the Syslog server set log setting syslog status {enable | disable} set log setting syslog server <server_ip4> set log setting syslog port <port_integer> set log setting syslog number <number_integer>...
  • Page 222 log setting syslog Related topics • set log setting localset • set log policy destination event • set log policy destination spam • set log policy destination virus • set log policy destination history FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 223: Log View Fields

    log view fields Use this command to configure what columns will appear when viewing a log type in the web-based manager. Syntax To set the columns to display for a log type set log view {event | history | spam | virus} fields {date time others action from log_id module msg pri reason status src_ip submodule subtype to type ui user classifier client_name disposition message_length resolved session_id subject virus mailer MSISDN}...

  • Page 224: Log View Loglevel

    log view loglevel log view loglevel Use this command to configure the log severity level of what displays when viewing log messages in the web-based manager. Syntax To set the log severity level that will display in the web-based manager set log view loglevel {event | history | spam | virus} loglevel <severity_integer>...

  • Page 225: Mailserver Access

    mailserver access Use this command to configure, delete, and reorder mailserver access rules. Access rules are processed in numerical order. Use the ‘move’ keyword to change the order of rules to achieve your desired processing order. If there are two rules that apply, the rule with the lowest number will be processed first.
  • Page 226 mailserver access Keywords and Variables Description tlsprofile <profile_str> permission {ok | relay | reject | discard} History FortiMail v3.0 New. FortiMail v3.0 MR3 Major change to command. Added set, move, delete, rule, sender_pattern, recipient_pattern, reverse_dns_pattern, and ip_mask keywords. FortiMail v3.0 MR4 Added authenticated and tlsprofile. To enforce TLS connection attributes, select a TLD profile.

  • Page 227: Mailserver Archive Account

    mailserver archive account Use this command to configure the archive account settings. Syntax set mailserver archive account <account_str> set mailserver archive account <account_str> forward <email_str> set mailserver archive account <account_str> password <pwd_str> set mailserver archive account <account_str> quotafull {overwrite | noarchive} set mailserver archive account <account_str>...

  • Page 228: Mailserver Archive Exemptlist

    mailserver archive exemptlist mailserver archive exemptlist Use this command to configure the exemptlist and exemptlist entries. Syntax set mailserver archive exemptlist exemptid <id_int> content <content_str> set mailserver archive exemptlist exemptid <exemptid_str> status {enable | disable} set mailserver archive exemptlist exemptid <exemptid_str> type {sender | recipient | spam} set mailserver archive exemptlist move <position_int>...

  • Page 229: Mailserver Archive Local Quota

    mailserver archive local quota Use this command to specify the archive quota if the archive is stored on the FortiMail unit. Syntax set mailserver archive local quota <quota_int> Keywords and Variables Description Enter the local disk quota for archived email. The quota is specified in quota <quota_int>...

  • Page 230: Mailserver Archive Policy

    mailserver archive policy mailserver archive policy Use this command to configure archive policies. Syntax set mailserver archive policy move <position_int> to <new_int> set mailserver archive policy policyid <policyid_int> content <content_str> set mailserver archive policy policyid <policyid_int> status {enable | disable} set mailserver archive policy policyid <policyid_int>...

  • Page 231: Mailserver Archive Remote

    mailserver archive remote Use this command to specify the settings used when the FortiMail unit will store its email archive on a remote host. Syntax set mailserver archive remote directory <directory_str> ip <host_ipv4> localquota <quota_int> password <pwd_str> remotequota <quota_int> username <usr_str> Keywords and Variables directory <dir_str>...

  • Page 232: Mailserver Deadmail

    mailserver deadmail mailserver deadmail Use this command to enter the number of days to keep email with incorrect recipient and sender addresses. Syntax set mailserver deadmail <value> <value> is the time in days - from 1 to 365. History FortiMail v3.0 New.

  • Page 233: Mailserver Portnumber

    mailserver portnumber Use this command to enter email port numbers for the FortiMail unit. Syntax set mailserver portnumber pop3 <port_number> (server mode) set mailserver portnumber smtp <port_number> set mailserver portnumber smtps <port_number> Keywords and Variables pop3 <port_number> smtp <port_number> smtps <port_number> History FortiMail v3.0 New.

  • Page 234: Mailserver Proxy Smtp Interface

    mailserver proxy smtp interface mailserver proxy smtp interface Use this command to configure SMTP proxy behavior on an interface. The unknown keyword is for handling unknown servers. Syntax set mailserver proxy smtp interface <port> imode {pass-through | drop | proxy} omode {pass-through | drop | proxy} local {enable | disable} Keywords and Variables interface <port>...

  • Page 235: Mailserver Proxy Smtp Unknown

    mailserver proxy smtp unknown Use this command to configure SMTP proxy behavior for unknown servers. Syntax To change general unknown server settings: set mailserver proxy smtp unknown <hide> <original> The proxy SMTP unknown options are also available on a per domain basis under on page 295 Keywords and Variables <hide>...

  • Page 236: Mailserver Relayserver

    mailserver relayserver mailserver relayserver Use this command to configure the relay server settings including name, port, and authentication. Syntax set mailserver relayserver <name_str> port <port_number> authentication {enable | disable} username <name_str> password <pwd_str> type <auth_type> Keywords and Variables <name_str> port <port_number> authentication {enable | disable} username <name_str>...

  • Page 237: Mailserver Smtp Deferbigmsg

    mailserver smtp deferbigmsg Use this command to configure the period when deferred oversized emails will start and stop being processed. Deferring oversized emails can offload processing to a time of day when email traffic is not as busy. Syntax set mailserver smtp deferbigmsg starttime <hh:mm> set mailserver smtp deferbigmsg stoptime <hh:mm>...

  • Page 238: Mailserver Smtp Delivery

    mailserver smtp delivery mailserver smtp delivery Selecting ‘yes’ for this command will turn off ESMTP delivery. Syntax set mailserver smtp delivery noesmtp {yes | no} History FortiMail v3.0 MR3 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 239: Mailserver Smtp Dsn

    mailserver smtp dsn_ Use this command to configure the delivery status notification (DSN) messages sender information. Syntax set mailserver smtp dsn_displayname <name_str> set mailserver smtp dsn_sender <email_str> <name_str> is the sender’s name the notification is from. An example would be postmaster. <email_str>...

  • Page 240: Mailserver Smtp Ldap_Domain_Check

    mailserver smtp ldap_domain_check mailserver smtp ldap_domain_check Use this command to check the validity of domains not configured on the FortiMail unit with LDAP verification. Email messages to domains passing this check can be routed to internal mail servers using LDAP routing. Syntax set mailserver smtp ldap_domain_check <enable | disable>...

  • Page 241: Mailserver Smtp Queue

    mailserver smtp queue Use this command to configure the time outs and retries for undelivered mail in queues. Note: The units of time are not the same for all keywords in this command. Syntax set mailserver smtp queue dsn_timeout <dsn_timeout> retry <retry interval>...

  • Page 242: Mailserver Smtpauth

    mailserver smtpauth mailserver smtpauth Use this command to enable or disable authentication using SMTP, SMTP over TLS, or SMTPS. If authentication is not configured, clients can still attempt to authenticate, though they will always fail. Using this command to disable the client’s ability to authenticate will prevent this situation from occurring.

  • Page 243: Mailserver Smtpssl

    mailserver smtpssl Use this command for SMTP over secure socket layer (SSL). Syntax set mailserver smtpssl {enabled | disabled} History FortiMail v3.0 MR3 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 mailserver smtpssl...

  • Page 244: Mailserver Smtp Storage

    mailserver smtp storage mailserver smtp storage Use this command to configure local or Syntax set mailserver smtp storage local set mailserver smtp storage nfs dir <nfs_server_dir> set mailserver smtp storage nfs ip <ipv4_addr> Keywords and Variables local | nfs type {disable | client | <type>} History FortiMail v3.0 MR3 New.

  • Page 245: Mailserver Smtp Storage Cquar

    mailserver smtp storage cquar Use this command to configure central quarantine mail storage options. Central quarantine stores quarantined email on a separate high-end model FortiMail unit. This reduces the resources required on the local unit. The allowance keyword is only available when the FortiMail unit is a central quarantine server. The remoteserver keyword is only available for FortiMail client units.
  • Page 246 mailserver smtp storage cquar set mailserver smtp storage cquar remoteserver name “FortiMailClient1” host 10.10.10.2 History FortiMail v3.0 MR3 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 247: Mailserver Systemquarantine

    mailserver systemquarantine Use this command to configure the system quarantine settings. Syntax set mailserver systemquarantine account <name_str> password <pwd_str> set mailserver systemquarantine forward <address_str> set mailserver systemquarantine quota <quota_int> set mailserver systemquarantine quotafull {overwrite | noquarantine} set mailserver systemquarantine rotatesize <size_int> rotatetime <time_int>...

  • Page 248: Misc Profile Delete

    misc profile delete misc profile delete Use this command to delete a misc profile. This command is available in server mode only. Syntax set misc profile <name_str> delete <name_str> is the name of the misc profile. History FortiMail v3.0 New. Related topics •...

  • Page 249: Misc Profile Modify Quota

    misc profile modify quota Use this command to change the disk space quota in megabytes for the mail user account, or accounts, for the specified profile. This command is available in server mode only. Syntax set misc profile <name_str> modify quota <quota_int> Keywords and Variables Description This is the name of the misc profile.

  • Page 250: Misc Profile Modify Userstatus

    misc profile modify userstatus misc profile modify userstatus Use this command to enable or disable the user account, or accounts, for the specified profile. This command is available in server mode only. Syntax set misc profile <name_str> modify userstatus {enable | disable} Keywords and Variables Description <name_str>...

  • Page 251: Misc Profile Modify Webmailaccess

    misc profile modify webmailaccess Enables or disables Webmail access for the specified profile. This command is available in server mode only. Syntax set misc profile <name_str> modify webmailaccess {enable | disable} Keywords and Variables Description This is the name of the misc profile. <name_str>...

  • Page 252: Misc Profile Rename-To

    misc profile rename-to misc profile rename-to Use this command to rename a misc profile. This command is available in server mode only. Syntax set misc profile <name_str> rename-to <new_str> Keywords and Variables Description <name_str> <new_str> History FortiMail v3.0 New. Related topics •...

  • Page 253: Out_Content Delete

    out_content delete Use this command to delete a outgoing content profile. Syntax set out_content <name_str> delete <name_str> is the name of the outgoing content profile. History FortiMail v3.0 New. Related topics • set out_content modify filetype • set out_content modify monitor FortiMail™...

  • Page 254: Out_Content Modify Action

    out_content modify action out_content modify action Use this command to select the action to be taken with messages matching the specified outgoing content profile. Syntax set out_content <name_str> modify action {treat_as_spam | reject| discard | replace | quarantine | forward} [forwardaddr <addr_str>] Keywords and Variables Description <name_str>...

  • Page 255: Out_Content Modify Bypass_On_Auth

    out_content modify bypass_on_auth Use this command to allow messages to bypass the outgoing content filters if SMTP authorization is enabled and the delivering system successfully authenticates. Syntax set out_content <name_str> modify bypass_on_auth {enable | disable} <name_str> is the name of the outgoing content profile. History FortiMail v3.0 New.

  • Page 256: Out_Content Modify Filetype

    out_content modify filetype out_content modify filetype Use this command to block email attachments that match the specified file type. Syntax set out_content <name_str> modify filetype <filetype_str> {blocked | not-blocked} Keywords and Variables Description <name_str> <filetype_str> {blocked | not-blocked} History FortiMail v3.0 New.

  • Page 257: Out_Content Modify Monitor Action

    out_content modify monitor action Use this command to select the action to be taken with messages matching the specified outgoing content monitor profile. Syntax set out_content <name_str> modify monitor <profile_int> action {none | discard | forward | quarantine | reject | replace | review | treat_as_spam} Keywords and Variables Description This is the name of the outgoing content profile.

  • Page 258: Out_Content Modify Monitor

    out_content modify monitor out_content modify monitor Use this command to configure outgoing content monitor profiles. Syntax set out_content <name_str> modify monitor <profile_int> delete set out_content <name_str> modify monitor <profile_int> dict_profile <dict_int> set out_content <name_str> modify monitor <profile_int> {enable | disable} set out_content <name_str>...
  • Page 259 out_content modify monitor FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 260: Out_Policy Profile Delete

    out_policy profile delete out_policy profile delete Use this command to delete an outgoing recipient-based policy. This command applies to gateway and transparent modes only. Syntax set out_policy <user_str> delete <user_str> is the user the policy applies to. History FortiMail v3.0 New.

  • Page 261: Out_Policy Modify

    out_policy modify Use these commands to configure outgoing recipient-based policies. This command applies to gateway and transparent modes only. Syntax set out_policy <user_str> modify as <name_str> set out_policy <user_str> modify av <name_str> set out_policy <user_str> modify content <name_str> Keywords and Variables <user_str>...

  • Page 262: Out_Policy Move-To

    out_policy move-to out_policy move-to Use this command to move an outgoing recipient-based policy to a new position in the policy list. This command applies to gateway and transparent modes only. Syntax set out_policy <user_str> move-to <new_int> Keywords and variables <user_str> move-to <new_int>...

  • Page 263: Out_Policy Rename-To

    out_policy rename-to Use this command to rename an outgoing recipient-based policy. This command applies to gateway and transparent modes only. Syntax set out_policy <user_str> rename-to <new_str> Keywords and variables <user_str> rename-to <new_str> History FortiMail v3.0 New. Related topics • set out_policy profile delete •...

  • Page 264: Out_Profile Profile Delete

    out_profile profile delete out_profile profile delete Use this command to delete an outgoing antispam profile. Syntax set out_profile profile <name_str> delete <name_str> is the name of the outgoing antispam profile. History FortiMail v3.0 New. Related topics • set out_profile profile rename-to FortiMail™...

  • Page 265: Out_Profile Profile Modify Actions

    out_profile profile modify actions Use these command to modify the actions of an outgoing antispam profile. Reject, discard, and forward are mutually exclusive. No more than one can be enabled at any time. If the specified profile does not exist, it is created. Syntax set out_profile profile <name_str>...

  • Page 266: Out_Profile Profile Modify Bannedword

    out_profile profile modify bannedword out_profile profile modify bannedword Use this command to enable or disable outgoing banned word filtering for the specified profile. Syntax set out_profile profile <name_str> modify bannedword {enable | disable} <name_str> is the name of the profile. By default, banned word scanning is disabled. History FortiMail v3.0 New.

  • Page 267: Out_Profile Profile Modify Bannedwordlist

    out_profile profile modify bannedwordlist Use these command to modify the banned word list for an outgoing antispam profile. Syntax set out_profile profile <name_str> modify bannedwordlist <word_str> add set out_profile profile <name_str> modify bannedwordlist <word_str> delete set out_profile profile <name_str> modify bannedwordlist <word_str> move-to <position_int>...

  • Page 268: Out_Profile Profile Modify Bayesian

    out_profile profile modify bayesian out_profile profile modify bayesian Use this command to enable or disable Bayesian spam filtering for the specified antispam profile. Syntax set out_profile profile <name_str> modify bayesian {enable | disable} Keywords and variables <name_str> {enable | disable} History FortiMail v3.0 New.

  • Page 269: Out_Profile Profile Modify Deepheader

    out_profile profile modify deepheader Use this command to enable or disable deep header scanning or for the specified profile. The two separate checks that make up the deep header scan can also be individually enabled or disabled. Syntax set out_profile profile <name_str> modify deepheader scanner {enable | disable} set out_profile as profile <name_str>...

  • Page 270: Out_Profile Profile Modify Dictionary

    out_profile profile modify dictionary out_profile profile modify dictionary Use these commands to configure dictionary scans for the specified outgoing antispam profile. Syntax set out_profile profile <name_str> modify dictionary dict_profile <dict_int> set out_profile profile <name_str> modify dictionary scanner {enable | disable} Keywords and variables Description <name_str>...

  • Page 271: Out_Profile Profile Modify Dnsbl

    out_profile profile modify dnsbl Use this command to enable or disable communication with the DNSBL servers to scan email for the specified outgoing antispam profile. Syntax set out_profile profile <name_str> modify dnsbl {enable | disable} <name_str> is the name of the profile. By default, the DNSBL lookup is disabled. History FortiMail v3.0 New.

  • Page 272: Out_Profile Profile Modify Dnsblserver

    out_profile profile modify dnsblserver out_profile profile modify dnsblserver Use these commands to modify the DNSBL server list for an outgoing antispam profile. Syntax set out_profile profile <name_str> modify dnsblserver <host_str> add set out_profile profile <name_str> modify dnsblserver <host_str> delete set out_profile profile <name_str> modify dnsblserver <host_str> move-to <new_int>...

  • Page 273: Out_Profile Profile Modify Fortishield

    out_profile profile modify fortishield Use these commands to configure FortiGuard-Antispam functions for an outgoing antispam profile. Syntax set out_profile profile <name_str> modify fortishield checkip {enable | disable} set out_profile profile <name_str> modify fortishield scanner {enable | disable} Keywords and variables Description Enter the name of the antispam profile to modify.

  • Page 274: Out_Profile Profile Modify Greylist

    out_profile profile modify greylist out_profile profile modify greylist Use this command to enable or disable greylisting for an outgoing antispam profile. Syntax set out_profile profile <name_str> modify greylist {enable | disable} <name_str> is the name of the profile. By default, greylisting is disabled. History FortiMail v3.0 New.

  • Page 275: Out_Profile Profile Modify Heuristic

    out_profile profile modify heuristic Use these commands to configure heuristic scanning for an outgoing antispam profile. Syntax set out_profile profile <name_str> modify heuristic lower-level <lower_int> set out_profile profile <name_str> modify heuristic scanner {enable | disable} set out_profile profile <name_str> modify heuristic upper-level <upper_int>...

  • Page 276: Out_Profile Profile Modify Imagespam

    out_profile profile modify imagespam out_profile profile modify imagespam Use these commands to configure an outgoing antispam profile to identify spam messages in which the text is stored as an embedded graphics file. Syntax set out_profile profile <name_str> modify imagespam aggressive {enable | disable} set out_profile profile <name_str>...

  • Page 277: Out_Profile Profile Modify Individualaction Scanner

    out_profile profile modify individualaction scanner Use these commands to set the action each spam detection method takes for messages detected as spam. Syntax set out_profile profile <name_str> modify individualaction scanner {bannedword | bayesian | deepheader | dictionary | dnsbl | fortishield | heuristic | imagespam | surbl | virus} action {default | discard | forward | reject | review | subject} Keywords and variables Description...

  • Page 278: Out_Profile Profile Modify Scanoptions

    out_profile profile modify scanoptions out_profile profile modify scanoptions Use these commands to configure scanning options for an outgoing antispam profile. Syntax set out_profile profile <name_str> modify scanoptions attachment_type pdf {enable | disable} set out_profile profile <name_str> modify scanoptions bypass_on_auth {enable | disable} set out_profile profile <name_str>...

  • Page 279: Out_Profile Profile Modify Surbl

    out_profile profile modify surbl Use this command to enable or disable the checking of mail against defined SURBL servers for an outgoing antispam profile. Syntax set out_profile profile <name_str> modify surbl {enable | disable} <name_str> is the name of the profile. By default, SURBL scanning is disabled. History FortiMail v3.0 New.

  • Page 280: Out_Profile Profile Modify Surblserver

    out_profile profile modify surblserver out_profile profile modify surblserver Use these commands to configure the SURBL server list for an outgoing antispam profile. Syntax set out_profile profile <name_str> modify surblserver <host_str> add set out_profile profile <name_str> modify surblserver <host_str> delete set out_profile profile <name_str> modify surblserver <host_str> move-to <new_int>...

  • Page 281: Out_Profile Profile Modify Tags

    out_profile profile modify tags Use these commands to configure header and subject tagging for an outgoing antispam profile. Syntax set out_profile profile <name_str> modify tags header {enable | disable} set out_profile profile <name_str> modify tags htag <tag_str> set out_profile profile <name_str> modify tags stag <tag_str> set out_profile profile <name_str>...

  • Page 282: Out_Profile Profile Modify Virus

    out_profile profile modify virus out_profile profile modify virus Use this command to enable or disable treating messages with a virus as spam. Syntax set out_profile profile <name_str> modify virus {enable | disable} <name_str> is the name of the profile. By default, this setting is disabled. History FortiMail v3.0 New.

  • Page 283: Out_Profile Profile Modify Whitelistword

    out_profile profile modify whitelistword Use this command to enable or disable whitelist word checking in the specified outgoing antispam profile. Syntax set out_profile profile <name_str> modify whitelistword {enable | disable} By default, this setting is disabled. History FortiMail v3.0 MR3 New. Related topics •...

  • Page 284: Out_Profile Profile Modify Whitelistwordlist

    out_profile profile modify whitelistwordlist out_profile profile modify whitelistwordlist Use this command to add, delete, or modify whitelist words for the specified antispam profile. Syntax set out_profile profile <name_str> modify whitelistwordlist <word_str> add subject {enable | disable} body {enable | disable} set out_profile profile <name_str>...

  • Page 285: Out_Profile Profile Rename-To

    out_profile profile rename-to Use this command to rename an outgoing antispam profile. Syntax set out_profile profile <name_str> rename-to <new_str> <name_str> is the name of the outgoing antispam profile. Keywords and variables Description Enter the name of the outgoing antispam profile to rename. <name_str>...
  • Page 286 out_profile profile rename-to FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 287: Policy Delete

    policy delete Use this command to remove the specified policy. This command is available in gateway and transparent modes only. Syntax set policy <fqdn_str> delete History FortiMail v3.0 New. Related topics • set policy modify rename-to FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 policy delete...

  • Page 288: Policy Modify Add_Association

    policy modify add_association policy modify add_association Use this command to configure domain associations.A domain association is a domain name that uses all the settings configured for the domain it is associated with. Domain associations are defined within domains or subdomains you have created. Domain associations are only supported in gateway and transparent modes.

  • Page 289: Policy Modify Bverify_Addr

    policy modify bverify_addr Use this command to enable or disable background address verification for the specified domain. This command is available in gateway and transparent modes only. Syntax set policy <fqdn_str> modify bverify_addr <disable | ldap | smtp> <disable | ldap | smtp> - choose LDAP or SMTP to enable background address verification using that method, or disable to deactivate this feature.

  • Page 290: Policy Modify Fallback

    policy modify fallback policy modify fallback Use this command to set the fallback host for the specified domain. An optional fallback host port number may be specified. This command is available in gateway and transparent modes only. Syntax set policy <fqdn_str> modify fallbackhost <host_ipv4> [fallbackport <port_int>] Keywords and Variables fallbackhost <host_ipv4>...

  • Page 291: Policy Modify Ip

    policy modify ip Use this command to set the SMTP server IP of the email server for the specified domain. This command is available in gateway and transparent modes only. Syntax set policy <fqdn_str> modify ip <server_ipv4> <server_ipv4> - the IP address of the email server for this domain. History FortiMail v3.0 New.

  • Page 292: Policy Modify Is_Subdomain

    policy modify is_subdomain policy modify is_subdomain Use this command to set whether the specified domain is a subdomain. This command is available in gateway and transparent modes only. Enable is_subdomain to declare this domain a subdomain. Syntax set policy <fqdn_str> modify is_subdomain {enable | disable} History FortiMail v3.0 New.

  • Page 293: Policy Modify Ldap

    policy modify ldap Use this command to set up LDAP based authentication for: • antispam and antivirus configuration checking for the specified domain • checking of routing configuration for the specified domain This command is available in gateway and transparent modes only. Syntax To set the LDAP profile to use for LDAP antispam and antivirus queries: set policy <fqdn_str>...

  • Page 294: Policy Modify Mxflag

    policy modify mxflag policy modify mxflag Use this command to enable or disable the use of MX record for this domain. This command is available in gateway and transparent modes only. Syntax set policy <fqdn_str> modify mxflag {0 | 1} Setting mxflag to 0 enables the MX record for this domain.

  • Page 295: Policy Modify Tp

    policy modify tp Use this command to configure transparent mode settings including transparent mode masquerading setting. This command is available only in transparent mode. Syntax set policy <fqdn_str> modify tp <zone_intr> {yes | no} {yes | no} Keywords and Variables Description Enter the fully qualified domain name.

  • Page 296: Policy Modify User

    policy modify user policy modify user Use this command to configure recipient-based policies. This command is available in gateway and transparent modes only. Syntax set policy <fqdn_str> modify user <user_str> delete set policy <fqdn_str> modify user <user_str> modify as <name_str> set policy <fqdn_str>...

  • Page 297: Policy Modify Verify_Addr

    policy modify verify_addr Use this command to enable or disable recipient address verification. This command is available in gateway and transparent modes only. Syntax set policy <fqdn_str> modify verify_addr {ldap | smtp | disable} profile <name_str> Keywords and Variables Description Enter the fully qualified domain name.

  • Page 298: Policy Modify Rename-To

    policy modify rename-to policy modify rename-to Use this command to rename the specified domain to the new domain name. This command is available in gateway and transparent modes only. Syntax set policy <fqdn_str> rename-to <newfqdn_str> History FortiMail v3.0 New. Related topics •...

  • Page 299: Spam Deepheader

    spam deepheader Use this command to configure the header analysis settings of the deep header scan feature. Syntax set spam deepheader confidence <confidence_int> Keywords and Variables Description Enter the confidence value above which a message will be considered confidence spam. The header analysis scan will examine each message and <confidence_int>...

  • Page 300: Spam Retrieval Policy

    spam retrieval policy spam retrieval policy Use this command to enable or disable authentication for a user on the specified domain to retrieve spam from the FortiMail unit using POP3 or HTTP. Syntax set spam retrieval policy <fqdn_str> user <user_str> auth {imap | ldap | pop3 | radius | smtp} <profile_str>...

  • Page 301: System Admin

    system admin Use this command to create or edit a system admin on your FortiGate system. Using this command you can set: • the administrator’s password • the administrator’s permission level • the administrator’s trusted hosts which determine which network addresses the administrator can use to access the FortiMail unit Syntax set system admin username <name_str>...

  • Page 302: System Appearance

    system appearance system appearance Use this command to customize the appearance of your FortiMail unit. Using this command you can change: • the look of the bottom logo on the GUI • the product name on main login screen • the language of the webmail interface •...

  • Page 303: System Autoupdate Pushaddressoverride

    system autoupdate pushaddressoverride Use this command to change the IP address and port the FDN server sends updates on. This IP address will be different from the management IP address, the default address FDN connects to. If the FDN can connect to the FortiMail unit only through a NAT device, you must configure port forwarding on the NAT device and add the port forwarding information to the push update configuration.

  • Page 304: System Autoupdate Pushupdate

    Use this command to enable or disable push updates from the Fortinet Distribution Network (FDN). Syntax set system autoupdate pushupdate {enable | disable} History FortiMail v3.0 New. Related topics • set system autoupdate pushaddressoverride •...

  • Page 305: System Autoupdate Schedule

    system autoupdate schedule Use this command to schedule updates. Syntax To schedule updates every set amount of hours and minutes, set system autoupdate schedule {enable | disable} every <hh:mm> To schedule updates daily, set system autoupdate schedule {enable | disable} daily <hh:mm> To schedule updates weekly, set system autoupdate schedule {enable | disable} weekly <day_int>...

  • Page 306: System Autoupdate Tunneling

    system autoupdate tunneling system autoupdate tunneling Use this command to configure web proxy tunneling. Syntax set system autoupdate tunneling {enable | disable} address <addr_ip4> port <port_num> username <username_str> password <pwd_str> Keywords and Variables address <addr_ip4> port <port_num> username <username_str> password <pwd_str> History FortiMail v3.0 New.

  • Page 307: System Ddns

    system ddns Use this command to configure Dynamic DNS for this interface. Set the domain and username using separate commands. Syntax set system ddns server <server_name> domain <domain_str> ipmode {auto | bind interface <intf_str> | static ip <ipv4_int>} status {enable | disable} set system ddns server <server_name>...

  • Page 308: System Disclaimer Allowdomain

    system disclaimer allowdomain system disclaimer allowdomain Use this command to enable per-domain disclaimer settings. Syntax set system disclaimer allowdomain {enable | disable} History FortiMail v3.0 New. Related topics • set system disclaimer incoming • set system disclaimer outgoing FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 309: System Disclaimer Incoming

    system disclaimer incoming Use this command to configure incoming disclaimer messages. Disclaimer messages can be applied to either the body or header of an email. Each can be enabled or disabled and has a content string. Syntax set system disclaimer incoming body status {enable | disable} content <content_str>...

  • Page 310: System Disclaimer Outgoing

    system disclaimer outgoing system disclaimer outgoing Use this command to configure outgoing disclaimer messages. Disclaimer messages can be applied to either the body or header of an email. Each can be enabled or disabled and has a content string. Syntax set system disclaimer outgoing body status {enable | disable} content <content_str>...

  • Page 311: System Dns

    system dns Use this command to the DNS addresses and behavior. Syntax set system dns cache {enable | disable} primary {<addr_ip4> | none} private_ip_query {enable | disable} secondary {<addr_ip4> | none} Keywords and Variables cache {enable | disable} primary { <addr_ip4> | none} private_ip_query {enable | disable} secondary { <addr_ip4>...

  • Page 312: System Fortimanager

    system fortimanager system fortimanager Use this command to configure FortiManager support. Syntax set system fortimanager autobackup set system fortimanager central-management set system fortimanager initiate set system fortimanager ip Keywords and Variables {enable | disable} When enabled, the FortiMail unit will send a configuration backup to autobackup central-management {enable | disable}...

  • Page 313: System Ha Config

    system ha config Use this command to change the TCP port and time interval for synchronizing the FortiMail configuration. Note: Use the set system ha config command to configure HA daemon settings. Other HA daemon configuration commands include system ha monitor” on page 322, and In most cases you do not have to change the default settings.

  • Page 314: System Ha {Cpeer | Interface | Peer | Secondary-Interface | Secondary-Peer

    system ha {cpeer | interface | peer | secondary-interface | secondary-peer} system ha {cpeer | interface | peer | secondary-interface | secondary-peer} Use these commands to configure primary heartbeat interface settings for FortiMail active-passive and config only HA groups. You can also use these commands to optionally configure the secondary heartbeat interface settings for FortiMail active-passive HA.
  • Page 315 Keywords/Variables <primary-local_ipv4> <netmask_ipv4> <primary-interface_str> <primary-peer_ipv4> <secondary-local_ipv4> <netmask_ipv4> FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 system ha {cpeer | interface | peer | secondary-interface | secondary-peer} Description The primary heartbeat local IP address and netmask for this FortiMail unit. When the FortiMail unit is operating in HA mode, you can enter get system interface <interface_str>...
  • Page 316 system ha {cpeer | interface | peer | secondary-interface | secondary-peer} Keywords/Variables <secondary-interface_str> The name of the network interface to be used for the <secondary-peer_ipv4> Example: configuring primary heartbeat local and peer IP address for a config only HA group This example describes how to configure primary local and peer IP addresses for a config only HA group consisting of one primary unit and three backup units.
  • Page 317 Enter the following commands from an active-passive HA backup unit to set port5 as the primary heartbeat interface, set the primary heartbeat local heartbeat interface IP address and netmask to 10.0.0.2 255.255.255.0, and set the primary heartbeat peer IP address to 10.0.0.1. set system ha interface port5 10.0.0.2 255.255.255.0 set system ha peer 10.0.0.1 Example: add a secondary heartbeat local and peer IP address for an...

  • Page 318: System Ha Data

    system ha data system ha data Use this command to set the TCP port and time interval for synchronizing FortiMail data. Note: Use the set system ha config command to configure HA daemon settings. Other HA daemon configuration commands include page 319, “set system ha monitor”...

  • Page 319: System Ha Datadir

    system ha datadir Use this command to enable or disable synchronizing FortiMail mail data including the system mail directory, user home directories, and the MTA spool directories (FortiMail queues). Each time you enter this command you must enable or disable synchronizing all three types of mail data. Because the command does not include keywords, using the command involves entering the correct enable or disable sequence in the correct order as follows: •...

  • Page 320: System Ha Lservice

    system ha lservice system ha lservice Use this command to configure HA primary unit local services monitoring. Configure local service monitoring so that an active-passive HA primary unit monitors its own network interfaces and hard drives. You must configure how long in seconds to wait between checks of the interfaces or hard drives and how many times the check fails before a failover occurs.

  • Page 321: System Ha Mode

    system ha mode Use this command to set the HA configured operating mode of the FortiMail unit. The FortiMail unit switches to operating in the HA configured operating mode immediately after you enter this command. Syntax set system ha mode <mode> Keywords/Variables mode <mode>...

  • Page 322: System Ha Monitor

    system ha monitor system ha monitor Use this command to configure how the FortiMail HA daemon sends HA heartbeat packets to detect if the primary unit has failed. If the backup unit detects that the primary unit has failed, the backup unit effective operating mode changes to master and the backup unit becomes the primary unit.
  • Page 323 History FortiMail v3.0 New. Related topics • set system ha config • set system ha {cpeer | interface | peer | secondary-interface | secondary-peer} • set system ha data • set system ha datadir • set system ha lservice • set system ha mode FortiMail™...

  • Page 324: System Ha On-Failure

    system ha on-failure system ha on-failure Use this command to control the behavior of a FortiMail unit in an active-passive HA group when remote service monitoring detects a failure. In most cases you should set On Failure to wait for recovery and then assume slave role.

  • Page 325: System Ha Passwd

    system ha passwd Use this command to Change HA group shared password. Note: Use the set system ha config command to configure HA daemon settings. Other HA daemon configuration commands include page 318, “set system ha datadir” on page In most cases you do not have to change any of the HA daemon settings. However you should change the shared password.

  • Page 326: System Ha Remote-As-Heartbeat

    system ha remote-as-heartbeat system ha remote-as-heartbeat Use this command to enable or disable using remote monitoring as an HA heartbeat. Enable using remote monitoring as an HA heartbeat so that if both the primary and secondary heartbeat links fail, remote service monitoring takes over the role of the HA heartbeat. This means that if remote service monitoring is enabled and both heartbeat links fail or become disconnected, the FortiMail HA group can continue to operate.

  • Page 327: System Ha {Restart | Restore | Resync}

    system ha {restart | restore | resync} Use these commands to execute commands on a FortiMail unit that control how the HA system operates. Using these commands you can: • Restart the HA processes on the FortiMail unit. • Restore the HA group to operate in the HA configured operating mode. •...

  • Page 328: System Ha Rservice

    system ha rservice system ha rservice Use this command to configure HA backup unit remote services monitoring so that an active-passive HA backup unit monitors the primary unit to verify that the primary unit can accept SMTP service, POP service (POP3), and Web service (HTTP) connections. For each protocol you must specify the check time interval in minutes to wait between checks and the response time to wait for a response.
  • Page 329 Example Enter the following command on an active-passive HA backup unit to configure remote services monitoring to monitor the POP3 service on a primary unit interface with IP address 10.10.10.2 using TCP port 110. The command also configures remote service monitoring to check the POP3 service every 30 minutes, wait up to 20 seconds for a response and to change the backup effective operating mode to master if POP3 remote interface monitor fails after 10 consecutive checks.

  • Page 330: System Ha Takeover

    system ha takeover system ha takeover Use this command to configure HA network interface in master mode configuration options for an active-passive HA group to control how network interface IP addressing and status is changed by HA. Depending on your requirements you can configure HA network configuration options for all FortiMail network interfaces;...
  • Page 331 Keywords/Variables Description The name of the network interface to configure. For example port1, port2, <interface_str> port3, mgmt, and so on depending on your FortiMail unit. Control how the status of the interface is changed by active-passive HA. {add | bridge | Enter add to assign a virtual IP address to a network interface.
  • Page 332 system ha takeover Related topics • set system ha config • set system ha {cpeer | interface | peer | secondary-interface | secondary-peer} • set system ha data • set system ha datadir • set system ha lservice • set system ha mode •...

  • Page 333: System Hostname

    system hostname Use this command to configure the FortiMail unit hostname. Syntax set system hostname <hostname_str> History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 system hostname...

  • Page 334: System Interface Config

    system interface config system interface config Use this command to configure FortiMail interface access and settings including: • allowed and denied protocols • maximum transportation unit (MTU) size • setting the interface either up or down Syntax set system interface <intf_str> config allowaccess {ping http https snmp ssh telnet} denyaccess {ping http https snmp ssh telnet} mtu <mtu_int>...

  • Page 335: System Interface Mode Dhcp

    system interface mode dhcp Use this command to enable or configure DHCP for this interface. If only the dhcp keyword is used, both connection and default gateway are enabled by default. Syntax To enable DHCP on this interface: set system interface <intf_str> mode dhcp To enable and/or configure DHCP on the interface: set system interface <intf_str>...

  • Page 336: System Interface Mode Static

    system interface mode static system interface mode static Use this command to enable or configure a static IP for this interface. When setting an interface to static IP mode, an IP address and netmask must be included. Syntax set system interface <intf_str> mode static ip <addr_ip4> <mask_ip4> History FortiMail v3.0 New.

  • Page 337: System Opmode

    system opmode Use this command to change the operation mode (opmode) of the FortiMail unit. Only the default FortiMail system administrator account can change the opmode of the FortiMail unit. You will need to login again after changing the opmode. Changing the opmode between gateway and server modes will result in all settings being changed to factory defaults except the configuration for the port1 interface Changing the opmode to or from transparent mode will result in all settings being changed back to...

  • Page 338: System Option

    system option system option Use these commands to configure FortiMail administration including: • timeout on the admin account • when to start the backend user verification • web-based manager language • PIN for the LCD panel • the refresh interval for the GUI interface Syntax set system option [ option1 <value1>...

  • Page 339: System Route Number

    system route number Use this command to set and configure system routing. Syntax set system route number <route_int> dev1 {auto | port1} dst <route_ip4> <mask_ip4> gw1 <gway_ip4> Keywords and Variables number <route_int> dev1 {auto | port1} dst <route_ip4> <mask_ip4> gw1 <gway_ip4> History FortiMail v3.0 New.

  • Page 340: System Snmp Community

    system snmp community system snmp community Use this command to Syntax set system snmp community number <community_int> config {name <name_str> | queryportv1 <port_int> | queryportv2c <port_int> | queryv1_status {enable | disable} | queryv2c_status {enable | disable} | status {enable | disable} | trapevent {cpu | mem | logdisk | maildisk | deferq | virus | spam | system | raid |ha |archive | ipchg | psu} | trapportv1_local <port_int>| trapportv1_remote <port_int>| trapportv2c_local <port_int>| trapportv2c_remote <port_int>|...
  • Page 341 Note: The Power Supply Monitored (psu) option for trap event is visible for all FortiMail models. Not all FortiMail models have monitored power supplies. History FortiMail v3.0 New. FortiMail v3.0 Added psu to trapevent keyword. Related topics • set system snmp {sysinfo | threshold} FortiMail™...

  • Page 342: System Snmp {Sysinfo | Threshold}

    system snmp {sysinfo | threshold} system snmp {sysinfo | threshold} Use this command to set and configure SNMP monitoring of the FortiMail unit and thresholds for SNMP traps. Syntax set system snmp sysinfo status {disable | enable} value <desc_str> <loc_dtr> <contact_str> set system snmp threshold {cpu | deferq | logdisk | maildisk | mem | spam |virus } <trigger_int>...

  • Page 343: System Time Manual

    system time manual Use this command to set and configure system time settings manually. Syntax set system time manual clock <hh:mm:ss> date <mm/dd/yyyy> dst {disable | enable} zone <zone_num> Keywords and Variables clock <hh:mm:ss> date <mm/dd/yyyy> {disable | enable} zone <zone_num> History FortiMail v3.0 New.

  • Page 344: System Time Ntp

    system time ntp system time ntp Use this command to set and configure system time settings using network time protocol (NTP). Syntax set system time ntp dst {disable | enable} ntpserver <ipv4 | hostname> ntpsync {disable | enable} syncinterval <sync_interval> zone <zone_num> Keywords and Variables dst {disable | enable} ntpserver <ipv4 | hostname>...

  • Page 345: System Usrgrp

    system usrgrp Use this command to add a user group and its members to the specified domain. Syntax set system usrgrp domain <domain> name <'usrgrp_name_str'> member <'usrgrp_name_str' .. > Keywords and Variables domain <domain> name <'usrgrp_name_str'> Enter the name of the new usergroup. Enclose it in quotes member <'usrgrp_name_str' ..

  • Page 346: User

    user user Use this command to configure email users, user groups, and user aliases in server mode. Arguments must be in valid email format. Syntax To set up the alias: set user alias name <name_str> member '<addr> [<addr>...]' To add new members to the alias set user alias name <name_str>...

  • Page 347: User Pki

    user pki Use this command to configure PKI authentication for users. Syntax set user pki name <name_str> ca <cert_str> set user pki name <name_str> domain <domain_str> set user pki name <name_str> ldapfield {subject alternative | cn} set user pki name <name_str> ldapprofile <profile_str> set user pki name <name_str>...

  • Page 348: Userpolicy Delete

    userpolicy delete userpolicy delete Use this command to delete the specified user policy. This command applies to server mode only. Syntax set userpolicy <name_str> delete <name_str> is the name of the policy, expressed with the domain. For example, user34@example.com and *@example.com are both valid policy names. History FortiMail v3.0 New.

  • Page 349: Userpolicy Modify

    userpolicy modify Use this command to define the profiles used with the specified policy. This command applies to server mode only. Syntax set userpolicy <name_str> modify as <as_str> av <av_str> misc <misc_str> content <content_str> Keywords and Variables Description This is the name of the policy, expressed with the domain. <name_str>...

  • Page 350: Userpolicy Move-To

    userpolicy move-to userpolicy move-to Use this command to move the specified policy to a new position in the policy list. This command applies to server mode only. Syntax set userpolicy <name_str> move-to <new_int> Keywords and Variables Description <name_str> <new_int> History FortiMail v3.0 New.

  • Page 351: Userpolicy Rename-To

    userpolicy rename-to Use this command to rename an existing user policy. This command applies to server mode only. Syntax set userpolicy <name_str> rename-to <new_str> Keywords and Variables Description This is the name of the policy, expressed with the domain. <name_str> Enter the new name of the specified policy.
  • Page 352 userpolicy rename-to FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 353: Unset

    unset unset This chapter describes the following commands: alertemail configuration ldap_profile log reportconfig mailserver system user (transparent and gateway) user (server) FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 354: Alertemail Configuration

    alertemail configuration unset alertemail configuration Use this command to remove the alertemail configuration. Syntax unset alertemail configuration History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 355: Ldap_Profile

    unset ldap_profile Use this command to delete an LDAP profile. Syntax unset ldap_profile profile <name_str> is the name of the LDAP profile to delete. <name_str> History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 ldap_profile...

  • Page 356: Log Reportconfig

    log reportconfig unset log reportconfig Use this command to delete a log configuration. Syntax unset log reportconfig <name_str> <name_str> is the name of the log configuration. History FortiMail v3.0 New. FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...

  • Page 357: Mailserver

    unset mailserver Use this command to remove parts of the email server configuration. Syntax unset mailserver <configuration> <configuration> access domain <domain_str> archiveexempt id <id_value> archivepolicy id <id_value> localdomain <string> smtp clientconn exempt <exempt_str> smtp clientrate exempt <exempt_str> History FortiMail v3.0 New.

  • Page 358: System

    system system Use this command to remove parts of the system configuration. Syntax unset system <configuration> <configuration> admin username <account_str> Delete the configured administrator account. ddns server <server_str> domain <domain_str> hostname localdomainname route number <route_int> snmp comm_host number <community_int> <host_int> snmp community number <community_int>...

  • Page 359: User (Transparent And Gateway)

    unset user (transparent and gateway) Use this command to remove parts of the user configuration. Syntax unset user <configuration> <configuration> alias name <alias_str> map name <map_str> History FortiMail v3.0 MR3 New. Related topics • • FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 Description Delete this user alias.

  • Page 360: User (Server)

    user (server) user (server) Use this command to remove parts of the user configuration. Syntax unset user <configuration> <configuration> alias name <alias_str> group name <group_str> ldap map domain <domain_int> Delete the mapping between the domain and the profile. map name <map_str> History FortiMail v3.0 MR3 New.

  • Page 361: Index

    Index Index add to bridge HA interface option 331 add virtual IP/netmask HA interface option 331 administration setting timeout 338 administrator configuring 301 alertemail configuring recipient email addresses 94 deferq, deferred email queue 95 antispam bounce verification 99 configuring greylist settings 103 MSISDN reputation 105 selecting action for blacklisted sender 98 setting control accounts for Bayesian training 101...
  • Page 362 116 FortiGuard Antispam configuring for antispam profile 117 FortiMail documentation commenting on 18 FortiManager configuring 312 Fortinet customer service 18 Fortinet Knowledge Center 17 gateway mode setting 337 greylist configuring settings 103 enabling for antispam profile 118...
  • Page 363 Index creating 157 deleting 163 disabling recipient-based policy checking 164 enabling SMTP authentication 169 moving in policy list 168 selecting antispam profile 159 selecting antivirus profile 161, 162 selecting authentication profile 160 selecting default action 158 selecting session profile 165 setting authentication type 160 setting client IP address 166, 167 setting server IP address 167...
  • Page 364 HA 327 setting 337 outgoing antispam profile configure tagging 281 configuring dictionary scans 270 configuring FortiGuard-Antispam functions 273 configuring SURBL server list 280 deleting 264 enabling banned word filtering 266 enabling Bayesian filtering 268 enabling checking with SURBL servers 279 enabling deepheader scanning 269 enabling DNSBL lookup 271 enabling greylisting 274...
  • Page 365 Index sysinfo 342 spam reports configuring 131 spam retrieval enabling authentication 300 SPF 186 SURBL enabling checking for antispam profile 125 modifying server list for antispam profile 126 system mail directory synchronizing 319 tagging configuring for antispam profile 127 technical support 18 time setting by NTP 344 setting manually 343...
  • Page 366 Index FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814...
  • Page 367 www.fortinet.com...
  • Page 368 www.fortinet.com...

Table of Contents

Save PDF