Fortinet 3.0 MR4 Network Card User Manual
Contents
1. FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set mailserver archive account mailserver archive account Use this command to configure the archive account settings Syntax set mailserver archive account lt account_str gt set mailserver archive account lt account_str gt forward lt email_str gt set mailserver archive account lt account_str gt password lt pwd_str gt set mailserver archive account lt account_str gt quotafull overwrite noarchive set mailserver archive account lt account 8 set mailserver archive account lt account str gt rotatetime lt time int gt set mailserver archive account lt account 8 tr gt rotatesize lt size int gt tr gt status enable disable Keywords and Variables Description Default lt account str gt Enter the email archiving account name archive forward lt email str gt Enter the email address to which all archived messages will also be No default forwarded If no address is entered forwarding will not occur If an email address is entered to enable forwarding previously archived mail will not be forwarded password lt pwd_str gt Enter the email archiving account password No default quotafull Select the action taken with new log entries when the disk space quota overwrite overwrite is reached noarchive e overwrite to overwrite the oldest mailbox2. What s new What s new The table below lists commands which have changed since the previous release 3 0 MR3 Command Change execute partitionlogdisk New command Sets the size of the hard disk partition to use as the log disk Remaining hard disk space is used as the mail disk set as bounceverify New command Configures verification of delivery status notification DSN email set as mms reputation New command Sets the window of time during which detection of multimedia message service MMS spam will affect the sender reputation of the end user ID MSISDN set as profile modify rewrite_rcpt New command Configure rewriting of the recipient email address located in the envelope if the email message is detected as spam set ip profile headermanipulation New command Removes specified message headers set ip profile mms reputation New command Enables or disables detection of spam based upon the sender reputation of the end user ID MSISDN for multimedia message service MMS email messages and configures its detection threshold and duration set ip profile sendervalidation bypassbounceverify New keyword Enables or disables bypass of verification of delivery status notification DSN email set ip profile setting rate control New command Selects whether to rate control email messages by either the number of email messages or the number o
3. set FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 set log setting console Use this command to configure logging to the console Syntax To configure logging to the console set log setting console status enable set log setting consol disable loglevel lt severity_integer gt log setting console Keywords Variables Description Default status Enable or disable logging to the console disable enable disable loglevel Sets the log severity level for the logging device Use the Emergency lt severity_integer gt to list the following log levels 0 Emergency 1 Alert 2 Gritical 3 Error 4 Warning 5 Notification 6 Information Logs will include items of the level you set and higher Set level to 6 if you want to include all log severity levels History FortiMail v2 8 New Related topics set log setting local e set log setting syslog set log policy destination event e set log policy destination spam e set log policy destination virus set log policy destination history FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 219 log setting local RTINET N S log setting local Use this command to configure logging to the local FortiMail hard disk Syntax To configure logging to the local hard disk set log setting loca
4. set ldap profile profile lt name str gt pwd webmailstatus enable disable Keywords and Variables Description Default lt name str gt Enter the name of the LDAP profile webmailschema Set the webmail password change schema openldap openldap e openldap is the openldap schema activedirectory activedirectory is the Active Directory schema lt schema_str gt lt schema_str gt allows you to enter a custom schema of your choice webmailstatus Enable or disable the webmail password change disable enable disable History FortiMail v3 0 New Related topics e set dap profile profile auth e setldap_profile profile group e setldap_profile profile option e set ldap_profile profile routing set dap profile profile server e set dap profile profile user e unset dap profile RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 196 06 30004 0420 200808 14 set ldap profile profile routing Idap_profile profile routing Use these commands to configure mail routing options if each user s LDAP profile contains mail routing information Syntax set ldap_profile profile lt name_str gt routing addr lt route_str gt set ldap_profile profile lt name_str gt routing host lt host_str gt set ldap profile profile lt name str gt routing routingstate enable disable Keywords and Variables Description Default lt name_str gt Enter the name
5. hostname Set the FortiMail unit s name to blank localdomainname Set the local domain name to blank route number lt route_int gt snmp comm_host number lt community_int gt lt host_int gt Clear the route entry lt route_int gt entry in the routing table Clear the SNMP community host lt community_int gt the index of the configured community lt host_int gt the index of the configured host snmp community number lt community_int gt Reset the SNMP community lt community_int gt the index of the configured community usrgrp domain lt domain_int gt name usrgrp_name Reset specified user group for the specified domain to blank lt domain_int gt is the number of the configured domain usrgrp_name is the name of the user group History FortiMail v3 0 MR3 New RTINET F Co Q FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 unset user transparent and gateway Use this command to remove parts of the user configuration Syntax unset user lt configuration gt user transparent and gateway lt configuration gt Description alias name lt alias_str gt Delete this user alias lt alias_str gt the name of the alias map name lt map_str gt Delete this user map lt map_str gt the name of the user map History FortiMail v3 0 MR3 New
6. storage cquar remoteserver name lt name_str gt host Keywords and Variables Description Default client type disable server Select the type of storage to be used in a central quarantine configuration as one of e disable central quarantine is not used on this unit client This unit connects as a client to a central quarantine server e server This unit is a central quarantine server Option available only for high end model FortiMail units disable add change remove Select the action to perform name lt name_str gt Enter the name of the FortiMail client unit ip lt ipv4_addr gt Enter the IP address of the FortiMail client unit remoteserver Example This example will configure a FortiMail unit as a server and will add FortiMailClient1 and FortiMailClient2 as quarantine clients that will connect to this server set mailserver smtp storage cquar type server set mailserver smtp storage cquar allowance add name FortiMailClientl ip 10 10 10210 set mailserver smtp storage cquar allowance add name FortiMailClient2 ip 10 10 20 10 This example will configure a FortiMail unit as a client with the name FortiMailClient1 that will connect to a central quarantine server at IP address 10 10 10 2 After being configured as a client the FortiMail unit will not store any quarantined messages locally set mai
7. Related topics sei log setting syslog sei log policy destination event Set log policy destination spam sei log policy destination virus Set log policy destination history set FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 log setting syslog Use this command to configure logging to the Syslog server log setting syslog Syntax To configure logging to the Syslog server set log setting syslog status enable disable set log setting syslog server lt server_ip4 gt set log setting syslog port lt port_integer gt set log setting syslog number lt number_integer gt set log setting syslog csv enable disable set log setting syslog loglevel lt severity_integer gt set log setting syslog facility alert audit auth authpriv clock cron daemon ftp kern lpr mail news netp locall10 local 1 local2 local3 local4 local5 local6 local7 Keywords Variables Description Default status Enable or disable logging to the remote syslog server disable enable disable server lt server_ip4 gt Sets the remote host syslog server IP address No default port lt port_integer gt Sets the port number for logging to the Syslog server 514 number lt number_integer gt Sets what syslog server receives logs sent from the No default FortiMail unit When you use number you need to i
8. Syntax set ip policy lt policy int gt content lt name str gt Keywords and Variables Description lt policy int gt Enter the IP policy number lt name str gt Enter the name of the content profile History FortiMail v3 0 New Related topics e sei Ip policy as e sei Ip policy auth e Sei Ip policy av e sei Ip policy ip FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 162 06 30004 0420 200808 14 set ip policy delete ip policy delete Use this command to delete an IP policy Policies are referenced by number indicating their position in the policy list Numbering starts with 0 for the first policy Syntax set ip policy lt policy int gt delete lt policy int gt is the IP policy number History FortiMail v3 0 New Related topics e set Ip policy e Set Ip policy move RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 gt Q ip policy exclusive set ip policy exclusive Use this command to disable any checks for recipient based policy matches while this IP based policy is in effect The IP based profile will be applied and matching recipient based profiles ignored Syntax set ip policy lt policy int gt exclusive enable disable lt policy_int gt is the IP policy number History FortiMail v3 0 New Related topics e sei Ip policy match gateway and server modes e sei Ip policy match transparent mod
9. Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference get mailserver get mailserver archive get mailserver localdomains get mailserver smtp get mailserver systemquarantine 06 30004 0420 200808 14 mailserver access RTIMNET a mailserver archive RTINET 3 mailserver archive get Use this command to display information about email archiving Syntax To view email archiving account settings get mailserver archive For other information get mailserver archive exemptlist local policy remote Option Description exemptlist Display the archiving policy exceptions that exempt certain email from being archived local Display the disk quota for archiving to the local hard disk policy Display the email archiving policies remote Display the settings for remote archiving via FTP or SFTP Example This example shows the output without options FortiMail email arc email arc email arc email arc Mailbox r Mailbox r When reac History FortiMail v3 0 Related topi e get mailserv get mailserv 400 get mailserver archive hiving destination local hiving account archive hiving forward hiving status disabled otate size 100 Megabytes otate time 7 Days hing disk quota Overwrite New CS er er access get mailserver localdomains e get mailserver smtp e get mailserver systemqu
10. Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 ch h key set as profile modify fortishield as profile modify fortishield Use these commands to configure FortiGuard Antispam functions for an antispam profile Syntax set as profile lt name_str gt modify fortishield checkip enable disable set as profile lt name_str gt modify fortishield scanner enable disable Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify checkip Enable or disable FortiGuard Antispam IP address checking for the disable enable disable specified profile IP addresses defined as private network addresses by RFC 1918 are not checked scanner Enable or disable FortiGuard Antispam scanning for the specified profile disable enable disable History FortiMail v3 0 New Related topics set fshd e set as profile modify actions e set as profile modify individualaction scanner e set fshd RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 117 as profile modify greylist set as profile modify greylist Use this command to enable or disable greylisting for an antispam profile Syntax set as profile lt name_str gt modify greylist enable disable lt name_str gt is the name of the profile By default greylisting is disabled History For
11. Tr GT IT TE EE CF CN Keywords and Variables Description Default lt name_str gt Enter the name of the session profile noop lt int gt Enter the maximum number of SMTP NOOPs allowed before the 10 connection is dropped rset lt int gt Enter the maximum number of SMTP resets allowed before the 20 connection is dropped emails lt int gt Enter the maximum number of email messages exchanged during the 10 communication session header_size lt int gt Enter the maximum permitted email message header size in bytes If 32768 larger the header will be truncated helo lt int gt Enter the maximum number of EHLO HELOs permitted per session 3 message size lt int gt Enter the maximum permitted email message size in bytes If larger 10485760 the message will be truncated recipients lt int gt Enter the maximum number of recipients permitted per email message 500 History FortiMail v3 0 New Related topics set ip_profile check e set ip profile connection e sei Ip profile error e set ip_profile list set ip profile senderreputation FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 181 ip profile list set ip profile list Use these commands to enable or disable the session white and black lists Syntax set ip profile lt name str gt list black enable disable set ip profile lt na
12. ntpsync disable enable Enable to synchronize the FortiMail unit with the NTP server syncinterval lt sync_interval gt Enter the system synchronization time interval from one to 1440 minutes zone lt zone_num gt Enter the required time zone by number Use to see a list of zone names and their numbers History FortiMail v3 0 New Related topics set system time manual FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set system usrgrp system usrgrp Use this command to add a user group and its members to the specified domain Syntax set system usrgrp domain lt domain gt name lt usrgrp_name_str gt member lt usrgrp_name_str gt Keywords and Variables Description domain lt domain gt Enter the domain where you are adding a usergroup name lt usrgrp_name_str gt Enter the name of the new usergroup Enclose it in quotes member Enter the name or names of the members of this new usergroup One or more lt usrgrp name str gt names are required Multiple users are added after the member keyword with each user in single quotes Example For the domain example com the users called user1 and user3 will be added to a group called test This domain and these users must exist before entering this command set system usrgrp domain example com name test member userl user3
13. policy modify mxflag set policy modify mxflag Use this command to enable or disable the use of MX record for this domain This command is available in gateway and transparent modes only Syntax set policy lt fqdn_str gt modify mxflag 0 1 Setting mx flag to 0 enables the MX record for this domain lt fqdn_str gt is the fully qualified domain name History FortiMail v3 0 New RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 294 06 30004 0420 200808 14 set policy modify tp policy modify tp Use this command to configure transparent mode settings including transparent mode masquerading setting This command is available only in transparent mode Syntax set policy lt fqdn str gt modify tp lt zone_intr gt yes no yes no Keywords and Variables Description Default lt fqdn_str gt Enter the fully qualified domain name No default lt zone_intr gt Specify which zone this domain is in with lt zone_intr gt This 0 determines the interface used to send and receive mail to this domain yes no Specify yes to hide this FortiMail unit or no to not hide it This no is the Transparent mode masquerading setting yes no Specify yes to use the SMTP server for the this domain or no no to relay the mail for this domain The default is no History FortiMail v3 0 New RTINET FortiMail Secure Messaging P
14. set as mms_reputation settings autoblacklist window lt minutes_int gt Keywords and Variables Description Default window MSISDN reputation functions by detecting whether a sender is responsible 15 for more than a certain number of spam messages within the auto blacklist window duration This duration is set by specifying the Auto blacklist Window Size in minutes lt minutes_int gt History FortiMail v3 0 MR4 New Related topics sei Ip profile mms reputation RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 3 a as profile delete set as profile delete Use this command to delete an antispam profile Syntax set as profile lt name_str gt delete lt name_str gt is the name of the profile History FortiMail v3 0 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 106 06 30004 0420 200808 14 set as profile modify actions as profile modify actions Use these commands to modify the actions of an antispam profile Reject discard and forward are mutually exclusive No more than one can be enabled at any time If the specified profile does not exist it is created Syntax set as profile lt name_str gt modify actions discard enable disable set as profile lt name_str gt modify actions emailaddr lt address_str gt set as profile lt name_str gt modify actions forward enable disable s
15. CLI REFERENCE FortiMail Secure Messaging Platform Version 3 0 MR4 Note The History sections in the command entries are intended to record changes in FortiMail 3 0 CLI commands with each release of the product Although these sections show all commands as new for version 3 0 many of the commands existed in previous versions of FortiMail firmware F RTIMGT www fortinet com FortiMail Secure Messaging Platform CLI Reference Version 3 0 MR4 14 August 2008 06 30004 0420 20080814 Copyright 2008 Fortinet Inc All rights reserved No part of this publication including text examples diagrams or illustrations may be reproduced transmitted or translated in any form or by any means electronic mechanical manual optical or otherwise for any purpose without prior written permission of Fortinet Inc Trademarks Dynamic Threat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard Web FortiLog FortiAnalyzer FortiManager Fortinet FortiOS FortiPartner FortiProtect FortiReporter FortiResponse FortiShield FortiVolP and FortiWiFi are trademarks of Fortinet Inc in the United States and or other countries The names of actual companies and products mentioned herein may be the trademarks of their respective owners Contents Contents Introduc
16. History FortiMail v3 0 New Related topics e set misc profile rename to RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 248 06 30004 0420 20080814 set misc profile modify quota misc profile modify quota Use this command to change the disk space quota in megabytes for the mail user account or accounts for the specified profile This command is available in server mode only Syntax set misc profile lt name_str gt modify quota lt quota_int gt Keywords and Variables Description Default lt name_str gt This is the name of the misc profile lt quota_int gt Enter the per user disk space quota in megabytes The acceptable range is 0 from 0 to 4000 where 0 is unlimited History FortiMail v3 0 New Related topics set misc profile modify userstatus set misc profile modify webmailaccess RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N misc profile modify userstatus set misc profile modify userstatus Use this command to enable or disable the user account or accounts for the specified profile This command is available in server mode only Syntax set misc profile lt name_str gt modify userstatus enable disable Keywords and Variables Description Default lt name_str gt This is the name of the misc profile userstatus Enables or disable the user accou
17. Syntax set auth radius lt name_str gt rename to lt new_str gt Keywords and Variables Description Default lt name_str gt This is the name of the Radius authentication profile No default lt new_str gt Enter the new name of the Radius authentication profile No default History FortiMail v3 0 New Related topics set auth radius server RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 137 auth radius server set auth radius server Use this command to create or modify the server properties of a Radius authentication profile Syntax set auth radius lt name_str gt server lt host_str gt lt server_ipv4 gt secret lt password_str gt domain enable disable Keywords and Variables Description Default lt name_str gt This is the name of the Radius authentication profile lt host_str gt Enter either the Radius server host name or IP address lt server_ipv4 gt secret Enter the password required to access the Radius server lt password_str gt domain Select enable if the server requires the domain name in addition to the fenable disable user ID History FortiMail v3 0 New Related topics set auth radius rename to RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 138 06 30004 0420 200808 14 set auth smtp rename to auth smtp rename to Use this co
18. Use this command to configure what columns will appear when viewing a log type in the web based manager Syntax To set the columns to display for a log type set log view event history spam virus fields date time others action from log_id module msg pri reason status src_ip submodule subtype to type ui user classifier client_name disposition message_length resolved session_id subject virus mailer MSISDN Keywords Variables Description Default view event history Sets the log type that you want to view in the web based No default spam virus manager fields date time others Sets what columns will appear when the selected log No default action from log_id type is viewed in the web based manager module msg pri reason The keyword MSISDN is available only when the status sro E command set log msisdn is enabled subtype to type ui user classifier client_nam disposition message_length resolved session_id subject virus mailer MSISDN History FortiMail v2 8 New FortiMail v3 0 MR3 Added MSISDN keyword Related topics set log msisdn set log setting local set log setting syslog Set log policy destination event sei log policy destination spam sei log policy destination virus set log policy destination history RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 223 log view logleve
19. as profile modify scanoptions Use these commands to configure the antispam scanning options Syntax set as profile lt name_str gt modify scanoptions attachment_type pdf enable disable set as profile lt name_str gt modify scanoptions bypass_on_auth enable disable set as profile lt name_str gt modify scanoptions maxsize lt size_int gt Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify attachment_type pdf Enable to allow the FortiMail unit scan the first page of PDF attachments disable enable disable The PDF option allows the heuristic banned word and image spam scanning techniques to examine the contents of PDF files If none of these three scanners are enabled the PDF option will have no effect bypass_on_auth Enable or disable the bypassing of spam scanning when an SMTP disable enable disable sender is authenticated maxsize lt size_int gt Enter the maximum message size in bytes that the FortiMail unit will 0 scan for spam Messages with sizes exceeding the set limit will not be scanned for spam Enter 0 to scan all messages regardless of size History FortiMail v3 0 New FortiMail v3 0 MR1 attachment_type pdf added Related topics RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 124 06 30004 0420 20080814 set as profile modify surbl as profile modify
20. control autorelease Display the spam auto release and auto delete account names control bayesian Display the Bayesian training account names greylist Display the greylist settings including the TTL greylist period initial expiry period capacity and exempt address list profile lt profile_name gt Display the settings of an antispam profile spamreport Display the quarantine spam report settings trusted antispam mta Display the IP addresses on the antispam MTA list trusted mta Display the IP addresses on the MTA list Examples FortiMail 400 get as blacklistaction blacklist action reject FortiMail 400 get as control autorelease autorelease account is release ctrl autodelete account is delete FortiMail 400 get as control bayesian is spam account is is spam is not spam account is is not spam learn is spam account is learn is spam learn is not spam account is learn is not spam training group account is default grp FortiMail 400 get as greylist TTL 10 day Greylist period 20 minute Initial expiry period 4 hour Capacity 40000 Greylist exempt FortiMail 400 get as profile profile Antispam profiles id 3 name profile2 Heuristic filtering enabled action default lower level 15 000000 upper level 5 000000 Bayesian filtering enabled FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420
21. e archiving failure HA events e dictionary corruption system quarantine quota full Syntax get alertemail configuration Example FortiMail 400 get alertemail setting Alert email setting alert alert alert alert alert alert alert alert History email email email email email email email email FortiMail v3 0 New Related topics get alertemail configuration for h Eh hh Fh hh hh D 00090 BRR ROR Oo Q B B BK antivirus critical events disk full archiving failure HA events Dictionary corruption system quarantine quota Defer queue FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 disabled disabled enabled enabled disabled disabled is full disabled enabled RTINET ES Qa antivirus RTINET ES 8 get antivirus Use this command to display whether antivirus scanning is enabled This is available only in server mode Syntax get antivirus Example FEServer get antivirus global antivirus scanning is enabled History FortiMail v3 0 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 get as Use this command to display information about your antispam configuration Syntax get as lt option gt Option Description blacklistaction Display the action set for blacklisted items
22. out profile profile rename to policy delete policy modify spam deepheader spam retrieval policy system user userpolicy delete userpolicy modify userpolicy move to userpolicy rename to FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET F Q alertemail configuration mailto alertemail configuration mailto Use this command to set the email addresses of up to three alert email recipients Syntax To set email recipients set alertemail configuration mailto lt recipientl gt lt recipient2 gt lt recipient3 gt To remove all email recipients set alertemail configuration mailto none set Variables lt recipient1l1 gt lt recipient2 gt lt recipient3 gt Description Enter an email address in the form name emaildomain You can add only three email addresses Default No default History FortiMail v2 8 Related topics New e set alertemail deferq e set alertemail setting option RTINET A FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 set alertemail deferq alertemail deferq Use this command to configure the deferred email queue alert email conditions You can set the number of deferred messages that trigger an alert email message and how frequently the size of the deferred queue is monitored This is effective only if alert
23. set system ha monitor set system ha on failure set system ha passwd set system ha remote as heartbeat set system ha restart restore resync set system ha rservice set system ha takeover RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q ke S N system ha data RTINET 318 set system ha data gt Use this command to set the TCP port and time interval for synchronizing FortiMail data Note Use the set system ha config command to configure HA daemon settings Other HA daemon configuration commands include set system ha config on page 313 set system ha datadir on page 319 set system ha monitor on page 322 and set on page 324 In most cases you do not have to change the default settings You might want to reduce the synchronization time if you find you are losing mail data during a failover Also synchronizing large amounts of mail data may cause processing delays Reducing how often mail data is synchronized may alleviate this problem The default lt t imeout integer gt is 30 minutes During normal operation synchronizing data once every 30 minutes is usually sufficient You can also synchronize the configuration manually See set system ha restart restore resync on page 327 You should disable mail data synchronization if the HA group stores mail data on a remote NAS server See see
24. srrvennnnnnnvennnnnnnnvennnnnnnvnnnnnnnnnvennnnnnnnvennnnnnneennnnnnnneennnnnnn 239 mailserver smtp Ildap domain check rmsseennnnnnnvnnnnnnnnnnvnnnnnnnnvnnnnnnnnvvnnnnnnnn 240 mailserver smtp QUCUE srnnnnnnnnnvvnnnnnnnnvvennnnnnnnvennnnnnnevennnnnnnnvennnnnnneennnnnnnenennnnnn 241 mailserver smtpauth reennnnnnnvvnnnnnnnnnvennnnnnnnvennnnnnnenennnnnnnnvennnnnnnvennnnnnnevennnnnnn 242 MailServer SMIPSS rrssvvennnnnnnnvennnnnnnnvvennnnnnnvennnnnnnvnennnnnnnnvennnnnnnvennnnnnnneennnnnnn 243 MailServer smtp Storage rrnnsnnvvvnnnnnnnvnvennnnnnnvennnnnnnevennnnnnnneennnnnnneennnnnnnneennnnnnn 244 mailserver smtp storage CQUAL rrnnnnnnvvennnnnnnvnnnnnnnnvvennnnnnnnvennnnnnnvennnnnnnnvennnnnn 245 mailserver systemquarantine rrxsssvvnnnnnnnnvennnnnnnvnnnnnnnnnnvnnnnnnnnvennnnnnnevennnnnnn 247 misc le OR TE CTT 248 MISC profile modify QUOta nsrennnnnnnnvnnnnnnnnnvnennnnnnnenennnnnnnvennnnnnnneennnnnnnneennnnnnne 249 misc profile modify userstatus rrssvnnnnnnnnnnvnnnnnnnnvvnnnnnnnnnvnnnnnnnnvennnnnnnnvennnnnnn 250 misc profile modify webmailaccess rrnnnnnnnvennnnnnnvnnnnnnnnnnvnnnnnnnnvennnnnnnvvennnnnnn 251 MISC profile rename tO uennnnnnnvennnnnnnnvennnnnnnnvennnnnnnvnennnnnnnenennnnnnnenennnnnnnenennnnnnn 252 out content delete ss 253 out content modify actiOn srrrnnnnnnnvnnnnnnnnnvnvnnnnnnnnnvnnnnnnnnnnnnennnnnnnnnnnnnnnnnnnennr 254 out content modify bypass on auth rrnrnrnnnnnnnnnnvnvnnnnenn
25. EOM disable enable disable signal If disabled the antispam check is run on the message before acknowledgement is sent The sending server could time out while waiting for EOM acknowledgement enable disable client address The rewritten EHLO HELO will be in the format x x x x helo enable Enable to disable checking of the existence of the domain reported in the disable disable client s HELO command by looking up both the MX record and A record open_relay Enable or disable open relay check This check only affects disable enable disable Unauthenticated sessions recipient Enable or disable checking the recipient address for a valid domain disable E enable disable rewrite_helo Enable or disable rewriting the EHLO HELO domain to the IP string of the disable rewrite helo custom Select to rewrite the HELO domain to the specified value for any session disable enable disable _ this profile applies to lt helo_str gt FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 175 ip profile check set Keywords and Variables Description Default send dsn Enable or disable the sending of a delivery status notification DSN disable enable disable message to the sender when spam is detected sender Enable or disable checking of the recipient for an invalid domain This disable enable disable check onl
26. FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 192 06 30004 0420 200808 14 set ldap profile profile fallback server dap profile profile fallback server Use this command to configure an LDAP fallback server If the server defined in the Server Name IP field is unreachable and a fallback server is defined the FortiMail unit will connect to the fallback server to submit its query To clear the fallback server issue the command with an empty server name as shown in the syntax examples Syntax set ldap_profile profile lt name_str gt fallback_server lt host_str gt lt server_ipv4 gt port lt port_int gt set ldap_profile profile lt name_str gt fallback_server Keywords and Variables Description Default lt name_str gt Enter the name of the LDAP profile fallback_server lt host_str gt Set fallback LDAP server address by specifying a hostname No lt server_ipv4 gt or IP address default port lt port_int gt Enter the port used to communicate with the fallback LDAP 389 server History FortiMail v3 0 MR3 New Related topics sei dap profile clearallcache set ldap_profile profile auth setldap_profile profile clearcache e set Idap_profile profile pwd e set dap profile profile routing set dap profile profile server setldap_profile profile user e unset Idap profile RTINET FortiMail Secure Messaging Platform Version 3 0 MR4
27. FortiMail v3 0 Related topics set policy delete set policy modify rename to FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set policy modify verify addr policy modify verify addr Use this command to enable or disable recipient address verification This command is available in gateway and transparent modes only Syntax set policy lt fqdn str gt modify verify addr ldap smtp disable profile lt name str gt Keywords and Variables Description Default lt fqdn_str gt Enter the fully qualified domain name No default verify_addr ldap Choose LDAP or SMTP to enable background address disable smtp disable verification using that method or disable to deactivate this feature profile lt name_str gt Enter the name of the profile to use for this feature No default History FortiMail v3 0 New Related topics set policy modify bverify_addr RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 297 policy modify rename to set policy modify rename to Use this command to rename the specified domain to the new domain name This command is available in gateway and transparent modes only Syntax set policy lt fqdn str gt rename to lt newfqdn str gt History FortiMail v3 0 New Related topics e set policy delete RTIMNET F FortiMail Secure Mess
28. History FortiMail v3 0 New Related topics set system admin set user RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 345 user RTINET R set Use this command to configure email users user groups and user aliases in server mode Arguments must be in valid email format Syntax To set up the alias set user alias name lt name_str gt member lt addr gt lt addr gt To add new members to the alias set user alias name lt name_str gt add member lt addr gt lt addr gt To map a user to another email address set user map internal_name lt int_str gt external_name lt ext_str gt To map LDAP aliased users to a domain set user ldap map domain lt domain_name gt profile lt ldapprofile_name gt Commands Description Default alias name lt name_str gt lt name_str gt is the email alias address add_member lt addr gt lt addr gt Add new members to the specified alias lt addr gt are the email addresses of member to be added to the alias member lt addr gt lt addr gt Enter the user alias name and members for this alias Any previously existing members in the list not specified in this command are deleted from the list lt addr gt is the email address of a member map internal_name lt int_str gt external_name lt ext_str gt Enter a user
29. Moves the specified outgoing content monitor profile to a new position in the list lt new_int gt is the destination content profile number tags header enable Enable or disable the labeling of matching messages by adding a disable disable tag to the header tags htag lt tag_str gt Enter the text to be used as the tag when header tagging is enabled tags subject Enable or disable the labeling of matching messages by adding a disable enable disable tags stag lt tag_str gt tag to the subject Enter the text to be used as the tag when subject tagging is enabled History FortiMail v3 0 New Related topics set out_content modify monitor action FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set out_content modify monitor FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 259 out_policy profile delete set out_policy profile delete Use this command to delete an outgoing recipient based policy This command applies to gateway and transparent modes only Syntax set out_policy lt user_str gt delete lt user str gt is the user the policy applies to History FortiMail v3 0 New Related topics set out_policy move to e set out_policy rename to RTIMET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 260 06 30004 0420 200808 14 set out_policy modify out_pol
30. Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 user server unset user server Use this command to remove parts of the user configuration Syntax unset user lt configuration gt lt configuration gt Description alias name lt alias_str gt Delete this user alias lt alias_str gt the name of the user alias group name lt group_str gt Delete this group lt group_str gt the name of the user group ldap map domain lt domain_int gt Delete the mapping between the domain and the profile lt domain_int gt the name of the domain associated with the LDAP mapping map name lt map_str gt Delete this user map lt map_str gt the name of the user map History FortiMail v3 0 MR3 New RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 8 Ei Index index A add to bridge HA interface option 331 add virtual IP netmask HA interface option 331 administration setting timeout 338 administrator configuring 301 alertemail configuring recipient email addresses 94 deferq deferred email queue 95 antispam bounce verification 99 configuring greylist settings 103 MSISDN reputation 105 selecting action for blacklisted sender 98 setting control accounts for Bayesian training 101 setting quarantine control account names 100 trusted MTA 132 antispam profile co
31. and language for the web based manager performance Display the FortiMail unit system performance including CPU usage memory usage and uptime route table serialno Display the FortiMail unit static routing table For each route in the routing table the command displays the route number the destination IP address and netmask and the gateways and interface for each static route Display the FortiMail unit serial number snmp community Display the configuration and status of each defined SNMP community including community name status hosts queries traps and events configured snmp sysinfo Display the SNMP system information including the location description and contact information for this FortiMail unit This information is associated with the FortiMail units SNMP information when it is being managed FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 get lt item gt Description snmp threshold Displays the SNMP threshold settings for available traps such as CPU usage and memory usage status Display system status information time ntp Display the NTP configuration including whether NTP is enabled the NTP server IP address and the NTP synchronization interval time time Display the system date time time zone and whether daylight saving time is enabled usrgrp domain Display a list of the configur
32. archive account settings 227 configuring archive policy 230 configuring exemptlist 228 configuring relay server 236 configuring SMTP proxy 234 235 deferring oversize messages 237 delivery status notification DSN 238 239 241 enabling SMTP authorization 242 enabling SMTP over SSL 244 245 LDAP domain check 240 quarantine settings 247 remote archive settings 231 setting archive quota 229 setting deadmail time 232 setting email port numbers 233 maximum transportation unit MTU 334 mgmt HA interface option 330 misc profile deleting 248 enabling user accounts 250 enabling webmail access 251 renaming 252 setting disk space quota 249 mode of operation HA 321 MSISDN reputation 105 session profile 183 MTA addresses trusted 132 MTA spool directories synchronizing 319 MTU setting 334 multimedia message service MMS configuring the detection window 19 configuring the duration 19 configuring the threshold 19 enabling or disabling 19 N network file storage NFS 244 network time protocol NTP 344 O on failure HA 324 operation mode FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 RTIMET 363 RTINET 8 amp HA 327 setting 337 outgoing antispam profile configure tagging 281 configuring dictionary scans 270 configuring FortiGuard Antispam functions 273 configuring SURBL server list 280 deleting 264 enabling banned word filtering 266 enabling Bayesian fil
33. enable disable address lt addr_ip4 gt port lt port_num gt username lt username_str gt password lt pwd_str gt Keywords and Variables Description address lt addr_ip4 gt Enter the proxy IP address port lt port_num gt Enter proxy port to use username lt username_str gt Enter the web proxy user name password lt pwd_str gt Enter the web proxy password History FortiMail v3 0 New Related topics e set system autoupdate pushaddressoverride e set system autoupdate pushupdate e set system autoupdate schedule RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 8 system ddns Use this command to configure Dynamic DNS for this interface Set the domain and username using separate commands Syntax set system ddns server lt server_name gt domain lt domain_str gt ipmode auto bind interface lt intf str gt static ip lt ipv4_int gt status enable disable set system ddns server lt server_name gt username lt username_str gt password lt pwd_str gt timeout lt hours_int gt Keywords and Variables server lt server_name gt Description Select the DDNS server from the list provided e members dhs org dipdnsserver dipdns com www dnsart com members dyndns org www dyns net ip todayisp com ods org rh tzo com ph001 oray net domain lt domain str gt Ent
34. include the word train The learn is spam command becomes train is spam and the learn is not spam command becomes train is not spam To make these changes enter these commands RTINET set as control bayesian learn is spam train is spam set as control bayesian learn is not spam train is not spam au np FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 101 as control bayesian set A user with the email address user1 example com who received a spam message not marked as spam would send it to is spam example com to inform the Bayesian database of its error Similarly a good message incorrectly marked as spam would be forwarded to is not spam example com These two control address IDs are the defaults and the domain is taken from the user s email address domain The two control address IDs the administrator modified are for training the Bayesian database with messages that have not been examined by the Bayesian filter The user with the email address user1 example com would submit spam messages to train is spam example com and good messages to train is not soam example com To perform group training of the example com group database or the global database which ever is enabled without similarly training his own user database the administrator would send spam messages to train is spoam example com and good messages to train is not spam example com from training group example com
35. 20080814 121 as profile modify quarantine set as profile modify quarantine Use these commands to configure quarantine settings for an antispam profile Syntax set as profile lt name_str gt modify quarantine days lt days_int gt set as profile lt name_str gt modify quarantine queue enable disable Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify days lt days_int gt Enter the number of days to keep the quarantined email for the specified 0 profile Enter 0 to disable queue Enable or disable the storage of spam in the quarantine for the specified disable enable disable profile History FortiMail v3 0 New Related topics e set as control autorelease e set as spamreport RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 122 06 30004 0420 200808 14 set as profile modify rewrite_rcpt as profile modify rewrite_rcpt The rewrite recipient email address feature allows the FortiMail unit to change the recipient email address if the message is detected as spam Use these commands to configure the recipient email address rewrite feature Syntax set as profile lt name_str gt modify rewrite_rcpt enable disable set as profile lt name_str gt modify rewrite_rcpt set part local domain none prefix replace suffix value lt rewrite_str gt Keywords and variables Descriptio
36. 30004 0420 200808 14 RTINET amp Q auth pop3 server set auth pop3 server Use this command to create or modify the server properties of an POPS authentication profile Syntax set auth pop3 lt name_str gt server lt host_str gt lt server_ipv4 gt port lt port_int gt option ssl secure tls domain Keywords and Variables Description Default lt name_str gt This is the name of the POP3 authentication profile lt host_str gt Enter either the POP3 server host name or IP address lt server_ipv4 gt port lt port_int gt Enter the POP3 server port number 110 option ssl secure These optional settings further define the connection to the POPS server tls domain ssl enables Secure Sockets Layer SSL on the POPS server to secure message transmission e secure enables Secure Authentication on the POP3 server to secure email users passwords e tls enables Transport Layer Security TLS on the POPS server to ensure privacy between communicating applications and their users on the Internet domain select if the POP3 server requires the domain for authentication History FortiMail v3 0 New Related topics set auth pop3 rename to RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 136 06 30004 0420 200808 14 set auth radius rename to auth radius rename to Use this command to rename a Radius authentication profile
37. CLI Reference 06 30004 0420 20080814 349 userpolicy move to set userpolicy move to Use this command to move the specified policy to a new position in the policy list This command applies to server mode only Syntax set userpolicy lt name_str gt move to lt new_int gt Keywords and Variables Description Default lt name_str gt This is the name of the policy expressed with the domain lt new_int gt Enter the number value of the new position in the list History FortiMail v3 0 New Related topics set userpolicy delete set userpolicy rename to RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 350 06 30004 0420 200808 14 set userpolicy rename to userpolicy rename to Use this command to rename an existing user policy This command applies to server mode only Syntax set userpolicy lt name_str gt rename to lt new_str gt Keywords and Variables Description Default lt name_str gt This is the name of the policy expressed with the domain lt new_str gt Enter the new name of the specified policy History FortiMail v3 0 New Related topics set userpolicy delete set userpolicy move to RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 351 userpolicy rename to set RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Refe
38. CLI Reference 166 06 30004 0420 200808 14 set ip policy match transparent mode ip policy match transparent mode Use this command to set the client and server IP addresses The IP policy applies to traffic exchanged when the client connected to the server In the context of this command the client is the system initiating the connection and the server is the system receiving the connection attempt Syntax set ip policy lt policy integer gt match lt client ipv4 mask gt lt server ipv4 mask gt 0 0 0 0 0 will include all addresses Keywords and variables Description Default lt policy_int gt Enter the IP policy number lt client_ipv4 mask gt Enter the IP address and CIDR subnet of the client The address 0 0 0 0 0 0 0 0 0 0 will include all addresses lt server_ipv4 mask gt Enter the IP address and CIDR subnet of the server The address 0 0 0 0 0 History FortiMail v3 0 New Related topics e sei Ip policy match gateway and server modes FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 ip policy move ip policy move Use this command to move an IP based policy from one position in the list to another Syntax set ip policy lt policy int gt move lt new int gt Keywords and variables lt policy int gt Description Enter the IP policy number Default lt new int gt Enter the IP policy s new numb
39. Default lt name_str gt Enter the name of the antispam profile to modify enable disable Enable or disable Bayesian filtering for the specified outgoing antispam disable profile History FortiMail v3 0 New Related topics set out_profile profile modify actions set out_profile profile modify individualaction scanner RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 268 06 30004 0420 200808 14 set out_profile profile modify deepheader out_profile profile modify deepheader Use this command to enable or disable deep header scanning or for the specified profile The two separate checks that make up the deep header scan can also be individually enabled or disabled Syntax set out_profile profile lt name_str gt modify deepheader scanner enable disable set out_profile as profile lt name_str gt modify deepheader checkip enable disable set out_profile as profile lt name_str gt modify deepheader headeranalysis enable disable Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify scanner Enable or disable the deep header scan for the specified profile disable enable disable checkip Enable or disable the black IP portion of the deep header scan for the disable enable disable specified profile headeranalysis Enable or disable the headers analysis portion of the deep header scan di
40. Description Default cache status Enables or disables the FortiGuard cache enabled enabled disabled cache ttl lt ttl_int gt Sets a TTL time to live for the cache 600 lt ttl_int gt is the number of seconds blocked IP addresses are stored in the FortiMail unit s cache before contacting the FortiGuard server again hostname lt hostname_str gt Sets the FortiGuard server host name antispam fortigate com status enabled disabled Enables or disables FortiGuard service enabled History FortiMail v3 0 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set ip policy ip policy Use this command to create a new IP policy Policies are referenced by number indicating their position in the policy list Numbering starts with 0 for the first policy New policies must be created at the end of the current list the next number in sequence Syntax set ip policy lt policy int gt lt policy int gt is the IP policy number History FortiMail v3 0 New Related topics e set ip policy delete e set Ip policy move RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 LD N ip policy action set ip policy action Use this command to set the default action to be applied to a connection matching the specified IP policy Syntax set ip policy lt policy in
41. FortiMail 400 get limits domain level limits domains with 2 tier admin 25 25 500 admins per domain 5 5 5 policies per domain 40 40 40 profiles per domain 5 5 5 system level limits admin count 20 20 20 total domains 500 500 500 total user groups 100 100 100 members per user group 50 50 50 profile count 50 50 50 ip policy count 40 40 40 outgoing policy count 500 500 500 as profile count z175 175 175 av profile count SEI KETTOS 175 content profile count SLD 175 175 ip profile count 175 175 175 all shared memory size 13954552 13954552 268435456 bytes dynamic shared memory size 10273300 10273300 268435456 bytes numbers in brackets indicates value to use on next reboot numbers in square brackets indicates maximum allowable values numbers preceeded by are automatically calculated History FortiMail v3 0 MR3 New Related topics set limits domain level set limits system level general e set limits system level groups e set limits system level mail users set limits system level other profiles e set limits system level policies RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Q GH get log elog log elog FortiMail v3 0 New Use this command to display the event log messages that have been saved to local hard disk or remote syslog server S
42. Fortinet Tools and Documentation CD All Fortinet documentation is available on the Fortinet Tools and Documentation CD shipped with your Fortinet product The documents on this CD are current at shipping time For up to date versions of Fortinet documentation visit the Fortinet Technical Documentation web site at http docs forticare com Fortinet Knowledge Center Additional Fortinet technical documentation is available from the Fortinet Knowledge Center The knowledge center contains troubleshooting and how to articles FAQs technical notes a glossary and more Visit the Fortinet Knowledge Center at http kc forticare com FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET Customer service and technical support Introduction Comments on Fortinet technical documentation Please send information about any errors or omissions in this document or any Fortinet technical documentation to techdoc fortinet com Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly configure easily and operate reliably in your network Please visit the Fortinet Technical Support web site at http support fortinet com to learn about the technical support services that Fortinet provides RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814
43. HA daemon settings Other HA daemon configuration commands include set system ha config on page 313 set system ha data on page 318 set system ha datadir on page 319 and set system ha monitor on page 322 In most cases you do not have to change any of the HA daemon settings However you should change the shared password The shared password is not synchronized and must be set separately on the primary and backup units Syntax set system ha passwd lt passwd_str gt Keywords Variables Description Default lt passwd_str gt Enter a password for the HA group The password must be the same on change_me the primary and backup FortiMail units The password must be a least 1 character Example Enter the following command to set the shared password to PassW4D set system ha passwd Passw4D History FortiMail v3 0 New Related topics e set system ha config e set system ha monitor e set system ha cpeer interface peer e set system ha on failure secondary interface secondary peer set system ha remote as heartbeat set system ha data set system ha restart restore resync e set system ha datadir e set system ha rservice e set system ha Iservice set system ha takeover e set system ha mode FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 325 system ha remote as heartbeat set RTINET 326 system ha remote as h
44. If authentication is not configured clients can still attempt to authenticate though they will always fail Using this command to disable the client s ability to authenticate will prevent this situation from occurring Syntax set mailserver smtpauth smtp enabled disabled set mailserver smtpauth smtpovertls enabled disabled set mailserver smtpauth smtps enabled disabled History FortiMail v3 0 New FortiMail v3 0 MR4 Added the smtp smtpovertld and smtps options RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 242 06 30004 0420 200808 14 set mailserver smtpssl mailserver smipssl Use this command for SMTP over secure socket layer SSL Syntax set mailserver smtpssl enabled disabled History FortiMail v3 0 MR3 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N amp mailserver smtp storage mailserver smtp storage RTINET Use this command to configure local or network file storage NFS options Syntax set mailserver smtp set mailserver smtp set mailserver smtp storage local storage nfs dir lt nfs_server_dir gt storage nfs ip lt ipv4_addr gt set client lt type gt configuration e disable client This unit connects as a client to a central quarantine server e server This unit is a central quarantine server Option available only for hi
45. a device disable History FortiMail v2 8 New Related topics set log setting localset sei log setting syslog e set log policy destination event set log policy destination spam set log policy destination virus set log view fields e set log view loglevel RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 210 06 30004 0420 200808 14 set log policy destination spam log policy destination spam Use this command to enable and log spam events for a device You need to enable spam logging before selecting spam events Syntax To enable logging of spam events for a device set log policy destination console local syslog spam status enable set log policy destination console local syslog spam category detected Keywords Variables Description Default enable disable Enable or disable spam detection log output to a device disable detected none Spam logging must be enabled to be applicable OFF e detected log all instances of detected spam messages e none to clear all event categories specify none without any other event categories History FortiMail v2 8 New Related topics Set log setting localset Set log setting syslog sei log policy destination event set log policy destination virus e set log policy destination history e set log view fields set log view lo
46. as profile lt name_str gt modify deepheader headeranalysis enable disable Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify scanner Enable or disable the deep header scan for the specified profile disable enable disable checkip Enable or disable the black IP portion of the deep header scan for the disable enable disable specified profile headeranalysis Enable or disable the headers analysis portion of the deep header scan disable enable disable for the specified profile History FortiMail v3 0 New FortiMail v3 0 MR1 checkip and headeranalysis added Related topics Set as profile modify actions e set as profile modify deepheader e set as profile modify individualaction scanner e set out profile profile modify deepheader get spam deepheader RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 112 06 30004 0420 20080814 set as profile modify dictionary as profile modify dictionary Use these commands to configure dictionary scans for an antivirus profile If the any of the words appearing in the specified dictionary are detected in an email message the message is treated as spam Syntax set as profile lt name_str gt modify dictionary dict_profile lt dict_int gt set as profile lt name_str gt modify dictionary scanner enable disable Keywords and variables Description De
47. bannedwordlist lt word_str gt delete set out_profile profile lt name_str gt modify bannedwordlist lt word_str gt move to lt position_int gt set out_profile profile lt name_str gt modify bannedwordlist lt word_str gt rename to lt new_str gt Keywords and variables Description lt name_str gt Enter the name of the outgoing antispam profile to modify lt word_str gt The word entry you want to modify in the profile s banned word list lt position_int gt add Add the new banned word delete Delete the banned word move to Change the position of the word in the banned word list Each word is numbered the first is 1 the second 2 and so on lt position_int gt is the word s new position rename to lt new_str gt Change the word entry History FortiMail v3 0 New Related topics e set out_profile profile modify bannedword set out_profile profile modify actions set out_profile profile modify individualaction scanner FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 267 out_profile profile modify bayesian set out_profile profile modify bayesian Use this command to enable or disable Bayesian spam filtering for the specified antispam profile Syntax set out_profile profile lt name_str gt modify bayesian enable disable Keywords and variables Description
48. bindpw_str gt Enter the bind password no default deref never always Specify how alias dereferencing is done The values never search find are Never Always Search or Find to specify that aliases are never dereferenced always dereferenced dereferenced when searching or dereferenced only when finding the base object for the search query lt query_str gt Set the query to be used for finding a user inthe LDAP amp objectClass directory inetOrgPerson mail m schema Set the predefined directory schema depending on inetorgperson activedirectory your LDAP server type dominoperson userdefined uses the schema set with the user inetlocalmailrcpt query command inetorgperson userdefined scope one sub Set the search scope This setting determines the sub depth of search one is a single level sub is the subtree History FortiMail v3 0 New Related topics set ldap_profile profile auth e setldap profile profile group e set Idap_profile profile option e set Idap_profile profile pwd e set dap profile profile routing set dap profile profile server RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 199 ldap profile profile user set e unset dap profile RTIMNET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 200 06 30004 0420 200808 14 set limits do
49. check rewrite_helo enable disable set ip profile lt name str gt check rewrite helo custom enable disable lt helo str gt set ip profile lt name str gt check send dsn enable disable set ip profile lt name str gt check sender enable disable set ip profile name str gt check splice enable disable lt integer gt seconds kilobytes set ip_profile lt name_str gt check stop_empty_domains enable disable set ip_profile lt name_str gt check stop_encrypted enable disable set ip_profile lt name_str gt check syntax enable disable Keywords and Variables Description Default lt name_str gt Enter the name of the session profile 3_way Enable or disable message rejection if recipient and HELO domain match disable enable disable but sender domain is different This check only affects unauthenticated sessions allow_pipelining Disable enable or enable strict command pipelining no no loose no The FortiMail unit accepts only a single command at a time during strict an SMTP session loose Some SMTP command sequences are accepted and processed as a group increasing performance over high latency connections e strict Pipelining is enabled but limited to strict compliance with RFC 2920 domain Enable or disable rejection of EHLO HELO commands with invalid disable enable disable characters in the domain eom_ack Enable or disable immediately acknowledging end of message
50. command to reformat the local email disk to enhance performance after you have backed up the mail database to the log disk with execute formatmaildisk_backup This will delete your mail database Syntax execute formatmaildisk History FortiMail v3 0 New Related topics execute formatmaildisk_backup RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 execute formatmaildisk_backup formatmaildisk_backup Use this command to back up the mail database to the log disk and then format the local mail disk This will enhance performance on the mail disk Syntax execute formatmaildisk_backup History FortiMail v3 0 New Related topics execute formatmaildisk RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q Q maintain execute maintain Use this command to perform maintenance on mail queues by deleting out of date messages Syntax execute maintain mailqueue clear age lt age gt lt unit gt lt age gt messages this age or older will be cleared and can be from 1 hour to 10 years lt unit gt can be one of h d m or y for hours days months or years respectively The default is 24h Example This example will clear messages that are 23 days old and older execute maintain mailqueue clear age 23d History FortiMail v3 0 MR3 New Related topics e execute clea
51. e CRAM MD5 Keywords and Variables Description Default lt name_str gt Enter the FQDN name of the relay server No default port lt port_number gt Enter the port number to use when communicating with this relay server authentication Select enable to turn on authentication for the relay server enable disable username lt name_str gt Enter the username for the account on the relay server to be used for authentication purposes password lt pwd_str gt Enter the password for the account on the relay server to be used for authentication purposes type lt auth_type gt Select one of the types of authentication for the relay server auto History FortiMail v3 0 New RTINET F N amp FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set mailserver smtp deferbigmsg Use this command to configure the period when deferred oversized emails will start and stop being processed Deferring oversized emails can offload processing to a time of day when email traffic is not as busy Syntax set mailserver smtp deferbigmsg starttime lt hh mm gt set mailserver smtp deferbigmsg stoptime lt hh mm gt Time is in 24 hour format Keywords and Variables Description Default starttime lt hh mm gt Enter the time that oversized email will start being processed No default Time is in 24 hour format stoptime lt hh mm gt Enter the time that oversized emai
52. example Central Office 1 CLI command syntax xecute restore config lt filename_str gt Document names FortiMail Administration Guide File content lt HTML gt lt HEAD gt lt TITLE gt Firewall Authentication lt TITLE gt lt HEAD gt lt BODY gt lt H4 gt You must authenticate to use this service lt H4 gt Menu commands Go to Anti Spam gt Greylist gt Exempt and select Create New Program output Welcome Variables RTINET O e lt xxx_str gt indicates an ASCII string variable keyword lt xxx_integer gt indicates an integer variable keyword lt xxx_ipv4 gt indicates an IP address variable keyword vertical bar and braces separate mutually exclusive required keywords For example Set system opmode gateway transparent server This example indicates you can enter set system opmode gateway Or set system opmode transparent Orset system opmode server FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Introduction FortiMail documentation FortiMail documentation Information about the FortiMail unit is available from the following guides e FortiMail QuickStart Guides Provides basic information about connecting and installing a FortiMail unit A separate guide is available for each FortiMail model e FortiMail Administration Guide Introduces the product and descr
53. factory defaults Note It is recommended that you back up the FortiMail configuration before changing the opmode Syntax set system opmode gateway server transparent History FortiMail v3 0 New RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q Q N system option system option Use these commands to configure FortiMail administration including RTINET Ga Q timeout on the admin account when to start the backend user verification e web based manager language e PIN for the LCD panel the refresh interval for the GUI interface Syntax set system option optionl lt valuel gt The options and their values are as follows set admintimeout lt timeout_int gt Use this command to set the idle time out for system administration Idle Timeout controls the amount of inactive time that the web based manager waits before requiring the administrator to log in again lt timeout_int gt is the idle timeout number in minutes The default idle time out is 5 minutes The maximum idle time out is 480 minutes 8 hours To improve security keep the idle timeout at the default value of 5 minutes backend_verify lt hh mm ss gt language lt language_str gt Use this command to set the start time of the backend user verification program The time is specified in hours hh minutes mm and seconds ss It
54. following command to set the FortiMail configuration synchronization time interval to 30 minutes The command maintains the default value of the synchronization port as 20001 set system ha config 20001 30 History FortiMail v3 0 New Related topics e set system ha cpeer interface peer e set system ha on failure secondary interface secondary peer e Sei system ha data set system ha datadir set system ha Iservice Set system ha mode Set system ha monitor 06 30004 0420 20080814 set system ha passwd set system ha remote as heartbeat set system ha frestart restore resync set system ha rservice set system ha takeover RTIMNET Q Q system ha cpeer interface peer secondary interface secondary peer set RTINET Lo A system ha cpeer interface peer secondary interface secondary peer Use these commands to configure primary heartbeat interface settings for FortiMail active passive and config only HA groups You can also use these commands to optionally configure the secondary heartbeat interface settings for FortiMail active passive HA For an active passive or a config only HA group use the set system ha interface command to select the network interface to be used for the primary heartbeat and to configure the primary heartbeat local IP address and netmask For a config only HA group use the set system ha cpeer command to add the IP address of a backu
55. gt Enter the number of this SNMP community name lt name str gt Enter the name of this SNMP community queryportvl queryportv2c lt port_int gt Select the port to listen on for SNMP traffic The defaults are port 161 for v1 and port 162 for v2c queryvl_status queryv2c_status Activate or deactivate SNMP v1 and v2c traffic trapportvl_local trapportvl remote trapportv2c local trapportv2c remote lt port int gt fenable disable status Activate or deactivate this SNMP community fenable disable trapevent cpu mem Select one or more events that will generate a trap when the event occurs or logdisk maildisk when the threshold is passed The events are deferg virus spam cpu CPU usage threshold system raid ha mem Memory low threshold archive ipchg psu logdisk Logdisk space low threshold maildisk Maildisk space low threshold deferq Deferred queue threshold virus Virus threshold spam Spam threshold system System component event raid RAID system event ha HA system event archive Remote archive server event ipchg Interface IP address changed psu Power supply unit PSU event System events typically involve a change in state of hardware To set SNMP trap thresholds see set system snmp sysinfo threshold on page 342 Select the ports SNMP v1 and v2c use to send traps to SNMP monitors trapvl_status trap
56. including the system mail directory user home directories and the MTA spool directories FortiMail queues Each time you enter this command you must enable or disable synchronizing all three types of mail data Because the command does not include keywords using the command involves entering the correct enable or disable sequence in the correct order as follows First enable or disable synchronizing the system mail directory e Second enable or disable synchronizing the user home directories e Third enable or disable synchronizing the MTA spool directories FortiMail queues Synchronization of all three types of mail data is disabled by default Note Use the set system ha config command to configure HA daemon settings Other HA daemon configuration commands include set system ha config on page 313 set system ha data on page 318 set system ha monitor on page 322 and set on page 324 Syntax set system ha datadir enable disable enable disable enable disable Example Enter the following command to e Enable synchronizing the system mail directory Disable synchronizing the user home directories Disable synchronizing the MTA spool directories FortiMail queues set system ha datadir enable disable disable History FortiMail v3 0 New Related topics e set system ha config e set system ha on failure set system ha cpeer interface peer Set system ha pass
57. is in 24 hour format Use this command to set the language for the web based manager to use lt language_str gt can be one of english simplifiedchinese japanese korean or traditionalchinese ledpin lt pin_int gt Use this command to set the 6 digit personal identification number PIN on the FortiMail LCD panel Once set the PIN must be entered to make any changes from the front panel The PIN is only used when Icdprotection is enabled lcdprotection Use this command to turn on the FortiMail front panel LCD password protection To enable disable set the PIN use the Icdpin keyword refresh User this command to set or disable the GUI interface refresh interval interval none History FortiMail v3 0 New Related topics e set system admin e set system appearance FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set system route number system route number Use this command to set and configure system routing Syntax set system route lt mask_ip4 gt gwl number lt route_int gt devl auto portl dst lt route_ip4 gt lt gway_ip4 gt Keywords and Variables Description number lt route_int gt Enter the number of the route in the routing table The default route is 0 devl auto portl Sets the FortiMail traffic routing interface to auto or port1 In auto the FortiMail unit routes traffic to the interface
58. local and peer IP address for an active passive HA group This example adds a secondary heartbeat local and peer IP addresses to the FortiMail units in the previous example Enter the following commands from an active passive HA primary unit to set port 4 as the secondary heartbeat interface set the secondary heartbeat local IP address and netmask to 10 1 1 1 255 255 255 0 and set the secondary heartbeat peer IP address to 10 1 1 2 set system ha secondary interface port4 10 1 1 1 255 255 255 0 set system ha secondary peer 10 1 1 2 Enter the following commands from an active passive HA backup unit to set port 4 as the secondary heartbeat interface set the secondary heartbeat local heartbeat interface IP address and netmask to 10 1 1 2 255 255 255 0 and set the secondary heartbeat peer IP address to 10 1 1 1 set system ha secondary interface port4 10 1 1 2 255 255 255 0 set system ha secondary peer 10 1 1 1 History FortiMail v3 0 New FortiMail v3 0 MR2 Added secondary interface and secondary peer keywords that you use for configuring secondary heartbeat settings In previous versions of FortiMail you used the interface and peer keywords for configuring HA heartbeat settings In FortiMail v3 0 MR2 you use the interface and peer keywords for configuring primary heartbeat settings Related topics set system ha config set system ha data set system ha datadir set system ha Iservice set system ha mode
59. manual system time manual Use this command to set and configure system time settings manually Syntax set system time manual clock lt hh mm ss gt date lt mm dd yyyy gt dst disable enable zone lt zone_num gt Keywords and Variables Description clock lt hh mm ss gt Enter the system time by hour minute and second date lt mm dd yyyy gt Enter the system time by month day and year dst Enable or disable daylight saving time DST disable enable zone lt zone_num gt Enter the time zone by number the FortiMail unit is Use to see a list of zone names and their numbers History FortiMail v3 0 New Related topics e set system time ntp RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 343 system time ntp system time ntp Use this command to set and configure system time settings using network time protocol NTP RTIMNET Q A A Syntax set system time ntp dst disable set enable ntpserver lt ipv4 hostname gt ntpsync disable enable syncinterval lt sync_interval gt zone lt zone_num gt Keywords and Variables Description dst disable enable Enable or disable daylight saving time DST ntpserver lt ipv4 hostname gt Enters NTP server IP or hostname lt ipv4 gt is the NTP server IP address lt hostname gt is the NTP server hostname
60. map for an email address e lt int_str gt is the user s actual email address e lt ext_str gt is the address that will be remapped to the user s actual email address History FortiMail v3 0 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set user pki Use this command to configure PKI authentication for users Syntax set user pki name lt name_str gt ca lt cert_str gt set user pki name lt name_str gt domain lt domain_str gt set user pki name lt name_str gt ldapfield subject alternative cn set user pki name lt name_str gt ldapprofile lt profile_str gt set user pki name lt name_str gt ldapquery enable disable set user pki name lt name_str gt ocspaction revoke ignore set user pki name lt name_str gt ocspca lt url gt set user pki name lt name_str gt ocspverify enable disable set user pki name lt name_str gt subject lt subject_str gt Commands Description Default lt name_str gt lt name_str gt is the PKI user name ca lt cert_str gt Enter the name of the CA certificate used when validating the CA s signature of the client certificate domain lt domain_str gt Enter the protected domain to which the PKI user is assigned If Domain is System the PKI user belongs to all domains configured on the FortiMail unit disable ldapfield Enter the name of the field in the client certifi
61. modify heuristic heuristic action set av rename to 06 30004 0420 20080814 RTIMNET A Qa av rename to set av rename to Use this command to enable or disable antivirus scanning for the specified profile Syntax set av lt av_prof_name gt rename to lt newname_str gt lt av_prof_name gt is the name of the antivirus profile to rename lt newname_str gt is the new name History FortiMail v3 0 New Related topics set alertemail configuration mailto e set alertemail deferq e set av modify heuristic heuristic_action set alertemail setting option FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 146 06 30004 0420 200808 14 set console Use set console to configure console settings Syntax set console baudrate 9600 19200 38400 57600 115200 mode batch line page lt line_int gt Commands Description baudrate 9600 19200 Sets the console baudrate 38400 57600 115200 mode batch line Sets the console mode to batch or line The default setting is line page lt line_int gt Sets the number of lines that appear on each page of command line console output The default setting is 25 You can set this value to 0 to allow output to flow without paging e lt line_int gt is the number of lines that appear on each page of command line console output History FortiMail v3 0 New Related topics e set system appea
62. modify in the profile add Add the new DNSBL server delete Delete the DNSBL server move to lt new_int gt Change the position of the DNSBL server in the server list Each entry is numbered the first is 1 the second 2 and so on lt new int gt is the entry s new position rename to lt new_str gt Change the DNSBL server hostname History FortiMail v3 0 New Related topics e set out profile profile modify dnsbl set out_profile profile modify actions set out_profile profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 272 06 30004 0420 20080814 set out_profile profile modify fortishield out_profile profile modify fortishield Use these commands to configure FortiGuard Antispam functions for an outgoing antispam profile Syntax set out_profile profile lt name_str gt modify fortishield checkip enable disable set out_profile profile lt name_str gt modify fortishield scanner enable disable Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify checkip Enable or disable FortiGuard Antispam IP address checking for the disable enable disable specified profile scanner Enable or disable FortiGuard Antispam scanning for the specified profile disable enable disable History FortiMail v3 0 New Related topi
63. netmask for the interface or add a virtual IP and netmask For FortiMail units operating in transparent mode you can also configure how the FortiMail management interface mgmt configuration is changed by HA Also in transparent mode you can add individual network interfaces to the FortiMail transparent mode bridge Note Using the add option to add a virtual IP address to a FortiMail interface gives the interface two IP addresses the virtual IP address and the actual IP address The interface can receive traffic sent to both of these IP addresses Normally you would configure your network MX records firewall policies routing and so on so that clients and mail services use the virtual IP address All replies to sessions with the virtual IP address include the virtual IP address as the source address All replies to sessions with the actual IP address include the actual IP address as the source address All outgoing sessions that originate from this interface also use the virtual IP address of the interface and not the actual IP address This means that all outbound mail or relayed mail packets sent from a FortiMail primary unit interface configured with a virtual IP address will have the virtual IP address of the primary unit interface as the source IP address If you are using this interface to send outgoing email you should configure your network devices such as NAT firewalls to process traffic from the virtual primary unit interface IP addres
64. no initial error delay subsequent errors use the initial delay the link will lists sender white 1 sender black 1 recipient whit recipient blac not disconnect because of errors ist checking is disabled ist checking is disabled e list checking is disabled k list checking is disabled sender reputation sender reputation list checking is disabled RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 kd Q ip profile get History FortiMail v3 0 New Related topics e getip policy RTIMNET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Dd A get ldap profile Idap profile Use this command to display all the settings of the specified LDAP profile Syntax get ldap profile profile lt name str gt lt name_str gt Is the LDAP profile name To see alist of LDAP profiles enter get ldap profile profile History FortiMail v3 0 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q Qa limits get limits Use this command to display all the settings of the limits command Syntax get limits lt name_str gt is the LDAP profile name To see alist of LDAP profiles enter get ldap_profile profile Example If you enter the gets limits command on a FortiMail 400 unit the output will be similar to this
65. reliability maximize reliability throughput maximize throughput ttl lt TTL_integer gt Enter the time to live TTL value 64 validate reply yes no Enter yes to validate ping replies no view settings View the current ping option settings N A History FortiMail v3 0 New Related topics execute ping RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Co amp execute reboot reboot Use this command to restart the FortiMail unit Syntax execute reboot History FortiMail v3 0 New Related topics execute reload RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 La reload execute reload If you set your console to batch mode use this command to flush the current configuration from system memory and reload the configuration from a saved configuration file Syntax execute reload History FortiMail v3 0 New Related topics execute reboot RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 A Q execute restore restore Use this command to restore system configuration or firmware from a TFTP server Syntax xecute restore config image lt name_str gt lt server_ipv4 gt Enter config to restore system settings or image to restore system firmware image lt name_str gt is the name of the co
66. reportconfig domain set log reportconfig mailto e set log reportconfig qry Set log reportconfig schedule hour RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N set log reportconfig qry log reportconfig qry Use this command to enable the type of query you want included in the report such as email statistic messages by day Syntax To enable queries for the report set log reportconfig lt reportconfigname gt lt qry gt lt query strl gt lt query str2 gt lt query str3 gt enable disable Keywords Variables Description Default lt qry gt lt query strl gt Enable to include the specified query type in the report disable Enter at the end of the command syntax to list all the query types the sets they belong to and the current status of each lt query str2 gt lt query str3 gt enable disable History FortiMail v2 8 New Related topics e set log setting localset set log setting syslog sei log reportconfig direction sei log reportconfig domain set log reportconfig mailto Set log reportconfig period sei log reportconfig schedule hour RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 217 log reportconfig schedule hour log reportconfig schedule hour Use this command to schedule when the report is
67. session profiles that can be created History FortiMail v3 0 MR3 New Related topics e set limits domain level e set limits system level general e set limits system level groups set limits system level mail users e set limits system level policies e get limits RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 205 limits system level policies set limits system level policies Use this command to fine tune the policy related maximum values on your FortiMail unit The syntax requires the two values be entered every time the command is executed Even if you only want to change one value both must be entered Entering 0 for any value resets it to the default The new values will take effect when the FortiMail unit is restarted Syntax set limits system level policies lt ip_int gt lt outgoing_int gt Keywords and Variables Description Default lt ip_int gt Enter the maximum number of IP based policies that can be created lt outgoing_int gt Enter the maximum number of outgoing recipient based policies that can be created History FortiMail v3 0 MR3 New Related topics set limits domain level set limits system level general e set limits system level groups e set limits system level mail users set limits system level other profiles e get limits RTINET F FortiMail Secure Messaging Platform Vers
68. tag the message subject History FortiMail v3 0 New Related topics set out_profile profile modify actions FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 277 out_profile profile modify scanoptions set out_profile profile modify scanoptions Use these commands to configure scanning options for an outgoing antispam profile Syntax set out_profile profile lt name_str gt modify scanoptions attachment_type pdf enable disable set out_profile profile lt name_str gt modify scanoptions bypass_on_auth enable disable set out_profile profile lt name_str gt modify scanoptions maxsize lt size_int gt Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify attachment_type pdf Enable to allow the FortiMail unit scan the first page of PDF attachments disable enable disable The PDF option allows the heuristic banned word and image spam scanning techniques to examine the contents of PDF files If none of these three scanners are enabled the PDF option will have no effect bypass_on_auth Enable or disable the bypassing of spam scanning when an SMTP disable enable disable sender is authenticated maxsize lt size_int gt Enter the maximum message size in bytes that the FortiMail unit will 0 scan for spam Messages with sizes exceeding the set limi
69. that apply the rule with the lowest number will be processed first Syntax set mailserver access rule lt number gt set sender_pattern lt pattern_str gt yes no recipient_pattern lt pattern_str gt yes no ip_mask lt ipv4_addr gt lt netmask gt reverse_dns_pattern lt pattern_str gt yes no authenticated yes no tlsprofile lt profile_str gt action relay bypass reject discard set mailserver access rule lt number gt move lt to gt set mailserver access rule lt number gt delete Keywords and Variables Description Default rule lt number gt Enter the number for this rule Numbers are used for processing order of the rules lowest numbers first set move Select one of set move or delete to change mailserver access delete e set Select to configure an access rule move Select to change when this rule is processed e delete Select to remove a rule from the list sender_pattern A complete or partial sender address to match for this rule lt pattern str gt fyes no Select yes to use regular expression syntax as part of the pattern recipient pattern A complete or partial sender address to match for this rule lt pattern str gt ip mask Enter the IP address and netmask of the sender lt ipv4 addr gt lt netmask gt reverse dns pattern complete or partial DNS entry match for this rule lt pattern str gt authenticated Enter yet to have th
70. the FortiMail Administration Guide for more information about HA and storing mail data on a remote NAS server Syntax set system ha data lt data port integer gt lt timeout integer gt Keywords Variables Description Default lt data port integer gt The TCP port used for synchronizing FortiMail data 20002 lt timeout integer gt How often data synchronization occurs The minimum 30 lt timeout integer gt 15 minutes The maximum data synchronization time is 999 minutes If lt timeout integer gt is setto 0 data is not synchronized Example Enter the following command to set the FortiMail data synchronization time interval to 100 minutes The command maintains the default value of the synchronization port as 20002 set system ha config 20002 100 History FortiMail v3 0 New Related topics e set system ha config e set system ha on failure set system ha cpeer interface peer Set system ha passwd secondary interface secondary peer set system ha remote as heartbeat e set system ha datadir set system ha restart restore resync e set system ha Iservice set system ha rservice set system ha mode e set system ha takeover e set system ha monitor FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set system ha datadir system ha datadir 8 gt Use this command to enable or disable synchronizing FortiMail mail data
71. the primary unit to 1040 041 In an active passive HA group primary local ipv4 of the backup unit must match primary peer ipv4 of the primary unit Normally you would set primary local ipv4 on the backup unit to 10 0 0 2 In a config only HA group you would normally set primary local ipv4 on the first backup unit to 10 0 0 2 primary local ipv4 on the second backup unit to 10 0 0 3 primary local ipv4 on the third backup unit to 10 0 0 4 and so on lt primary interface str gt The name of the network interface to be used for the primary heartbeat The default primary heartbeat interface is the network interface with the highest number In most cases you would not have to select a different network interface lt primary peer ipv4 gt The primary heartbeat IP address for the other FortiMail 10 0 0 2 unit in the HA group This is the IP address that the 255 255 255 0 FortiMail unit primary heartbeat expects to be able to connect to find the other FortiMail unit in the HA group primary peer ipv4 of the primary unit must match the primary local ipv4 of the backup unit Normally you would set primary peer ipv4 on the primary unit to 10 0 0 2 primary peer ipv4 of the backup unit must match the primary local ipv4 of the primary unit For an active passive or a config only HA group you would set primary peer ipv4 of the backup unit or units to 10 0 0 1 lt secondary local ipv4 gt In an active passive HA group the secondary he
72. when the quota is reached noarchive to stop archiving when the quota is reached rotatesize Enter the size in megabytes at which the email archiving mailbox will 100 lt size_int gt be rotated lt size_int gt is the email archiving mailbox rotation size in megabytes The allowed range is from 10 to 200 rotatetime Enter the email archiving mailbox rotation time in days G time int gt e lt size_int gt is the increment after which the archive mailbox is rotated The allowed range is from 1 to 365 days status enable Enable or disable email archiving disable disable History FortiMail v3 0 New Related topics set mailserver archive exemptlist set mailserver archive local quota set mailserver archive policy set mailserver archive remote FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTIMET 227 mailserver archive exemptlist set mailserver archive exemptlist Use this command to configure the exemptlist and exemptlist entries Syntax set mailserver archive exemptlist exemptid lt id_int gt content lt content_str gt set mailserver archive exemptlist exemptid lt exemptid_str gt status enable disable set mailserver archive exemptlist exemptid lt exemptid_str gt type sender recipient spam set mailserver archive exemptlist move lt position_int gt to lt new_int gt Keywords and Variables Description Def
73. 0004 0420 20080814 RTIMET RTINET Contents System fortimanager rrssvvrnnnnnnnvvnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnneen 312 system Jet 313 system ha cpeer interface peer secondary interface secondary peer 314 system Be CD 318 VG E EC LTE 319 system ha IServiCe rrrnnnsavnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnneen 320 VEER E 321 system h un LE 322 system ha on failure s rnnnnnnnvvnnnnnnnnvvnnnnnnnnvvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnenennnnnnnenenn 324 system h PASSW D 325 system ha remote as heartbeat rnrnavvnnnnnnnnnvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennn 326 system ha restart restore reSYNC es 327 system ha rserViCe rrnnnnnvnvnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnneenr 328 system ha takeover rnnnnnnnvennrnnnnnvennnnnnnnvennnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnveene 330 system hostname os 333 system interface CONFIG ernnnnnnvvvnnnnnnnnvvnnnnnnnnvvnnnnnnnnvnnnennnnnnnnnnnnnnnnnnnennnnnnnenenr 334 system interface mode dhcp ssrnnnnnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnvnnnnnnnnnennnnnnnnnnnenennn 335 system interface mode static rrnnnnnnnvvnnnnnnnnvvvnnnnnnnvvennnnnnnnvennnnnnnnvvennnnnnnveenennn 336 system opmode asirese EENEG 337 system op HO 338 system route Number nssrennnnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnennnnnnnnnennnnnnnenennnnnnnenenr 339 syst
74. 04 0420 200808 14 get mailserver systemquarantine Use this command to display the system quarantine settings The system quarantine is used for mail matching content profiles Syntax get mailserver systemquarantine Example FortiMail 400 system content system content system content system content system content mailserver systemquarantine get mailserver systemquarantine quarantine quarantine quarantine quarantine quarantine When reaching disk quota History FortiMail v3 0 New Related topics get mailserver get mailserver access get mailserver archive get mailserver localdomains get mailserver smtp account forward disk quota rotate size rotate time FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 systemquarantine 1 GB 100 Megabytes 7 Days Overwrite RTINET ES a misc profile get misc profile Use this command to display the misc profile settings Available in server mode only Syntax get misc lt profile name gt If you do not specify a profile name the command displays information for all misc profiles Example FEServer get misc profile misc_def Misc profiles id 0 name misc_def User Account Status enabled Webmail Access enabled disk quota 100 History FortiMail v3 0 New RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 0
75. 0420 20080814 Q telnettest execute telnettest Use this command to attempt a telnet connection to the specified host IP address Syntax xecute telnettest lt host_ipv4 port gt If you do not specify a port number port 23 is used History FortiMail v3 0 New RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 44 06 30004 0420 200808 14 execute traceroute traceroute Use this command to trace the route to the specified host IP address Syntax xecute traceroute lt host_ipv4 gt History FortiMail v3 0 New Related topics execute maintain e execute ping RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 A Qa update contig execute update config Use this command to request a configuration update from the FortiManager server Syntax execute update config History FortiMail v3 0 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 A execute updatecenter updatenow updatecenter updatenow Use this command to manually initiate a virus definition update Syntax execute updatecenter updatenow History FortiMail v3 0 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 47 updatecenter updatenow execute RTINET ES FortiMail Secure Messaging Plat
76. 14 RTIMET Q RTINET A Contents Sn 42 SIMUPTOS Ee ee 43 LET IgG EE seteceeeeercdeeees sectecuediik 44 Ur UE 45 update cohfig EE 46 updatecenter updatenow rnnnnsnnvennnnnnnvnnnnnnnnnvennnnnnnvnennnnnnnnennnnnnnnnennnnnnnnennnnnnnne 47 EE ee ee 49 alertemail configuration s rrnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnvnnnnnnnnnnnennnnnnnnennnnnnnvnennnnnn 50 lertemail setting E 51 TT 52 EE 53 AU e 56 UN 57 OO 58 el UE 59 TSI SiatUS ee 60 IP PONCV eege eege Ee 61 62 ID DO 63 ldap profile nn 65 Ju 66 109 ClOG DE 67 log 1ogsetting 2a2 erect ese AAAA 68 log MSIS dnns 69 log POl E 70 ole Ka 1 ET 71 l g reporteoniig sanere en 72 log We 73 IST 74 mailserver EE 75 mailserver e UC 76 mailserver localdomains ssrnnnnnnnnnvnnnnnnnnnvnnnnnnnnnennnnnnnnnnnennnnnnnvnennnnnnnenennnnnnner 77 mailserver Cu UE 78 mailserver SySteMQUAarAantiNne eecccecceceeeeceeeeeneeeeeeeeeeeeeeeseeseeseeeeeseenseesennens 79 OU 80 OUL CONTENE ME aaa raada aana iaaa aai 81 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Contents OUL DON EE EE Eee 82 OUT DOE EE 83 OIC 84 spam deepheader en 85 spam heuristic rules snr asiaani ni renan eae aea aaaea a ea SA Ea Han aaa eaa NEEN 86 spam retrieval POlicy rrnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnr 87 System 88 US EE ee ENEE 90 ISOM ON CY geess 91 EEE E E E EE ee Ee ENK
77. 14 set out_profile profile modify whitelistword out_profile profile modify whitelistword Use this command to enable or disable whitelist word checking in the specified outgoing antispam profile Syntax set out_profile profile lt name_str gt modify whitelistword enable disable By default this setting is disabled History FortiMail v3 0 MR3 New Related topics set out_profile profile modify whitelistwordlist RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N Go Q out profile profile modify whitelistworadlist RTIMNET X S out_profile profile modify whitelistwordlist Use this command to add delete or modify whitelist words for the specified antispam profile Syntax set out_profile profil add subject enable set out_profile profil change body enable set out_profile profil subject enable disable chang disable body enable disable disable le lt name_str gt modify whitelistwordlist lt word_str gt le lt name_str gt modify whitelistwordlist lt word_str gt le lt name_str gt modify whitelistwordlist lt word_str gt set out_profile profile lt name_str gt modify whitelistwordlist lt word_str gt change word lt new_str gt set out_profile profile lt name_str gt modify whitelistwordlist lt word_str gt delete set out_profile profile lt name_str gt modify w
78. 200808 14 RTIMET 311 system fortimanager RTINET F Co N system fortimanager Use this command to configure FortiManager support Syntax set system fortimanager autobackup enable set system fortimanager central management set system fortimanager initiate enable set system fortimanager ip lt ipv4 gt Keywords and Variables Description set autobackup enable disable When enabled the FortiMail unit will send a configuration backup to the FortiManager unit every time an administrator logs out of the FortiMail web based manager The FortiManager units saves these configuration backup files central management Enable to allow a FortiManager unit to manage your FortiMail unit enable disable initiate enable disable When enabled the FortiMail unit accepts configuration updates from the FortiManager unit ip lt ipv4 gt Enter the IP address of the FortiManager unit History FortiMail v3 0 MR4 New Related topics set system interface config set system interface mode dhcp e set system route number FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set system ha config system ha config FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference Use this command to change the TCP port and time interval for synchronizing the FortiMail configuration Note Use the set system ha config comma
79. 200808 14 as RTIMET ES 8 as RTIMET ES g action default use personal database disabled Accept training from users disabled Use other techniques for auto training disabled Deepheader filtering disabled action default check black ip enabled headers analysis enabled Dictionary filtering disabled action default dictionary profile unknown 1 disabled FortiGuard Antispam filtering action default FortiGuard Antispam checkip Dnsbl server lookup disabled action default Surbl server lookup disabled action default Banned word scanning disabled action default disabled Whitelist word scanning disabled Greylist message senders disabled Treat message with virus as spam disabled action default Check forged IP in incoming emails disabled action default Check image spam in incoming emails disabled action default Check image spam aggressively disabled Scan conditions maxsize 0 bypass_on_auth attachment types pdf disabled Actions discard reject disabled subject tagging disabled tag header tagging disabled tag quarantine is enabled auto delete nabled number of days 7 auto release of quarantined emails by email disabled auto release of quarantined emails by web disabled add the sender of a released message to personal white list disabled allow users to aut
80. 30004 0420 20080814 get ip policy ip policy Use this command to list information about IP policies Syntax get ip policy lt policy number gt If you do not specify a policy number the command provides a list of the IP policies by name and number If you specify a policy number the command lists detailed information about that policy Example FortiMail 400 get ip policy 0 smtpin configuration 0 matches from 0 0 0 0 0 to 0 0 0 0 0 action SCAN ip profile session_strict exclusive this profile can be overriden by a recipient profile SMTP is disabled and difference are NOT allowed History FortiMail v3 0 New Related topics e get ip_profile RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 kd ip pool get ip pool Use this command to list information about IP pool policies Syntax get ip pool lt name str gt If you do not specify a policy name the command returns a list of the IP pool policies by name and ID number If you specify a policy name the command lists the IP ranges defined in the policy History FortiMail v3 0 MR3 New Related topics e get ip_profile setip pool e sei Ip pool add entry RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 get ip_ profile ip profile Use this command to list information about IP profiles Sy
81. 6 30004 0420 200808 14 Q get out_content out_content Use this command to display outgoing content profile settings Syntax get out_content lt name_str gt lt name_str gt Is the name of an outgoing content profile If you do not specify a profile the command shows the settings of all outgoing content profiles History FortiMail v3 0 New Related topics e get out policy e get out profile RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 out_policy get out_policy Use this command to display outgoing recipient based policy settings Syntax get out_policy lt name_str gt lt name_str gt is the name of an outgoing policy If you do not specify a policy the command shows the settings of all outgoing policies History FortiMail v3 0 New Related topics get out_content get out_profile RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 8 get out_profile out_profile Use this command to display outgoing antispam profile settings Syntax get out_profile lt name_str gt lt name_str gt Is the name of an outgoing antispam profile If you do not specify a profile the command shows the settings of all outgoing profiles History FortiMail v3 0 New Related topics get out_content get out_policy RTINET FortiMail Secure Messaging Platform
82. 69 pp 170 ip pool add ent ysna 171 ip pool ER Un EE 172 ip pool delete creca 173 EE DE 174 ip profile Check eene ENTENTE EE ee 175 ip profile COMMECTION rrsnsnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnunnnnnnnn 177 ip profile delete ernensnis EES ENEE NEE ceesceceettedenenees seeeekeses d 178 ip hole OF 179 ip profile headermanipulation ee 180 ip profite imitesas AEE EER 181 182 ip profile mms reputation rnnnnnnvvnnnnnnnnvnnnnnnnnnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnenn 183 ip profile rename rrssvnnnnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnee 184 ip profile senderreputation sssrnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 185 ip profile sendervalidation r srnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnnn 186 ip profile setting rate cCoOntrOl smrnnnnnnnnvnnnnnnnnvnnnnnnnnnenennnnnnnvennnnnnnnennnnnnnner 188 Idap profile profile ASAV rnsvrnnnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnennnnnnnnnnnnnnnnnnennnnnnnnner 189 Idap profile clearallcache rrnnnnnnnvnnnnnnnnnnvnnnnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnner 190 Idap profile profile auth ssrrrrnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnennnnnnnnnennnnnnnnnennnnnnnner 191 Idap profile profile clearcaChe ss rrrnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnennnnnnnner 192 Idap profile profile fallback SErver sssrrrun
83. Addresses on this list will be ignored by certain FortiMail antispam scans mta delete Enter an IP address mask to delete from the MTA list lt ipv4_mask gt History FortiMail v3 0 MR3 New Related topics e set as profile modify fortishield e set as profile modify dnsbl e sei Ip profile sendervalidation RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 132 06 30004 0420 200808 14 set auth imap rename to auth imap rename to Use this command to rename an IMAP authentication profile Syntax set auth imap lt name_str gt rename to lt new_str gt Keywords and Variables Description Default lt name_str gt This is the name of the IMAP authentication profile lt new_str gt Enter the new name of the IMAP authentication profile History FortiMail v3 0 New Related topics set auth imap server RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 133 auth imap server set auth imap server Use this command to create or modify the server properties of an IMAP authentication profile Syntax set auth imap lt name_str gt server lt host_str gt lt server_ipv4 gt port lt port_int gt option ssl secure tls domain Keywords and Variables Description Default lt name_str gt This is the name of the IMAP authentication profile lt host_str gt Enter either t
84. CLI Reference 06 30004 0420 20080814 Q ldap profile profile group set Idap profile profile group Use these commands to configure an LDAP group query Syntax set ldap profile profile lt name str gt group groupstate enable disable set ldap profile profile lt name str gt group groupstate enable disable virtual enable disable memberofattribute lt attr str gt relativename fenable disable basedn lt basedn str gt groupnameattribute lt grp str gt Keywords and Variables Description Default lt name str gt Enter the name of the LDAP profile groupstate enable disable Enable or disable group LDAP queries disable virtual enable disable Enable this option to specify any LDAP tree node Any node disable that falls under the specified tree node will be considered a member of the group Since the specified node isn t defined as a group in the LDAP database the FortiMail unit sees it as a sort of virtual group membershipattribute Enter the user attribute that defines the groups the user lt attr str gt belongs to For example this attribute is memberof for Active Directory servers relativename enable With the appropriate information entered the admin need disable disable only enter the LDAP group name when creating a recipient based policy for example If this option is disabled the group name attribute group name and group base DN must be specified in the pol
85. ED mode the FortiMail unit uses remote service monitoring to attempt to connect to the other FortiMail unit in the HA group which should be operating as the primary unit with effective operating mode of MASTER If you fix the problem that caused the failure the failed FortiMail unit recovers by changing its effective operating mode to SLAVE The failed FortiMail unit then synchronizes the content of its MTA spool directories to the FortiMail unit operating as the primary unit The primary unit can then deliver this email Example Enter the following command to configure a FortiMail unit to switch to FAILED effective operating mode and when restored to change the effective operating mode to SLAVE set system ha on failure slave History FortiMail v3 0 MR2 New Related topics e set system ha config e set system ha monitor set system ha cpeer interface peer e set system ha passwd secondary interface secondary peer set system ha remote as heartbeat set system ha data set system ha restart restore resync e set system ha datadir e set system ha rservice set system ha lservice set system ha takeover e set system ha mode FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set system ha passwd system ha passwd 8 NE Use this command to Change HA group shared password Note Use the set system ha config command to configure
86. EN Ces 93 alertemail configuration mailto errnnnnnnvvnnnnnnnnvvennnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 94 alertemail deferg EE 95 alertemail setting Option sernnnnnnnvvnnnnnnnnvennnnnnnnvvnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 96 Ty EEE EE EE EE 97 s blacklistacti on dnne denenedueveisdsennnendetdnaneg 98 as bounteverily ossi eege eee eier 99 as control autorelease ssrrrrrnnnvennnnnnnnvvennnnnnnenennnnnnnnnennnnnnnnnnnnnnnnnnennnnnnnneenn 100 as control bayesian ee 101 as ITT EE 103 as mms FE PULAU ON E 105 as profile delete sisirin initaneti ntececeneecvewssussenecundensteeteriendeed sees 106 as profile modify ACTIONS 0 ceececeeeeeeeeeeeeeeeee ee eeeeneeeeeseeeneeseeseeeneeseeseeteeeees 107 as profile modify auto releaSse ee 108 as profile modify bannedword ssrrennnnsnvvnennnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnnnnnnnnnenn 109 as profile modify bannedwordlist ee 110 as profile modify bayesian rrrrnsnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnenr 111 as profile modify deepheader rrrrrnnrnnnnnnnnnnnnvnvennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 112 as profile modify dictionary rssrennnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnenn 113 as profile modify dnsbl ssrernnnnnnnvnennnnnnnvennnnnnnnvennnnnnnnnennnnnnnnnennnnnnnnnennnnnnneenn 114 as profile modify dnsbIServer s rrrrrrsssvrnnnnnnnnvnnnnnnnnnnennnnnnnnnnnnnnnnnnnennnnnnnnnenr 115 a
87. FortiMail v3 0 New Related topics sei dap profile profile auth sei dap profile profile fallback server e setldap profile profile group e set dap profile profile option e setldap profile profile pwd e setldap profile profile routing sei dap profile profile user e unset dap profile FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 198 06 30004 0420 200808 14 set ldap profile profile user Idap profile profile user Use these commands to configure user query options for the FortiMail unit to query the LDAP server Syntax set ldap profile profile lt name str gt user basedn lt basedn str gt set ldap profile profile lt name str gt user binddn lt binddn str gt set ldap profile profile lt name str gt user bindpw lt bindpw str gt set ldap profile profile lt name str gt user query lt query str gt set ldap profile profile lt name str gt user schema activedirectory dominoperson inetlocalmailrcpt inetorgperson userdefined set ldap profile profile lt name str gt user scope one sub Keywords and Variables Description Default lt name str gt Enter the name of the LDAP profile basedn lt basedn str gt Enter the distinguished name DN that will be the no default default point from which LDAP directory lookups will occur binddn lt binddn_str gt Enter the bind DN of an account with the rights to no default complete the required LDAP queries bindpw lt
88. MET 127 as profile modify virus set as profile modify virus Use this command to enable or disable treating messages with a virus as spam Syntax set as profile lt name_str gt modify virus enable disable By default this setting is disabled History FortiMail v3 0 New Related topics e set as profile modify actions e set as profile modify individualaction scanner RTIMNET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 X set as profile modify whitelistword as profile modify whitelistword Use this command to enable or disable white list word checking in the specified incoming antispam profile Syntax set as profile lt name_str gt modify whitelistword enable disable By default this setting is disabled History FortiMail v3 0 MR3 New Related topics set as profile modify whitelistwordlist RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N as profile modify whitelistworalist RTINET 130 as profile modify whitelistwordlist Use this command to add delete or modify white list words for the specified antispam profile Syntax set as profile lt name_str gt modify whitelistword enable disable body enable disable set as profile lt name_str gt modify whitelistword enable disable set as profile lt name_str gt modify whitelistword
89. MR4 CLI Reference 06 30004 0420 20080814 NS policy modify fallback set policy modify fallback Use this command to set the fallback host for the specified domain An optional fallback host port number may be specified This command is available in gateway and transparent modes only Syntax set policy lt fqdn_str gt modify fallbackhost lt host_ipv4 gt fallbackport lt port_int gt Keywords and Variables Description fallbackhost lt host_ipv4 gt Enter the IP address of the fallback host for this domain fallbackport lt port_int gt Optionally enter the fallback host port number History FortiMail v3 0 New RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 290 06 30004 0420 200808 14 set policy modify ip policy modify ip Use this command to set the SMTP server IP of the email server for the specified domain This command is available in gateway and transparent modes only Syntax set policy lt fqdn_str gt modify ip lt server_ipv4 gt lt server_ipv4 gt the IP address of the email server for this domain History FortiMail v3 0 New RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 291 policy modify is_subdomain set policy modify is subdomain Use this command to set whether the specified domain is a subdomain This command is available in gateway and transparent modes only Enable is s
90. Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Go Q policy get policy Use this command to display incoming recipient based policies for domains This is available only in transparent and gateway modes Syntax get policy lt fqdn gt lt fqdn gt is the domain s fully qualified domain name If you do not specify a domain the command shows the policies of all domains History FortiMail v3 0 New Related topics get out_policy RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 g get spam deepheader Use this command to display the deep header scan settings Syntax get spam deepheader Example FortiMail 400 get spam deepheader Deep header scanner setting Confidence degree 95 000000 IP list of trusted server Trusted IP list History FortiMail v3 0 MR1 New Related topics set as profile modify deepheader set out profile profile modify deepheader FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 spam deepheader RTIMNET Go Qa spam heuristic rules get RTINET kd spam heuristic rules Use this command to display the total number of heuristic antispam rules The number of rules can change as the FortiGuard service updates the heuristic rule set Syntax get spam heuristic rules Example FortiMail 400 get spam heuristic ru
91. _Virus_Domain_by_Hour_of_Day The total number of query reports displays at the bottom of the list Syntax get log query History FortiMail v3 0 New Related topics e set log reportconfig qry RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 71 log reportconfig get log reportconfig Use this command to display the settings in a saved log report configuration The two default reports that become available after setting up your FortiGate unit with the quick start wizard are also available for this command Syntax get log reportconfig lt config_name_str gt lt predefined_report_yesterday gt lt predefined report_last_week gt lt config_name_str gt is the log report configuration name For a list of all saved log report configurations enter as the name History FortiMail v3 0 New FortiMail v3 0 MR3 The keywords predefined_report_yesterday and predefined_report_last_week were added Related topics set log reportconfig direction set log reportconfig domain set log reportconfig mailto set log reportconfig period Set log reportconfig qry sei log reportconfig schedule hour RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 72 06 30004 0420 200808 14 get log view Use this command to display what columns display in Log amp Report gt Logging for event history spa
92. ackup unit assumes that the primary unit has failed and becomes the new primary unit Syntax set system ha lservice ports hd lt check_time_integer gt lt retries_integer gt Keywords Variables Description Default ports hd Enter ports to configure primary unit network interface monitoring Enter hd to configure primary unit hard drive monitoring lt check_time_integer gt The check time interval in seconds to wait between checks of the 0 interfaces or the hard drives The check time interval range is 1 to 60 seconds Set the check time interval to 0 to disable interface or hard drive monitoring oO lt retries_integer gt The number of consecutive times interface monitoring or hard drive monitoring detects a failure before the primary unit changes its effective operating mode to off The number of times the check fails range is 1 to a very high number Set the number of times the check fails to 0 to disable interface monitoring or hard drive monitoring Example Enter the following command to set primary unit interface monitoring to check the interfaces every 30 seconds and to change the primary unit effective operating mode to off if interface monitoring fails 10 consecutive checks set system ha lservice pprts 30 10 History L FortiMail v3 0 New Related topics C set system ha config e set system ha monitor Set System ha cpeer interface peer e set system ha on
93. aging Platform Version 3 0 MR4 CLI Reference 298 06 30004 0420 200808 14 set spam deepheader spam deepheader Use this command to configure the header analysis settings of the deep header scan feature Syntax set spam deepheader confidence lt confidence_int gt Keywords and Variables Description Default confidence Enter the confidence value above which a message will be considered 95 0000 lt confidence int gt spam The header analysis scan will examine each message and calculate a confidence value based on the results of the decision tree analysis The higher the calculated confidence value the more likely the message is really spam The header analysis adds an x FEAS DEEP HEADER line to the message header that includes the message s calculated confidence value History FortiMail v3 0 MR1 New FortiMail v3 0 MR3 Removed iptrusted and servertrusted keywords Related topics e set as profile modify deepheader set out_profile profile modify deepheader get spam deepheader RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 299 spam retrieval policy set spam retrieval policy Use this command to enable or disable authentication for a user on the specified domain to retrieve spam from the FortiMail unit using POP3 or HTTP Syntax set spam retrieval policy lt fqdn str gt user lt user str gt auth imap
94. ailure Use this command to control the behavior of a FortiMail unit in an active passive HA group when remote service monitoring detects a failure In most cases you should set On Failure to wait for recovery and then assume slave role In this mode when service monitoring detects a failure the FortiMail unit effective operating mode changes to FAILED In FAILED mode the FortiMail unit and can automatically recover switch to the SLAVE effective operating mode and synchronize MTA spool directories with the other FortiMail unit which should be operating in the MASTER effective operating mode Syntax set system ha on failure off restore slave Keywords Variables Description Default off After a failure the FortiMail unit effective operating mode changes to OFF The FortiMail unit will not process mail or join the HA group until you manually change the FortiMail unit effective operating mode to MASTER primary or SLAVE backup restore Similar to slave the FortiMail unit effective operating mode changes to FAILED when remote service monitoring detects a failure However in this case on recovery the failed FortiMail unit effective operating mode switches back to its configured operating mode This behavior may be useful in some scenarios but may cause problems in others slave The FortiMail unit effective operating mode changes to FAILED when remote service or local network interface service monitoring detects a failure In FAIL
95. ainkey enable disable set ip_profile lt name_str gt sendervalidation signing enable disable set ip_profile lt name_str gt sendervalidation spf enable disable Keywords and Variables Description Default lt name_str gt Enter the name of the session profile authenticated enabl Only available when DKIM signing is enabled this setting will limit disable disable DKIM message signing to senders who authenticate with the FortiMail unit bypassbounceverify If bounce verification is enabled select bypass bounce verification for disable enable disable connections matching this policy This bypass does not prevent the tagging of outgoing messages For information on enabling verification of delivery status notification DSN email see as bounceverify on page 99 dkim enable Check the validity of DKIM signatures if present An invalid signature disable disable will increase the client sender reputation score and affect the deep header scan A valid signature decreases the client sender reputation score If the sender domain DNS record does not include DKIM information or the message is not signed the validation is skipped domainkey enable If the sender domain DNS record lists DomainKeys authorized IP disable disable addresses the DomainKeys check will compare the client IP address to the authorized senders A DomainKeys failure increases the client sender reputation score A DomainKeys validation decreases the clien
96. ains one way to configure the FortiMail unit would be to create three separate domains and configure them all with the same settings Another way is to configure one domain and add the other two to the first as domain associations Subsequent configuration changes need to be made only once to apply to the domain and all domain associations Syntax set policy lt fqdn_str gt modify add association lt fqdn gt lt fqdn gt lt fqdn gt lt fqdn gt Keywords and Variables Description policy lt fqdn str gt Enter the domain to which the associations will be added add association lt fqdn gt Enter the domain association Enter multiple domains separated by commas History FortiMail v3 0 MR4 New RTIMNET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 288 06 30004 0420 200808 14 set policy modify bverify_addr policy modify bverify_addr Use this command to enable or disable background address verification for the specified domain This command is available in gateway and transparent modes only Syntax set policy lt fqdn str gt modify bverify_addr lt disable ldap smtp gt lt disable ldap smtp gt choose LDAP or SMTP to enable background address verification using that method or disable to deactivate this feature History FortiMail v3 0 New Related topics set policy modify verify_addr RTINET FortiMail Secure Messaging Platform Version 3 0
97. aintain nslookup partitionlogdisk ping ping option reboot reload restore shutdown smiptest telnettest traceroute update config updatecenter updatenow FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET F X backup contig execute backup config Use this command to back up system settings to a TFTP server Syntax execute backup config lt name_str gt lt server_ipv4 gt lt name_str gt Is the filename for the backup on the TFTP server lt server_ipv4 gt is the IP address of the TFTP server History FortiMail v3 0 New Related topics execute restore RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 execute checklogdisk checklogdisk When recommended by Customer Support use this command to find and correct errors on the log disk Logging is suspended while this command is running Syntax execute checklogdisk History FortiMail v3 0 New Related topics execute checkmaildisk RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 27 checkmaildisk RTIMNET F 8 checkmaildisk execute When recommended by Customer Support use this command to find and correct errors on the mail disk Actions are reported at the command prompt If the check can t fix something automatically it presents a list of op
98. ample com Similarly this user would release quarantined email by sending release request messages to quarantine_release example com History FortiMail v3 0 New Related topics set spam retrieval policy e set as spamreport e set as profile modify quarantine RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 100 06 30004 0420 200808 14 set as control bayesian as control bayesian Use these commands to set the names for Bayesian control accounts Syntax set as control bayesian is spam lt name_str gt set as control bayesian is not spam lt name_str gt set as control bayesian learn is spam lt name_str gt set as control bayesian learn is not spam lt name_str gt set as control bayesian training group lt sender_str gt Keywords and Variables Description Default is spam FortiMail end users can send spam messages that were is spam incorrectly treated as non spam to this account to inform the Bayesian antispam check of its mistake is not spam FortiMail end users can send non spam messages that is not spam were incorrectly treated as spam to this account to inform the Bayesian antispam check of its mistake learn is spam End users send known spam to this account to train the learn is spam FortiMail unit Based on the sender s email address the FortiMail unit uses the information received to train the sender s Bayesian database learn is not spam End users s
99. arantine FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 get mailserver localdomains Use this command to display information about the domains added to the FortiMail unit This is available in server mode only Syntax get mailserver localdomain History FortiMail v3 0 New Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference get mailserver get mailserver access get mailserver archive get mailserver smtp get mailserver systemquarantine 06 30004 0420 200808 14 mailserver localdomains RTINET mailserver smtp RTINET F 3 mailserver smtp get Use this command to display settings for SMTP email Syntax get mailserver smtp lt setting gt Variables Description lt setting gt Enter the setting one of deferbigmsg Display the times to start and stop delivering messages deferred because of their size dsn_displayname Display the sender name used in DSN messages dsn_sender Display the sender address used in DSN messages queue Display the parameter settings for time outs and retries for undelivered mail in queues History FortiMail v3 0 New FortiMail v3 0 MR2 Added queue keyword Related topics get mailserver get mailserver access get mailserver archive get mailserver localdomains get mailserver systemquarantine FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 300
100. artbeat 0 0 0 0 lt netmask_ipv4 gt local IP address and netmask for this FortiMail unit 0 0 0 0 When the FortiMail unit is operating in HA mode you can enter get system interface lt interface_str gt to display this IP address and netmask where lt interface_str gt is the name of the secondary heartbeat interface secondary local_ipv4 of the primary unit must match secondary peer ipv4 of the backup unit You could set secondary local ipv4 on the primary unit to 10 1 1 1 secondary local ipv4 of the backup unit must match secondary peer ipv4 of the primary unit You could set primary local ipv4 on the backup unit to POL E RTIMET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 315 system ha cpeer interface peer secondary interface secondary peer RTINET 316 set Keywords Variables Description Default lt secondary interface_str gt The name of the network interface to be used for the secondary heartbeat lt secondary peer ipv4 gt The secondary heartbeat IP address for the other CO CH Qo O O CH O 8 FortiMail unit in the HA group This is the IP address that the FortiMail unit secondary heartbeat expects to be able to connect to find the other FortiMail unit in the HA group secondary peer_ipv4 of the primary unit must match the secondary local ipv4 of the backup unit You could set the secondary peer ipv4 on t
101. as profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 ch as profile modify imagespam set as profile modify imagespam Use these commands to configure an antispam profile to identify soam messages in which the text is stored as an embedded graphics file Syntax set set as profile lt name_str gt modify imagespam aggressive enable disable set set as profile lt name_str gt modify imagespam scanner enable disable Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify aggressive Enable or disable more intensive examination of email messages disable enable disable containing images This option will also force the examination of image file attachments in addition to embedded images The additional scanning workload could affect performance with traffic containing image files scanner Enable or disable scanning of email for image based spam messages disable enable disable History FortiMail v3 0 New Related topics e set as profile modify actions e set as profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 120 06 30004 0420 200808 14 set as profile modify individualaction scanner as profile modify individualaction scanner Use these commands to set t
102. at which email messages can be sent either by the number of SMTP connections or the number of email messages Syntax set ip profile setting rate control connection message Keywords and Variables Description Default rate control The Fortimail unit can control email traffic by either the number connection connection message Of connections or by the number of email messages connection allows you to specify the maximum number of connections from each IP address within a specified number of minutes message allows you to specify the maximum number of email messages accepted from each IP address within a specified number of minutes History FortiMail v3 0 MR4 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 188 06 30004 0420 200808 14 set ldap profile profile asav dap profile profile asav Use these commands to enable the FortiMail unit to query an LDAP server for user antivirus and antispam parameters Syntax set ldap profile profile lt name str gt asav antispam lt as str gt set ldap profile profile lt name str gt asav antivirus lt av str gt set ldap profile profile lt name str gt asav asavstate enable disable Keywords and Variables Description Default lt name str gt Enter the name of the LDAP profile antispam lt as str gt Set the LDAP antispam on off attribute no default antivirus lt av_str gt Setthe LDAP a
103. ation log all management events webmail pop3 imap none such as configuration changes ha log all HA events e imap log all IMAP events This selection is only available in server mode login log all administrative events such as user logins resets and configuration updates e pop3 log all POP3 events This selection is only available in server mode smtp log all SMTP server events system log all system related events such as system restarts e updatefailed log all failed update events e updatesucceeded log all successful update events webmail log all webmail events none to clear all event categories specify none without any other event categories History FortiMail v2 8 New Related topics Set log setting local e Set log policy destination history e Set log setting syslog Set log view fields Set log policy destination spam e set log view loglevel e set log policy destination virus RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 209 log policy destination history set log policy destination history Use this command to enable history logs to a device Syntax To enable history logs set log policy destination console local syslog history status enable Keywords Variables Description Default status enable disable Enable or disable history log output to
104. ation gt lt configuration gt Description access domain lt domain_str gt Remove the email server access permissions to and from the specified domain archiveexempt id lt id_value gt Remove an archiving exempt policy based on the policy ID entered archivepolicy id lt id_value gt Remove an archiving policy based on the policy ID entered localdomain lt string gt smtp clientconn exempt lt exempt_str gt Remove the specified local domain Server mode only Enter the IP address that you wish to exclude from connection number control smtp clientrate exempt lt exempt_str gt Enter the IP address that you wish to exclude from connection rate control History FortiMail v3 0 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 mailserver RTINET F 357 system system Use this command to remove parts of the system configuration Syntax unset system lt configuration gt lt configuration gt Description unset admin username lt account_str gt ddns server lt server_str gt domain lt domain_str gt Delete the configured administrator account lt account_str gt the name of the administrator account Reset the dynamic domain name service DDNS server settings to factory default lt server_str gt the name of the DDNS service lt domain_str gt the name of the DDNS hosted domain
105. ault lt id_int gt Enter the ID number of the exemption item lt content_str gt Enter the text to be searched for Wildcards are acceptable If the policy type is Spam lt content_str gt is ignored status enable Enable or disable the specified exemptlist entry disable disable type sender Enter the exemptlist entry type sender recipient spam sender The sender field of each email message will be searched for the text specified with the content command recipient The recipient field of each email message will be searched for the text specified with the content command spam Messages detected as spam by the FortiMail unit will match this entry type Any text specified with the content command is ignored move lt position_int gt Changes the position of an exempt item in the list to lt new_int gt lt position_int gt is the current list position of the exempt list policy to be moved lt new_int gt is the destination list position number To view the existing entries in the archive exempt list enter this command set mailserver archive exemptlist exemptid History FortiMail v3 0 New Related topics set mailserver archive account e set mailserver archive local quota set mailserver archive policy set mailserver archive remote RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N 8 set mail
106. automatically generated Syntax To configure the schedule set log reportconfig lt reportconfigname gt schedule hour daily days lt days_str gt dates lt dates_integer gt set log reportconfig lt reportconfigname gt schedule off Keywords Variables Description Default schedule hour daily Configures when scheduled reports are automatically No default days lt days_str gt dates generated Reports can be scheduled daily for certain datas int gt days of the week for certain dates of each month or disabled entirely e lt hour integer gt is the hour of the day the schedule report is generated The hour can be 0 to 23 where 0 is midnight at the start of the day lt days_str gt is the day or days of the week when the report is automatically generated Specify days using their first three letters Any number of days may be entered separated by commas with no spaces lt dates_int gt is the date or dates of the month when the report is automatically generated Any number of dates may be entered separated by commas with no spaces off Disables scheduling entirely if only on demand reports off are necessary History FortiMail v2 8 New Related topics sei log setting localset sei log setting syslog sei log reportconfig direction sei log reportconfig domain set log reportconfig mailto set log reportconfig period e set log reportconfig qry RTIMNET N
107. be applied to the specified IP policy Syntax set ip_policy lt pol set ip_policy lt pol set ip_policy lt pol set ip_policy lt pol icy_int gt icy_int gt icy_int gt icy_int gt Keywords and Variables Description imap lt name_str gt pop3 lt name_str gt radius lt name_str gt smtp lt name_str gt lt policy_int gt Enter the IP policy number lt name_str gt Enter the name of the authentication profile History FortiMail v3 0 New Related topics e sei Ip policy as e sei Ip policy av e sei Ip policy content sei Ip policy ip FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set ip policy av ip policy av Use this command to set the antivirus profile to be applied to traffic controlled by the specified IP policy Syntax set ip policy lt policy int gt av lt name str gt Keywords and Variables Description lt policy_int gt Enter the IP policy number lt name_str gt Enter the name of the antivirus profile History FortiMail v3 0 New Related topics set Ip policy as e set ip policy auth e set ip policy content e set ip policy ip FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 161 ip policy content set ip policy content Use this command to set the antivirus profile to be applied to traffic controlled by the specified IP policy
108. bedded images The additional scanning workload could affect performance with traffic containing image files scanner Enable or disable scanning of email for image based spam messages disable enable disable History FortiMail v3 0 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set out_profile profile modify individualaction scanner out_profile profile modify individualaction scanner Use these commands to set the action each spam detection method takes for messages detected as spam Syntax set out_profile profile lt name_str gt modify individualaction scanner bannedword bayesian deepheader dictionary dnsbl fortishield heuristic imagespam surbl virus action default discard forward reject review subject Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify scanner Select the spam detection method no default action Select the action to take default Set default to use the default action Set discard to accept the message and delete it without informing the sending system Set forward to have messages forwarded to the email address set with the emailaddr keyword of theset out_profile profile modify actions command Set reject to reject the message and return an error to the sending system Set review to divert spam to the system quarantine Set subject to
109. ber for the FortiMail unit 465 History FortiMail v3 0 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 233 mailserver proxy smtp interface mailserver proxy smtp interface Use this command to configure SMTP proxy behavior on an interface The unknown keyword is for handling unknown servers Syntax set mailserver proxy smtp interface lt port gt imode pass through drop proxy omode pass through drop proxy local enable disable set drop drop the traffic proxy proxy the traffic Keywords and Variables Description Default interface lt port gt Enter the interface where the proxy behavior is being configured No default imode pass through Select one of the following behaviors for incoming traffic drop proxy pass through bridge the traffic omode pass through Select one of the following behaviors for outgoing traffic drop proxy pass through bridge the traffic drop drop the traffic proxy proxy the traffic local Select enable to allow access to the local SMTP server on this enable disable interface History FortiMail v3 0 New Related topics set mailserver proxy smtp unknown RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference N R 06 30004 0420 20080814 set mailserver proxy smtp unknown mailserver proxy smtp unknown Us
110. bounce verification 99 bridge add to bridge HA interface option 331 C central management 312 CLI connecting to the 22 comments documentation 18 config router 19 connecting to the FortiMail CLI using SSH 23 connecting to the FortiMail CLI using Telnet 24 connecting to the FortiMail console 22 console configuring 147 content profile blocking specific file types 152 bypassing 150 configuring monitor profiles 153 deleting 148 selecting action 149 selecting content monitor action 154 setting file size to defer 151 control accounts for antispam quarantine 100 for Bayesian training 101 customer service 18 D daylight saving time enabling 344 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTIMET 361 RTIMET ES 8 N deadmail setting retain time 232 deep header scan enabling in antispam profile 112 delivery status notification DSN 239 bypassing verification of 19 configuring verification of 19 DHCP enabling 335 diagnose commands 15 dictionary scanning configuring for antispam profile 113 disclaimer enabling per domain 308 for incoming messages 309 for outgoing messages 310 DKIM 186 DNS configuring 311 DNSBL enabling lookup for antispam profile 114 modifying server list for antispam profile 115 documentation commenting on 18 DomainKeys 186 dynamic DNS configuring 307 F FDN enabling push update 304 overriding update IP address 303 forged IP checki
111. cate either CN or subject alternative Subject Alternative which contains the email address of the PKI user cn ldapprofile Enter the LDAP profile to use when querying the LDAP server lt profile str gt ldapquery enable Enable to query an LDAP directory such as Microsoft ActiveDirectory to determine the existence of the PKI user who is attempting to authenticate then also configure LDAP Profile and Query Field ocspaction revoke ignore Enter the action to take if the OCSP server is unavailable If set to ignore the FortiMail unit allows the user to authenticate If set to revoke the Fortimail unit behaves as if the certificate is currently revoked and authentication fails ocspca lt url gt The URL of the OCSP server ocspverify enable disable Enable to use an Online Certificate Status Protocol OCSP server to query whether the client certificate has been revoked subject lt subject_str gt Enter the value which must match the subject field of the client certificate If empty matching values are not considered when validating the client certificate presented by the PKI user s web browser History FortiMail v3 0 MR4 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 user pki RTIMNET 347 userpolicy delete set userpolicy delete Use this command to delete the specified user policy This command a
112. config mailto Set log reportconfig period Set log reportconfig qry Set log reportconfig schedule hour RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 214 06 30004 0420 20080814 set log reportconfig mailto Use this command to configure the email addresses you want to send the generated report to Syntax To configure the email addresses to send the generated report to set log reportconfig lt reportconfigname gt mailto lt email_addrl gt log reportconfig mailto lt email addr2 gt lt email addr3 gt format html pdf Keywords Variables Description Default lt email_addr1 gt Selects the email addresses of recipients who you want No default lt email_addr2 gt the report sent to and the output format of the report lt email_addr3 gt format html pdf Selects the format the report will be in when sent to the pdf email address History FortiMail v2 8 New FortiMail 3 0MR1 Added format html pdf keyword Related topics set log setting localset set log setting syslog set log reportconfig direction set log reportconfig domain set log reportconfig period set log reportconfig qry set log reportconfig schedule hour FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET N D log reportconfig period set log reportconfig period Use this command to config
113. cs set out_profile profile modify actions set out_profile profile modify individualaction scanner RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 273 out_profile profile modify greylist set out_profile profile modify greylist Use this command to enable or disable greylisting for an outgoing antispam profile Syntax set out_profile profile lt name_str gt modify greylist enable disable lt name_str gt is the name of the profile By default greylisting is disabled History FortiMail v3 0 New Related topics set out_profile profile modify actions set out_profile profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 274 06 30004 0420 20080814 set out_profile profile modify heuristic out_profile profile modify heuristic Use these commands to configure heuristic scanning for an outgoing antispam profile Syntax set out_profile profile lt name_str gt modify heuristic lower level lt lower_int gt set out_profile profile lt name_str gt modify heuristic scanner enable disable set out_profile profile lt name_str gt modify heuristic upper level lt upper_int gt Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify lower level Enter the lower level threshold for heuri
114. ct to the FortiMail CLI RTINET Note The FortiMail unit supports the following encryption algorithms for SSH access 3DES and Blowfish FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 D CLI command branches RTINET A O N Using the CLI To connect to the CLI using SSH Install and start an SSH client Connect to the FortiMail interface that is configured for SSH connections Type a valid administrator name and press Enter Type the password for this administrator and press Enter The FortiMail model name followed by a is Displayed You have connected to the FortiMail CLI and you can enter CLI commands Connecting to the FortiMail CLI using Telnet A A Q N You can use Telnet to connect to the FortiMail CLI from your internal network or the Internet Once the FortiMail unit is configured to accept Telnet connections you can run a Telnet client on your management computer and use this client to connect to the FortiLog CLI Caution Telnet is not a secure access method SSH should be used to access the FortiLog CLI from the internet or any other unprotected network To connect to the CLI using Telnet Install and start a Telnet client Connect to the FortiMail interface that is configured for Telnet connections Type a valid administrator name and press Enter Type the password for this administrator and press Enter You have connected to the Fo
115. ctive passive HA backup unit monitors the primary unit to verify that the primary unit can accept SMTP service POP service POP3 and Web service HTTP connections For each protocol you must specify the check time interval in minutes to wait between checks and the response time to wait for a response You must also specify how many times the check fails before the backup unit decides that the primary unit has failed and a failover occurs If the backup unit detects a remote services failure the backup unit HA effective operating mode changes to master and the primary unit effective operating mode changes to off The backup unit becomes the new primary unit Syntax set system ha rservice smtp pop imap http lt interface_ipv4 gt lt service_port_integer gt lt check_time_integer gt lt response_time_integer gt lt retries_integer gt set Keywords Variables Description Default smtp pop imap http lt interface_ipv4 gt lt service_port_integer gt The service to configure remove service monitoring for e smtp to configure SMTP remote service monitoring pop to configure POP3 remote service monitoring imap to configure IMAP remote service monitoring http to configure HTTP remote service monitoring The IP address to connect to for testing each remote service You can enter the same IP address or different IP addresses for each service Normally you would enter the IP ad
116. d rrrrrrnnnnnnnnnnnnvvrvennnnnnnnnnnnnnnnnnnnnnnnnnr 273 out profile profile modify greylist rvrrnnnnnvvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnenenr 274 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Contents out profile profile modify heuristic rrrnsvvnnnnnnnnvennnnnnnnvnnnnnnnnvennnnnnnnenennnnnner 275 out profile profile modify imagespam rrrrsssrvennnnnnnnvnnnnnnnnnnnennnnnnnenennnnnnnnnenn 276 out profile profile modify individualaction scanner pp 277 out profile profile modify SCANOPTIONS ee 278 out profile profile modify SUrbl rrrrnnnnnnvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnenn 279 out profile profile modify SurbIServer rrrrsssrvrnnnnnnnvnnnnnnnnnennnnnnnnnnennnnnnnnnenn 280 out profile profile modify tagsS swrnnnnnnnnnnvnnnnnnnnnennnnnnnnnnnnnnnnnnennnnnnnennnnnnnnnenr 281 out profile profile modify ViruS srrurnnnnnnnvnnnnnnnnvennnnnnnnnennnnnnnnnennnnnnnennnnnnnnnenr 282 out profile profile modify whitelistWOrd rrnnnnnvnnnnnnnnvnnnnnnnnnnvnnnnnnnnnnnnnnnnnnenn 283 out profile profile modify whitelistwordlist ee 284 out profile profile rename tO rsrrssrnnnnnnnnnvnnnnnnnnenennnnnnnnennnnnnnnnnnnnnnnnnnnnnnnnnenn 285 policy lei 287 policy modify add association rrnnnnnvvvnnnnnnnvnvnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnneenr 288 policy modify bverify addr msssevrnnnnnnnvvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnenn
117. d return an error to the computer attempting to reject deliver it discard Accept the message but discard it without notifying the sending system profile Use the setting in the anti spam profile active for the blacklisted message History FortiMail v3 0 New Related topics e set as profile modify whitelistword RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 amp as bounceverify Use these commands to configure the bounce verification feature as bounceverify Spammers sometimes use the email addresses of others as the from address in their spam email messages When the spam cannot be delivered a delivery status notification message or a bounce message is returned to the sender which in this case isn t the real sender Because the invalid bounce message is from a valid mail server it can be very difficult to detect as invalid You can combat this problem with bounce verification Syntax set as bounceverify action discard reject profile set as bounceverify autodeletepolicy 0 1 2 3 4 set as bounceverify keys activate add delete set as bounceverify status enable disable set as bounceverify tagexpiry lt expiry_int gt Keywords and Variables action discard reject profile Description If a bounce message is invalid this setting determines what the FortiMail unit will do with it e discard will have the FortiMai
118. d update status ddns Display the dynamic DNS information disclaimer Display settings for header and body disclaimers for both incoming and outgoing email dns Display the IP addresses of the primary and secondary DNS servers that the FortiMail unit uses for DNS lookups ha Display HA status and configuration information for a FortiMail unit operating in active passive or config only HA mode If the FortiMail unit is operating in active passive HA mode the command displays the HA original and effective mode also known as the HA configured and effective operating modes respectively HA main and daemon configuration settings and also lists peers in the HA group If the FortiMail unit is operating in config only HA mode this command displays the HA mode cmaster or cslave and HA main and daemon configuration settings If the FortiMail unit is operating in config only HA mode this command also displays the master configuration hwraid Display the RAID settings interface Display the configuration and status of all FortiMail unit network interfaces kernel Display the kernel parameter configuration localdomainname Display the name of the local domain monitor Display the network interface monitoring configuration and status objver Display the antivirus engine and virus definition versions contract expiry date and last update attempt result information option Display system options including system idle timeout authentication timeout
119. dates through a NAT device if the external IP address of the NAT device is dynamic for example set using DHCP Syntax To change the FDN push update address and port set system autoupdate pushaddressoverrid nable lt addr_ip4 gt lt port_int gt To disable override of default FDN address set system autoupdate pushaddressoverride disable lt addr_ip4 gt is the IP address of the NAT device in front of the FortiMail unit lt port_int gt is the port on the NAT device that will receive updates History FortiMail v3 0 New Related topics set system autoupdate pushupdate set system autoupdate schedule e set system autoupdate tunneling RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 Gi system autoupdate pushupdate set system autoupdate pushupdate Use this command to enable or disable push updates from the Fortinet Distribution Network FDN Syntax disable set system autoupdate pushupdate enable History FortiMail v3 0 New Related topics e set system autoupdate pushaddressoverride set system autoupdate schedule e set system autoupdate tunneling RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 304 06 30004 0420 200808 14 set system autoupdate schedule Use this command to schedule updates Syntax system autoupdate schedule To schedule updates every set amount of hours and mi
120. disclaimer incoming e set system disclaimer outgoing RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 308 06 30004 0420 200808 14 set system disclaimer incoming system disclaimer incoming Use this command to configure incoming disclaimer messages Disclaimer messages can be applied to either the body or header of an email Each can be enabled or disabled and has a content string Syntax set system disclaimer incoming body status enable disable content lt content_str gt set system disclaimer incoming header status enable disable content lt content_str gt History FortiMail v3 0 New Related topics set system disclaimer allowdomain set system disclaimer outgoing RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 system disclaimer outgoing set system disclaimer outgoing Use this command to configure outgoing disclaimer messages Disclaimer messages can be applied to either the body or header of an email Each can be enabled or disabled and has a content string Syntax set system disclaimer outgoing body status enable disable content lt content_str gt set system disclaimer outgoing header status enable disable content lt content_str gt History FortiMail v3 0 New Related topics e set system disclaimer allowdomain set system disclaimer incoming RTINET ES For
121. dotendeatnosechoctidcasceessacesuesautisancuccusesteeeacwest decssateaducanaesnaigunctxuadenatnceucieatesetecesceeeies 207 log ISIS TEE 208 log policy destination event rrrrnnnnvvnnnnnnnnvnennnnnnnnvennnnnnnnvennnnnnnvennnnnnnnenennnnnn 209 log policy destination history rrrnnnnnvennnnnnnvnennnnnnnnvennnnnnnnvennnnnnnnvennnnnnnnvennnnnn 210 log policy destination Spam ss ennnnnnnnvnnnnnnnnvnnnnnnnnnnvennnnnnnnvennnnnnnnvennnnnnnnvenennnn 211 log policy destination VITUS seennnnnnnnvnnnnnnnnvvennnnnnnnvennnnnnnnvennnnnnnenennnnnnnenennnnnn 212 log reportconfig direction ssrrnnnnnnnvvnnnnnnnnvnnnnnnnnnvennnnnnnnvnennnnnnnvnennnnnnnenenennnn 213 log reportconfig domain rrnnsnnvennnnnnnnvvnnnnnnnnvnennnnnnnvnennnnnnnnvennnnnnnnvennnnnnnnvennnnnn 214 log reportconfig mailtO rrrnnnnvnnnnnnnnnvvnnnnnnnnvnennnnnnnnvennnnnnnnvennnnnnnnvennnnnnnenennnnnn 215 log reportconfig Period rrnnnnnvvvnnnnnnnvvennnnnnnvnennnnnnnnvennnnnnnnvennnnnnnnvennnnnnnnvennnnnn 216 log reportconfig qry rxxssrvvnnnnnnnvvvnnnnnnnvvennnnnnnvnennnnnnnnvennnnnnnneennnnnnnnvennnnnnnenennnnnn 217 log reportconfig schedule hOUr sserennnnnnnvvnnnnnnnnvnennnnnnnvnennnnnnnnvennnnnnnnenennnnnn 218 log E dee E 219 log setting local serens 220 l g setting SVSlOG E 221 log view fields Se SS Sn SSE nn i Sonn Senna EE 223 log VIEW loglevel EE ME 224 MailServer aCCeSS s rnnnnsnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnnnnnnnnnnnnnnnnnnnvnnn
122. dress of the FortiMail interface that processes email If you add the IP address of the HA interface of the primary unit checking takes place over the HA heartbeat link The TCP port used for the service In most cases lt service_port_integer gt would the standard TCP port for the service 0 0 0 0 lt check_time_integer gt The check time interval in seconds to wait between remote service checks The check time interval range is 1 to 60 minutes Set the check time interval to 0 to disable remote service monitoring lt response_time_integer gt The response wait time in seconds to wait for a response to a remote service check The response wait time range is 1 to a very high number of seconds Set the response wait time to 0 to disable remote service monitoring lt retries_integer gt The number of consecutive times remote service monitoring detects a failure before the backup unit changes its effective operating mode to master The number of times the check fails range is 1 to a very high number Set the number of times the check fails to 0 to disable remote service monitoring FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set Example system ha rservice Enter the following command on an active passive HA backup unit to configure remote services monitoring to monitor the POPS service on a primary unit interface with IP address 10 10 10 2 usin
123. e RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 a E set ip policy ip Use this command to set the session profile to be applied to the specified IP policy Syntax set ip policy lt policy int gt ip lt name str gt Keywords and variables Description Default lt policy int gt Enter the IP policy number lt name str gt Enter the name of the session profile session strict History FortiMail v3 0 New Related topics e set Ip policy as e set Ip policy auth e setip policy av e set ip policy content FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 ip policy ip RTIMNET D a ip policy match gateway and server modes set ip_ policy match gateway and server modes Use this command to set the client IP address The IP policy applies to traffic exchanged when this client establishes a connection Syntax set ip_policy lt policy_int gt match lt client_ipv4 mask gt Keywords and variables Description Default lt policy_int gt Enter the IP policy number lt client_ipv4 mask gt Enter the IP address and CIDR subnet of the client The address 0 0 0 0 0 0 0 0 0 0 will include all addresses History FortiMail v3 0 New Related topics e sei Ip policy match transparent mode FortiMail Secure Messaging Platform Version 3 0 MR4
124. e 06 30004 0420 20080814 Introduction About the FortiMail Secure Messaging Platform Introduction This chapter introduces you to the FortiMail Secure Messaging Platform and the following topics e About the FortiMail Secure Messaging Platform About this document FortiMail documentation e Customer service and technical support About the FortiMail Secure Messaging Platform Each FortiMail unit is an integrated hardware and software solution that provides powerful and flexible logging and reporting antispam antivirus and email archiving capabilities to incoming and outgoing email traffic The FortiMail unit has reliable and high performance features for detecting and blocking spam messages and malicious attachments Built on Fortinet s FortiOS the FortiMail antivirus technology extends full content inspection capabilities to detect the most advanced email threats About this document This document describes how to use the Fortinet Command Line Interface CLI The following chapters appear in this document e Using the CLI describes how to connect to and use the Fortinet command line interface CLI execute is an alphabetically ordered reference to the execute commands These commands perform immediate actions on the FortiMail unit such as configuration backup or unit reset getis an alphabetically ordered reference to the get commands These commands display information about FortiMail unit config
125. e of the units in the HA group to normal operation Before completing this procedure you should resolve any problems that could have caused a failure resync Use this command to force the primary unit to synchronize configuration changes and mail data to the backup unit or units You can enter this command from the primary unit This command can be used with an active passive and a config only HA group This command can be useful if you have made a number of configuration changes and you want to synchronize these configuration changes immediately instead of waiting for the configuration synchronization time interval to end Example Enter the following command to force the primary unit to resynchronize configuration changes to the backup unit or units set system ha resync History FortiMail v3 0 New Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference e set system ha config set system ha cpeer interface peer secondary interface secondary peer e set system ha data set system ha datadir set system ha Iservice 06 30004 0420 200808 14 set system ha mode set system ha monitor set system ha on failure set system ha remote as heartbeat set system ha rservice set system ha takeover RTIMET 327 system ha rservice RTINET Q S system ha rservice Use this command to configure HA backup unit remote services monitoring so that an a
126. e ping lt host_name gt lt host_ipv4 gt History FortiMail v3 0 New Related topics e execute ping option RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q N ping option execute ping option Use this command to configure the ping function behavior settings Syntax xecute ping option lt option gt Option Description Default data size lt bytes gt Enter datagram size in bytes 56 df bit yes no Enter yes to set the DF bit in the IP header to prevent the ICMP no packet from being fragmented Setting df bit to no allows the ICMP packet to be fragmented pattern lt hex_pattern gt Enter a pattern to fill the optional data buffer at the end of the None ICMP packet for example 00ffaabb The size of the buffer is specified using the data_size parameter This allows you to send out packets of different sizes for testing the effect of packet size on the connection repeat count lt integer gt Enter the number of times to repeat the ping The value must be 5 greater than 0 source auto lt ipv4 gt Select the interface from which the ping is sent Enter either auto auto or the interface IP address timeout lt seconds gt Enter the ping response timeout in seconds 2 tos lt tos value gt Enter the IP type of service option value one of default default 0 lowcost minimize cost lowdelay minimize delay
127. e profile modify actions out_profile profile modify actions Use these command to modify the actions of an outgoing antispam profile Reject discard and forward are mutually exclusive No more than one can be enabled at any time If the specified profile does not exist it is created Syntax set out_profile profile lt name_str gt modify actions discard enable disable set out_profile profile lt name_str gt modify actions emailaddr lt address_str gt set out_profile profile lt name_str gt modify actions forward enable disable set out_profile profile lt name_str gt modify actions reject enable disable set out_profile profile lt name_str gt modify actions review enable disable Keywords and Variables Description Default lt name_str gt This is the name of the outgoing antispam profile discard enable disable Enable or disable discarding spam without sending reject disable responses to the senders emailaddr lt address_str gt Enter the email address to which messages are forwarded No default when forwarding is enabled forward enable disable Enable or disable forwarding of spam messages disable reject enable disable Enable or disable the FortiMail unit to reject spam and send disable reject responses to the sending system review enable disable Enable or disable the redirection of outbound spam to the disable system
128. e report direction set log reportconfig lt reportconfigname gt direction both incoming outgoing Keywords Variables Description Default both incoming Select if the information includes incoming email both outgoing outgoing email or both History FortiMail v2 8 New Related topics set log setting localset set log setting syslog e set log reportconfig domain set log reportconfig mailto e set log reportconfig period e set log reportconfig qry set log reportconfig schedule hour FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET N Q log reportconfig domain set log reportconfig domain Use this command to configure what domain or domains the report will contain Syntax To configure the report domain set log reportconfig lt reportconfigname gt domain lt ALL gt set log reportconfig lt reportconfigname gt domain lt domain_namel gt lt domain_name2 gt lt domain_name3 gt Keywords Variables Description Default lt ALL gt Select if you want all domains present in the report ALL lt domain namel gt Select if you want a certain domain or certain domains in No default lt domain name2 gt the report lt domain name3 gt History FortiMail v2 8 New Related topics sei log setting localset sei log setting syslog sei log reportconfig direction set log report
129. e rule match only authenticated sessions Enter yes yes no to have the rule apply to both authenticated and unauthenticated sessions RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 225 mailserver access RTINET ES N 8 set Keywords and Variables Description Default tlsprofile To enforce TLS connection attributes select a TLD profile lt profile_str gt permission ok Select the level of permission for this domain relay reject relay the FortiMail unit allows matching messages after normal discard processing bypass the FortiMail unit allows matching messages after all normal processing except antispam scans The antispam scans are not performed reject the FortiMail unit rejects email matching this rule discard the FortiMail unit discards email matching this rule The response that the FortiMail unit sends differs for reject and discard For reject a reject response is sent to the server or client attempting to send the email message For discard the FortiMail unit does not send a response to the server or client attempting to send the email message History FortiMail v3 0 New FortiMail v3 0 MR3 Major change to command Added set move delete rule sender_pattern recipient_pattern reverse_dns_pattern and ip_mask keywords FortiMail v3 0 MR4 Added authenticated and tlsprofile
130. e this command to configure SMTP proxy behavior for unknown servers Syntax To change general unknown server settings set mailserver proxy smtp unknown lt hide gt lt original gt The proxy SMTP unknown options are also available on a per domain basis under policy modify tp on page 295 Keywords and Variables Description Default lt hide gt Select yes to hide the transparent unit or no for it to be visible No default This option determines if the header is forwarded untouched by the FortiMail unit yes or if the FortiMail unit visibly processes the mail headers no lt original gt Select yes to use the default domain mail server or no to relay the mail through the FortiMail unit by default History FortiMail v3 0 New FortiMail v3 0 MR3 Removed mx server client and tp keywords Related topics set mailserver proxy smtp interface FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTIMET 235 mailserver relayserver mailserver relayserver Use this command to configure the relay server settings including name port and authentication Syntax set mailserver relayserver lt name_str gt port lt port_number gt authentication enable disable username lt name_str gt password lt pwd_str gt type lt auth_type gt set e AUTO e PLAIN e LOGIN e DIGEST MD5
131. eartbeat Use this command to enable or disable using remote monitoring as an HA heartbeat Enable using remote monitoring as an HA heartbeat so that if both the primary and secondary heartbeat links fail remote service monitoring takes over the role of the HA heartbeat This means that if remote service monitoring is enabled and both heartbeat links fail or become disconnected the FortiMail HA group can continue to operate Using remote services as heartbeat provides HA heartbeat only HA synchronization is only supported using the primary or secondary heartbeat To avoid synchronization problems you should not use remote service monitoring as a heartbeat for extended periods This feature is intended only as a temporary heartbeat solution that operates until you reestablish a normal primary or secondary heartbeat link Syntax set system ha remote as heartbeat enable disable Example Enter the following command to enable using remote monitoring as an HA heartbeat set system ha remote as heartbeat enabl History FortiMail v3 0 MR2 New Related topics set system ha config e set system ha monitor set system ha cpeer interface peer Set system ha on failure secondary interface secondary peer set system ha passwd set system ha data e set system ha restart restore resync e set system ha datadir set system ha rservice e set system ha Iservice set system ha takeover e set
132. ed domain names usrgrp domain lt name_str gt Display the user groups including members of each user group for the specified domain History FortiMail v3 0 New FortiMail v3 0 MR3 Added dans and localdomainname keywords FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 system RTIMET amp user user get Use this command to display information about users Syntax get user lt item gt lt item gt Description alias Display each user alias name and the included members group Display each user group name and the included members This is available only in server mode ldap map This is available only in server mode mail Display email accounts information including user names and display names This is available in server mode only map Display a list of user mappings This is available only in gateway and transparent modes History FortiMail v3 0 New Related topics e get userpolicy RTINET F Q FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 get userpolicy userpolicy Use this command to display the policy for a specified user This is available in server mode only Syntax get userpolicy lt name_str gt lt name_str gt is the user name History FortiMail v3 0 New Related topics e get user RTINET Fort
133. eference 06 30004 0420 20080814 N e set out_profile profile modify dnsbl out_profile profile modify dnsbl Use this command to enable or disable communication with the DNSBL servers to scan email for the specified outgoing antispam profile Syntax set out_profile profile lt name_str gt modify dnsbl enable disable lt name_str gt is the name of the profile By default the DNSBL lookup is disabled History FortiMail v3 0 New Related topics set out_profile profile modify dnsblserver e set out_profile profile modify actions e set out_profile profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 271 out_profile profile modify dnsblserver set out_profile profile modify dnsblserver Use these commands to modify the DNSBL server list for an outgoing antispam profile Syntax set out_profile profile lt name_str gt modify dnsblserver lt host_str gt add set out_profile profile lt name_str gt modify dnsblserver lt host_str gt delete set out_profile profile lt name_str gt modify dnsblserver lt host_str gt move to lt new_int gt set out_profile profile lt name_str gt modify dnsblserver lt host_str gt rename to lt new_str gt D Keywords and variables Description lt name str gt Enter the name of the antispam profile to modify lt host str gt The DNSBL server entry you want to
134. ei Ip pool del entry sei Ip pool delete e Oet Ip pool FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 170 06 30004 0420 200808 14 set ip pool add entry Use this command to add a range of IP addresses to an IP pool profile Syntax set ip pool lt name str gt add entry lt ipv4 gt lt size int gt ip pool add entry Keywords and Variables Description Default lt name str gt This is the name of the IP pool profile lt ipv4 gt Enter the Start IP address for the range of IP addresses in this IP pool lt size int gt Enter the Range Size This is the number of available IP addresses starting with the Start IP address History FortiMail v3 0 MR3 New Related topics e set ip pool set ip_pool del entry set ip_pool delete get ip pool FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 ip pool del entry set ip pool del entry Use this command to delete an IP address range from an IP pool profile Syntax set ip pool lt name str gt del entry lt rangeID_int gt Keywords and Variables Description Default lt name str gt This is the name of the IP pool profile lt rangeID int gt Enter the ID number of the IP range to be deleted Use the get ip pool command to list the defined ranges with their IDs History FortiMail v3 0 MR3 New Related topics setip poo
135. elated topics set content modify action e set content modify monitor RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 152 06 30004 0420 200808 14 set content modify monitor content modify monitor Use this command to configure content monitor profiles Syntax set content lt name_str gt modify monitor lt profile_int gt delete set content lt name_str gt modify monitor lt profile_int gt dict_profile lt dict_int gt set content lt name_str gt modify monitor lt profile_int gt enable disable set content lt name_str gt modify monitor lt profile_int gt moveto lt new_int gt set content lt name_str gt modify monitor lt profile_int gt tags header enabl disable set content lt name_str gt modify monitor lt profile_int gt tags htag lt tag_str gt set content lt name_str gt modify monitor lt profile_int gt tags stag lt tag_str gt Keywords and Variables Description Default lt name_str gt This is the name of the content profile lt profile_int gt Enter the content monitor profile number lt dict_int gt Enter the dictionary profile ID number to use for the specified content monitor profile enable disable Enable or disable the specified content monitor profile enable moveto lt new_int gt Moves the specified content monitor profile to a new position in the list lt new_int gt is the destination content p
136. em SNMP COMMUDIty unnnnnvvvnnnnnnnvvvnnnnnnnvvvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennr 340 system snmp sysinfo threshold rrnnnnnnvvnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnenenr 342 system time manual nnssvvvnnnnnnnvnnnnnnnnnvennnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnveene 343 EE ET ro NP wcscececcececereececeeceectce ccs estecceceess ete eeseeseccenteed eteenensyecteenerencceereees 344 System USI OUD BEEN 345 Use 346 347 userpolicy delete a aaa 348 userpolicy modify rrnsssvennnnnnnnvennnnnnnvnennnnnnnvnennnnnnnvnennnnnnnvvenennnnnvennnnnnnneennnnnnnn 349 userpolicy MOVe tO rrrssvnnnnnnnnnnvnnnnnnnnnvnnnnnnnnnvennnnnnnenennnnnnnneennnnnnnvennnnnnneeennnnnn 350 userpolicy rename to s annnnnnnnvennnnnnnnvvennnnnnnenennnnnnnvennnnnnnnvennnnnnnnvennnnnnnnvennnnnnnn 351 T EEE aaa 353 alertemail configuration rrnnnnnvnnnnnnnnnvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnenennnnnnnnennnnnnnneenr 354 355 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Contents log TEP OMUC ONG E 356 Lu UE 357 System 358 user transparent and gateway csssssecccesseeeeeensseeneeeenseeeneeeenseeeneeensneeenens 359 HE EE 360 Jul ES RE A A E 361 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 RTINET Q RTINET Contents FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Referenc
137. em ha cpeer interface peer Set system ha passwd secondary interface secondary peer set system ha remote as heartbeat set system ha data set system ha restart restore resync e set system ha datadir e set system ha rservice e set system ha Iservice set system ha takeover e set system ha monitor RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 321 system ha monitor set system ha monitor Use this command to configure how the FortiMail HA daemon sends HA heartbeat packets to detect if the primary unit has failed If the backup unit detects that the primary unit has failed the backup unit effective operating mode changes to master and the backup unit becomes the primary unit amp Note Use the set system ha config command to configure HA daemon settings Other HA S daemon configuration commands include set system ha config on page 313 set system ha data on page 318 set system ha datadir on page 319 and set on page 324 In most cases you do not have to change heartbeat settings The default settings mean that if the primary unit fails the backup unit switches to being the primary unit after 3 x 5 or about 15 seconds resulting in a failure detection time of 15 seconds If the failure detection time is too long the primary unit could fail and a delay in detecting the failure could mean that email is delayed or lost Decrea
138. email setting option defergis set Syntax set alertemail deferq trigger lt trigger value gt interval lt interval_minutes gt Variables Description Default lt trigger_value gt Set the size that the deferred email queue must reach to cause an alert 10 000 email to be sent The range is 1 to 99999 lt interval_minutes gt Set the interval in minutes between checks of deferred queue size This 30 can be any number greater than zero History FortiMail v2 8 New Related topics set alertemail configuration mailto set alertemail setting option RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Qa alertemail setting option RTINET GH alertemail setting option Use this command to set which alert email events are enabled To disable all alert email events use the none option set Syntax set alertemail setting option lt option list gt none Variables Description Default lt option list gt A space delimited list of events that trigger alert email No default critical diskfull ha quotafull deferg none Valid options are virusincidents archivefailure dictionary systemquarantine Viruses detected FortiMail unit detects a system error The FortiMail unit hard disk is full Archiving to the remote host has failed There is High Availability HA activity on the F
139. end existing non spam email to this account to learn is not spam train the FortiMail unit Based on the sender s email address the FortiMail unit uses the information received to train the sender s Bayesian database training group This account contains a system wide spam database set up default grp by the administrator Using this account name as the from address the administrator sends confirmed spam to the learn is spam user account and good email to the learn is not spam user account to do group Bayesian training If an individual user s Bayesian database does not contain sufficient information for spam scanning it will use the data received from the training group user account to scan spam lt name str gt This is the name for this account Users send messages to the email address composed of this name followed by followed by the email domain lt sender str gt This is the from name used when sending mail to one of the other four accounts Mail can be sent to correct incorrectly categorized mail or to train the Bayesian database with new mail Administrators send messages from the email address composed of this name followed by followed by the email domain Example An administrator wants to change two of the Bayesian control account names He knows his users will be better able to remember the addresses user to train the database with new messages if they
140. epted lt exp_int gt is the initial expiry period in hours Acceptable values range from 4 to 24 hours ttl lt ttl int gt History FortiMail v3 0 New Use this command to set the greylist time to live TTL value TTL determines how long the to from IP data will be retained in the FortiMail unit s greylist When the entry expires it is removed and new messages are again rejected until the sending server attempts to deliver the message again e lt ttl int gt is the time to live in days Acceptable values range from 1 to 60 days FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 10 as greylist RTIMNET 103 as greylist set Related topics e set as profile modify greylist FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 104 06 30004 0420 200808 14 set as mms_reputation as mms_reputation The MMS Reputation menu enables you to configure MSISDN blacklisting and whitelisting When used on a mobile phone network the FortiMail unit can examine text messages for spam If a user sends multiple soam messages all messages from the user will be blocked for a time The number of spam messages and the length of time further messages will be blocked are configurable MSISDN reputation is enabled in the session profile The auto blacklist score trigger and the auto blacklist duration are configured in the session profile Syntax
141. er The new policy number is the position to where you want to move the IP policy History FortiMail v3 0 New Related topics sei Ip policy e setip policy delete set FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set ip policy smtp ip policy smtp Use this command to configure the use of other authentication types for SMTP Syntax set ip policy lt policy integer gt smtp fenable disable set ip policy lt policy integer gt smtp enable enable disable Keywords and variables Description lt policy_int gt Enter the IP policy number enable disable Enable or disable the use of the authentication type defined in the authentication profile for SMTP authentication fenable disable If authentication is enabled choose to enable or disable the sender being allowed to have a different name than their SMTP sender identity History FortiMail v3 0 New Related topics e set ip policy auth RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 169 ip pool set ip pool Use this command to add create a new IP pool profile Syntax set ip pool lt name str gt Keywords and Variables Description Default lt name str gt This is the name of the IP pool profile to create History FortiMail v3 0 MR3 New Related topics sei Ip pool add entry s
142. er the domain name that is tied to this username and server ipmode auto bind static Select the method of determining the IP address auto auto detect the external IP address bind bind the IP address with a specific interface static a specific static IP address interface lt intf_str gt Enter the interface to bind the IP address to Command only available when ipmode bind is selected ip lt ipv4_str gt Enter the IP address to be the static address Command only available when ipmode static is selected status enable disable Activate or disactivate this DDNS server username lt username_str gt Enter the username to access this DDNS server password lt pwd_str gt Enter the password to access this DDNS server timeout lt hours_int gt Enter the interval in hours after which your FortiMail unit will contact the DDNS server to reaffirm your IP address History FortiMail v3 0 New Related topics e set system interface mode dhcp set system interface mode static FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 system ddns RTINET 307 system disclaimer allowdomain set system disclaimer allowdomain Use this command to enable per domain disclaimer settings Syntax set system disclaimer allowdomain enable disable History FortiMail v3 0 New Related topics set system
143. es or disables the specified interface to be the default gateway interface enable disable History FortiMail v3 0 New Related topics set system interface config set system interface mode static RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 335 system interface mode static set system interface mode static Use this command to enable or configure a static IP for this interface When setting an interface to static IP mode an IP address and netmask must be included Syntax set system interface lt intf str gt mode static ip lt addr_ip4 gt lt mask_ip4 gt History FortiMail v3 0 New Related topics set system interface config set system interface mode dhcp e set system route number RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 336 06 30004 0420 200808 14 set system opmode system opmode Use this command to change the operation mode opmode of the FortiMail unit Only the default FortiMail system administrator account can change the opmode of the FortiMail unit You will need to login again after changing the opmode Changing the opmode between gateway and server modes will result in all settings being changed to factory defaults except the configuration for the port1 interface Changing the opmode to or from transparent mode will result in all settings being changed back to
144. essages matching the active replace forward reject outgoing content profile replace e discard deletes the message treat as spam e forward sends the message to the specified email address instead of the recipient e reject causes the FortiMail unit to not accept delivery of the infected message An error is returned to the system attempting delivery e replace strips the infected attachment and replaces it with a custom message treat as spam handles the infected message according to the action set in the applicable antispam profile forwardaddr Enter the email address to be used if the selected action is forward lt addr str gt When forward is selected as the action matching messages are forwarded to the specified email address History FortiMail v3 0 New Related topics e set out content modify action set out_content modify monitor RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N R set out_content modify bypass_on_auth out_content modify bypass_on_auth Use this command to allow messages to bypass the outgoing content filters if SMTP authorization is enabled and the delivering system successfully authenticates Syntax set out_content lt name_str gt modify bypass_on_auth enable disable lt name_str gt is the name of the outgoing content profile History FortiMail v3 0 New Related topics se
145. et as profile lt name_str gt modify actions reject enable disable set as profile lt name_str gt modify actions summary enable disable Keywords and Variables Description Default lt name_str gt This is the name of the antispam profile discard enable disable Enable or disable discarding spam without sending reject disable responses to the senders emailaddr lt address_str gt Enter the email address to which messages are forwarded No default when forwarding is enabled forward enable disable Enable or disable forwarding of spam messages disable reject enable disable Enable or disable the FortiMail unit to reject spam and send disable reject responses to the sending system summary enable disable Enable or disable the generation of a report for users who have enable quarantined spam History FortiMail v3 0 New Related topics e set as profile modify quarantine e set as profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 107 as profile modify auto release RTINET 108 FortiMail v3 0 New Related topics set as control autorelease set as profile modify quarantine set as profile modify whitelistword set as profile modify auto release Use these commands to configure the auto release settings for an antispam profile Sy
146. eywords Related topics set system option e set user FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTIMNET 301 system appearance set system appearance Use this command to customize the appearance of your FortiMail unit Using this command you can change the look of the bottom logo on the GUI the product name on main login screen the language of the webmail interface the title of the login for webmail the text of the prompt to enter your email address for webmail Syntax set system appearance bottom logo url lt bottom logo url gt product lt product_name_str gt webmail_lang lt language gt webmail_login lt webmail_str gt webmail_login help lt hint_str gt Keywords and Variables Description bottom logo url lt image url gt Enter the URL of the image to be displayed at the bottom left of the FortiMail GUI status bar product lt product_name_str gt Enter the name that will precede Administrator Login on the FortiMail login page webmail_lang lt language gt Select the language to use for the Webmail interface displayed to the user Select the language from the list provided e English e Chinese Simplified e Chinese Traditional Korean e Japanese e French e German Italian e Hebrew e Spanish Polish e Portuguese e Turkish webmail_login lt webmail_str gt Enter the name or ph
147. f SMTP connections set mailserver access authenticated New keyword Selects whether to apply the access control rule to only authenticated SMTP sessions or regardless of authentication status set mailserver access tlsprofile New keyword Selects the name of a transport layer security TLS profile to apply to SMTP sessions governed by this access control rule set mailserver smtp ldap domain check New command Enables or disables use of an LDAP query to verify the existence of a domain and to automatically associate it with a protected domain Ser mailserver smtpauth smtp New keyword Enables or disables SMTP authentication Set mailserver smtpauth smtpovertls New keyword Enables or disables transport layer security TLS authentication for SMTP Ser mailserver smtpauth smtps New keyword Enables or disables SMTPS authentication Set policy modify add association New command Configures domain associations which associate a domain name with the settings for an existing protected domain FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET F ch RTINET 8 Command What s new Change set system fortimanager New command Configures remote administration by and automatic configuration backups to a FortiManager system set user pki New command Configures public key infrastr
148. f an archive policy in the list to lt new_int gt lt position_int gt is the current list position of the archive policy to be moved lt new_int gt is the destination list position number lt content_str gt Enter the text to be searched for Wildcards are acceptable if the type is Sender Recipient or Attachment name status enable Enable or disable the specified archive policy enable disable type sender Enter the archive policy type sender recipient subject sender The sender field of each email message will be searched for body the text specified with the content command attachment name recipient The recipient field of each email message will be searched for the text specified with the content command subject Messages detected as spam by the FortiMail unit will match this entry type Any text specified with the content command is ignored body The body of each email message will be searched for the text specified with the content command attachment name The name of any attached files are examined for the text specified with the content command To view the existing entries in the archive policy list enter this command set mailserver archive policy policyid History FortiMail v3 0 New Related topics e set mailserver archive account e set mailserver archive exemptlist e set mailserver archive local quota set mailserver archive remote RTINET Fo
149. faces to be added to the FortiMail transparent mode bridge bridge corresponds to the web based manager add to bridge option For the primary unit bridge has the same affect as ignore In both cases the interface is added to the bridge For the backup unit bridge means that the interface is disconnected and cannot process traffic when the effective operating mode of the unit is SLAVE The interface is disconnected to prevent layer 2 loops If the effective operating mode of the unit changes to MASTER the interface becomes connected again and as part of the bridge can process traffic For this reason bridge is the recommended configuration Enter ignore if you do not want to apply special functionality to a network interface when operating in HA mode ignore corresponds to the web based manager do nothing option Usually you would leave all FortiMail unit network interfaces that are not connected to your network set to ignore Primary and secondary heartbeat interfaces are automatically set to ignore and you should not change this setting Enter set and add an IP address and netmask to change the IP address of the selected network interface of the primary unit to the specified IP address set corresponds to the web based manager set interface IP netmask option When a failover occurs this IP address is assigned to the corresponding network interface of the new primary unit Changing the IP address of an HA group interface using set interface IP netmas
150. failure Secondary interface secondary peer Set System ha remote as heartbeat r e set system ha data e set system ha restart restore resync oan e set system ha datadir set system ha rservice OI set system ha mode e set system ha takeover FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 320 06 30004 0420 200808 14 set system ha mode system ha mode Use this command to set the HA configured operating mode of the FortiMail unit The FortiMail unit switches to operating in the HA configured operating mode immediately after you enter this command Syntax set system ha mode lt mode gt Keywords Variables Description Default mode lt mode gt Set the HA configured operating mode of the FortiMail unit The off configured operating mode can be off if the FortiMail unit is not operating in HA mode master if the FortiMail unit is the primary unit in an active passive HA group e slave if the FortiMail unit is the backup unit in an active passive HA group cmaster if the FortiMail unit is the primary unit in a config only HA group e cslave if the FortiMail unit is the backup unit in a config only HA group Example Enter the following command to set the HA configured operating mode of a FortiMail unit to cmaster set system ha mode cmaster History FortiMail v3 0 New Related topics e set system ha config e set system ha on failure e set syst
151. fault lt name_str gt Enter the name of the antispam profile to modify dict_profile Select the dictionary profile to be used for dictionary scans No default lt dict_int gt e lt dict_int gt is the dictionary profile number scanner Enable or disable dictionary scanning for the specified profile disable enable disable History FortiMail v3 0 New Related topics set as profile modify actions e set as profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q as profile modify dnsbl set as profile modify dnsbl Use this command to enable or disable communication with the DNSBL servers to scan email for the specified profile IP addresses defined as private network addresses by RFC 1918 are not checked Syntax set as profile lt name_str gt modify dnsbl enable disable lt name_str gt is the name of the profile By default the DNSBL lookup is disabled History FortiMail v3 0 New Related topics e set as profile modify dnsblserver RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 114 06 30004 0420 20080814 set as profile modify dnsblserver as profile modify dnsblserver Use these commands to modify the DNSBL server list for an antispam profile Syntax lt name_str gt modify dnsblserver lt host_str gt add lt name_str gt modify dnsblserver lt
152. form Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 A amp get get alertemail configuration alertemail setting antivirus as auth av config console fshd status ip_policy ip pool ip profile dap profile limits log elog log logsetting log msisdn log policy log query log reportconfig log view mailserver mailserver access mailserver archive mailserver localdomains mailserver smtp mailserver systemquarantine misc profile out content out policy out profile policy spam deepheader spam heuristic rules spam retrieval policy system user userpolicy FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET A alertemail configuration get alertemail configuration Use this command to view the alert email recipients The command displays the SMTP server address SMTP user name SMTP authentication status encrypted SMTP password and the email addresses used to send the alert Syntax get alertemail configuration History FortiMail v3 0 New Related topics get alertemail setting RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 get alertemail setting alertemail setting Use this command to view the alert email configuration This command displays what is enabled or disabled for virus incidents critical events e disk full
153. fter the FortiMail unit these mail servers will add their own received headers disable remove header Enter to remove from email messages any headers defined with the disable headerlist add command headerlist add lt key str gt headerlist delete lt key str gt Enter a header key the portion of the header before the colon to have the FortiMail unit remove the header when remove header is enabled Enter a header key to remove it from the header list Once removed the remove header command will not affect the header you remove History FortiMail v3 0 MR4 New Related topics sei Ip profile check Sei Ip profile connection e sei Ip profile error e setip_profile list e sei Ip profile senderreputation RTINET 180 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 set ip profile limit ip profile limit Use these commands to set the parameters related to session communication limits Syntax set ip profil set ip profil set ip profil set ip profil set ip profil set ip profil set ip profil ooo ooo n lt name_str gt limi lt name_str gt limi lt name_str gt limi lt name_str gt limi lt name_str gt limi lt name_str gt limi lt name_str gt limi noop lt int gt rset lt int gt emails lt int gt header_size lt int gt helo lt int gt message_size lt int gt recipients lt int gt
154. g TCP port 110 The command also configures remote service monitoring to check the POP3 service every 30 minutes wait up to 20 seconds for a response and to change the backup effective operating mode to master if POP3 remote interface monitor fails after 10 consecutive checks History FortiMail v3 0 New Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference set system ha config set system ha cpeer interface peer secondary interface secondary peer set system ha data set system ha datadir set system ha lservice set system ha mode 06 30004 0420 200808 14 set system ha rservice pop 10 10 10 2 25 30 20 10 set system ha monitor set system ha on failure set system ha passwd set system ha remote as heartbeat set system ha restart restore resync set system ha takeover RTIMNET Lo 8 system ha takeover RTINET F Co 8 system ha takeover Er Use this command to configure HA network interface in master mode configuration options for an active passive HA group to control how network interface IP addressing and status is changed by HA Depending on your requirements you can configure HA network configuration options for all FortiMail network interfaces including the mgmt interface for a FortiMail unit operating in transparent mode For FortiMail units operating in gateway and server modes for each interface you can ignore the interface set a new IP address and
155. g lt warning time gt Keywords and Variables Description Default dsn_timeout lt dsn_timeout gt Select the maximum number of days a delivery status notification 5 days DSN message can remain in the mail queues The valid range is from zero to ten days After the maximum time has been reached the DSN email will be returned as undeliverable If the maximum time is set to zero days delivery will be attempted one time and then the DSN email will be returned as undeliverable retry lt retry interval gt Select the number of minutes between delivery retries for queues 27 minutes The valid range is from 10 to 120 minutes Adjusting this value lower will help deliver messages faster timeout lt timeout gt warning lt warning time gt Select the maximum number of days an email can remain in a 5 days mail queue The valid range is from one to ten days After the maximum time has been reached the email will be returned as undeliverable Select the number of hours before a warning is sent to the sender 4 hours notifying them the message has been deferred The valid range is from 1 to 24 hours History FortiMail v3 0 MR2 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTIMET 241 mailserver smtpauth set mailserver smtpauth Use this command to enable or disable authentication using SMTP SMTP over TLS or SMTPS
156. ge forward sends the message to the specified email address instead of the recipient quarantine stores the infected message in the FortiMail unit spam quarantine reject causes the FortiMail unit to not accept delivery of the infected message An error is returned to the system attempting delivery replace strips the infected attachment and replaces it with the a custom message review stops messages matching the monitor profile and places them into the system quarantine These messages are not included in the spam report sent to users Rather an administrator must release or delete these messages after reviewing them treat_as_spam handles the infected message according to the action set in the applicable antispam profile replace review treat_as_spam History FortiMail v3 0 New Related topics set content modify monitor RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 154 06 30004 0420 20080814 set content modify monitor action RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 155 fshd RTINET 156 Use set fshd to configure FortiGuard service on the FortiMail unit Syntax set fshd cache status enabled disabled set fshd cache ttl lt ttl_int gt set fshd hostname lt hostname_str gt set fshd status enabled disabled set Commands
157. gh end model FortiMail units Keywords and Variables Description Default local nfs Select the type of storage for the FortiMail unit N A local use local storage nfs use NFS type disable Select the type of storage to be used in a central quarantine disable dir Select the directory to use on the NFS storage ip Select the IP address of the NFS storage History FortiMail v3 0 MR3 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set mailserver smtp storage cquar mailserver smtp storage cquar Use this command to configure central quarantine mail storage options Central quarantine stores quarantined email on a separate high end model FortiMail unit This reduces the resources required on the local unit The allowance keyword is only available when the FortiMail unit is a central quarantine server The remoteserver keyword is only available for FortiMail client units Syntax set m set m lt ipv4_ set m lt ipv4_ set m set m ail ail ail ail LServer lserver addr gt lserver addr gt LServer ail Server lt ipv4 addr gt smtp smtp smtp smtp smtp storage cquar type disable client server storage cquar allowance add name lt name str gt storage cquar allowance change name lt name str gt ip ip storage cquar allowance remove name lt name_str gt
158. glevel RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 211 log policy destination virus set log policy destination virus Use this command to enable and log virus events for a device You need to enable virus logging before selecting virus events Syntax To enable logging of virus events for a device set log policy destination console local syslog virus status enable set log policy destination console local syslog virus category infected Keywords Variables Description Default enable disable Enable or disable virus log output to a device disable infected none Virus logging must be enabled for these settings tobe OFF applicable infected log all instances of virus infected messages none to clear all event categories specify none without any other event categories History FortiMail v2 8 New Related topics set log setting localset sei log setting syslog e set log policy destination event set log policy destination spam e set log policy destination history set log view fields e set log view loglevel RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 212 06 30004 0420 20080814 set log reportconfig direction Use this command to configure what types of emails the report will contain log reportconfig direction Syntax To configure th
159. going recipient based policy user ID move to lt new_int gt Enter the new position the policy will occupy History FortiMail v3 0 New Related topics set out_policy profile delete e set out_policy rename to RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 262 06 30004 0420 200808 14 set out_policy rename to out_policy rename to Use this command to rename an outgoing recipient based policy This command applies to gateway and transparent modes only Syntax set out_policy lt user_str gt rename to lt new_str gt Keywords and variables Description Default lt user_str gt Enter the outgoing recipient based policy user ID rename to lt new_str gt Enter the new user ID History FortiMail v3 0 New Related topics set out_policy profile delete set out_policy move to RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 No O Q out_profile profile delete set out_profile profile delete Use this command to delete an outgoing antispam profile Syntax set out_profile profile lt name_str gt delete lt name_str gt is the name of the outgoing antispam profile History FortiMail v3 0 New Related topics set out_profile profile rename to RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 264 06 30004 0420 20080814 set out_profil
160. groups limits system level groups Use this command to fine tune the group related maximum values on your FortiMail unit The syntax requires the two values be entered every time the command is executed Even if you only want to change one value both must be entered Entering 0 for any value resets it to the default The new values will take effect when the FortiMail unit is restarted Syntax set limits system level groups lt groups_int gt lt members_int gt Keywords and Variables Description Default lt groups_int gt Enter the maximum number of groups that can be created lt members_int gt Enter the maximum number of members that can be added to each group History FortiMail v3 0 MR3 New Related topics set limits domain level e set limits system level general set limits system level mail users e set limits system level other profiles e set limits system level policies e get limits RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N Q Q limits system level mail users set limits system level mail users Use this command to adjust the maximum number of mail users that can be created on your FortiMail unit The new value will take effect when the FortiMail unit is restarted Syntax set limits system level mail users lt users_int gt Keywords and Variables Description Default lt users_
161. guring auto release 108 configuring for antispam profile 122 mailserver settings 247 R recipient based policy configuring 296 regular expression regex 225 relay server configuring 236 remote administration by a FortiManager system 20 remote as heartbeat HA 326 remote services monitored by the HA backup unit 328 restart primary unit 327 Rewrite recipient email address 123 routing configuring 339 S secondary heartbeat interface HA 314 secure socket layer SSL 243 server mode setting 337 services monitored by the HA backup unit 328 session profile configuring header manipulation 180 configuring sender reputation feature 185 configuring sender validation features 186 deleting 178 enabling black white lists 182 enabling session checks 175 MSISDN repuration 183 rate control 188 renaming 184 setting communication limits 181 setting error penalties 179 setting session connection attributes 177 setting administrative access for SSH or Telnet 23 shared password HA 324 simple network management protocol SNMP 340 SMTP enabling SSL 244 245 mailserver authorization 242 SNMP configuring SNMP community 340 setting thresholds 342 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Index sysinfo 342 spam reports configuring 131 spam retrieval enabling authentication 300 SPF 186 SURBL enabling checking for antispam profile 125 modifying server list for antispam prof
162. he IMAP server host name or IP address lt server_ipv4 gt port lt port_int gt Enter the IMAP server port number 389 for non secure connections 636 for secure connections option ssl secure These optional settings further define the connection to the IMAP tls domain server e ssl enables Secure Sockets Layer SSL on the IMAP server to secure message transmission e secure enables Secure Authentication on the IMAP server to secure email users passwords e tls enables Transport Layer Security TLS on the IMAP server to ensure privacy between communicating applications and their users on the Internet domain select if the IMAP server requires the domain for authentication History FortiMail v3 0 New Related topics set auth imap rename to RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 134 06 30004 0420 20080814 set auth pop3 rename to Use this command to rename a POP3 authentication profile Syntax set auth pop3 lt name_str gt rename to lt new_str gt auth pop3 rename to Keywords and Variables Description lt name_str gt This is the name of the POP3 authentication profile lt new_str gt Enter the new name of the POP3 authentication profile History FortiMail v3 0 New Related topics set auth pop3 server FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06
163. he action each spam detection method takes for messages detected as spam Syntax set as profile lt name_str gt modify individualaction scanner bannedword bayesian deepheader dictionary forgedip fortishield heuristic imagespam dnsbl surbl virus action default subject reject discard forward quarantine Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify scanner bannedword Select the spam detection method No default bayesian deepheader dictionary forgedip fortishield heuristic imagespam dnsbl surbl virus action default Select the action to take when spam is detected default subject reject e Set default to use the default action set with theset as discard forward profile modify actions command quarantine Set subject to tag the message subject Set reject to reject the message and return an error to the sending system Set discard to accept the message and delete it without informing the sending system Set forward to have messages forwarded to the email address set with the emailaddr keyword of the set as profile modify actions command Set quarantine to divert spam to the user s spam quarantine History FortiMail v3 0 New Related topics e set as profile modify actions RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420
164. he primary unit to 10 1 1 2 secondary peer ipv4 of the backup unit must match the secondary local_ipv4 of the primary unit You could set the secondary peer ipv4 of backup unit to A ele Lee Example configuring primary heartbeat local and peer IP address for a config only HA group This example describes how to configure primary local and peer IP addresses for a config only HA group consisting of one primary unit and three backup units Enter the following commands from a config only HA primary unit to set port 5 as the primary heartbeat interface set the primary local HA heartbeat IP address and netmask to 10 0 0 1 255 255 255 0 and add three backup units to the peer list The primary heartbeat local addresses of the backup units to be added to the peer list are 10 0 0 2 10 0 0 3 and 10 0 0 4 set system ha interface port5 10 0 0 1 255 255 255 0 set system ha cpeer 1 10 0 0 2 set system ha cpeer 2 10 0 0 3 set system ha cpeer 3 10 0 0 4 Enter the following command from the first config only HA backup unit to set port 5 as the primary heartbeat interface and set the primary heartbeat local IP address and netmask to 10 0 0 2 255 255 255 0 set system ha interface port5 10 0 0 2 255 255 255 0 Enter the following command from the second config only HA backup unit to set port5 as the primary heartbeat interface and set the primary heartbeat local IP address and netmask to 10 0 0 3 255 255 255 0 set system ha interface por
165. he primary unit lt retries_integer gt The number of consecutive times the HA heartbeat detects a failure before the backup unit decides that the primary unit has failed The number of times the check fails range is 1 to a very high number Set the number of times the check fails to 0 to disable interface monitoring or hard drive monitoring E Example Enter the following command to change the HA heartbeat configuration so that each FortiMail unit in C the HA group send heartbeat packets every 20 seconds and the FortiMail units in the HA group detect a failure if the HA heartbeat check fails 5 times This command keeps the HA heartbeat TCP port set to 20000 H set system ha monitor port 20000 20 5 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 322 06 30004 0420 200808 14 set History FortiMail v3 0 New Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference set system ha config set system ha cpeer interface peer secondary interface secondary peer set system ha data set system ha datadir set system ha lservice set system ha mode 06 30004 0420 200808 14 system ha monitor set system ha on failure set system ha passwd set system ha remote as heartbeat set system ha restart restore resync set system ha rservice set system ha takeover RTINET W 3 system ha on failure set RTINET 324 system ha on f
166. he remote host History FortiMail v3 0 New FortiMail v3 0 MR3 Capitalized variables for protocol keyword Related topics e set mailserver archive account set mailserver archive exemptlist set mailserver archive local quota set mailserver archive policy FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTIMET 231 mailserver deadmail set mailserver deadmail Use this command to enter the number of days to keep email with incorrect recipient and sender addresses Syntax set mailserver deadmail lt value gt lt value gt is the time in days from 1 to 365 History FortiMail v3 0 New RTIMET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 232 06 30004 0420 200808 14 set mailserver portnumber mailserver portnumber Use this command to enter email port numbers for the FortiMail unit Syntax set mailserver portnumber pop3 lt port_number gt server mode set mailserver portnumber smtp lt port_number gt set mailserver portnumber smtps lt port_number gt Keywords and Variables Description Default pop3 lt port_number gt Enter the POPS server port number for the FortiMail unit 110 This command is only available in server mode smtp lt port_number gt Enter the SMTP server port number for the FortiMail unit 25 smtps lt port_number gt Enter the SMTPS server port num
167. his interface or secondary IP address The deny access command is the equivalent of executing the allowaccess command with only the required management access types Enter the maximum transportation unit MTU for the specified interface lt mtu int gt is the maximum packet size sent from this interface Sets the speed of the network interface The default is auto Note that some interfaces may not support all speeds Sets the specified interface down or up History FortiMail v3 0 New Related topics set system interface mode dhcp set system interface mode dhcp e set system interface mode static FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set system interface mode dhcp system interface mode dhcp Use this command to enable or configure DHCP for this interface If only the dhcp keyword is used both connection and default gateway are enabled by default Syntax To enable DHCP on this interface set system interface lt intf_str gt mode dhcp To enable and or configure DHCP on the interface set system interface lt intf_str gt mode dhcp connection enable disable defaultgw enable disable Keywords and Variables Description interface lt intf_str gt Enter the name of the interface port1 for example connection Enables or disables connecting to a DHCP server to configure the external enable disable interface defaultgw Enabl
168. hitelistwordlist lt word_str gt set move to lt dest_int gt Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify lt word_str gt Enter the whitelist word add subject Add the specified word as a whitelist word Enable or disable checking of enable the message subject and body for the whitelist word disable body enable disable change body enable Select whether the email body text is examined for whitelist words disable disable change subject Select whether the email subject text is examined for whitelist words disable enable disable change word lt new_str gt Change the specified whitelist word The lt name str gt variable specifies the existing word and lt new_str gt is the new word delete Delete the specified whitelist word move to lt dest_int gt Move the specified word to the position in the whitelist word list specified by the lt dest_int gt variable History FortiMail v3 0 MR3 New Related topics set out_profile profile modify whitelistword FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set out_profile profile rename to Use this command to rename an outgoing antispam profile Syntax set out_profile profile lt name_str gt rename to lt new_str gt lt name_str gt Is the name of the outgoing antispam profile o
169. host_str gt delete lt name_str gt modify dnsblserver lt host_str gt move to lt new_int gt lt name_str gt modify dnsblserver lt host_str gt rename to set as profil set as profil set as profil set as profil lt new_str gt ooo o Keywords and variables Description lt name_str gt Enter the name of the antispam profile to modify lt host_str gt The DNSBL server entry you want to modify in the profile add Add the new DNSBL server delete Delete the DNSBL server move to lt new_int gt Change the position of the DNSBL server in the server list Each entry is numbered the first is 1 the second 2 and so on lt new_int gt is the entry s new position rename to lt new_str gt Change the DNSBL server hostname History FortiMail v3 0 New Related topics e set as profile modify dnsbl RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Qo as profile modify forgedip set as profile modify forgedip Use this command to enable or disable forged IP checking for an antispam profile Syntax set as profile lt name_str gt modify forgedip enable disable lt name_str gt is the name of the profile By default forged IP checking is disabled History FortiMail v3 0 New Related topics e set as profile modify actions e set as profile modify individualaction scanner RTIMNET F FortiMail
170. iMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 userpolicy get RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 8 set set This chapter describes the following commands alertemail configuration mailto alertemail deferq alertemail setting option antivirus as blacklistaction as control autorelease as control bayesian as greylist as profile delete as profile modify as spamreport as trusted auth imap rename to auth imap server auth pops rename to auth pop3 server auth radius rename to auth radius server auth smtp rename to auth smtp server av delete av modify av rename to console content delete content modify fshd ip policy ip pool ip profile dap profile limits log msisdn log policy destination log reportconfig log setting log view fields log view loglevel mailserver access mailserver archive mailserver deadmail mailserver portnumber mailserver proxy smtp interface mailserver proxy smtp unknown mailserver relayserver mailserver smtp mailserver systemquarantine misc profile delete misc profile modify misc profile rename to out_content delete out_content modify out_policy profile delete out_policy modify out_policy move to out_policy rename to out_profile profile delete out profile profile modify
171. ibes how to configure and manage a FortiMail unit including how to create profiles and policies configure antispam and antivirus filters create user accounts configure email archiving and set up logging and reporting e FortiMail CLI Reference Describes how to use the FortiMail CLI and contains a reference of all FortiMail CLI commands e FortiMail Log Message Reference Available exclusively from the Fortinet Knowledge Center the FortiMail Log Message Reference describes the structure of FortiMail log messages and provides information about the log messages that are generated by FortiMail units e FortiMail Installation Guide Describes how to set up the FortiMail unit in transparent gateway or server mode e FortiMail online help Provides a searchable version of the Administration Guide in HTML format You can access online help from the web based manager as you work e FortiMail Webmail online help Describes how to use the FortiMail web based email client including how to send and receive email how to add import and export addresses how to configure message display preferences and how to manage quarantined email e FortiMail User Guides Provides information that the FortiMail end users need to know in order to take advantage of the services provided by the FortiMail unit These guides are included as chapters in the FortiMail Administration Guide allowing the administrator to provide information on only the enabled features
172. icy basedn lt basedn_str gt Enter the group base DN if relat ivename is enabled groupnameattribute lt grp str gt _ Enter the group name attribute if relat ivename is enabled History FortiMail v3 0 MR3 New Related topics set dap profile clearallcache sei dap profile profile auth e sei dap profile profile clearcache e setldap_profile profile pwd e set ldap_profile profile routing set dap profile profile server e set dap profile profile user e unset dap profile RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 194 06 30004 0420 20080814 set Idap_profile profile option ldap profile profile option Use these commands to configure the advanced LDAP profile options Syntax set ldap profile profile lt name str gt option cachestate enabl disable set ldap profile profile lt name str gt option cachettl lt ttl int gt set ldap profile profile lt name str gt option timelimit lt timeout int gt set ldap profile profile lt name str gt option unauthbind enable disable set ldap profile profile lt name str gt option version ver2 ver3 Keywords and Variables Description Default lt name str gt Enter the name of the LDAP profile cachestate enable disable Enable or disable the LDAP cache The FortiMail unit will disable cache LDAP queries to reduce the amount of network traffic b
173. icy modify Use these commands to configure outgoing recipient based policies This command applies to gateway and transparent modes only Syntax set out_policy lt user_str gt modify as lt name_str gt set out_policy lt user_str gt modify av lt name_str gt set out_policy lt user_str gt modify content lt name_str gt Keywords and Variables Description Default lt user_str gt Enter the outgoing recipient based policy user ID modify as lt name_str gt Select the antispam profile to apply to the selected antispam_out_def recipient based policy modify av lt name_str gt Select the antivirus profile to apply to the selected antivirus def recipient based policy modify content lt name str gt Select the content profile to apply to the selected content out def recipient based policy History FortiMail v3 0 New Related topics set out policy profile delete set out policy move to set out policy rename to RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 261 out_policy move to set out_policy move to Use this command to move an outgoing recipient based policy to a new position in the policy list This command applies to gateway and transparent modes only Syntax set out_policy lt user_str gt move to lt new_int gt Keywords and variables Description Default lt user_str gt Enter the out
174. iguration Syntax get config lt search_string gt lt search_string gt is an optional search string If the string contains spaces enclose it in single quotation marks If you specify a search string the command displays only the lines in the configuration file that contain that string Otherwise the command lists the entire configuration History FortiMail v3 0 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 get console console Use this command to display console settings the number of lines per page the mode of operation and the baud rate of the command line console Syntax get console Example FortiMail 400 get console Page number 24 Console mode Line Console baudrate default History FortiMail v3 0 New RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 fshd status RTINET ES Q Q fshd status Use this command to display the FortiGuard settings on the FortiMail unit Syntax get fshd status Example FortiMail 400 get Fortishield service Fortishield servic fshd status status enabled cache status enabled Fortishield servic Fortishield service History FortiMail v3 0 New cache ttl 600 hostname antispam fortigate com get FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06
175. ile 126 system mail directory synchronizing 319 T tagging configuring for antispam profile 127 technical support 18 time Setting by NTP 344 setting manually 343 transparent mode Setting 337 trusted MTA addresses 132 U update configuring proxy tunneling 306 enabling push update 304 setting schedule 305 user adding a user group 345 mapping to another email address 346 PKI 347 user alias configuring 346 user group adding 345 user home directories synchronizing 319 user policy deleting 348 moving in policy list 350 renaming 351 selecting profiles 349 using the CLI 21 W web based manager changing appearance 302 refresh interval 338 whitelist word antispam profile incoming 129 antispam profile outgoing 283 whitelist word list antispam profile incoming 130 284 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTIMET ES 8 a Index RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 366 06 30004 0420 200808 14 F RTIMGT www fortinet com F RTIMGT www fortinet com
176. instead of his own email address Similarly incorrectly classified messages can be submitted to the group global database by the administrator using the training group example from address to prevent these corrections from affecting his personal Bayesian database History FortiMail v3 0 New Related topics e set as profile modify bayesian e setas profile modify actions RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 S 8 set as greylist Use these command to configure the greylist settings Syntax set as greylist capacity lt cap_int gt set as greylist exempt add delete lt address gt set as greylist greylistperiod lt period_int gt set as greylist initial_expiry_period lt exp_int gt lt ttl int gt set as greylist ttl Keywords and Variables Description Default capacity lt cap int gt Use this command to set the maximum number of greylist items stored in the greylist database New items causing the greylist database to grow larger than the set capacity will overwrite the oldest item e lt cap int gt is the maximum number of items in the greylist database The default value and acceptable range varies by FortiMail model To display the currently set capacity use the get as greylist command To determine the available capacity range for your FortiMail model enter a question mark for the capacity value a
177. int gt Enter the maximum number of mail users that can be created History FortiMail v3 0 MR3 New Related topics set limits domain level e set limits system level general e set limits system level groups e set limits system level other profiles e set limits system level policies e get limits RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 204 06 30004 0420 200808 14 set limits system level other profiles limits system level other profiles Use this command to fine tune some of the profile related maximum values on your FortiMail unit The syntax requires that the five values be entered every time the command is executed Even if you only want to change one value all five must be entered Entering 0 for any value resets it to the default The new values will take effect when the FortiMail unit is restarted Syntax set limits system level other profiles lt as_int gt lt av_int gt lt misc_int gt lt content_int gt lt session_int gt Keywords and Variables Description Default lt as_int gt Enter the maximum number of antispam profiles that can be created lt av_int gt Enter the maximum number of antivirus profiles that can be created lt misc_int gt Enter the maximum number of misc profiles that can be created lt content_int gt Enter the maximum number of content profiles that can be created lt session_int gt Enter the maximum number of
178. ion 3 0 MR4 CLI Reference 206 06 30004 0420 200808 14 set RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 207 log msisdn set log msisdn Use this command to display the MSISDN column in Log amp Report gt Logging in the web based manager The MSISDN column displays only when this command is enabled Syntax To enable the MSISDN column to display in Log amp Report gt Logging set log msisdn enable disable History FortiMail v3 0 MR3 New Related topics set log view fields RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 208 06 30004 0420 200808 14 set log policy destination event log policy destination event Use this command to enable and log events to a device You need to enable event logging before selecting what events to log to a device Syntax To enable and configure events for a device set log policy destination console local syslog event status enable set log policy destination console local syslog event category configuration ha imap login pop3 smtp system updatefailed updatesucceeded webmail none Keywords Variables Description Default status enable disable Enable or disable event log output to a device disable category configuration Event logging must be enabled for this settings to be OFF login system updatefailed applicable updatesucceeded smtp ha configur
179. ions 0 Enter 0 to disable limiting History FortiMail v3 0 New Related topics set ip_profile check set ip_profile error set ip_profile limit set ip_profile list set ip_profile senderreputation FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 177 ip profile delete set ip profile delete Use this command to delete a session profile Syntax set ip profile lt name str gt delete lt name_str gt is the name of the profile History FortiMail v3 0 New Related topics e set Ip profile rename FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 178 06 30004 0420 200808 14 set ip profile error ip profile error Use these commands to set the parameters related to session communication error penalties Syntax lt name str gt error free lt int gt lt name str gt error initial delay lt int gt lt name str gt error increment lt int gt lt name str gt error total lt int gt set ip profil set ip profil set ip profil set ip profil ooo o Keywords and Variables Description Default lt name_str gt Enter the name of the session profile free lt int gt Enter the number of free errors allowed in a communication session The 1 FortiMail unit will begin to penalize the client when the number of errors exceed this free threshold initial delay lt int gt Enter the number of
180. is which If the string includes spaces enclose the string in quotes lt desc_str gt is the unique description of this unit lt loc_str gt is the location of this unit lt contact_str gt is the contact information for the administrator for this unit Set the threshold for one of the SNMP traps Trigger sets a threshold value between 1 and 99 that will trigger that trap The thresholds are for the following SNMP traps cpu CPU usage Percentage of CPU used default is 80 j EE fe 1000 High deferred mail queue Disk space used for deferred queue default threshold cpu deferq logdisk maildisk mem logdisk Log disk usage Log disk percentage full default is 90 e maildisk Mail Disk usage Mail disk percentage full default is 90 e mem Memory low Percentage of memory in use default is 80 spam Detected spam Number of spam detections default is 1 virus Detected viruses Number of virus detections default is 1 For example if maildisk has a trigger of 75 when the hard disk is 75 filled up it will trigger the maildisk SNMP trap Another example is if virus has a trigger of 4 when 4 viruses are detected it will trigger the virus SNMP trap History FortiMail v3 0 New Related topics set system snmp community RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q A N set system time
181. itelistword FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set as spamreport Use these commands to configure spam reports Syntax set as set as set as set as set as spamreport spamreport spamreport spamreport spamreport hostname lt host_str gt https enable disable interval lt option gt timeofday lt time_str gt webaccess_expiry_period lt hours_int gt as spamreport Keywords and variables Description Default hostname lt host_str gt Enter an alternate resolvable host name to use if the local domain name is not resolvable from everywhere users will receive their mail https enable disable Enable or disable encrypted communication between the user and the FortiMail unit when the user selects a release or delete link in an HTML formatted spam quarantine report enable interval thesedays lt day_int gt thesehours lt hours_int gt Specify how often spam reports will be generated and sent to users The two options work together and both need to be set thesedays allows you to specify on which days spam reports will be generated The lt day_int gt variable specifies the days separated by commas Sunday through Saturday are represented by the digits 0 through 6 For example Sunday is 0 Tuesday is 2 Friday is 5 To specify reports generated Monday through Friday the command line would be set as spamrep
182. k capacity quotafull overwrite Enter the action the FortiMail unit should take when the overwrite noquarantine system quarantine reaches its quota size overwrite will have anew message replace the oldest in the system quarantine noquarantine will prevent any new messages from being quarantined Note however that noquarantine will still prevent messages from being delivered Since they re not quarantined they re simply deleted rotatesize lt size int gt Configures the size and time thresholds which trigger rotation size 100 rotatetime time int gt system quarantine rotation When the mailbox reaches rotation time 7 z the rotation size or time threshold whichever occurs first the mailbox mbox file will be renamed and backed up A new mailbox file will be generated into which the new email is saved e lt size_int gt is the rotation size from 10 to 200 megabytes e lt time_int gt is the rotation time from 1 to 365 days History FortiMail v3 0 New Related topics set content modify action e set content modify monitor action RATINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 247 misc profile delete set misc profile delete Use this command to delete a misc profile This command is available in server mode only Syntax set misc profile lt name_str gt delete lt name_str gt is the name of the misc profile
183. k replaces the actual IP address of the interface with the set IP address The interface has only one IP address This is different from the virtual IP address configuration which results in the interface having two IP addresses lt takeover_ipv4 gt Add an IP address and netmask as required depending on the takeover option lt netmask ipv4 gt that you select You always have to add an IP address and netmask even if E the takeover option does not require one oS O O Example Enter the following command to set the port5 interface with a virtual IP address of 10 10 10 2 and a netmask of 255 255 255 0 when the FortiMail unit operates in HA mode set system ha takeover port5 add 10 10 10 2 255 255 255 0 History FortiMail v3 0 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 331 system ha takeover set Related topics e set system ha config e set system ha monitor set system ha cpeer interface peer e set system ha on failure secondary interface secondary peer set system ha passwd set system ha data set system ha remote as heartbeat e set system ha datadir set system ha restart restore resync e set system ha Iservice set system ha rservice e set system ha mode RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 332 06 30004 0420 200808 14 set system hostname sys
184. l set log setting local status enable disable diskfull overwrite nolog set log setting local filesz lt file sz_integer gt set log setting local logtime lt days_integer gt At the specified interval the current log file is closed and saved and a new one started The default log time interval is 10 days Keywords Variables Description Default status enable disable Enable or disable logging to a destination disable loglevel Sets the destination log severity level Use the to list Emergency lt severity_integer gt the following log levels 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notification 6 Information Logs include items of the level you set and higher Set level to 6 if you want to include all log severity levels diskfull Sets the action to take with additional logs when the overwrite overwrite nolog FortiMail hard disk runs out of space overwrite deletes the oldest log file when the hard disk is full ETH stops logging messages when the hard disk is full filesz Sets a maximum log file size in Mbytes 10 lt file sz_integer gt When the log file reaches the size the current log file is closed and saved A new active log file is then started The default log file is 10 MB and the maximum allowed size is 1000 MB logtime lt days_integer gt Sets a log time interval in days 10 History FortiMail v2 8 New
185. l e sei Ip pool add entry sei Ip pool delete e get ip pool FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 172 06 30004 0420 200808 14 set ip pool delete Use this command to delete an IP pool profile Syntax set ip_pool lt name_str gt delete ip pool delete Keywords and Variables Description Default lt name str gt This is the name of the IP pool profile History FortiMail v3 0 MR3 New Related topics e set ip pool sei Ip pool add entry e set ip pool del entry get ip pool FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET Sch d set FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 174 06 30004 0420 200808 14 set ip profile check ip profile check Use these commands to configure various session checks Syntax set ip profile lt name str gt check 3 way enable disable set ip profile lt name str gt check allow pipelining no loose strict set ip profile lt name str gt check domain enable disable set ip profile lt name str gt check eom_ack enable disable set ip profile lt name str gt check helo enable disable set ip profile lt name str gt check open relay enable disable set ip profile lt name str gt check recipient enable disable set ip profile lt name str gt
186. l set log view loglevel Use this command to configure the log severity level of what displays when viewing log messages in the web based manager Syntax To set the log severity level that will display in the web based manager set log view loglevel event history spam virus loglevel lt severity_integer gt Keywords Variables Description Default loglevel event Sets the log type No default history spam virus loglevel Sets the destination log severity level Use the to list No default lt severity integer gt the following log levels 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notification 6 Information Logs will include items of the level you set and higher Set level to 6 if you want to include all log severity levels History FortiMail v2 8 New Related topics sei log setting localset sei log setting syslog e set log policy destination event set log policy destination spam set log policy destination virus e set log policy destination history RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 224 06 30004 0420 20080814 set mailserver access mailserver access Use this command to configure delete and reorder mailserver access rules Access rules are processed in numerical order Use the move keyword to change the order of rules to achieve your desired processing order If there are two rules
187. l unit accept the message and silently delete it Neither the sender nor the recipient will be informed e reject will have FortiMail unit reject the message The system attempting delivery will receive an error e profile will have the FortiMail unit use the action set in the applicable antispam profile Default autodeletepolicy 0 1 2 3 4 keys activate add delete ae keys will be removed after being unused for the selected time period e 0 Never automatically delete an unused key e 1 Delete a key when it hasn t been used for 1 month e 2 Delete a key when it hasn t been used for 3 months 3 Delete a key when it hasn t been used for 6 months e 4 Delete a key when it hasn t been used for 12 months The active key will not be automatically removed Bounce verification keys can be activated added and deleted activate allows you to specify which key will be used to generate email message tags Only one key can be active add allows you to create a new key by entering the key string e delete allows you to delete an existing key by entering the key string status enable disable Enable or disable bounce verification Tag checking can be bypassed in each ip profile tagexpiry lt expiry_int gt Enter the number of days an email tag is valid When this time elapses the FortiMail unit will treated the tag as invalid History FortiMail v3 0 MR4 New Related
188. l will stop being processed No default History FortiMail v3 0 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 mailserver smtp deferbigmsg RTIMET 237 mailserver smtp delivery set mailserver smtp delivery Selecting yes for this command will turn off ESMTP delivery Syntax set mailserver smtp delivery noesmtp yes no History FortiMail v3 0 MR3 New RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 238 06 30004 0420 200808 14 set mailserver smtp dsn_ mailserver smtp den Use this command to configure the delivery status notification DSN messages sender information Syntax set mailserver smtp dsn_displayname lt name_str gt set mailserver smtp dsn_sender lt email_str gt lt name_str gt is the sender s name the notification is from An example would be postmaster lt email_str gt is the sender s email address the notification is sent from An example for the domain example com would be postmaster example com History FortiMail v3 0 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N Q mailserver smtp Idap_domain_check set mailserver smtp Idap_domain_check Use this command to check the validity of domains not configured on the FortiMail unit with LDAP verification Email messages to domains passing this check ca
189. latform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 295 policy modify user RTINET 8 policy modify user Use this command to configure recipient based policies This command is available in gateway and transparent modes only Syntax set policy set policy set policy set policy set policy lt fqdn_str gt lt fqdn_str gt Keywords and Variables lt fqdn_str gt modify user lt user_str gt delete modify user lt user_str gt modify as lt name_str gt lt fqdn_str gt modify user lt user_str gt modify av lt name_str gt modify user lt user_str gt modify content lt name_str gt Description lt fqdn_str gt modify user lt user_str gt rename to lt newuser_str gt Default set lt fqdn_str gt lt user_str gt Enter the fully qualified domain name Enter the recipient based policy user ID delete modify as lt name_str gt Deletes the specified recipient based policy Select the antispam profile to apply to the selected recipient based policy antispam_def modify av lt name_str gt Select the antivirus profile to apply to the selected recipient based policy antivirus_def modify content lt name_str gt rename to lt newuser_str gt Select the content profile to apply to the selected recipient based policy Rename a recipient based policy user ID lt newuser_str gt is the new user ID content_def History
190. ldap pop3 radius smtp lt profile str gt senddomain enable disable diffident allowaccess pop3 http smtpauth Keywords and Variables Description Default lt fqdn_str gt Enter the user s domain lt user_str gt Enter the user s ID with the domain e g user1 example com Entering the user ID without the domain will result in the command returning an error auth imap ldap Select the type of server used for authentication pop3 radius smtp lt profile_str gt Enter the authentication profile name senddomain enable Enable to send the domain name with the user s ID to the authentication disable disable server allowaccess pop3 Select the type of access allowed http smtpauth pop3 allows POP3 retrieval of spam messages diffident http allows webmail viewing and retrieval of spam messages smtpauth enables SMTP authentication diffident allows different sender identity History FortiMail v3 0 New Related topics Set as control autorelease RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 Ss set system admin Use this command to create or edit a system admin on your FortiGate system Using this command you can set e the administrator s password system admin e the administrator s permission level e the administrator s trusted hosts which determine which net
191. le lt name str gt connection stop blacklisted enable disable set ip profile lt name str gt connection total lt con int gt Keywords and Variables Description Default lt name str gt Enter the name of the session profile concurrent lt con int gt Enter the maximum allowed number of concurrent connections to 0 each client Additional connections are rejected lt con_int gt is the maximum number of concurrent connections allowed to each client Enter 0 to disable limiting hide enable disable When enabled no information will be added to email message disable headers to indicate the FortiMail unit has intercepted examined and perhaps processed the message This option appears only in transparent mode idle_timeout lt int gt Enter the number of seconds after which an inactive connection will 0 be dropped lt int gt is the timeout in seconds Enter 0 to disable timeout rate lt con_int gt Enter the number of connection allowed per client during a 0 lt time_int gt user defined time frame lt con_int gt is the number of connections lt time_int gt is the time in minutes Enter 0 connections and 0 minutes to disable limiting stop_blacklisted Enable or disable the relaying of email to blacklisted servers The disable enable disable active antispam detection methods determine blacklisting which addresses are blacklisted total lt con_int gt Enter the maximum number of concurrent connect
192. les The total amount of rules is 88 History FortiMail v3 0 New FortiMail v3 0 MR1 Removed keywords desc disabled index modified name status because the heuristic rules are now maintained by the FortiGuard service Related topics e set as profile modify heuristic e set out_profile profile modify heuristic FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 get spam retrieval policy spam retrieval policy Use this command to display spam retrieval policy information for a domain This is available in transparent and gateway modes only Syntax get spam retrieval policy lt fqdn_str gt lt fqdn_str gt Is the fully qualified domain name History FortiMail v3 0 New RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N system RTINET Do amp system Use this command to display system information Syntax get system lt item gt get lt item gt Description admin Display the current list of FortiMail administrator accounts including the user name the IP address and netmask from which this account can manage the FortiMail unit and the account read and write permissions appearance Display the product name and bottom logo URL for the system logon page autoupdate Display the antivirus engine version antivirus definition version update configuration an
193. list lt word_str gt change subject enable disable set as profile lt name_str gt modify whitelistwordlist lt word_str gt change word lt new_str gt List lt word_str gt add subject List lt word_str gt change body set as profile lt name_str gt modify whitelistwordlist lt word_str gt delete set as profile lt name_str gt modify whitelistwordlist lt word_str gt move to lt dest_int gt Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify lt word_str gt Enter the whitelist word add subject Add the specified word as a whitelist word Enable or disable checking of enable the message subject and body for the whitelist word disable body enable disable change body enable Select whether the email body text is examined for whitelist words disable disable change subject Select whether the email subject text is examined for whitelist words disable enable disable change word lt new_str gt Change the specified white list word The lt name_st r gt variable specifies the existing word and lt new_str gt is the new word delete Delete the specified whitelist word move to lt dest_int gt Move the specified word to the position in the white list word list specified by the lt dest_int gt variable History FortiMail v3 0 MR3 New Related topics e set as profile modify wh
194. lserver smtp storage cquar type client FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 245 mailserver smtp storage cquar set set mailserver smtp storage cquar remoteserver name FortiMailClient1 host 10 10 10 2 History FortiMail v3 0 MR3 New RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 X amp set mailserver systemquarantine mailserver systemquarantine Use this command to configure the system quarantine settings Syntax set mailserver systemquarantine account lt name_str gt password lt pwd_str gt set mailserver systemquarantine forward lt address_str gt set mailserver systemquarantine quota lt quota_int gt set mailserver systemquarantine quotafull overwrite noquarantine set mailserver systemquarantine rotatesize lt size_int gt rotatetime lt time_int gt Keywords and Variables Description Default account lt name_str gt Enter the user ID and password for the system User ID password lt pwd_str gt quarantine admin account systemquarantine Password systemquarantine forward lt address str gt Enter an email address to which all messages diverted to the system quarantine will be copied quota lt quota int gt Enter the amount of disk space in gigabytes the system 1 quarantine may use The maximum permitted disk quota depends on available dis
195. m and virus logs Use the set log view command to set the fields to display and the log severity level Syntax get log view event history History FortiMail v3 0 New Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference set log view fields set log view loglevel set log policy destination event set log policy destination spam set log policy destination virus set log policy destination history 06 30004 0420 200808 14 log view RTIMNET d mailserver RTINET ES mailserver Use this command to display the FortiMail email system settings Syntax get mailserver Example FortiMail 400 get mailserver dead mail kept 1 days mail storage local disk Centralized Quarantine Disabled maximum message size 10 MB POP3 server port 110 SMTP authentication enabled SMTP over SSL disabled SMTP server port 25 SMTPS server port 465 Relay server disabled History FortiMail v3 0 New FortiMail v3 0 MR3 Updated output Related topics get mailserver access get mailserver archive get mailserver localdomains get mailserver smtp get mailserver systemquarantine get FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 get mailserver access Use this command to display the permissions for sending and receiving email for each domain Syntax get mailserver access History FortiMail v3 0 New
196. main level Use this command to fine tune the domain related maximum values on your FortiMail unit limits domain level The syntax requires that the four values be entered every time the command is executed Even if you only want to change one value all four must be entered Entering 0 for any value resets it to the default The new values will take effect when the FortiMail unit is restarted Syntax set limits domain level lt profile_int gt lt admin_int gt lt admin_per_dom_int gt lt policy_int gt Keywords and Variables lt admin_int gt Description Enter the maximum number of domains that can have domain level administrators More domains can be created but only the number entered here can have domain level administrators Default lt admin_per_dom_int gt Enter the maximum number of domain level administrators allowed in each domain lt policy_int gt Enter the maximum number of domain specific policies that can be created for each domain lt profile_int gt Enter the maximum number of domain specific profiles that can be created for each domain This number is the maximum for each type not all types together For example if the value is set to 10 there can be 10 antispam profiles 10 session profiles 10 LDAP profiles and so on History FortiMail v3 0 MR3 New Related topics set limits system level general set limits system level groups set limits
197. me str gt list to black enable disable set ip profile lt name str gt list to white enable disable set ip profile lt name str gt list white enable disable Keywords and Variables Description Default lt name str gt Enter the name of the session profile black Enable or disable sender black list checking for the specified session disabled enable disable _ profile to_black Enable or disable recipient black list checking for the specified session disabled enable disable profile to_white Enable or disable recipient white list checking for the specified session disabled enable disable _ profile white Enable or disable sender white list checking for the specified session disabled enable disable _ profile History FortiMail v3 0 New Related topics sei Ip profile check Sei Ip profile connection e sei Ip profile error e setip profile limit e sei Ip profile senderreputation RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 182 06 30004 0420 200808 14 set ip profile mms reputation ip profile mms reputation The MMS Reputation menu enables you to configure MSISDN blacklisting and whitelisting When used on a mobile phone network the FortiMail unit can examine text messages for spam If a user sends multiple soam messages all messages from the user will be blocked for a time The number of spam messages and the le
198. mmand to rename an SMTP authentication profile Syntax set auth smtp lt name_str gt rename to lt new_str gt Keywords and Variables Description Default lt name_str gt This is the name of the SMTP authentication profile lt new_str gt Enter the new name of the SMTP authentication profile History FortiMail v3 0 New Related topics e set auth smtp server RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 D amp auth smtp server auth smtp server Use this command to create or modify the server properties of an SMTP authentication profile Syntax set auth smtp lt name_str gt server lt host_str gt lt server_ipv4 gt port lt port_number gt option ssl secure tls domain set Keywords and Variables Description Default lt name_str gt This is the name of the SMTP authentication profile lt host_str gt Enter either the SMTP server host name or IP address lt server_ipv4 gt port lt port_int gt Enter the SMTP server port number 25 option ssl secure These optional settings further define the connection to the SMTP tls domain server e ssl enables Secure Sockets Layer SSL on the SMTP server to secure message transmission e secure enables Secure Authentication on the SMTP server to secure email users passwords e tls enables Transport Layer Security TLS on the SMTP server to e
199. n Default lt name_str gt Enter the name of the antispam profile to modify rewrite rcpt enable disable Enable to allow the FortiMail unit to replace the recipient email address if the message is detected as spam disable set_part local domain Select the portion of the email address to configure The changes to the local part before the and the domain part after the are configured separately Note that both parts can be configured separately if changes to both parts are required prefix For each part select suffix None The FortiMail unit will not change the specified part of the email address Prefix The text you specify with the value keyword will be added to the beginning of the specified part of the email message Suffix The text you specify with the value keyword will be added to the end of the specified part of the email message Replace The text you specify with the value keyword will replace the specified part of the email message none replace Enter the text string to be added or used to replace the specified part of the email address If no message replacement is specified the value keyword is not necessary value lt rewrite_str gt History FortiMail v3 0 MR4 New RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 123 as profile modify scanoptions set
200. n antispam profile Syntax set as profile lt name_str gt modify bannedwordlist lt word_str gt add set as profile lt name_str gt modify bannedwordlist lt word_str gt delete set as profile lt name_str gt modify bannedwordlist lt word_str gt move to lt position_int gt set as profile lt name_str gt modify bannedwordlist lt word_str gt rename to lt new_str gt Keywords and variables Description lt name_str gt Enter the name of the antispam profile to modify lt word_str gt The word entry you want to modify in the profile s banned word list add Add the new banned word delete Delete the banned word move to Change the position of the word in the banned word list Each word is numbered the lt position_int gt first is 1 the second 2 and so on lt position_int gt is the word s new position rename to lt new_str gt Change the word entry History FortiMail v3 0 New Related topics e set as profile modify bannedword RTIMNET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 110 06 30004 0420 200808 14 set as profile modify bayesian as profile modify bayesian Use these commands to configure Bayesian spam filtering for an antispam profile Syntax set as profile lt name_str gt modify bayesian autotrain enable disable set as profile lt name_str gt modify bayesian scanner enable disable set as profile lt
201. n be routed to internal mail servers using LDAP routing Syntax set mailserver smtp ldap domain check lt enable disable gt ldap profile lt profile str gt auto associate lt enable disable gt internal domain lt domain str gt Keywords and Variables Description Default ldap domain check When enabled the FortiMail unit will use LDAP verification to disable lt enable disable gt check the validity of domains not configured on the FortiMail unit Email messages to domains passing this check can be routed to internal mail servers using LDAP routing ldap profile Enter the LDAP profile to use for domain verification lt profile str gt auto associate When enabled domains passing LDAP verification will be disable lt enable disable gt automatically created as domain associations internal domain Enter the domain the automatically created domain associations lt domain str gt will be a part of History FortiMail v3 0 MR4 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 X set mailserver smtp queue mailserver smtp queue Use this command to configure the time outs and retries for undelivered mail in queues ue Note The units of time are not the same for all keywords in this command Syntax set mailserver smtp interval gt timeout queue dsn_timeout lt dsn_timeout gt retry lt retry lt timeout gt warnin
202. name_str gt modify bayesian userdb enable disable set as profile lt name_str gt modify bayesian usertrain enable disable Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify autotrain Enable or disable the use of FortiGuard Antispam and SURBL filtering enable enable disable results to train a user Bayesian database that does not have 200 non spam email entries and 100 spam entries and is therefore not ready to classify email scanner Enable or disable Bayesian filtering for the specified profile disable enable disable userdb Enable or disable the use of user Bayesian databases disable enable disable usertrain Enable or disable the acceptance of training messages from users enable enable disable History FortiMail v3 0 New Related topics set as control bayesian RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 111 as profile modify deepheader set as profile modify deepheader Use this command to enable or disable deep header scanning or for the specified profile The two separate checks that make up the deep header scan can also be individually enabled or disabled Syntax set as profile lt name_str gt modify deepheader scanner enable disable set as profile lt name_str gt modify deepheader checkip enable disable set
203. nclude the server IP address when entering a number For example set log setting syslog number 2 server 172 20 16 155 csv enable disable Enable or disable formatting for CSV format disable loglevel Sets the log severity level for the logging device Use the Emergency lt severity_integer gt to list the following log levels 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notification 6 Information Logs will include items of the level you set and higher Set level to 6 if you want to include all log severity levels facility alert audit Sets the facility identifier used for all log entries sent to kern auth authpriv the syslog server by the FortiMail unit Facility can help sek cron daenmoi identify the source of log entries on the syslog server ftp kern lpr mail news netp locallO local 1 local2 local3 local4 local5 L local6 local7 T History C FortiMail v2 8 New FortiMail 3 0MR1 Added number keyword FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 221 log setting syslog set Related topics set log setting localset e set log policy destination event set log policy destination spam set log policy destination virus setlog policy destination history RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 222 06 30004 0420 200808 14 set log view fields log view fields
204. nd execute the command varies exempt add delete lt address gt Use this command to add or delete addresses from the greylist exemption list e lt address gt can be an email address IP address a subnet or a domain greylistperiod lt period_int gt Use this command to set the length of time the FortiMail unit will continue to reject messages with an unknown to from IP After this time expires any resend attempts will have the to from IP data added to the greylist and subsequent messages will be delivered immediately lt period_int gt is the greylisting period in minutes Acceptable values range from 1 to 120 minutes 20 initial_expiry_period lt exp_int gt Use this command to set the length of time after the initial message that the FortiMail unit will keep record of a message with an unknown to from IP H the mail server resends a message before the initial expiry period expires it will be accepted If the message is received after the initial expiry period the FortiMail treats the delivery as new and rejects the message with a temporary fail Note that both the greylist period and the initial expiry period are calculated from the time the first message is received anda temporary fail is returned Consequently a 20 minute greylist period and a 4 hour initial expiry period will result on a 3 hours and 40 minutes window for delivery of the message to fulfill the greylist requirements and be acc
205. nd to configure HA daemon settings Other HA daemon configuration commands include set system ha data on page 318 set system ha datadir on page 319 set system ha monitor on page 322 and set on page 324 In most cases you do not have to change the default settings However if you are making a lot of configuration changes you may want to reduce the time between synchronizations so that changes are not lost if a failover occurs The default lt t imeout_integer gt is 60 minutes During normal operation synchronizing the configuration once every 60 minutes is usually sufficient You can also synchronize the configuration manually See set system ha restart restore resync on page 327 For more information about how FortiMail HA synchronizes the configuration and about what is synchronized and what is not synchronized see the FortiMail Administration Guide Syntax set system ha config lt port_integer gt lt timeout_integer gt Keywords Variables Description Default The TCP port used for synchronizing the configuration of the primary unit to 20001 the backup unit lt port_integer gt lt timeout_integer gt How often HA synchronizes the configuration The minimum 60 lt timeout_integer gt is every 15 minutes The maximum configuration synchronization time is 999 minutes If lt timeout_integer gt is set to 0 the configuration is not synchronized Example Enter the
206. nfiguration file on the TFTP server lt server_ipv4 gt is the IP address of the TFTP server History FortiMail v3 0 New Related topics e execute backup config RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 41 shutdown execute shutdown Use this command to prepare the FortiMail unit to be powered down This command clears all buffers and writes all cached data to disk Power off the FortiMail unit only after issuing this command to prevent possible data loss Syntax execute shutdown History FortiMail v3 0 New Related topics e execute reboot RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 42 06 30004 0420 20080814 execute smiptest smiptest Use this command to test connectivity to an SMTP server Syntax execute smtptest lt ipv4_addr port gt domain lt domain_str gt lt ipv4 addr gt is the IP address of the SMTP server port is the optional port number to connect to the SMTP server lt domain_str gt is the name of the domain on the SMTP server to connect to Example This example tests the connection to an SMTP server at 192 168 100 2 on port 25 to the example com domain execute smtptest 192 168 100 2 25 domain example com History FortiMail v3 0 MR3 New Related topics execute reboot RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004
207. nfiguring auto release settings 108 configuring Bayesian filtering 111 configuring dictionary scanning 113 configuring email tagging 127 configuring FortiGuard Antispam functions 117 configuring heuristic scanning 119 configuring image spam detection 120 configuring quarantine settings 122 configuring scanning options 124 configuring spam reports 131 deleting 106 enabling banned word filtering 109 enabling checking with SURBL servers 125 enabling deep header scan 112 enabling DNSBL lookup 114 enabling forged IP checking 116 enabling greylisting 118 enabling treating virus as spam 128 modifying banned word list 110 modifying DNSBL server list 115 modifying SURBL server list 126 Rewrite recipient email address 123 selecting actions 107 setting actions per detection method 121 whitelist word 129 283 whitelist word list 130 284 antivirus profile deleting 141 enabling heuristic scanning 143 enabling scanning 145 renaming 146 selecting action for heuristic detection 144 selecting actions 142 antivirus scanning enabling 97 authentication profile IMAP renaming 133 setting server properties 134 authentication profile POP3 renaming 135 setting server properties 136 authentication profile RADIUS renaming 137 setting server properties 138 authentication profile SMTP renaming 139 setting server properties 140 banned word list modifying 110 Bayesian filtering configuring for antispam profile 111 blacklist selecting action 98
208. ng enabling for antispam profile 116 FortiGuard Antispam configuring for antispam profile 117 FortiMail documentation commenting on 18 FortiManager configuring 312 Fortinet customer service 18 Fortinet Knowledge Center 17 G gateway mode setting 337 greylist configuring settings 103 enabling for antispam profile 118 H HA 320 backup unit monitors remote services 328 config only peers list 314 configuration synchronization 313 display HA status and configuration 88 failure mode 324 forcing configuration synchronization 327 forcing data synchronization 327 hard disk monitoring 320 Index heartbeat 322 heartbeat mail data TCP port 318 heartbeat synchronization TCP port 313 heartbeat synchronization timer 313 heartbeat TCP port 322 local service monitoring 320 mail data synchronization 318 mode of operation 321 network interface options 330 on failure 324 primary heartbeat interface 314 remote as heartbeat 326 resetting the configured HA operating mode 327 restarting HA processes on a stopped primary unit 327 secondary heartbeat interface 314 shared password 324 synchronizing MAT spool directories 319 synchronizing the system mail directory 319 synchronizing user home directories 319 HA heartbeat configuration 313 configuration options 322 configuration synchronization options 313 mail data 318 mail data synchronization options 318 mail data TCP port 318 synchronization TCP port 313 synchronization timer 313 TCP po
209. ngth of time further messages will be blocked are configurable MSISDN reputation Auto blacklist Window Size is enabled in the antispam settings Syntax set ip_profile test mms_reputation enable disable set ip_profile test mms_reputation autoblacklist duration 0 15 30 60 120 240 480 1440 set ip_profile test mms_reputation autoblacklist trigger lt trigger_int gt Keywords and Variables Description Default mms_reputation Enable MSISDN reputation checking for traffic examined by the session profile disable enable disable autoblacklist When blacklisted messages from a sender will be blocked for the configured 0 duration 0 15 number of minutes 30 60 120 240 480 1440 autoblacklist Automatically add the sender to the auto blacklist when the configured number 5 trigger of messages are detected as spam within the auto blacklist window time period lt trigger_int gt History FortiMail v3 0 MR4 New Related topics setas mms reputation RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 183 ip profile rename ip profile rename Use this command to rename an existing session profile Syntax set ip profile lt name str gt rename lt new str gt Keywords and Variables Description Default set lt name str gt rename lt new str gt Enter the name of the session p
210. nnnnneenn 289 policy modify fallback sreernnnnnnvvvnnnnnnnvvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnenn 290 policy modify ea 291 policy modify is subdomain s ernnnnnnnvvnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnennnnnnnneenr 292 policy modify ldap erin 293 policy modify mxflag TT 294 policy et Dt 295 policy modify Uert 2ceESEEEEEESS EC EENS EEN 296 policy modify verify addr rrnnnnsvvvnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnennn 297 policy modify rename tO s ennnnnnnvvvnnnnnnnvvnnnnnnnnvnnnnnnnnnnnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnenn 298 spam deepheader ssvennnnnnnvnnnnnnnnnvnnnnnnnnnvnennnnnnnenennnnnnnenennnnnnnnvennnnnnnnvennnnnnnner 299 spam retrieval POLICY rnrnannnvnnnnnnnnnvennnnnnnnvnnnnnnnnnnennnnnnnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnr 300 SYS dm 301 Systemiapbpearances 302 system autoupdate pushaddressoverride ee 303 system autoupdate pushupdate ee 304 System autoupdate schedule ee 305 System autoupdate tunneling s rrrurnnnnnnvnnnnnnnnvnnnnnnnnnnennnnnnnnnnnnnnnnnnennnnnnnnenn 306 System ddnms ensena 307 system disclaimer allowdomain ee 308 system disclaimer incoming r sssvennnnnnnnvnnnnnnnnnnennnnnnnnnennnnnnnnnnnnnnnnnnnennnnnnnenenn 309 system disclaimer outgoing rrrrnsnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnenr 310 System ANS rsrsrsrsrs 311 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 3
211. nnnnnnenr 129 as profile modify whitelistwordlist evrnnnnnnnnnnnnnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnr 130 as SpamrepOort rrsrsnannevnvevvvvennnnnnnnnnnnnnnennveveneevnnnnnnnnnnnnnnnnnennennevenvennnnnnnnnenneene 131 as TET EE ese eee eee 132 AUTH IMAP rename tO ssvnerennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnnnnnnnnnnnnnnnnen 133 a th imap Servet ssa ee 134 auth POPS rename tO ee 135 auth POPS Servet i naanakan eideann iea rainane dani eaan 136 auth radius rename tO s eennnnnnnvnnnnnnnnnnvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnenr 137 auth radius Server ne 138 auth smtp FEM AM d E 139 auth smtp SOM CM sionistisen EES EENS EES EESENE denn 140 ee 141 av modify aclOmS essens 142 Ek DT LE 143 av modify heuristic heuristic action rrnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnneenr 144 av modify scanner E 145 av rename to ER 146 console ee 147 content delete eins 148 content modify action seernnnnnnnvennnnnnnnvvnnnnnnnnvvvnnnnnnnvnnnnnnnnnnnnnnnnnnnnnennnnnnnnnennnr 149 content modify bypass on auth srnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnvnnnnnnnnnvnnnnnnnnnvennennn 150 content modify defersize rrnnvvvnnnnnnnvnennnnnnnvvnnnnnnnnvennnnnnnnvennnnnnnnvnennnnnnnveenennn 151 content modify filetype rrrnnnnvvvnnnnnnnnvvnnennnnnvvnennnnnnnnnnnnnnnnnnnnnnnnnnnnenennnnnnnnnenn 152 content modify monitor rnnnnnnvvvnnnnnnnnvvnnnnnnnnvvnnnnnnnnvnnnennnnnnnnnnnnnnnnnnnenn
212. nnnnnnnenn 153 content modify monitor action rrssrvvrnnnnnnvnvnnnnnnnnvnnnnnnnnnnnnnennnnnnnnenennnnnnenenn 154 156 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Contents Ip Bol EN eege eege 157 OV MAN ee ees eege ee at cay Ls ee he 157 SHOP 157 Related DO 157 ip policy ACUION ees EEN 158 SyntaXnses angsten atenerne A RORA 158 ISO 158 Related topics ee 158 IP pPoliey s eege eege EENS 159 D EN EEE ER EE E 159 FS 159 Related 5 159 ip policy Stee ee ee eds 160 SYMA EE 160 FISTO E 160 SE Ree 160 Ip POLICY EE 161 SE EE 161 PSN EE 161 Rel ted re 161 ip policy Content eege EENS 162 SY NAM EE 162 162 Related top OS EE 162 ip policy AelOte ss 163 SIE E 163 PEN 163 Related TOPICS ww 163 ip policy exclusive ee 164 SSE EE 164 EL 164 Related 00 0 OE eu 164 IP ROEMER 165 SNL D A E A A 165 PSN EE 165 Related tOpics se 165 ip policy match gateway and server modes pe 166 SE EEE E Ea a e aa EE rE 166 HISO EE 166 Related tOpiCs es 166 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 RTIMNET N Contents RTINET ip policy match transparent mOde rrrnnnnnnnvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnenn 167 SIE EE EE EE 167 SO 167 Ee eier 167 IP POMCY OVER 168 SIE 168 storm 168 Related TOPICS EEN 168 elle EC Uu UE 169 VUE 169 FISTO isanka 169 Related ee e 1
213. nnnnnnnnnnnnnnnnnnnnnnnnr 255 out content modify filetype srrrnnnnnnvvnnnnnnnvvvnnennnnvvvnnnnnnnnnnnnnnnnnnnennnnnnnneenn 256 out content modify monitor ACTION es 257 out content modify monitor rvrnnnnnnnvvvnnnnnnnvnvnnnnnnnvnnnnnnnnnnnenennnnnnnnennnnnnnneenr 258 out policy profile delete ee 260 Out policyimodify cece onnie niinniin denada oiana auaa aa 261 Out poliey MOV O r raaraa Traa aae aarep arae ar aaa anar raaa ee ananin 262 out policy rename tO rrennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnen 263 out profile profile delete rnnannnvnnrnnnnnnnnnnnnnnnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnener 264 out profile profile modify actiOnsS rnnrnnnnnnnnnnnnnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnenr 265 out profile profile modify bannedword rrrrransannnnvvnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnener 266 out profile profile modify bannedwordlist nnnnnnnnvnvennnnnnnnnnnnnnnnnnnnnnnnnnr 267 out profile profile modify bayesian rrrnnnnnvvnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnenr 268 out profile profile modify deepheader ee 269 out profile profile modify dictionary rrnnnnnvvnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnennnnnnnnnenr 270 out profile profile modify dnsbl nananvernnnnnnnnnnnnnnnnnnnnnvnnnennnnnnnnnnnnnnnnnnnnnnr 271 out profile profile modify dnsbiserver rrrrrrrnrnnnnnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnvnnr 272 out profile profile modify fortishiel
214. nnnnnnvenr 225 mailserver archive aCCOUN nsssvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennn 227 mailserver archive exemptlist rrrrnnnnnvnvnnnnnnnvvnennnnnvvnnnnnnnnnnnnennnnnnnnnnnnnnnnnenr 228 mailserver archive local quota ennnnnnnnvvnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnennnnnnnnenr 229 mailserver archive policy rrnnnnnnvnnnnnnnnnvnnnnnnnnnvnnennnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnenn 230 mailserver archive remote rrnnnnnnvvnnnnnnnnvnnnnnnnnnvnnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnenn 231 mailserver deadmail nrsasvvnnnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnennnnnnneenr 232 MailServer portnumber rerrnnnnnvvvnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennr 233 mailserver proxy smtp interface rrnnnnnnvnnnnnnnnvnvnnnnnnnvvnnnnnnnnnnnennnnnnnnnnnnnnnnnennn 234 mailserver proxy smtp UNKNOWN rwraxsnavvvnnnnnnnvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnennnnnnnnenn 235 mailserver relayServer s r rmnnnssvvnnnnnnnnvvvnnnnnnnvvnnnnnnnnnnnnnnnnnnnnnennnnnnnnennnnnnnnenn 236 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 RTIMET RTINET Q Contents mailserver smtp deferbigmsg vunnnnnnnnvnnnnnnnnvennnnnnnnvennnnnnnnvennnnnnnvennnnnnnnvennnnnn 237 mailserver smtp delivery rsssvvvnnnnnnnnvvennnnnnnvennnnnnnvnennnnnnnnvnnnnnnnnvennnnnnnneennnnnnn 238 mailserver smtp dSN
215. nnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnner 193 Idap profile profile group ssvvrnnnnnnvvnnnnnnnnvnnnnnnnnnvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnner 194 Idap profile profile Option srrrnnnnnnvnvnnnnnnnvnnnnnnnnnvnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnner 195 Idap_ profile profile pwd urnnnnnvvnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnennnnner 196 Idap_profile profile routing r rrrrrnnvvvnnnnnnnvnnnnnnnnnvnnnnnnnnvnnnnnnnnnnennnnnnnnnennnnnnner 197 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Contents Idap_profile profile SErVer srrrrrnnnnnnvvnnnnnnnvvennnnnnnvennnnnnnnvennnnnnnenennnnnnnnnenennn 198 Idap profile profile USET rxxxnnvnnnnnnnnnvvnnnnnnnnvnennnnnnnnvennnnnnnenennnnnnnenennnnnnnenennnnnn 199 limits domain level nssnvonnrnnnnnvennnnnnnnvenennnnnvvennnnnnnevennnnnnnenenennnnnvvnnnnnnnnenvnennn 201 limits system level general s rnnnnnnnvvvnnnnnnnvnnnnnnnnnvennnnnnnnvennnnnnnenennnnnnnenenennn 202 limits system level groupS rrrrssvannnnnnnvnnnnnnnnnvnnnnnnnnnvennnnnnnvnnnnnnnnneennnnnnnenenennnn 203 limits system level mail USerS xsssewnnnnnnnnvnnnnnnnnnnvnnnnnnnnnvnnnnnnnnnvnnnnnnnnnvenennnn 204 limits system level other profileS rrrrnnnnvvvnnnnnnnvennnnnnnnvennnnnnnvnennnnnnnveennnnn 205 limits system level policies srennnnnnnnvennnnnnnnvennnnnnnnvvennnnnnnvennnnnnnnvennnnnnnnvenennnn 206 siiedh
216. nsure privacy between communicating applications and their users on the Internet domain select if the SMTP server requires the domain for authentication History FortiMail v3 0 New Related topics e set auth smtp rename to RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 140 06 30004 0420 200808 14 set av delete Use this command to delete antivirus profiles Syntax where lt av_prof_name gt is the name of an antivirus profile set av lt av_prof_name gt delete History FortiMail v3 0 New Related topics set alertemail deferq set av modify heuristic set av modify heuristic heuristic action set av rename to FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 av delete av modify actions set av modify actions Use this command to select for a specified antivirus profile the action taken when the FortiMail unit detects an infected email message Specify reject to reject the email message and return an error Specify discard to simply discard the message after receipt Syntax set av lt av_prof_name gt modify actions discard reject lt av prof name gt is the name of the antivirus profile you are configuring If this is not the name of an existing profile a new profile is created History FortiMail v3 0 New Related topics set alertemail configuration mailto e set av modify heuristic e se
217. nt or accounts for the specified profile disable enable disable When disabled the user will not be able to log in to the webmail interface or send mail with a mail client Any mail sent to the user will be rejected with a user unknown message History FortiMail v3 0 New Related topics e set misc profile modify quota set misc profile modify webmailaccess RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 N 8 set misc profile modify webmailaccess misc profile modify webmailaccess Enables or disables Webmail access for the specified profile This command is available in server mode only Syntax set misc profile lt name_str gt modify webmailaccess enable disable Keywords and Variables Description Default lt name_str gt This is the name of the misc profile webmailaccess Enables or disable the ability of the user to log in to the webmail interface disable enable disable When disabled the user will be able to enter their email address and password but a Login Incorrect error will be displayed History FortiMail v3 0 New Related topics set misc profile modify quota set misc profile modify userstatus RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 251 misc profile rename to set misc profile rename to Use this command t
218. ntax get ip profile lt profile name gt If you do not specify a profile name the command provides a list of the IP profiles If you specify a profile name the command Example lists detailed information about that IP profile FortiMail 400 get ip profile session loose smtpin configuration for session loose connection rate limiting this box will per IP is disabled NOT be hidden from the server connection limiting per IP is disabled total connecti on limiting is disabled preventing connections to blacklisted SMTP is disabled idle timeout i s disabled EHLO chars is disabled session checking HELO HELO EHLO rewrite is disabled disallowing encrypted links is disabled allow pipelini ng NO strict synax checking is disabled splice is disabled ACK EOM before anti spam is disabled Send DSN to sender when spam detected is disabled for unauthorised 1 inks checking sender domain is disabled checking recipient domain is disabled reject empty domains is disabled open relay checking is disabled RCPT HELO MAIL domain check is disabled limits max number of recipients per email is 500 no helo ehlo per session no email per s max supported ession message size is 10485760 max supported no NOOP restri no RSET restri header size is 32768 ctions ctions errors no free errors there is
219. ntax set as profile lt name_str gt modify auto release enable disable webrelease enable disable autowhitelist enable disable Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify auto release Auto release enables the user to release or delete quarantined spam enable enable disable via email webrelease Webrelease enables the user to release or delete quarantined spam via disable enable disable HTTP with a click from the spam report autowhitelist Autowhitelist examines messages the user sends and automatically disable enable disable adds the destination email addresses to their personal white list History FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set as profile modify bannedword as profile modify bannedword Use this command to enable or disable banned word filtering for the specified profile Syntax set as profile lt name_str gt modify bannedword enable disable lt name_str gt is the name of the profile By default banned word scanning is disabled History FortiMail v3 0 New Related topics set as profile modify bannedwordlist RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 e as profile modify bannedwordlist set as profile modify bannedwordlist Use these commands to modify the banned word list for a
220. ntivirus on off attribute no default asavstate Enable or disable the LDAP antispam antivirus attribute configuration disable enable disable History FortiMail v3 0 New Related topics e set as profile modify actions e set av modify actions e unset Idap_profile RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 189 ldap profile clearallcache set dap profile clearallcache Use this command to clear all LDAP profile caches Syntax set ldap profile clearallcache History FortiMail v3 0 MR3 New Related topics sei dap profile profile clearcache set dap profile profile option e unset dap profile RTIMNET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Q set Idap_profile profile auth Use these commands to configure the way the way users are authenticated ldap profile profile auth Syntax set ldap_profile profile lt name_str gt auth authstate enable disable set ldap_profile profile lt name_str gt auth cnidname lt cnid_str gt set ldap_profile profile lt name_str gt auth cnidstatus enable disable set ldap_profile profile lt name_str gt auth searchstatus enable disable set ldap_profile profile lt name_str gt auth upnstatus enable disable set ldap_profile profile lt name_str gt auth upnsuffix lt upns_str gt Keyword
221. nutes set system autoupdat To schedule updates daily set system autoupdat To schedule updates weekly set system autoupdat lt hh mm gt disable every lt hh mm gt disable daily lt hh mm gt schedul fenabl schedul fenabl schedul fenabl disable weekly lt day int gt For an interval of every lt hh mm gt is the period between updates For example if lt hh mm gt was 3 45 every 3 hours and 45 minutes the FortiMail unit would check for updates For an interval of daily lt hh mm gt is the time of day to get updates For example if lt hh mm gt was 3 45 every day at 3 45am the FortiMail unit would check for updates 15 45 would be 3 34pm For an interval of weekly the seven days of the week is indicated by lt day int gt with 0 being Sunday and 6 being Saturday lt hh mm gt has the same meaning as for the daily interval For example weekly 2 15 45 would indicate to get updates once per week on Tuesdays at 15 45pm History FortiMail v3 0 New Related topics set system autoupdate pushaddressoverride Set system autoupdate pushupdate Sei system autoupdate tunneling FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 RTIMNET 8 ka system autoupdate tunneling set system autoupdate tunneling Use this command to configure web proxy tunneling Syntax set system autoupdate tunneling
222. o accept SSH or Telnet connections you must set administrative access to SSH or Telnet for the FortiMail interface to which your management computer connects To use the web based manager to configure FortiMail interfaces for SSH or Telnet access see Interface settings in the Configuring FortiMail system settings chapter of the FortiMail Administration Guide To use the CLI to configure SSH or Telnet access Connect and log into the CLI using the FortiMail console port and your terminal emulation software Use the following command to configure an interface to accept SSH connections set system interface lt interface_name gt config allowaccess ssh end Use the following command to configure an interface to accept Telnet connections set system interface lt interface_name gt config allowaccess telnet To confirm that you have configured SSH or Telnet access correctly enter the following command to view the access settings for the interface get system interface The CLI displays the settings including the management access settings for the configured interfaces Connecting to the FortiMail CLI using SSH 30 gt Secure Shell SSH provides strong secure authentication and secure communications to the FortiMail CLI from your internal network or the internet Once the FortiMail unit is configured to accept SSH connections you can run an SSH client on your management computer and use this client to conne
223. o rename a misc profile This command is available in server mode only Syntax set misc profile lt name_str gt rename to lt new_str gt Keywords and Variables Description Default lt name_str gt This is the name of the misc profile lt new_str gt Enter the new name of the misc profile History FortiMail v3 0 New Related topics e set misc profile delete RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N 8 set out_content delete out_content delete Use this command to delete a outgoing content profile Syntax set out_content lt name_str gt delete lt name_str gt is the name of the outgoing content profile History FortiMail v3 0 New Related topics set out_content modify filetype set out_content modify monitor RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N amp out_content modify action set out_content modify action Use this command to select the action to be taken with messages matching the specified outgoing content profile Syntax set out content lt name str gt modify action treat as spam reject discard replace quarantine forward forwardaddr lt addr str gt Keywords and Variables Description Default lt name str gt This is the name of the outgoing content profile action discard Select the action to be taken on m
224. of the LDAP profile addr lt route_str gt Set the LDAP routing mailrouting address attribute mailRoutingAddress host lt host_str gt Set the LDAP routing mailrouting host attribute mailHost routingstate Enable or disable the LDAP routing configuration disable enable disable History FortiMail v3 0 New Related topics set ldap_profile profile auth setldap_profile profile fallback server e set ldap_profile profile group e set Idap_profile profile option e set Idap_profile profile pwd set ldap_proflle profile server setldap_profile profile user unset Idap_profile RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 197 ldap profile profile server set dap profile profile server Use these commands to configure information about the LDAP server Syntax set ldap profile profile lt name str gt server lt host_str gt lt server ipv4 gt port port int gt secure none ssl Keywords and Variables Description Default lt name str gt Enter the name of the LDAP profile server lt host str gt Set LDAP server address by specifying a hostname or IP address No default lt server ipv4 gt port port int gt Enter the port used to communicate with the LDAP server 389 secure none ssl Select whether to use a secure SSL or non secure connection to the none LDAP server History
225. omatically update personal White list from sent emails disabled FortiMail 400 get as spamreport time of day 00 00 interval these hours Web Release Hostname is empty Web Release through HTTPS is enabled get FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 get History FortiMail v3 0 New FortiMail v3 0 MR3 Added trusted antispam mta and trusted mta commands FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 as RTINET ES a auth get auth Use this command to display authentication settings by protocol IMAP POP3 RADIUS SMTP This is available in transparent and gateway modes only Syntax get auth imap pop3 radius smtp History FortiMail v3 0 New RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 8 get av Use this command to display the settings of an antivirus profile Syntax get av lt profile_name gt Example FortiMail 400 get av avprofilel Antivirus profiles id 2 name avprofilel AV Scanner enabled AV actions Heuristic scanning disabled Heuristic actions History FortiMail v3 0 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 av RTIMNET LD N config get config Use this command to display the current FortiMail unit conf
226. onitor profile Syntax set out_content lt name_str gt modify monitor lt profile_int gt action none discard forward quarantine reject replace review treat_as_spam Keywords and Variables Description Default lt name_str gt This is the name of the outgoing content profile lt profile_int gt Enter the outgoing content monitor profile number action none Select the action to be taken with messages matching the specified none discard forward Outgoing content monitor profile reject replace none no action is taken though subject and or header tagging occurs if enabled discard deletes the message forward sends the message to the specified email address instead of the recipient reject causes the FortiMail unit to not accept delivery of the infected message An error is returned to the system attempting delivery replace strips the infected attachment and replaces it with a custom message review stops messages matching the monitor profile and places them into the system quarantine These messages are not included in the spam report sent to users Rather an administrator must release or delete these messages after reviewing them treat_as_spam handles the infected message according to the action set in the applicable antispam profile review treat_as_spam History FortiMail v3 0 New Related topics set out_con
227. ontent scanning Syntax set content lt name_str gt modify defersize lt size_int gt Keywords and Variables Description Default lt name_str gt This is the name of the content profile lt size_int gt Enter the size limit in KB Files larger than the set limit will be deferred A 0 value of 0 means no mail will be deferred History FortiMail v3 0 New Related topics set content modify bypass on auth set content modify filetype FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 151 content modify filetype set content modify filetype Use this command to block email attachments that match the specified file type Syntax set content lt name_str gt modify filetype lt filetype_str gt blocked not blocked Keywords and Variables Description Default lt name str gt This is the name of the content profile lt filetype str gt Select the file type Valid types are video audio image application executable application document application archive application other This option includes all file types not specified by the other listed types blocked Select blocked to trigger the content action against messages not blocked not blocked containing the specified type of file attachment Select not blocked to allow the specified type of file attachment History FortiMail v3 0 New R
228. ort interval thesedays 1 2 3 4 5 thesehours will specify what times of the day spam reports will be generated The lt hours_int gt variable specifies the hours separated by commas For example to define the hourly generation of spam reports during business hours the command line would be set as spamreport interval thesehours 9 10 11 12 13 14 15 16 17 The two example command lines given direct the FortiMail unit to generate a spam report every hour from 9 A M to 5 P M Monday to Friday webaccess_expiry_pe riod lt hours_int gt Specify the number of hours a user will be able to use the link in the spam report to access his spam quarantine without providing a username and password If the link is used after the configured number of hours the users will be informed that the link has expired and redirected to the quarantine login page Enter 0 to always require the user enter a username and password Valid values are 0 to 720 History FortiMail v3 0 New FortiMail v3 0 MR3 Added webaccess_expiry_period Removed t imeofday Removed daily and weekly options and added thesedays option to interval keyword Related topics e set as control autorelease e set as profile modify quarantine FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 131 as trusted set as trusted Use these commands to configure trusted MTA addresses If there are an
229. ortiMail unit An account reached its disk quota A dictionary is corrupt System quarantine reached its quota The deferred mail queue exceeds the number of messages specified in set alertemail deferq trigger No events Example To enable alert email for full hard disk and account quota reached set alertemail setting option diskfull quotafull History FortiMail v2 8 New Related topics set alertemail configuration mailto set alertemail deferq FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Use this command to enable or disable antivirus scanning This command is available in server mode set antivirus only Syntax set antivirus enable disable History FortiMail v3 0 New Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference set ip_policy as set policy modify user set out_policy modify set userpolicy modify get antivirus 06 30004 0420 200808 14 antivirus RTINET N as blacklistaction set as blacklistaction Use these commands to set the action to take when an email message arrives from a blacklisted email address domain or IP address This setting affects mail matching all three levels of black lists system session and user Syntax set as blacklistaction reject discard profile Keywords and Variables Description Default reject Reject the message an
230. p unit also called a peer to the known peers list or to change the IP address of a backup unit already added to the known peers list The primary unit requires these IP addresses to be able to communicate with the backup units For an active passive HA group use the set system ha peer command to configure the primary heartbeat peer IP address For an active passive HA group use the set system ha secondary interface command to configure the network interface to be used for the secondary heartbeat and to configure the secondary heartbeat local IP address and netmask You can specify an interface name disable the secondary heartbeat or set the secondary heartbeat to any if you don t want to use a specific interface as the backup heartbeat interface any means that any interface with its HA interface configuration set to ignore this interface using the set system ha takeover lt interface_str gt ignore command can be used as the secondary heartbeat interface For an active passive HA group use the set system ha secondary peer command to configure the secondary heartbeat peer IP address Syntax set system ha cpeer lt cpeer_integer gt lt cpeer_ipv4 gt set system ha interface lt primary interface_str gt lt primary local_ipv4 gt lt netmask_ipv4 gt set system ha peer lt primary peer_ipv4 gt set system ha secondary interface lt secondary interface_str gt any disabled lt secondary local_ipv4 gt lt netmask_ipv4 gt set s
231. pplies to server mode only Syntax set userpolicy lt name_str gt delete lt name_str gt is the name of the policy expressed with the domain For example user34 example com and example com are both valid policy names History FortiMail v3 0 New Related topics set userpolicy move to set userpolicy rename to RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 348 06 30004 0420 20080814 set userpolicy modify userpolicy modify Use this command to define the profiles used with the specified policy This command applies to server mode only Syntax set userpolicy lt name_str gt modify as lt as_str gt av lt av_str gt misc lt misc_str gt content lt content_str gt Keywords and Variables Description Default lt name_str gt This is the name of the policy expressed with the domain lt as_str gt Enter the name of the antispam profile to use with this policy antispam_def lt av_str gt Enter the name of the antivirus profile to use with this policy antivirus_def lt misc_str gt Enter the name of the misc profile to use with this policy misc_def lt content_str gt Enter the name of the content profile to use with this policy content_def History FortiMail v3 0 New Related topics set userpolicy delete set userpolicy move to set userpolicy rename to RTINET FortiMail Secure Messaging Platform Version 3 0 MR4
232. pt delivery of the infected message An error is returned to the system attempting delivery replace strips the infected attachment and replaces it with the a custom message treat as spam handles the infected message according to the action set in the applicable antispam profile forwardaddr Enter the email address to be used if the selected action is forward lt addr str gt When forward is selected as the action matching messages will be E forwarded to the specified email address History FortiMail v3 0 New Related topics set content modify filetype e set content modify monitor RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 149 content modify bypass_on_auth set content modify bypass_on_auth Use this command to allow messages to bypass the content filters if SMTP authorization is enabled and the delivering system successfully authenticates Syntax set content lt name_str gt modify bypass_on_auth enable disable lt name_str gt is the name of the content profile History FortiMail v3 0 New Related topics set content modify action set content modify filetype RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 a S set content modify defersize content modify defersize Use this command to set the minimum size of files that will be held for later c
233. quarantine If enabled the messages detected as spam must be released or deleted by an administrator These messages will not appear on the spam summary History FortiMail v3 0 New FortiMail v3 0 MR1 Related topics Keyword summary removed set out_profile profile modify individualaction scanner set out_profile profile modify scanoptions FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 265 out_profile profile modify bannedword set out_profile profile modify bannedword Use this command to enable or disable outgoing banned word filtering for the specified profile Syntax set out_profile profile lt name_str gt modify bannedword enable disable lt name_str gt is the name of the profile By default banned word scanning is disabled History FortiMail v3 0 New Related topics set out_profile profile modify bannedwordlist set out_profile profile modify actions set out_profile profile modify individualaction scanner RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 266 06 30004 0420 200808 14 set out_profile profile modify bannedwordlist out_profile profile modify bannedwordlist Use these command to modify the banned word list for an outgoing antispam profile Syntax set out_profile profile lt name_str gt modify bannedwordlist lt word_str gt add set out_profile profile lt name_str gt modify
234. rance set system option FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 console RTIMET 147 content delete set content delete Use this command to delete a content profile Syntax set content lt name_str gt delete lt name_str gt is the name of the content profile History FortiMail v3 0 New Related topics e set content modify filetype set content modify monitor RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 R amp set content modify action content modify action Use this command to select the action to be taken on messages matching the specified content profile Syntax set content lt name_str gt modify action treat_as_spam reject discard replace quarantine forward forwardaddr lt addr_str gt Keywords and Variables Description Default lt name_str gt This is the name of the content profile action discard Select the action to be taken on messages matching the active replace forward content profile quarantine reject discard deletes the message SR Se forward sends the message to the specified email address treat as spam instead of the recipient quarantine stores the infected message in the FortiMail unit s system quarantine This option is available for incoming email only e reject causes the FortiMail unit to not acce
235. rase that will precede the Username prompt when logging in to webmail webmail login hint lt hint_str gt Enter the text used to prompt the user to input their email address By default the prompt is Input your email address History FortiMail v3 0 New FortiMail v3 0 MR3 Added webmail lang and webmail login hint keywords Related topics set console RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 N set system autoupdate pushaddressoverride system autoupdate pushaddressoverride Use this command to change the IP address and port the FDN server sends updates on This IP address will be different from the management IP address the default address FDN connects to If the FDN can connect to the FortiMail unit only through a NAT device you must configure port forwarding on the NAT device and add the port forwarding information to the push update configuration Using port forwarding the FDN connects to the FortiMail unit using either port 9443 or an override push port that you specify Push updates are provided to the FortiMail unit from the FDN using HTTPS on UDP port 9443 To receive push updates the FDN must be able to route packets to the FortiMail unit using UDP port 9443 Any incoming traffic will arrive at the NAT device on lt port_int gt but must be resent to the FortiMail unit on port 9443 Note You cannot receive push up
236. rence 352 06 30004 0420 200808 14 unset unset This chapter describes the following commands alertemail configuration Idap_profile log reportconfig mailserver system user transparent and gateway user server RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 353 alertemail configuration unset alertemail configuration Use this command to remove the alertemail configuration Syntax unset alertemail configuration History FortiMail v3 0 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 354 06 30004 0420 20080814 unset ldap profile Idap profile Use this command to delete an LDAP profile Syntax unset ldap profile profile lt name str gt lt name str gt is the name of the LDAP profile to delete History FortiMail v3 0 New FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 355 log reportconfig unset log reportconfig Use this command to delete a log configuration Syntax unset log reportconfig lt name_str gt lt name_str gt is the name of the log configuration History FortiMail v3 0 New RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 356 06 30004 0420 200808 14 unset mailserver Use this command to remove parts of the email server configuration Syntax unset mailserver lt configur
237. rofile Enter the new name of the specified session profile History FortiMail v3 0 New Related topics e sei Ip profile delete RTINET 184 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set ip profile senderreputation ip profile senderreputation Use these commands to configure the sender reputation feature Syntax set ip profil set ip profil set ip profil set ip profil set ip profil set ip profil ooooo oO lt name_str gt senderreputation reject lt int gt lt name_str gt senderreputation status enable disable lt name_str gt senderreputation tempfail lt int gt lt name_str gt senderreputation throttle lt int gt lt name_str gt senderreputation throttle_number lt int gt lt name_str gt senderreputation throttle_percent lt int gt Keywords and Variables Description Default lt name_str gt Enter the name of the session profile reject lt int gt Enter the sender reputation reject threshold If a system s sender 80 reputation score exceeds this value connection attempts by the system will be refused with a reject error status Enable or disable sender reputation score calculation and actions for disable enable disable the specified session profile tempfail lt int gt Enter the sender reputation tempfail threshold If a system s sender 55 reputation score exceeds this value connection attempts by
238. rofile number tags header Enable or disable the labeling of matching messages by adding a disable enable disable tag to the header tags htag lt tag str gt Enter the text to be used as the tag when header tagging is enabled tags subject Enable or disable the labeling of matching messages by adding a disable enable disable tag to the subject tags stag lt tag str gt Enter the text to be used as the tag when subject tagging is enabled History FortiMail v3 0 New Related topics set content modify monitor action RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 153 content modify monitor action content modify monitor action Use this command to select the action to be taken with messages matching the specified content monitor profile Syntax set content lt name_str gt modify monitor lt profile_int gt action none discard forward quarantine reject replace review treat_as_spam set Keywords and Variables Description Default lt name_str gt This is the name of the content profile lt profile_int gt Enter the content monitor profile number action none Select the action to be taken with messages matching the specified none discard forward content monitor profile quarantine reject none no action is taken though subject and or header tagging will still occur if enabled discard deletes the messa
239. rofile profile lt name str gt modify surblserver lt host str gt move to lt new int gt set out profile profile lt name str gt modify surblserver lt host str gt rename to new str gt D Keywords and variables Description lt name str gt Enter the name of the antispam profile to modify lt host str gt Enter the host name SURBL server entry you want to modify add Add the new SURBL server delete Delete the SURBL server move to lt new_int gt Change the position of the SURBL server in the server list Each entry is numbered the first is 1 the second 2 and so on lt new int gt is the entry s new position rename to lt new str gt Change the SURBL server host name History FortiMail v3 0 New Related topics e set out profile profile modify surbl e set out profile profile modify actions e set out_profile profile modify individualaction scanner RTIMNET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 X 8 set out_profile profile modify tags out_profile profile modify tags Use these commands to configure header and subject tagging for an outgoing antispam profile Syntax set out_profile profile lt name_str gt modify tags header enable disable set out_profile profile lt name_str gt modify tags htag lt tag_str gt set out_profile profile lt name_str gt modify tags stag lt
240. rqueue RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 S execute nslookup nslookup Use this command to perform a name server lookup on the specified host or MX record Syntax execute nslookup host mx lt name_server gt lt name_server gt canbe an IP address or a fully qualified domain name History FortiMail v3 0 New Related topics execute ping e execute traceroute RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q Qa partitionlogdisk execute partitionlogdisk Use this command to adjust the ratio of disk space allocated to the logs and mail By default 75 of the disk space is allocated to mail and 25 to logs Syntax execute partitionlogdisk lt log_int gt lt log_int gt is the percentage of the total disk space allocated to log files Specify any value between 10 and 90 The remainder is allocated to mail Ai Caution Executing this command formats the FortiMail disks This operation deletes all mail and log data History FortiMail v3 0 MR4 New Related topics e execute formatlogdisk execute formatmaildisk execute formatmaildisk_backup RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Co GH execute ping ping Use this command to ping the specified host name or host IP address Syntax execut
241. rt 322 HA interface add to bridge 331 add virtual IP netmask 331 ignore this interface 331 mgmt 330 set interface IP netmask 331 heartbeat HA 322 heuristic scanning configuring for antispam profile 119 enabling for antivirus profile 143 selecting action on detection 144 home directories user 319 hostname setting 333 ignore this interface HA interface option 331 image based spam enabling detection for antispam profile 120 interface primary heartbeat 314 secondary heartbeat 314 setting admin access 334 setting MTU 334 setting static IP address 336 interface IP netmask HA interface option 331 interface monitoring 320 IP policy FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Index creating 157 deleting 163 disabling recipient based policy checking 164 enabling SMTP authentication 169 moving in policy list 168 selecting antispam profile 159 selecting antivirus profile 161 162 selecting authentication profile 160 selecting default action 158 selecting session profile 165 setting authentication type 160 setting client IP address 166 167 setting server IP address 167 using IP based policy only 164 L language setting 338 LCD panel setting PIN 338 LDAP profile clear all LDAP caches 190 clear LDAP cache 192 configuring mail routing options 197 configuring server settings 198 configuring user authentication 191 enabling LDAP cache 195 enabling LDAP for user parame
242. rtiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N set mailserver archive remote mailserver archive remote Use this command to specify the settings used when the FortiMail unit will store its email archive on a remote host Syntax set mailserver archive remote directory lt directory_str gt ip lt host_ipv4 gt localquota lt quota_int gt password lt pwd_str gt protocol FTP SFTP remotequota lt quota_int gt username lt usr_str gt remotequota lt quota_int gt quota amount is specified in gigabytes Enter 0 to specify no limit Keywords and Variables Description Default directory lt dir_str gt Enter the directory on the remote host to be used for archiving email ip lt host_ipv4 gt Enter the IP of the remote host to be used for archiving email localquota lt quota_int gt Enter the FortiMail unit cache quota Email archived on a remote host 1 is also cached by the FortiMail unit The local quota amount is specified in gigabytes The available range depends on the amount of free disk space password lt pwd_str gt Enter the password for logging in to the remote host protocol FTP SFTP Choose the communication protocol the FortiMail unit will use when SFTP sending data to the remote host Enter the disk quota for the remote host to archive email The remote 0 username lt usr_str gt Enter the user name for logging in to t
243. rtiMail CLI and you can enter CLI commands CLI command branches The FortiGate command line interface consists of four command branches Use execute to run static commands on the FortiMail unit Examples include resetting the device formatting the hard drive and pinging other devices from the FortiMail unit s network interfaces For a complete execute command list see execute on page 25 e Use get to display system status information The get command can be used to display the current value of items configured with the set command For a complete get command list see get on page 49 Use set to configure the FortiMail unit All of the configuration allowed in the GUI can also be accomplished using the set command Some extra options not available in the GUI are also available with the set command For a complete set command list see set on page 93 Use unset to return settings to their default values For a complete unset command list see unset on page 353 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 execute execute Use execute commands to perform maintenance operations on your FortiMail unit or to perform network test operations such as ping or traceroute This chapter describes the following execute commands backup config checklogdisk checkmaildisk clearqueue factoryreset formatlogdisk formatmaildisk formatmaildisk_backup m
244. s Syntax set system ha takeover lt interface_str gt add bridge ignore set lt takeover_ipv4 gt lt netmask_ipv4 gt set FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set system ha takeover Keywords Variables Description Default lt interface_str gt The name of the network interface to configure For example port1 port2 port3 mgmt and so on depending on your FortiMail unit add bridge Control how the status of the interface is changed by active passive HA ignore ignore set Enter add to assign a virtual IP address to a network interface add corresponds to the web based manager add virtual IP netmask option When operating in HA mode this option adds the specified IP address to the selected interface of the primary unit Email processing FortiMail users and FortiMail administrators can all connect to this virtual IP address to connect to the primary unit If a failover occurs the virtual IP address is transferred to the new primary unit Email processing FortiMail users and FortiMail administrators can now connect to the same IP address to connect to the new primary unit In most cases you would select add virtual IP netmask for all FortiMail network interfaces that will be processing email when the FortiMail cluster is operating in gateway or server mode Enter bridge for a FortiMail HA group operating in transparent mode for all network inter
245. s and Variables Description Default lt name_str gt Enter the name of the LDAP profile authstate enable disable Enable or disable the user authentication options disable cnidname lt cnid_str gt Set the common name identifier uid cnidstatus enable disable Enable or disable the common name identifier enable searchstatus enable disable Enable or disable the search disable upnstatus enable disable Enable or disable the UPN disable upnsuffix lt upns_str gt Set an alternate UPN suffix no default History FortiMail v3 0 New Related topics set Idap_profile profile group set Idap_profile profile option set Idap_profile profile pwd set Idap_profile profile routing set Idap_profile profile server set Idap_profile profile user unset Idap profile FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 191 ldap profile profile clearcache set Idap_profile profile clearcache Use this command to clear the cache of the specified LDAP profile Syntax set ldap_profile profile lt name_str gt clearcache History FortiMail v3 0 MR3 New Related topics set dap profile clearallcache set dap profile profile auth e setldap_profile profile group e setldap_profile profile option e setldap_profile profile pwd e set ldap_profile profile routing set dap profile profile server e set dap profile profile user unset Idap profile
246. s profile modify forgedip rrrrnannvvennnnnnnnvennnnnnnnvennnnnnnnnennnnnnnennnnnnnnnnnennnnnnnennr 116 as profile modify fortishield rrrrnsrrrnnnnnnnvennnnnnnnvennnnnnnnnnnnnnnnnnennnnnnnnnennnnnnnenn 117 as profile modify QreyliSt ssrrrnnnnnnvnnnnnnnnnvnnnnnnnnnvennnnnnnnnnnnnnnnnnennnnnnnnnennnnnnnenn 118 as profile modify heuristiC rrrrrnnnnvennnnnnnnvnnnnnnnnnvennnnnnnnnnnnnnnnnnnnnnnnnnenennnnnnnenr 119 as profile modify imagespam rrnnnnnvnnnnnnnnnvnnnnnnnnnnennnnnnnnnennnnnnnnnnnnnnnnnnennnnnnnnenr 120 as profile modify individualaction SCanner mrrrnnnnnnnnnvnnvnnrennnnnnnnnnnnnnnnnnnnnnr 121 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 RTIMNET Qa RTINET Contents as profile modify quarantine s ernnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnennnnnnnnnnennnnnnnneenr 122 as profile modify rewrite rCpt rrnnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnenn 123 as profile modify ScanoptiOnS wrwrnrnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 124 as profile modify SUrbl rrrrnnnnnvvnnnnnnnnnvnnnnnnnnvnnnnnnnnnnnnnennnnnnnnnnnnnnnnnennnnnnnneenr 125 as profile modify SUrbIServer r rrrnnnnnvvrnnnnnnvvvnnnnnnnvnnnennnnnnnnnnnnnnnnnennnnnnnneenn 126 as profile modify tags TEE 127 as profile modify ATI 128 as profile modify whitelistwWord sss srevrnnnnnnnnnnnnnnnnnnnnnvnnnnnnnnnnnnnnnnnn
247. sable enable disable for the specified profile History FortiMail v3 0 New FortiMail v3 0 MR1 checkip and headeranalysis added Related topics e set as profile modify actions set as profile modify deepheader e set as profile modify individualaction scanner set out_profile profile modify deepheader get spam deepheader RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 269 out_profile profile modify dictionary set out_profile profile modify dictionary Use these commands to configure dictionary scans for the specified outgoing antispam profile Syntax set out_profile profile lt name_str gt modify dictionary dict_profile lt dict_int gt set out_profile profile lt name_str gt modify dictionary scanner enable disable Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify dict_profile Select the dictionary profile to be used for dictionary scans lt dict_int gt e lt dict_int gt is the dictionary profile number scanner Enable or disable dictionary scanning for the specified profile disable enable disable History FortiMail v3 0 New Related topics set out_profile profile modify actions set out_profile profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI R
248. sables the other Syntax To disable both discard and reject set av lt av_prof_name gt modify heuristic heuristic_action discard disable set av lt av_prof_name gt modify heuristic heuristic_action reject disable To enable discard set av lt av_prof_name gt modify heuristic heuristic_action discard enable To enable reject set av lt av_prof_name gt modify heuristic heuristic_action reject enable lt av prof name gt is the name of the antivirus profile you are configuring If this is not the name of an existing profile a new profile is created History FortiMail v3 0 New Related topics set alertemail configuration mailto e set alertemail deferq e set av modify heuristic set alertemail setting option set av rename to FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set av modify scanner Use this command to enable or disable antivirus scanning for the specified profile Syntax set av lt av_prof_name gt modify scanner enable av modify scanner lt av prof name gt is the name of the antivirus profile you are configuring If this is not the name of an existing profile a new profile is created History FortiMail v3 0 New Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference set alertemail configuration mailto set alertemail deferq set av modify heuristic set av
249. se the failure detection time if email is delayed or lost because of an HA failover If the failure detection time is too short the backup unit may detect a failure when none has occurred For example if the primary unit is very busy processing email it may not respond to HA heartbeat packets in time In this situation the backup unit may assume that the primary unit has failed when the primary unit is actually just busy Increase the failure detection time to prevent the backup unit from detecting a failure when none has occurred Syntax set system ha monitor lt heartbeat_port_integer gt lt heartbeat_time_integer gt lt retries integer gt Keywords Variables Description Default lt heartbeat_port_integer gt The TCP port used for HA heartbeat communications 20000 lt heartbeat_time_integer gt The time between which the FortiMail units in the HA group 5 send HA heartbeat packets The default test interval between HA heartbeat packets is 5 seconds The test interval range is 2 to 60 seconds Heartbeat packets are sent at regular intervals so that each FortiMail unit in an active passive HA group can confirm that the other unit n the group is functioning If the primary unit detects that the backup unit has failed the primary unit continues to operate normally If the backup unit detects that the primary unit has failed the HA effective operating mode of the backup unit changes to master and the back up unit becomes t
250. seconds the communication session is delayed when 4 the first non free error occurs increment lt int gt Enter the number of seconds added to the delay for each additional 4 non free error total lt int gt Enter the total number of errors both free and non free allowed before the 5 session is terminated History FortiMail v3 0 New Related topics set ip profile check e set ip profile connection set ip_profile limit set ip_profile list e set ip profile senderreputation RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 179 ip profile headermanipulation ip profile headermanipulation Use these commands to have the FortiMail unit remove headers you specify from email messages Syntax set ip profile lt name str gt disable set ip profile lt name str gt disable set ip profile lt name str gt set ip profile lt name str gt set headermanipulation remove received enabl headermanipulation remove header enabl headermanipulation headerlist add lt key str gt headermanipulation headerlist delete lt key str gt fenable disable Keywords and Variables Description Default lt name str gt Enter the name of the session profile remove received Enable to remove the received headers from email messages If the disable fenable messages move through any email servers a
251. server archive local quota mailserver archive local quota Use this command to specify the archive quota if the archive is stored on the FortiMail unit Syntax set mailserver archive local quota lt quota_int gt Keywords and Variables Description Default quota lt quota_int gt Enter the local disk quota for archived email The quota is specified in gigabytes The acceptable range of values depends on the amount of free disk space 1 History FortiMail v3 0 New Related topics set mailserver archive account set mailserver archive exemptlist set mailserver archive policy set mailserver archive remote FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTIMET mailserver archive policy set mailserver archive policy Use this command to configure archive policies Syntax set mailserver archive policy move lt position_int gt to lt new_int gt set mailserver archive policy policyid lt policyid_int gt content lt content_str gt set mailserver archive policy policyid lt policyid_int gt status enable disable set mailserver archive policy policyid lt policyid_int gt type sender recipient subject body attachment name Keywords and Variables Description Default lt id_int gt Enter the ID number of the archive policy move lt position_int gt Changes the position o
252. sole you require A computer with an available com port Anullmodem cable to connect the FortiMail console port e Terminal emulation software such as HyperTerminal for Windows Note The following procedure describes how to connect to the FortiMail CLI using Windows HyperTerminal software You can use any terminal emulation program To connect to the FortiMail unit console Connect the FortiMail console port to the available communications port on your computer Make sure the FortiMail unit is powered on Start HyperTerminal enter a name for the connection and select OK Configure HyperTerminal to connect directly to the communications port on the computer to which you have connected the FortiMail console port Select OK Select the following port settings and select OK Bits per second 9600 Data bits 8 Parity None FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Using the CLI 10 Connecting to the CLI Stop bits 1 Flow control None Press Enter to connect to the FortiMail CLI A prompt appears FortiMail 400 login Type a valid administrator name and press Enter Type the password for this administrator and press Enter The following prompt appears Welcome You have connected to the FortiLog CLI and you can enter CLI commands Setting administrative access for SSH or Telnet To configure the FortiMail unit t
253. stic scanning for the specified 20 000000 lt lower_int gt profile scanner Enable or disable heuristic scanning for the specified profile disable enable disable upper level Enter the upper level threshold for heuristic scanning for the specified 10 000000 lt upper_int gt profile History FortiMail v3 0 New Related topics set out_profile profile modify actions set out_profile profile modify individualaction scanner RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 275 out_profile profile modify imagespam RTINET N kt Related topics e set out profile profile e set out profile profile modify actions modify individualaction scanner set out profile profile modify imagespam Use these commands to configure an outgoing antispam profile to identify spam messages in which the text is stored as an embedded graphics file Syntax set out profile profile lt name str gt modify imagespam aggressive enable disable set out profile profile lt name str gt modify imagespam scanner enable disable Keywords and variables Description Default lt name str gt Enter the name of the antispam profile to modify aggressive Enable or disable more intensive examination of email messages disable enable disable containing images This option will also force the examination of image file attachments in addition to em
254. surbl Use this command to enable or disable the checking of mail against defined SURBL servers for an antispam profile Syntax set as profile lt name_str gt modify surbl enable disable lt name_str gt is the name of the profile By default SURBL scanning is disabled History FortiMail v3 0 New Related topics set as profile modify surblserver RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N a as profile modify surblserver set as profile modify surblserver Use these commands to configure the SURBL server list of an antispam profile Syntax set as profile lt name_str gt modify surblserver lt host_str gt add set as profile lt name_str gt modify surblserver lt host_str gt delete set as profile lt name_str gt modify surblserver lt host_str gt move to lt new_int gt set as profile lt name_str gt modify surblserver lt host_str gt rename to lt new_str gt Keywords and variables Description lt name_str gt Enter the name of the antispam profile to modify lt host_str gt The SURBL server entry you want to modify in the profile add Add the new SURBL server delete Delete the SURBL server move to lt new_int gt Change the position of the SURBL server in the server list Each entry is numbered the first is 1 the second 2 and so on lt new_int gt is the entry s new position rename to l
255. system ha mode FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set system ha restart restore resync system ha restart restore resync Use these commands to execute commands on a FortiMail unit that control how the HA system operates Using these commands you can Restart the HA processes on the FortiMail unit e Restore the HA group to operate in the HA configured operating mode Force the HA group to resynchronize configuration and mail data Syntax set system ha restart restore resync Keywords Variables Description Default restart Restart all HA processes on the FortiMail unit from which you enter the command You may need to restart the HA processes on a primary unit if HA local services monitoring or remote services monitoring has shut down the HA processes on the primary unit Before restarting the HA processes you should find and correct the problem that caused the primary unit to be stopped restore If the HA configured operation mode and HA effective operating mode of a FortiMail unit in a HA group do not match you can use this command to reset both units in the HA group to their HA configured operating modes You can enter this command from the primary unit or the backup unit Entering the command is only necessary if the normal operation of the HA group has been effected by a failure of some kind and you want to restore the HA group or on
256. system level mail users set limits system level other profiles set limits system level policies get limits FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 201 limits system level general set limits system level general Use this command to fine tune the general system maximum values on your FortiMail unit The syntax requires the three values be entered every time the command is executed Even if you only want to change one value all three must be entered Entering 0 for any value resets it to the default The new values will take effect when the FortiMail unit is restarted Syntax set limits system level general lt admin_int gt lt domain_int gt lt profiles_int gt Keywords and Variables Description Default lt admin_int gt Enter the maximum number of system level admin users that can be created lt domain_int gt Enter the maximum number of domains that can be created lt profiles_int gt Enter the maximum number of profiles that can be created History FortiMail v3 0 MR3 New Related topics set limits domain level set limits system level groups e set limits system level mail users e set limits system level other profiles Set limits system level policies e get limits RTIMNET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 N 8 set limits system level
257. t indicates an IPv6 netmask lt xxx_ipv6mask gt indicates an IPv6 address followed by an IPv6 netmask Vertical bar and braces separate alternative mutually exclusive required keywords For example set system opmode gateway server transparent You can enter set system opmode gateway Or set system opmode server Or set system opmode transparent RTINET For example F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Connecting to the CLI RTINET Using the CLI set policy lt fqdn gt modify fallbackhost lt host_ipv4 gt fallbackport lt port gt The fallback host address is required and a fallback port is optional A space to separate options that can be entered in any combination and must be separated by spaces For example set allowaccess ping https ssh snmp http telnet You can enter any of the following set allowaccess ping set allowaccess ping https ssh set allowaccess https ping ssh set allowaccess snmp In most cases to make changes to lists that contain options separated by spaces you need to retype the whole list including all the options you want to apply and excluding all the options you want to remove Connecting to the CLI You can use a direct console connection SSH or Telnet to connect to the FortiMail unit CLI Connecting to the FortiMail unit console To connect to the FortiMail con
258. t av modify heuristic heuristic action set alertemail setting option e set av rename to RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 142 06 30004 0420 20080814 set av modify heuristic Use this command to enable or disable heuristic scanning for the specified antivirus profile Syntax set av lt av_prof_name gt modify heuristic enable av modify heuristic lt av prof name gt is the name of the antivirus profile you are configuring If this is not the name of an existing profile a new profile is created History FortiMail v3 0 New Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference set alertemail configuration mailto set alertemail deferq set av modify heuristic heuristic_action set alertemail setting option set av rename to 06 30004 0420 200808 14 RTINET KEN Q av modify heuristic heuristic_action set RTINET 144 av modify heuristic heuristic_action Use this command to specify how this antivirus profile handles email messages that contain an infected attachment as detected through heuristics The options are e Disable both discard and reject FortiMail replaces the infected attachment Enable discard FortiMail discards the message after receipt Enable reject FortiMail rejects the email message and returns an error to the sending server You cannot enable both discard and reject Enabling one di
259. t gt action scan reject tempfail Keywords and Variables Description Default lt policy int gt This is IP policy number scan Select scan to allow the connection and apply the antispam antivirus auth scan content and session IP profiles associated with the IP policy reject Select reject to have the FortiMail unit reject connection attempts matching this policy tempfail Select tempfail to have the FortiMail unit reject connection attempts and report a temporary failure History FortiMail v3 0 New Related topics RTINET 158 set ip_policy as set ip policy auth set ip_policy av set ip_policy content set ip_policy ip FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set ip policy as ip policy as Use this command to set the antispam profile to be applied to traffic controlled by the specified IP policy Syntax set ip policy lt policy int gt as lt name str gt Keywords and Variables Description lt policy_int gt Enter the IP policy number lt name_str gt Enter the name of the antispam profile History FortiMail v3 0 New Related topics e set ip policy auth e set ip policy av e set ip policy content e set ip policy ip RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 159 RTINET ip policy auth set Use this command to set the authentication type and profile to
260. t new_str gt Change the SURBL server hostname History FortiMail v3 0 New Related topics e set as profile modify surbl RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 126 06 30004 0420 200808 14 set as profile modify tags Syntax set as profil set as profil set as profil set as profil ooo o Use these commands to configure header and subject tagging for an antispam profile lt name_str gt modify tags htag lt tag_str gt lt name_str gt modify tags header enabl disable lt name_str gt modify tags stag lt tag_str gt lt name_str gt modify tags subject enable disable as profile modify tags Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify htag lt tag_str gt Enter the text added to the email header No default header Enable or disable header tagging for the specified profile A header tag disable fenable disable must be set before header tagging can be enabled stag lt tag str gt Enter the text added to the email subject No default subject Enable or disable subject tagging for the specified profile disable fenable disable History FortiMail v3 0 New Related topics set as profile modify actions set as profile modify individualaction scanner FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 RTI
261. t out_content modify action set out_content modify filetype RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N a out_content modify filetype set out_content modify filetype Use this command to block email attachments that match the specified file type Syntax set out_content lt name_str gt modify filetype lt filetype_str gt blocked not blocked Keywords and Variables Description Default lt name str gt This is the name of the outgoing content profile lt filetype str gt Select the file type Valid types are video audio image application executable application document application archive application other This option includes all file types not specified by the other listed types blocked Select blocked to trigger the content action against messages not blocked not blocked containing the specified type of file attachment Select not blocked to allow the specified type of file attachment History FortiMail v3 0 New Related topics e set out content modify action set out content modify monitor RTIMNET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Ny S set out_content modify monitor action out_content modify monitor action Use this command to select the action to be taken with messages matching the specified outgoing content m
262. t sender reputation score If the sender domain DNS record does not publish DomainKeys information the check is skipped signing enable Sign outgoing messages with DKIM signatures Signed messages disable disable can be validated at their destination Signing requires that a domain key selector be generated by the FortiMail unit and added to the DNS zone file The domain key selector can be generated in the domain configuration Go to Mail Settings gt Domains gt Domains spf enable disable If the sender domain DNS record lists SPF authorized IP addresses disable the SPF check will compare the client IP address to the authorized senders An SPF failure increases the client sender reputation score An SPF validation decreases the client sender reputation score If the sender domain DNS record does not publish SPF information the check is skipped History FortiMail v3 0 New FortiMail v3 0 MR4 Added keyword bypassbounceverify FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set Related topics FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference set ip_profile check set ip_profile connection set ip_profile error set ip_profile limit set ip_profile list 06 30004 0420 200808 14 ip profile sendervalidation ip profile setting rate control set ip profile setting rate control The rate control option enables you to control the rate
263. t will not be scanned for spam Enter 0 to scan all messages regardless of size History FortiMail v3 0 New FortiMail v3 0 MR1 attachment_type pdf added Related topics set out_profile profile modify actions set out_profile profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N set out_profile profile modify surbl out_profile profile modify surbl Use this command to enable or disable the checking of mail against defined SURBL servers for an outgoing antispam profile Syntax set out_profile profile lt name_str gt modify surbl enable disable lt name_str gt is the name of the profile By default SURBL scanning is disabled History FortiMail v3 0 New Related topics set out_profile profile modify surblserver set out_profile profile modify actions set out_profile profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N out profile profile modify surblserver set out profile profile modify surbiserver Use these commands to configure the SURBL server list for an outgoing antispam profile Syntax set out profile profile lt name str gt modify surblserver lt host str gt add set out profile profile lt name str gt modify surblserver lt host str gt delete set out p
264. t5 10 0 0 3 255 255 255 0 Enter the following command from the third config only HA backup unit to set port 5 as the primary heartbeat interface and set the primary heartbeat local IP address and netmask to 10 0 0 4 255 255 255 0 set system ha interface port5 10 0 0 4 255 255 255 0 Example configuring primary heartbeat local and peer IP address for an active passive HA group This example describes how to configure primary heartbeat local and peer IP addresses for an active passive HA group consisting of one primary unit and one backup unit Enter the following commands from an active passive HA primary unit to set port5 as the primary heartbeat interface set the primary heartbeat local IP address and netmask to 10 0 0 1 255 255 255 0 and set the primary heartbeat peer IP address to 10 0 0 2 set system ha interface port5 10 0 0 1 255 255 255 0 set system ha peer 10 0 0 2 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set system ha cpeer interface peer secondary interface secondary peer Enter the following commands from an active passive HA backup unit to set port 5 as the primary heartbeat interface set the primary heartbeat local heartbeat interface IP address and netmask to 10 0 0 2 255 255 255 0 and set the primary heartbeat peer IP address to 10 0 0 1 set system ha interface port5 10 0 0 2 255 255 255 0 set system ha peer 10 0 0 1 Example add a secondary heartbeat
265. tag_str gt set out_profile profile lt name_str gt modify tags subject enable disable Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify header Enable or disable header tagging for the specified profile A header tag disable enable disable must be set before header tagging can be enabled htag lt tag_str gt Enter the text added to the email header no default stag lt tag_str gt Enter the text added to the email subject no default subject Enable or disable subject tagging for the specified profile disable enable disable History FortiMail v3 0 New Related topics set out_profile profile modify actions set out_profile profile modify individualaction scanner RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 281 out_profile profile modify virus set out_profile profile modify virus Use this command to enable or disable treating messages with a virus as spam Syntax set out_profile profile lt name_str gt modify virus enable disable lt name_str gt is the name of the profile By default this setting is disabled History FortiMail v3 0 New Related topics set out_profile profile modify actions set out_profile profile modify individualaction scanner RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 282 06 30004 0420 200808
266. tem hostname Use this command to configure the FortiMail unit hostname Syntax set system hostname lt hostname_str gt History FortiMail v3 0 New RTIMNET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 Q system interface config RTINET Co R system interface config Use this command to configure FortiMail interface access and settings including allowed and denied protocols maximum transportation unit MTU size e setting the interface either up or down Syntax set system interface lt intf_str gt config allowaccess ping http https snmp ssh telnet denyaccess ping http https snmp ssh telnet mtu lt mtu_int gt speed auto 10full 10half 100full 100half 1000full status down up set Keywords and Variables interface lt intf_str gt Description Enter the name of the interface or vlan to be configured allowaccess ping http https snmp ssh telnet Enter the types of management access permitted on this interface or secondary IP address All types not entered are denied Enter all required types and separate each type with a space Items can be removed by re entering the command with only the required types denyaccess ping http https snmp ssh telnet mtu lt mtu_int gt speed auto 10full 10half 100full 100half 1000 full status down up Enter the types of management access to be denied on t
267. tent modify monitor RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 257 out_content modify monitor RTIMET N amp out_content modify monitor Use this command to configure outgoing content monitor profiles Syntax set out_content set out_content lt dict_int gt set out_content disable set out_content set out_content enable set out_content lt tag_str gt set out_content lt tag_str gt Keywords and Variables disable lt name_str gt monitor lt name_str gt modify modify lt profile_int gt monitor lt profile_int gt lt name_str gt modify monitor lt profile_int gt lt name_str gt monitor lt name_str gt modify modify lt profile_int gt monitor lt profile_int gt lt name_str gt modify monitor lt profile_int gt lt name_str gt modify monitor lt profile_int gt Description delete dict_profile enable moveto lt new_int gt tags header tags htag tags stag Default set lt name_str gt lt profile_int gt This is the name of the outgoing content profile Enter the outgoing content monitor profile number lt dict_int gt Enter the dictionary profile ID number to use for the specified outgoing content monitor profile enable disable Enable or disable the specified outgoing content monitor profile enable moveto lt new_int gt
268. tering 268 enabling checking with SURBL servers 279 enabling deepheader scanning 269 enabling DNSBL lookup 271 enabling greylisting 274 enabling heuristic scanning 275 enabling image spam detection 276 enabling treating viruses as spam 282 modifying banned word list 267 modifying DNSBL server list 272 renaming 285 selecting action 265 selecting actions per detection method 277 setting scanning options 278 outgoing content monitor profile configuring 258 selecting action 257 outgoing content profile blocking specific file types 256 deleting 253 enabling bypass with authentication 255 selecting action 254 outgoing recipient based policy configuring 261 deleting 260 moving in policy list 262 renaming 263 oversize messages deferring 237 P password shared HA password 324 PKI user 347 policy configuring LDAP authentication 293 configuring recipient based policies 296 deleting 287 domain associations 288 enabling background address verification 289 enabling MX record 294 enabling recipient address verification 297 renaming 298 setting domain as subdomain 292 setting domain fallback host 290 setting SMTP server IP address 291 transparent mode masquerading 295 Power Supply Monitored psu 341 primary heartbeat interface HA 314 product name web based manager changing 302 PTR record 311 public key infrastructure PKI Index configuring 20 push update enabling 304 setting IP address 303 Q quarantine confi
269. ters 189 enabling LDAP group queries 194 enabling unauthenticated binds 195 enabling webmail password change 196 fallback LDAP server 193 selecting password change schema 196 setting cache TTL 195 setting LDAP version 195 setting query timeout 195 setting user query options 199 virtual LDAP groups 194 limits domain level 201 general system level 202 groups system level 203 groups system level 203 mail users system level 204 other profiles system level 205 other profiles system level 205 policies system level 206 log configuring email types to include in report 213 configuring logging to console 218 configuring logging to local disk 220 configuring logging to syslog 221 configuring report email recipients 215 customizing column displays 223 customizing display of severity level 224 displaying msisdn column 208 displaying report configuration settings 72 elog displays event log messages 67 enabling history logs to a device 210 enabling logging of spam events 211 enabling logging of virus events 212 logging events to a device 209 logsetting display log device settings 68 policy display log policy information 70 query display available reports 71 scheduling when report generates 218 setting domains to include in report 214 setting query types to include in report 217 setting report time period 216 view viewing log types 73 logo web based manager changing 302 mail directory system 319 mailserver access settings 225
270. that is on the same subnet as gw1 dst lt route_ip4 gt lt mask_ip4 gt Sets the FortiMail unit route destination IP address and IP address mask lt route_ip4 gt is the destination IP address lt mask_ip4 gt is the IP address mask gwl lt gway_ip4 gt History FortiMail v3 0 New Related topics Sets the FortiMail unit route primary gateway IP address lt gateway_ipv4 gt is the primary gateway IP address set system interface config set system interface mode static FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 339 system snmp community set system snmp community Use this command to set and configure the system simple network management protocol SNMP settings Syntax set system snmp community number lt community_int gt config name lt name_str gt queryportvl lt port_int gt queryportv2c lt port_int gt queryvl status enable disable queryv2c status enable disable status enable disable trapevent cpu mem logdisk maildisk deferq virus spam system raid ha archive ipchg psu trapportvl_local lt port_int gt trapportv2c_local lt port_int gt trapvl_status enable trapportvl_remote lt port int gt trapportv2c remote lt port int gt disable trapv2c status fenable disable Keywords and Variables Description number lt community int
271. the system will be refused with a tempfail error throttle lt int gt Enter the sender reputation throttle threshold If a system s sender 15 reputation score exceeds this value the number of messages the FortiMail unit will accept from the sender is limited to the number permitted by the throttle_number or throttle percent whichever is larger throttle number lt int gt Enter the number of messages per hour accepted from a throttled 1 sender throttle percent lt int gt Sets the number of messages per hour accepted from a throttled 5 sender expressed as a percentage of the number of messages from the same sender in the previous hour History FortiMail v3 0 New Related topics set Ip profile check e set ip profile connection e sei Ip profile error e set ip_profile limit e set ip_profile list FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 185 ip profile sendervalidation RTIMNET 186 set ip_profile sendervalidation The sender validation options allow confirmation of sender and message validity Syntax set ip_profile lt name_str gt sendervalidation authenticated enable disable set ip_profile lt name_str gt sendervalidation bypassbounceverify enable disable set ip_profile lt name_str gt sendervalidation dkim enable disable set ip_profile lt name_str gt sendervalidation dom
272. tiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 310 06 30004 0420 200808 14 set system dns Use this command to the DNS addresses and behavior Syntax set system dns cache enable private_ip_query enable disable primary lt addr_ip4 gt none disable secondary lt addr_ip4 gt none system dns Keywords and Variables Description cache enable disable Enable DNS caching to speed up resolving domain names Disable the DNS cache to free memory if you are low on memory primary lt addr_ip4 gt none Enter the IP address of the primary DNS server Enter none to delete the primary DNS server entry private_ip_query Enable private IP queries to perform a reverse DNS lookup on private IP addresses such as 192 168 0 0 16 This is the default enable disable Disable private IP queries if reverse DNS lookups take too long to return host not found for private IP addresses with no PTR record on the DNS server secondary lt addr_ip4 gt none Enter the IP address of the secondary DNS server Enter none to delete the secondary DNS server entry History FortiMail v3 0 New FortiMail v3 0 MR3 Added cache and private ip query keywords Related topics set system interface config e set system interface mode dhcp set system route number FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420
273. tiMail v3 0 New Related topics e set as greylist e set as profile modify actions e set as profile modify individualaction scanner RTIMNET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set as profile modify heuristic as profile modify heuristic Use these commands to configure heuristic scanning for an antispam profile Syntax set as profile lt name_str gt modify heuristic lower level lt lower_int gt set as profile lt name_str gt modify heuristic scanner enable disable set as profile lt name_str gt modify heuristic upper level lt upper_int gt Keywords and variables Description Default lt name_str gt Enter the name of the antispam profile to modify lower level Enter the lower level threshold for heuristic scanning for the specified 20 000000 lt lower_int gt profile scanner Enable or disable heuristic scanning for the specified profile disable enable disable rules percentage Specify the percentage of the total number of heuristic rules that will 25 be used to examine the message A larger percentage requires more system resources upper level Enter the upper level threshold for heuristic scanning for the specified 10 000000 lt upper_int gt profile History FortiMail v3 0 New FortiMail v3 0 MR1 Added rules percentage keyword Related topics e set as profile modify actions e set
274. tion E 15 About the FortiMail Secure Messaging Platform pb 15 About this document ueENgEEEEEEERENEE ENEE dees sasdedeeeneeccueceesstccecerecesenuecse 15 Document CONVENTIONS pe 16 FortiMail documentation pe 17 Fortinet Tools and Documentation CD pp 17 Fortinet Knowledge Center mmrrrrnnennvnnnnvrnnnnnvnnnnrrannrnnnnrnnrrrsnnnennrrrrnesnnnennenn 17 Comments on Fortinet technical documentation pp 18 Customer service and technical SUPPOTT ee 18 Winats a TEA EEE 19 Using the E 21 CLI command syntax A eeaeeeugegtegekrkE EENEG ESA EEN 21 Connecting to the EL 22 Connecting to the FortiMail unit CONSOLE pp 22 Setting administrative access for SSH or Telnet pp 23 Connecting to the FortiMail CLI using GH 23 Connecting to the FortiMail CLI using Telnet pp 24 CLI command branches rrnnssvnnnnvvrnnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnnnnnnnnr 24 Ge 8 e 25 backup CONTIG sranane 26 eg aleto oe EL ER Ces ES EE 27 9 UE EU EE 28 CIC AR ET 29 Tacloryresel1 EE 30 formatl gdisk rss 31 Velo EU E 32 formatmaildisk backup rrsnvvennnnnnnvennnnnnnnvnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnr 33 MAIMAI EEE EN 34 NSIOOKUP Lae 35 partitionlogdisk saemnennnnneneennnnannnennnnnndeeennnndnneeevvnnnnneeevvndnnnednnnnnnseeevunnnenede ee 36 37 elle Ve Le EE 38 reboot 39 reload naa S 40 AEA 0 g AEE A E E E E 41 FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808
275. tions for the admin to select from Mail functions are suspended while this command is running Syntax execute checkmaildisk History FortiMail v3 0 New FortiMail v3 0 MR3 Renamed from checkspooldisk Related topics e execute checklogdisk FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 execute clearqueue clearqueue Select to remove all messages from the deferred queue Syntax xecute clearqueu History FortiMail v3 0 MR3 New Related topics e execute checklogdisk RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 8 factoryreset execute factoryreset Use this command to restore the factory default settings This will delete your configuration Syntax execute factoryreset History FortiMail v3 0 New RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Q Q execute formatlogdisk formatlogdisk Use this command to reformat the local log hard disk to enhance performance This will delete the logs on the log disk Syntax execute formatlogdisk History FortiMail v3 0 New Related topics execute formatmaildisk execute formatmaildisk_backup RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q formatmaildisk execute formatmaildisk Use this
276. topics set ip_profile sendervalidation FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET as control autorelease set as control autorelease Use these commands to set the control account names used to delete or release email messages from quarantine Syntax set as control autorelease delet release lt control_account gt Keywords and Variables Description Default delete This keyword sets the email address ID used to delete quarantined delete ctrl messages release This keyword sets the email address ID used to release release ctrl quarantined messages lt control_account gt This is an email address ID It is not a full email address but only the portion before the symbol The autorelease address IDs do not include a domain The sender must use the domain appearing in their email address This allows the autorelease address IDs to be valid for any domain configured on the FortiMail unit Example To make the addresses more descriptive by setting the delete account ID to quarantine delete and the release account to quarantine release enter these two commands set as control autorelease delete quarantine delete set as control autorelease release quarantine release A user with the email address user1 example com would delete message from their quarantine by sending deletion requests to quarantine_delete ex
277. topics e set log msisdn set log view fields RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q log policy RTINET 3 get log policy Use this command to display information about log policies by destination and log type Syntax To view which types of logging are enabled for each destination get log policy To view detailed information about which types of logging are enabled for a destination get log policy destination syslog number lt integer gt local console To view detailed information about a particular type of logging enabled for a destination get log policy destination syslog number lt integer gt local console event history spam virus Example FortiMail 400 get log policy destination syslog number 1 event syslog 1 event status enable configuration ON ha OFF login ON pop3 ON smtp ON system ON updatefailed ON updatesucceeded OFF webmail ON History FortiMail v3 0 New Related topics e set log policy destination event set log policy destination spam set log policy destination virus sei log setting local Set sei log setting syslog FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 get log query log query Use this command to display all available log query reports for example Top_Remote
278. ubdomain to declare this domain a subdomain Syntax set policy lt fqdn_str gt modify is_subdomain enable disable History FortiMail v3 0 New RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 292 06 30004 0420 200808 14 set policy modify ldap policy modify ldap Use this command to set up LDAP based authentication for antispam and antivirus configuration checking for the specified domain checking of routing configuration for the specified domain This command is available in gateway and transparent modes only Syntax To set the LDAP profile to use for LDAP antispam and antivirus queries set policy lt fqdn_str gt modify ldapasav profile lt profile_str gt To enable or disable LDAP antispam and antivirus configuration checking set policy lt fqdn str gt modify ldapasav state enable disable To set the LDAP profile to use for LDAP routing configuration set policy lt fqdn_str gt modify ldaprouting profile lt profile_str gt To enable or disable LDAP routing configuration set policy lt fqdn_str gt modify ldaprouting state enable disable Keywords and Variables Description lt fqdn_str gt Enter the fully qualified domain name lt profile_str gt Enter the profile name History FortiMail v3 0 New RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 N Q
279. ucture PKI authentication for email users and FortiMail administrators FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Using the CLI CLI command syntax Using the CLI This section describes how to connect to and use the FortiMail command line interface CLI You can use CLI commands to view all FortiMail system information and to change all system configuration settings This section contains the following topics e CLI command syntax Connecting to the CLI e CLI command branches CLI command syntax Square brackets to indicate that a keyword or variable is optional This guide uses the following conventions to describe command syntax Angle brackets lt gt to indicate variables For example set console page lt length_int gt You enter set console page 40 The various types of variables include lt xxx_str gt indicates an ASCII string lt xxx_int gt indicates an integer string that is a decimal number lt xxx_ipv4 gt indicates a dotted decimal IPv4 address lt xxx_v4mask gt indicates a dotted decimal IPv4 netmask lt xxx_ipv4mask gt indicates a dotted decimal IPv4 address followed by a dotted decimal IPv4 netmask e g 192 168 1 99 255 255 255 0 lt xxx_ipv4 mask gt indicates a dotted decimal IPv4 address followed by a CIDR notation IPv4 netmask e g 192 168 1 99 24 lt xxx_ipv6 gt indicates an IPv6 address lt xxx_v6mask g
280. uration and status e set is an alphabetically ordered reference to the set commands These commands configure all aspects of FortiMail unit operation e unset is an alphabetically ordered reference to the unset commands These commands remove configurations such as alert email settings LDAP profiles logging and email server settings Note Diagnose commands are also available from the FortiMail CLI These commands are used to display system information and for debugging Diagnose commands are intended for advanced users only and they are not covered in this document Contact Fortinet technical support before using these commands RTINET F FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 Qo About this document Document conventions Introduction The following document conventions are used in this guide e Inthe examples private IP addresses are used for both private and public IP addresses Notes and Cautions are used to provide important information Note Highlights useful additional information AN Caution Warns you about commands or procedures that could have unexpected or undesirable results including loss of data or damage to equipment Typographic conventions Fortinet documentation uses the following typographical conventions Convention Example Keyboard input In the Gateway Name field type a name for the remote VPN peer or client for
281. ure the time frame of logs you want included in the report Syntax To configure the period of time for the report set log reportconfig lt reportconfigname gt period from lt YYYY MM DD HH gt to lt YYYY MM DD HH gt set log reportconfig lt reportconfigname gt period quarter month week lt integer gt hours lt integer gt days lt integer gt weeks set log reportconfig lt reportconfigname gt period year quarter month week set log reportconfig lt reportconfigname gt period today yesterday Keywords Variables Description Default from lt YYYY MM DD HH gt to Selects the log period of the report by specifying a start No default lt YYYY MM DD HH gt and end date and time The time can only be specified to the nearest hours period quarter month Selects the log period of the report by specifying a No default week lt integer gt number of hours days or weeks leading up to the current time or the last week month or quarter lt integer gt weeks period year quarter Selects the log period of the report by specifying the No default month week current year quarter month or week period today Selects the log period of the report by specifying the No default yesterday current or previous day History FortiMail v2 8 New Related topics sei log setting localset sei log setting syslog set log reportconfig direction set log
282. ut_profile profile rename to Keywords and variables Description lt name_str gt Enter the name of the outgoing antispam profile to rename rename to lt new_str gt Enter the new name of the outgoing antispam profile History FortiMail v3 0 New Related topics set out_profile profile delete FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTIMET NS D Qa out_profile profile rename to set RTINET ES FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 286 06 30004 0420 200808 14 set policy delete policy delete Use this command to remove the specified policy This command is available in gateway and transparent modes only Syntax set policy lt fqdn_str gt delete History FortiMail v3 0 New Related topics set policy modify rename to RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 287 policy modify add_association set policy modify add_association Use this command to configure domain associations A domain association is a domain name that uses all the settings configured for the domain it is associated with Domain associations are defined within domains or subdomains you have created Domain associations are only supported in gateway and transparent modes For example if you have a mail server handling the email for three dom
283. v2c_status disable enable RTIMET Activate or deactivate SNMP v1 and v2c traps ES Q A i FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 set system snmp community s Note The Power Supply Monitored psu option for trap event is visible for all FortiMail models Not all eae FortiMail models have monitored power supplies History FortiMail v3 0 New FortiMail v3 0 Added psu to trapevent keyword Related topics e set system snmp sysinfo threshold RTIMET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 341 system snmp sysinfo threshold set system snmp sysinfo threshold Use this command to set and configure SNMP monitoring of the FortiMail unit and thresholds for SNMP traps Syntax set system snmp sysinfo status disable enable value lt desc_str gt lt loc_dtr gt lt contact_str gt set system snmp threshold cpu deferq logdisk maildisk mem spam virus lt trigger int gt Keywords and Variables Description status disable enable Activate or deactivate SNMP monitoring of the FortiGate unit value lt desc_str gt lt loc str gt lt contact str gt Set the description and contact information associated with this FortiMail unit When an SNMP manager receives information from this FortiMail unit this description will help determine which unit
284. wd secondary interface secondary peer set system ha remote as heartbeat set system ha data set system ha restart restore resync e set system ha Iservice set system ha rservice set system ha mode e set system ha takeover e set system ha monitor RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 Q system ha Iservice set system ha lservice Use this command to configure HA primary unit local services monitoring Configure local service monitoring so that an active passive HA primary unit monitors its own network interfaces and hard drives You must configure how long in seconds to wait between checks of the interfaces or hard drives and how many times the check fails before a failover occurs Network interface monitoring monitors all active network interfaces Network interfaces with their HA interface configuration set to ignore this interface are not monitored For information about HA interface configuration see set system ha takeover on page 330 If the primary unit detects an interface failure for example if the network cable is disconnected from a monitored interface or if the primary unit detects a hard drive failure the primary unit HA effective operating mode changes to off If the primary unit effective operating mode changes to off the primary unit no longer responds to HA heartbeat packets sent by the backup unit The b
285. work addresses the administrator can use to access the FortiMail unit Syntax set system admin username lt name_str gt domain lt domain_str gt password lt password_str gt permission readonly readwrite sshkey lt key_str gt remove trusthost lt trusthost ipmask gt webmode basic advanced Keywords and Variables Description username lt name_str gt Enter the name of the administrator account being created or edited domain lt domain_str gt Enter the domain the administrator belongs to password lt password_str gt Enter the password for the administrator account permission Select administrator permission readonly allows the administrator to readonly readwrite only inspect settings while readwrite also allows changing settings sshkey Enter the SSH key string for the admin user lt key_str gt remove Enter remove to remove the current SSH key trusthost lt trust_ipmask gt Enter the host address and netmask from which the administrator can log in to the web based manager If you want the administrator to be able to access the FortiMail unit from any address set lt t rust_ipmask gt to 0 0 0 0 0 0 0 0 webmode basic advanced Select either basic or advanced interface mode as the default webmode interface when logging in to this admin account History FortiMail v3 0 New FortiMail v3 0 MR3 Added sshkey and webmode k
286. y affects unauthenticated sessions splice Enable or disable the switching to splice mode after a specified amount of disable enable disable data is transmitted or time has passed lt integer gt seconds lt integer gt is the number of kilobytes or seconds kilobytes stop empty domains Enable or disable rejection of empty domains This check only affects disable enable disable unauthenticated sessions stop_encrypted Enable or disable preventing encrypted communication sessions disable enable disable Encrypted email cannot be scanned for spam or viruses syntax Enable or disable the enforcement of strict syntax checking disable enable disable History FortiMail v3 0 New Related topics e sei Ip profile connection e setip profile error e setip_profile limit e setip_profile list e sei Ip profile senderreputation RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 176 06 30004 0420 20080814 set ip pr ofile connection Use these commands to configure various session connection attributes ip profile connection Syntax set ip profile lt name str gt connection concurrent lt con int gt set ip profile lt name str gt connection hide enable disable set ip profile lt name str gt connection idle timeout lt int gt set ip profile lt name str gt connection rate lt con int gt lt time int gt set ip profi
287. y eliminating redundant queries Select Clear Cache to clear the LDAP queries the FortiMail unit has saved cachettl lt ttl int gt Enter the amount of time in minutes the FortiMail unit will 1440 cache LDAP queries When the configured time elapses after the query is submitted the saved query is cleared from the cache timelimit lt timeout int gt Set the length of time in seconds the FortiMail unit will wait 10 for a submitted search to return a result unauthbind enable disable Enable or disable unauthenticated LDAP binds disable version ver2 ver3 Set the version of the protocol used to communicate with the ver3 LDAP server History FortiMail v3 0 New FortiMail v3 0 MR3 Added cachestate and cachettl Related topics sei dap profile clearallcache set ldap_profile profile auth setldap_profile profile clearcache set ldap_profile profile fallback server e set ldap_profile profile group e set Idap_profile profile pwd e set dap profile profile routing set dap profile profile server setldap_profile profile user e unset Idap profile FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 RTINET 195 ldap profile profile pwd set Idap profile profile pwd Use these commands to configure webmail password options Syntax set ldap profile profile lt name str gt pwd webmailschema openldap activedirectory lt schema str gt
288. y servers within your network that mail travels through before reaching the FortiMail unit the addresses of these servers would be checked as part of the antispam scans If soam mail cannot be introduced by these servers you can exclude them from the antispam checks Antispam scanning methods that observe these trusted addresses include FortiGuard Antispam DNSBL SPF and DKIM Private network addresses are never checked and do not need to be excluded using this command Syntax set as trusted antispam mta add lt ipv4_mask gt set as trusted antispam mta delete lt ipv4_mask gt set as trusted mta add lt ipv4_mask gt set as trusted mta delete lt ipv4_mask gt Keywords and variables Description Default antispam mta add Enter an IP address mask to add to the FortiMail unit s antispam MTA lt ipv4_mask gt list Addresses on this list are the points past which no addresses will be scanned for spam For example if a server is at the very edge of your network and no servers inside your network will generate spam use the antispam mta add command to specify the server at the edge of the network Once done the IP address of the specified server and all servers between it and the FortiMail unit will be ignored for antispam scans antispam mta delete Enter an IP address mask to delete from the antispam MTA list lt ipv4_mask gt mta add lt ipv4_mask gt Enter an IP address mask to add to the FortiMail unit s MTA list
289. yntax get log elog History FortiMail v3 0 New Related topics set log policy destination event set log setting local set log setting syslog RTINET FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 kd N log logsetting RTINET amp get log logsetting Use this command to display the log to locations and whether logging to that location is turned on or off the log severity level for each log location log file size log time log option setting when disk is full Syntax get log logsetting Example FortiMail 400 get log logsetting Log to remote syslog server 1 OFF 514 level emergency facility kern CSV OFF Log to remote syslog server 2 OFF 514 level emergency facility kern CSV OFF Log to Console OFF level emergency Log to Local Host ON level information Log file size 10 Megabytes Log time 10 days When reaching log file size or log time Overwrite History FortiMail v3 0 New Related topics set log setting local set set log setting syslog FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 200808 14 get log msisdn log msisdn Use this command to find out if the MSISDN column is enabled Use the set log msisdn command to enable the MSISDN column to display in Log amp Report gt Logging Syntax get log msisdn History FortiMail v3 0 MR3 New Related
290. ystem ha secondary peer lt secondary peer_ipv4 gt Keywords Variables Description Default any Set the secondary heartbeat interface to use any interface that has been set to ignore using the set system ha takeover command disabled Disable the secondary heartbeat interface lt cpeer_integer gt The number of the backup unit in the known peers list You can add up to 24 backup units or peers lt cpeer_ipv4 gt The IP address of the config only peer unit In a config only HA group you would normally set 10 0 0 2 as the peer IP address for the first backup unit 10 0 0 3 as the peer IP address for the second backup unit 10 0 0 4 as the peer IP address for the third backup unit and so on FortiMail Secure Messaging Platform Version 3 0 MR4 CLI Reference 06 30004 0420 20080814 set system ha cpeer interface peer secondary interface secondary peer Keywords Variables Description Default lt primary local ipv4 gt The primary heartbeat local IP address and netmask for 10 0 0 1 lt netmask_ipv4 gt this FortiMail unit When the FortiMail unit is operating in 255 255 255 0 HA mode you can enter get system interfac lt interface_str gt to display this IP address and netmask where lt interface_str gt is the name of the primary heartbeat interface primary local ipv4 of the primary unit must match primary peer ipv4 of the backup unit Normally you would set primary local ipv4 on
Download Pdf Manuals
Related Search