Fortinet FortiMail 3.0 MR4 User Manual
CLI REFERENCE
FortiMail™ Secure Messaging Platform
Version 3.0 MR4
Note: The History sections in the command entries are intended to record
changes in FortiMail 3.0 CLI commands with each release of the product.
Although these sections show all commands as new for version 3.0, many of
the commands existed in previous versions of FortiMail firmware.
www.fortinet.com
FortiMail™ Secure Messaging Platform CLI Reference
Version 3.0 MR4
14 August 2008
06-30004-0420-20080814
© Copyright 2008 Fortinet, Inc. All rights reserved. No part of this
publication including text, examples, diagrams or illustrations may be
reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose,
without prior written permission of Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC,
FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat
Management System, FortiGuard, FortiGuard-Antispam, FortiGuardAntivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer,
FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter,
FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of
Fortinet, Inc. in the United States and/or other countries. The names of
actual companies and products mentione d herein may be the trade marks
of their respective owners.
Contents
Contents
Introduction.......................................................................................15
About the FortiMail Secure Messaging Platform...........................................15
About this document........................................................................................15
Document conventions................................................................................. 16
FortiMail documentation..................................................................................17
Fortinet Tools and Documentation CD.................................................... ... .. 17
Fortinet Knowledge Center .........................................................................17
Comments on Fortinet technical documentation ................................ ......... 18
Customer service and technical support....................................................... 18
What’s new ........................................................................................19
Using the CLI.....................................................................................21
CLI command syntax............................... ... .... ... ... ... ... .... ... ... ... .... .....................21
Connecting to the CLI ...................................................................................... 22
Connecting to the FortiMail unit console................................. ... ... ... ... ....... .. 22
Setting administrative access for SSH or Telnet..........................................23
Connecting to the FortiMail CLI using SSH ... ... ... .........................................23
Connecting to the FortiMail CLI using Telnet...............................................24
CLI command branches...................................................................................24
execute...............................................................................................25
backup config ................................................................................................... 26
checklogdisk.....................................................................................................27
checkmaildisk...................................................................................................28
clearqueue.........................................................................................................29
factoryreset.......................................................................................................30
formatlogdisk....................................................................................................31
formatmaildisk..................................................................................................32
formatmaildisk_backup....................................................................................33
maintain............................................................................................................. 34
nslookup............................................................................................................35
partitionlogdisk.................................................................................................36
ping....................................................................................................................37
ping-option........................................................................................................ 38
reboot.................................................................................................................39
reload................................................................................................................. 40
restore................................................................................................................41
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 3
Contents
shutdown........................................................................................................... 42
smtptest............................................................................................................. 43
telnettest............................................................................................................44
traceroute.......................................................................................................... 45
update config.................................................................................................... 46
updatecenter updatenow................................................................................. 47
get.......................................................................................................49
alertemail configuration...................................................................................50
alertemail setting.............................................................................................. 51
antivirus............................................................................................................. 52
as........................................................................................................................53
auth.................................................................................................................... 56
av........................................................................................................................57
config................................................................................................................. 58
console.............................................................................................................. 59
fshd status ........................................................................................................ 60
ip_policy............................................................................................................ 61
ip_pool............................................................................................................... 62
ip_profile ...........................................................................................................63
ldap_profile.......................................................................................................65
limits.................................................................................................................. 66
log elog .. ... ... .... ... ... ... .........................................................................................67
log logsetting............................................ ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .. 68
log msisdn............................. ... .... ... ... ... .... ... ... ... ... ............................................ 69
log policy...................................................................... ... ... .... ... ... .....................70
log query ............................... ............................................................................ 71
log reportconfig........................................ ... ... ... ... .... ... ... ... ............................... 72
log view ........................... ... ... ... .... ... .................................................................. 73
mailserver.......................................................................................................... 74
mailserver access............................................................................................. 75
mailserver archive............................................................................................ 76
mailserver localdomains.................................................................................. 77
mailserver smtp................................................................................................ 78
mailserver systemquarantine..........................................................................79
misc profile .......................................................................................................80
out_content....................................................................................................... 81
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
4 06-30004-0420-20080814
Contents
out_policy..........................................................................................................82
out_profile.........................................................................................................83
policy .................................................................................................................84
spam deepheader.............................................................................................85
spam heuristic rules.........................................................................................86
spam retrieval policy........................................................................................87
system ...............................................................................................................88
user....................................................................................................................90
userpolicy..........................................................................................................91
set.......................................................................................................93
alertemail configuration mailto ....................................................................... 94
alertemail deferq............................................................................................... 95
alertemail setting option ..................................................................................96
antivirus.............................................................................................................97
as blacklistaction..............................................................................................98
as bounceverify ................................................................................................ 99
as control autorelease....................................................................................100
as control bayesian........................................................................................ 101
as greylist........................................................................................................ 103
as mms_reputation.........................................................................................105
as profile delete .............................................................................................. 106
as profile modify actions ...............................................................................107
as profile modify auto-release.......................................................................108
as profile modify bannedword.......................................................................109
as profile modify bannedwordlist .................................................................110
as profile modify bayesian............................................................................. 111
as profile modify deepheader........................................................................112
as profile modify dictionary...........................................................................113
as profile modify dnsbl .................................................................................. 114
as profile modify dnsblserver........................................................................115
as profile modify forgedip..............................................................................116
as profile modify fortishield........................................................................... 117
as profile modify greylist ...............................................................................118
as profile modify heuristic.............................................................................119
as profile modify imagespam ........................................................................120
as profile modify individualaction scanner.................................................. 121
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 5
Contents
as profile modify quarantine ......................................................................... 122
as profile modify rewrite_rcpt....................................................................... 123
as profile modify scanoptions....................................................................... 124
as profile modify surbl................................................................................... 125
as profile modify surblserver........................................................................ 126
as profile modify tags .................................................................................... 127
as profile modify virus................................................................................... 128
as profile modify whitelistword.....................................................................129
as profile modify whitelistwordlist................................................................ 130
as spamreport.................................................................................................131
as trusted ........................................................................................................ 132
auth imap rename-to......................................................................................133
auth imap server.............................................................................................134
auth pop3 rename-to...................................................................................... 135
auth pop3 server............................................................................................. 136
auth radius rename-to....................................................................................137
auth radius server .......................................................................................... 138
auth smtp rename-to...................................................................................... 139
auth smtp server............................................................................................. 140
av delete..........................................................................................................141
av modify actions........................................................................................... 142
av modify heuristic.........................................................................................143
av modify heuristic heuristic_action............................................................ 144
av modify scanner.......................................................................................... 145
av rename-to...................................................................................................146
console............................................................................................................ 147
content delete.................................................................................................148
content modify action....................................................................................149
content modify bypass_on_auth .................................................................. 150
content modify defersize............................................................................... 151
content modify filetype.................................................................................. 152
content modify monitor ................................................................................. 153
content modify monitor action...................................................................... 154
fshd.................................................................................................................. 156
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
6 06-30004-0420-20080814
Contents
ip_policy..........................................................................................................157
Syntax........................................................................................................157
History........................................................................................................157
Related topics ............................................................................................157
ip_policy action............................................................................................... 158
Syntax........................................................................................................158
History........................................................................................................158
Related topics ............................................................................................158
ip_policy as.....................................................................................................159
Syntax........................................................................................................159
History........................................................................................................159
Related topics ............................................................................................159
ip_policy auth.................................................................................................. 160
Syntax........................................................................................................160
History........................................................................................................160
Related topics ............................................................................................160
ip_policy av.....................................................................................................161
Syntax........................................................................................................161
History........................................................................................................161
Related topics ............................................................................................161
ip_policy content............................................................................................162
Syntax........................................................................................................162
History........................................................................................................162
Related topics ............................................................................................162
ip_policy delete...............................................................................................163
Syntax........................................................................................................163
History........................................................................................................163
Related topics ............................................................................................163
ip_policy exclusive.........................................................................................164
Syntax........................................................................................................164
History........................................................................................................164
Related topics ............................................................................................164
ip_policy ip...................................................................................................... 165
Syntax........................................................................................................165
History........................................................................................................165
Related topics ............................................................................................165
ip_policy match (gateway and server modes).............................................166
Syntax........................................................................................................166
History........................................................................................................166
Related topics ............................................................................................166
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 7
Contents
ip_policy match (transparent mode)............................................................. 167
Syntax........................................................................................................167
History........................................................................................................ 167
Related topics ...................................... ... ................................................... 167
ip_policy move................................................................................................ 168
Syntax........................................................................................................168
History........................................................................................................ 168
Related topics ...................................... ... ................................................... 168
ip_policy smtp ................................................................................................ 169
Syntax........................................................................................................169
History........................................................................................................ 169
Related topics ...................................... ... ................................................... 169
ip_pool............................................................................................................. 170
ip_pool add_entry........................................................................................... 171
ip_pool del_entry............................................................................................172
ip_pool delete .................................................................................................173
..........................................................................................................................174
ip_profile check..............................................................................................175
ip_profile connection..................................................................................... 177
ip_profile delete.............................................................................................. 178
ip_profile error................................................................................................ 179
ip_profile headermanipulation...................................................................... 180
ip_profile limit................................................................................................. 181
ip_profile list...................................................................................................182
ip_profile mms_reputation ............................................................................ 183
ip_profile rename............................................................................................ 184
ip_profile senderreputation........................................................................... 185
ip_profile sendervalidation............................................................................186
ip_profile_setting rate_control...................................................................... 188
ldap_profile profile asav................................................................................ 189
ldap_profile clearallcache.............................................................................. 190
ldap_profile profile auth................................................................................. 191
ldap_profile profile clearcache...................................................................... 192
ldap_profile profile fallback_server..............................................................193
ldap_profile profile group.............................................................................. 194
ldap_profile profile option............................................................................. 195
ldap_profile profile pwd................................................................................. 196
ldap_profile profile routing............................................................................197
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
8 06-30004-0420-20080814
Contents
ldap_profile profile server..............................................................................198
ldap_profile profile user.................................................................................199
limits domain-level ......................................................................................... 201
limits system-level general............................................................................202
limits system-level groups............................................................................. 203
limits system-level mail-users.......................................................................204
limits system-level other-profiles..................................................................205
limits system-level policies ........................................................................... 206
..........................................................................................................................207
log msisdn.......................................................................................................208
log policy destination event ...................... .... ... ... ... ... .... ... .............................209
log policy destination history................................................................. .... ... 210
log policy destination spam .......................... ................................................211
log policy destination virus.... ... ... .... ... ..........................................................212
log reportconfig direction..............................................................................213
log reportconfig domain ................................................................................214
log reportconfig mailto...................................................................................215
log reportconfig period.................................................................................. 216
log reportconfig qry........................................................................................217
log reportconfig schedule hour.....................................................................218
log setting console.........................................................................................219
log setting local .............................................................................................. 220
log setting syslog...........................................................................................221
log view fields.................................................................................................223
log view loglevel.............................................................................................224
mailserver access. ... ... ... ... .............................................................................. 225
mailserver archive account .............................. ... ... ... .... ... ... ... .... ... ... ... ... .... ... 227
mailserver archive exemptlist .......................................................................228
mailserver archive local quota...................................................................... 229
mailserver archive policy..... ... ... ... .... ... ..........................................................230
mailserver archive remote................... ... .......................................................231
mailserver deadmail............. ... ... ... .... ... ... ... .... ... .............................................232
mailserver portnumber............................... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... 233
mailserver proxy smtp interface ...................................................................234
mailserver proxy smtp unknown...................................................................235
mailserver relayserver....................................................................................236
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 9
Contents
mailserver smtp deferbigmsg ....................................................................... 237
mailserver smtp delivery ............................................................................... 238
mailserver smtp dsn_..................................................................................... 239
mailserver smtp ldap_domain_check........................................................... 240
mailserver smtp queue .................................................................................. 241
mailserver smtpauth ...................................................................................... 242
mailserver smtpssl......................................................................................... 243
mailserver smtp storage................................................................................ 244
mailserver smtp storage cquar..................................................................... 245
mailserver systemquarantine........................................................................ 247
misc profile delete.......................................................................................... 248
misc profile modify quota..............................................................................249
misc profile modify userstatus ..................................................................... 250
misc profile modify webmailaccess ............................................................. 251
misc profile rename-to................................................................................... 252
out_content delete.......................................................................................... 253
out_content modify action............................................................................. 254
out_content modify bypass_on_auth........................................................... 255
out_content modify filetype........................................................................... 256
out_content modify monitor action.............................................................. 257
out_content modify monitor.......................................................................... 258
out_policy profile delete................................................................................ 260
out_policy modify . ... ... .... ... ... ... .... ... ... ... .......................................................... 261
out_policy move-to......................................................................................... 262
out_policy rename-to.............. .... ... ... ... .......................................................... 263
out_profile profile delete................................................................................ 264
out_profile profile modify actions................................................................. 265
out_profile profile modify bannedword........................................................ 266
out_profile profile modify bannedwordlist................................................... 267
out_profile profile modify bayesian..............................................................268
out_profile profile modify deepheader......................................................... 269
out_profile profile modify dictionary............................................................ 270
out_profile profile modify dnsbl.................................................................... 271
out_profile profile modify dnsblserver......................................................... 272
out_profile profile modify fortishield............................................................273
out_profile profile modify greylist ................................................................ 274
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
10 06-30004-0420-20080814
Contents
out_profile profile modify heuristic ..............................................................275
out_profile profile modify imagespam..........................................................276
out_profile profile modify individualaction scanner............ .... ... ... ... ... ....... 277
out_profile profile modify scanoptions........................................................278
out_profile profile modify surbl.....................................................................279
out_profile profile modify surblserver.......................................................... 280
out_profile profile modify tags......................................................................281
out_profile profile modify virus.....................................................................282
out_profile profile modify whitelistword ......................................................283
out_profile profile modify whitelistwordlist .................................................284
out_profile profile rename-to.........................................................................285
policy delete....................................... ... ... ... .... ... .............................................287
policy modify add_association ..................... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... 288
policy modify bverify_addr............................................ ... ... ... .... ...................289
policy modify fallback...... .... ... ... ... .... ... ... ... .... ... ... ..........................................290
policy modify ip ....................... ... ... .... ... ... .......................................................291
policy modify is_subdomain ......................... ... ... ... ... .... ... .............................292
policy modify ldap......... ... .... ... ... ... .... ... ... ... .... ... ... ..........................................293
policy modify mxflag......................................... ... ... ... .... ... ... ... .... ...................294
policy modify tp....... ... ... ... .... ... ... ... ................................................................. 295
policy modify user.......................................... ... ... ... ... .... ... ... ... .... ... ................296
policy modify verify_addr.......... ... .... ... ... ... ....................................................297
policy modify rename-to...... ... ... ... .... ... ... ... .... ... ... ... .......................................298
spam deepheader........................................................................................... 299
spam retrieval policy......................................................................................300
system admin..................................................................................................301
system appearance ........................................................................................302
system autoupdate pushaddressoverride ...................................................303
system autoupdate pushupdate....................................................................304
system autoupdate schedule ........................................................................305
system autoupdate tunneling........................................................................ 306
system ddns....................................................................................................307
system disclaimer allowdomain.................................................................... 308
system disclaimer incoming..........................................................................309
system disclaimer outgoing ..........................................................................310
system dns......................................................................................................311
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 11
Contents
system fortimanager......... ... ... .... ... ... ... .... ... ... ................................................ 312
system ha config............... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ................................ 313
system ha {cpeer | interface | peer | secondary-interface | secondary-peer}.
314
system ha data................................... ... .... ... ... ... ... .... ... ... ... .... ... ......................318
system ha datadir................................................. .... ... ... ... .... ... ... ... ... .... ... ......319
system ha lservice................................ .... ... ................................................... 320
system ha mode ............................. ... ... .... ... ... ... ............................................. 321
system ha monitor.................................... ... ... ... ............................................. 322
system ha on-failure....................................... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... 324
system ha passwd... ... .... ... ... ... .... ... ... ... .......................................................... 325
system ha remote-as-heartbeat .................................................................... 326
system ha {restart | restore | resync}........................................................... 327
system ha rservice......................................................................................... 328
system ha takeover..................... ... ... ... .... ... ... ... ... .......................................... 330
system hostname.............. ... ... .... ... ... ... .... ... ... ... ............................................. 333
system interface config ................................. ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... 334
system interface mode dhcp......................................................................... 335
system interface mode static........................................................................ 336
system opmode.............. ... ... ... .... ... ... ... .... ... ... ... ... .... ... ................................... 337
system option.......... ... .... ... ... ... .... ... ... ... .... ... ... ... ............................................. 338
system route number.................................................. ... ................................ 339
system snmp community .............................. ... ............................................. 340
system snmp {sysinfo | threshold}............................................................... 342
system time manual.......... ... ... .... ... ... ............................................................. 343
system time ntp.......... .... ... ... ... .... ................................................................... 344
system usrgrp. ... ... ... ... .... ............................................................................. ... 345
user.................................................................................................................. 346
user pki..... ... ....................................................................................................347
userpolicy delete............................................................................................ 348
userpolicy modify...........................................................................................349
userpolicy move-to......................................................................................... 350
userpolicy rename-to..................................................................................... 351
unset ................................................................................................353
alertemail configuration.................................................................................354
ldap_profile.....................................................................................................355
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
12 06-30004-0420-20080814
Contents
log reportconfig..............................................................................................356
mailserver........................................................................................................357
system .............................................................................................................358
user (transparent and gateway) ....................................................................359
user (server)....................................................................................................360
Index.................................................................................................361
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 13
Contents
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
14 06-30004-0420-20080814
Introduction About the FortiMail Secure Messaging Platform
Introduction
This chapter introduces you to the FortiMail™ Secure Messaging Platform and
the following topics:
• About the FortiMail Secure Messaging Platform
• About this document
• FortiMail documentation
• Customer service and technical support
About the FortiMail Secure Messaging Platform
Each FortiMail unit is an integrated hardware and software solution that provides
powerful and flexible logging and reporting, antispam, antivirus, and email
archiving capabilities to incoming and outgoing email traffic. The FortiMail unit has
reliable and high performance features for detecting and blocking spam
messages and malicious attachments. Built on Fortinet’s FortiOS™, the FortiMail
antivirus technology extends full content inspection capabilities to detect the most
advanced email threats.
About this document
This document describes how to use the Fort ine t Com m a nd Line Inter f a ce (CL I) .
The following chapters appear in this document:
• Using the CLI describes how to connect to and use the Fortinet command-line
interface (CLI).
• execute is an alphabetically-ordered reference to the execute commands.
These commands perform immediate actions on the FortiMail unit, such as
configuration backup or unit reset.
• get is an alphabetically-ordered reference to the get commands. These
commands display information about FortiMail unit co nfiguration and status.
• set is an alphabetically-ordered reference to the set commands. These
commands configure all aspects of FortiMail unit operation.
• unset is an alphabetically-ordered reference to the unset commands. These
commands remove configurations such as alert email settings, LDAP profiles,
logging and email server settings.
Note: Diagnose commands are also available from the FortiMail CLI. These commands are
used to display system information and for debugging. Diagnose commands are intended
for advanced users only, and they are not covered in this document. Contact Fortinet
technical support before using these commands.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 15
About this document Introduction
Document conventions
The following document conventions are used in this guide:
• In the examples, private IP addresses are used for both private and public IP
addresses.
• Notes and Cautions are used to provide important information:
Note: Highlights useful additional information.
Caution: Warns you about commands or procedures that could have unexpected or
!
undesirable results including loss of data or damage to equipment.
Typographic conventions
Fortinet documentation uses the following typographical conventions:
Convention Example
Keyboard input In the Gateway Name field, type a name for the remote VPN
CLI command synt ax execute restore config <filename_str>
Document names FortiMail Administration Guide
File content <HTML><HEAD><TITLE>Firewall
Menu commands Go to Anti-Spam > Greylist > Exempt and select Create
Program output Welcome!
Variables
peer or client (for example, Central_Office_1).
Authentication</TITLE></HEAD>
<BODY><H4>You must authenticate to use this
service.</H4>
New.
• <xxx_str> indicates an ASCII string variable keyword.
• <xxx_integer> indicates an integer variable
keyword.
• <xxx_ipv4> indicates an IP address variable keyword.
• vertical bar and braces {|} separate mutually exclusive
required keywords
For example:
set system opmode {gateway | transparent
| server}
This example indicates you can enter set system
opmode gateway or set system opmode
transparent or set system opmode server
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
16 06-30004-0420-20080814
Introduction FortiMail documentation
FortiMail documentation
Information about the FortiMail unit is available from the following guides:
• FortiMail QuickStart Guides
Provides basic information about connecting and installing a FortiMail unit. A
separate guide is available for each FortiMail model.
• FortiMail Administration Guide
Introduces the product and describes how to configure and ma nage a FortiMail
unit, including how to create profiles and policies, configure antispam and
antivirus filters, create user accounts, configure email archiving, and set up
logging and reporting.
• FortiMail CLI Reference
Describes how to use the FortiMail CLI and contains a reference of all
FortiMail CLI commands.
• FortiMail Log Message Reference
Available exclusively from the Fortinet Knowledge Center, the FortiMail Log
Message Reference describes the structure of FortiMail log messages and
provides information about the log messages that are generated by FortiMail
units.
• FortiMail Installation Guide
Describes how to set up the FortiMail unit in transparent, gateway, or server
mode.
• FortiMail online help
Provides a searchable version of the Administration Guide in HTML format.
You can access online help from the web-based manager as you work.
• FortiMail Webmail online help
Describes how to use the FortiMail web-based email client, including how to
send and receive email, how to add, import, and export addresses, how to
configure message display preferences, and how to manage quarantined
email.
• FortiMail User Guides
Provides information that the FortiMail end users need to know in orde r to ta ke
advantage of the services provided by the FortiMail unit. These guides are
included as chapters in the FortiMail Administration Guide, allowing the
administrator to provide information on only the enabled features.
Fortinet Tools and Documentation CD
All Fortinet documentation is available on the Fortinet Tools and Documentation
CD shipped with your Fortinet product. The documents on this CD are current at
shipping time. For up-to-date versions of Fortinet documentation visit the Fortinet
Technic al Doc um e ntation web site at http://docs.forticare.com.
Fortinet Knowledge Center
Additional Fortinet technical documentation is available from the Fortinet
Knowledge Center. The knowledge center contains troubleshooting and how-to
articles, FAQs, technical notes, a glossary , and more. Visit the Fortinet Knowledge
Center at http://kc.forticare.com.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 17
Customer service and technical support Introduction
Comments on Fortinet technical documentation
Please send information about any errors or omissions in this document, or any
Fortinet technical documentation, to techdoc@fortinet.com.
Customer service and technical support
Fortinet Technical Support provides services designed to make sure that your
Fortinet systems install quickly, configure easily, and operate reliably in your
network.
Please visit the Fortinet Technical Support web site at http://support.fortinet.com
to learn about the technical support services that Fortinet provides.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
18 06-30004-0420-20080814
What’s new
What’s new
The table below lists commands which have changed since the previous release, 3.0 MR3.
Command Change
execute partitionlogdisk New command. Sets the size of the hard disk
set as bounceverify New command. Configures verification of
set as mms_reputation New command. Sets the window of time during
set as profile modify rewrite_rcpt New command. Configure rewriting of the
set ip_profile headermanipulation New command. Removes specified message
set ip_profile mms_reputation New command. Enables or disables detection
set ip_profile sendervalidation
bypassbounceverify
set ip_profile_setting rate_control New command. Selects whether to rate control
set mailserver access ... authenticated New keyword. Selects whether to apply the
set mailserver access ... tlsprofile New keyword. Selects the name of a transport
set mailserver smtp ldap_domain_check New command. Enables or disables use of an
set mailserver smtpauth smtp New keyword. Enables or disables SMTP
set mailserver smtpauth smtpovertls New keyword. Enables or disables transport
set mailserver smtpauth smtps New keyword. Enables or disables SMTPS
set policy modify add_association New command. Configures domain
partition to use as the log disk. Remaining hard
disk space is used as the mail disk.
delivery status notification (DSN) email.
which detection of multimedia message service
(MMS) spam will affect the sender reputation of
the end user ID (MSISDN).
recipient email address located in the envelope
if the email message is detected as spam.
headers.
of spam based upon the sender reputation of
the end user ID (MSISDN) for multimedia
message service (MMS) email messages, and
configures its detection threshold and duration.
New keyword. Enables or disables bypass of
verification of delivery status notification (DSN)
email.
email messages by either the number of email
messages or the number of SMTP connections.
access control rule to only authenticated SMTP
sessions, or regardless of authentication
status.
layer security (TLS) profile to apply to SMTP
sessions governed by this access control rule.
LDAP query to verify the existence of a domain
and to automatically associate it with a
protected domain.
authentication.
layer security (TLS) authentication for SMTP.
authentication.
associations, which associate a domain name
with the settings for an existing protected
domain.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 19
Command Change
set system fortimanager New command. Configures remote
administration by and automatic configuration
backups to a FortiManager system.
set user pki New command. Configures public key
infrastructure (PKI) authentication for email
users and FortiMail administrators.
What’s new
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
20 06-30004-0420-20080814
Using the CLI CLI command syntax
Using the CLI
This section describes how to connect to and use the FortiMail command line
interface (CLI). You can use CLI commands to view all FortiMail system
information and to change all system configuration settings.
This section contains the following topics:
• CLI command syntax
• Connecting to the CLI
• CLI command branches
CLI command syntax
This guide uses the following conventions to describe command syntax.
• Angle brackets < > to indicate variables.
For example:
set console page <length_int>
You enter:
set console page 40
The various types of variables include:
<xxx_str> indicates an ASCII string.
<xxx_int> indicates an integer string that is a decimal number.
<xxx_ipv4> indicates a dotted decimal IPv4 address.
<xxx_v4mask> indicates a dotted decimal IPv4 netmask.
<xxx_ipv4mask> indicates a dotted decimal IPv4 address followed by a
dotted decimal IPv4 netmask (e.g. 192.168.1.99 255.255.255.0)
<xxx_ipv4/mask> indicates a dotted decimal IPv4 address followed by a
CIDR notation IPv4 netmask (e.g. 192.168.1.99/24)
<xxx_ipv6> indicates an IPv6 address.
<xxx_v6mask> indicates an IPv6 netmask.
<xxx_ipv6mask> indicates an IPv6 address followed by an IPv6 netmask.
• Vertical bar and braces {|} separate alternative, mutually exclusive required
keywords.
For example:
set system opmode {gateway | server | transparent}
You can enter set system opmode gateway or set system opmode
server or set system opmode transparent.
• Square brackets [ ] to indicate th at a keyword or variable is optional.
For example:
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 21
Connecting to the CLI Using the CLI
set policy <fqdn> modify fallbackhost <host_ipv4>
[fallbackport <port>]
The fallback host address is required, and a fallback port is optional
• A space to separate options that can be entered in any combination and must
be separated by spaces.
For example:
set allowaccess {ping https ssh snmp http telnet}
You can enter any of the following:
set allowaccess ping
set allowaccess ping https ssh
set allowaccess https ping ssh
set allowaccess snmp
In most cases to make changes to lists that contain options separated by
spaces, you need to retype the whole list including all the optio ns you want to
apply and excluding all the options you want to remove.
Connecting to the CLI
You can use a direct console connection, SSH, or Telnet to connect to the
FortiMail unit CLI.
Connecting to the FortiMail unit console
To connect to the FortiMail console, you require:
• A computer with an available com port.
• A null modem cable to connect the FortiMail console port.
• Terminal emulation software such as HyperTerminal for Windows.
Note: The following procedure describes how to connect to the FortiMail CLI using
Windows HyperTerminal software. You can use any terminal emulation program.
To connect to the FortiMail unit console
1 Connect the FortiMail console port to the available communications port on your
computer.
2 Make sure the FortiMail unit is powered on.
3 Start HyperTerminal, enter a name for the connection, and select OK.
4 Configure HyperTerminal to connect directly to the communications port on the
computer to which you have connected the FortiMail console port.
5 Select OK.
6 Select the following port settings and select OK.
Bits per second 9600
Data bit s 8
Parity None
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
22 06-30004-0420-20080814
Using the CLI Connecting to the CLI
Stop b its 1
Flow control None
7 Press Enter to connect to the FortiMail CLI.
8 A prompt appears:
FortiMail-400 login:
9 Type a valid administrator name and press Enter .
10 Type the password for this administrator and press Enter.
The following prompt appears:
Welcome!
You have connected to the FortiLog CLI, and you can enter CLI commands.
Setting administrative access for SSH or Telnet
To configure the FortiMail unit to accept SSH or Te lnet connections, you must set
administrative access to SSH or Telnet for the FortiMail interface to which your
management computer connects. To use the web-based manager to configure
FortiMail interfaces for SSH or Telnet access, see “Interface settings” in the
“Configuring FortiMail system settings” chapter of the FortiMail Administration
Guide.
To use the CLI to configure SSH or Telnet access
1 Connect and log into the CLI using the FortiMail console port and your terminal
emulation software.
2 Use the following command to configure an interface to accept SSH connections:
set system interface <interface_name> config allowaccess ssh
end
3 Use the following command to configure an interface to accept Telnet
connections:
set system interface <interface_name> config allowaccess
telnet
4 To confirm that you have configured SSH or Telnet access correctly, enter the
following command to view the access settings for the interface:
get system interface
The CLI displays the settings, including the management access settings, for the
configured interfaces.
Connecting to the FortiMail CLI using SSH
Secure Shell (SSH) provides strong secure authentication and secure
communications to the FortiMail CLI from your internal network or the internet.
Once the FortiMail unit is configured to accept SSH connections, you can run an
SSH client on your management computer and use this client to connect to the
FortiMail CLI.
Note: The FortiMail unit supports the following encryption algorithms for SSH access:
3DES and Blowfish.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 23
CLI command branches Using the CLI
To connect to the CLI using SSH
1 Install and start an SSH client.
2 Connect to the FortiMail interface that is configured for SSH connections.
3 Type a valid administrator name and press Enter.
4 Type the password for this administrator and press Enter.
The FortiMail model name followed by a # is Displayed.
You have connected to the FortiMail CLI, and you can enter CLI commands.
Connecting to the FortiMail CLI using Telnet
You can use Telnet to connect to the FortiMail CLI from your internal network or
the Internet. Once the FortiMail unit is configured to accept Telnet connections,
you can run a Telnet client on your management computer and use this client to
connect to the FortiLog CLI.
Caution: Telnet is not a secure access method. SSH should be used to access the FortiLog
!
CLI from the internet or any other unprotected network.
To connect to the CLI using Telnet
1 Install and start a Telnet client.
2 Connect to the FortiMail interface that is configured for Telnet connections.
3 Type a valid administrator name and press Enter.
4 Type the password for this administrator and press Enter.
You have connected to the FortiMail CLI, and you can enter CLI commands.
CLI command branches
The FortiGate command-line interfa c e consists of four command branches:
• Use execute to run static commands on the FortiMail unit. Examples include
resetting the device, formatting the hard drive, and pinging other devices from
the FortiMail unit’s network interfaces.
For a complete execute command list, see “execute” on page 25.
•Use get to display system status information. The get command can be
used to display the current value of items configured with the set command.
For a complete get command list, see “get” on page 49.
• Use set to configure the FortiMail unit. All of the configuration allowed in the
GUI can also be accomplished using the set command. Some extra options
not available in the GUI are also available with the set command.
For a complete set command list, see “set” on page 93.
• Use unset to return settings to their default values.
For a complete unset command list, see “unset” on page 353.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
24 06-30004-0420-20080814
execute
execute
Use execute commands to perform maintenance operations on your FortiMail unit or to perform
network test operations such as ping or traceroute.
This chapter describes the following execute co mm a nd s:
backup config
checklogdisk
checkmaildisk
clearqueue
factoryreset
formatlogdisk
formatmaildisk
formatmaildisk_backup
maintain
nslookup
partitionlogdisk
ping
ping-option
reboot
reload
restore
shutdown
smtptest
telnettest
traceroute
update config
updatecenter updatenow
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 25
backup config execute
backup config
Use this command to back up system settings to a TFTP server.
Syntax
execute backup config <name_str> <server_ipv4>
<name_str> is the filename for the backup on the TFTP server
<server_ipv4> is the IP address of the TFTP server
History
FortiMail v3.0 New.
Related topics
• execute restore
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
26 06-30004-0420-20080814
execute checklogdisk
checklogdisk
When recommended by Customer Support, use this command to find and correct errors on the log
disk. Logging is suspended while this command is running.
Syntax
execute checklogdisk
History
FortiMail v3.0 New.
Related topics
• execute checkmaildisk
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 27
checkmaildisk execute
checkmaildisk
When recommended by Customer Support, use this command to find and correct errors on the mail
disk. Actions are reported at the command prompt. If the check can’t fix something automatically, it
presents a list of options for the admin to select from.
Mail functions are suspended while this command is running.
Syntax
execute checkmaildisk
History
FortiMail v3.0 New.
FortiMail v3.0 MR3 Renamed from checkspooldisk.
Related topics
• execute checklogdisk
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
28 06-30004-0420-20080814
execute clearqueue
clearqueue
Select to remove all messages from the deferred queue.
Syntax
execute clearqueue
History
FortiMail v3.0 MR3 New.
Related topics
• execute checklogdisk
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814 29
factoryreset execute
factoryreset
Use this command to restore the factory default settings.
This will delete your configuration.
Syntax
execute factoryreset
History
FortiMail v3.0 New.
FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
30 06-30004-0420-20080814
Loading...