Fortinet FortiMail 3.0 MR4 User Manual

CLI REFERENCE

FortiMail™ Secure Messaging Platform Version 3.0 MR4

Note: The History sections in the command entries are intended to record changes in FortiMail 3.0 CLI commands with each release of the product. Although these sections show all commands as new for version 3.0, many of the commands existed in previous versions of FortiMail firmware.

www.fortinet.com

FortiMail™ Secure Messaging Platform CLI Reference

Version 3.0 MR4 14 August 2008 06-30004-0420-20080814

© Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

Trademarks

Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat Management System, FortiGuard, FortiGuard-Antispam, FortiGuardAntivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentione d herein may be the trade marks of their respective owners.

Contents

Introduction.......................................................................................15

About the FortiMail Secure Messaging Platform...........................................15

About this document........................................................................................15

Document conventions................................................................................. 16

FortiMail documentation..................................................................................17

Fortinet Tools and Documentation CD.................................................... ... .. 17

Fortinet Knowledge Center .........................................................................17

Comments on Fortinet technical documentation ................................ ......... 18

Customer service and technical support....................................................... 18

What’s new ........................................................................................19

Using the CLI.....................................................................................21

CLI command syntax............................... ... .... ... ... ... ... .... ... ... ... .... .....................21

Connecting to the CLI ...................................................................................... 22

Connecting to the FortiMail unit console................................. ... ... ... ... ....... .. 22

Setting administrative access for SSH or Telnet..........................................23

Connecting to the FortiMail CLI using SSH ... ... ... .........................................23

Connecting to the FortiMail CLI using Telnet...............................................24

CLI command branches...................................................................................24

execute...............................................................................................25

backup config ................................................................................................... 26

checklogdisk.....................................................................................................27

checkmaildisk...................................................................................................28

clearqueue.........................................................................................................29

factoryreset.......................................................................................................30

formatlogdisk....................................................................................................31

formatmaildisk..................................................................................................32

formatmaildisk_backup....................................................................................33

maintain............................................................................................................. 34

nslookup............................................................................................................35

partitionlogdisk.................................................................................................36

ping....................................................................................................................37

ping-option........................................................................................................ 38

reboot.................................................................................................................39

reload................................................................................................................. 40

restore................................................................................................................41

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 3

Contents

shutdown........................................................................................................... 42

smtptest............................................................................................................. 43

telnettest............................................................................................................44

traceroute.......................................................................................................... 45

update config.................................................................................................... 46

updatecenter updatenow................................................................................. 47

get.......................................................................................................49

alertemail configuration...................................................................................50

alertemail setting.............................................................................................. 51

antivirus............................................................................................................. 52

as........................................................................................................................53

auth.................................................................................................................... 56

av........................................................................................................................57

config................................................................................................................. 58

console.............................................................................................................. 59

fshd status ........................................................................................................ 60

ip_policy............................................................................................................ 61

ip_pool............................................................................................................... 62

ip_profile ...........................................................................................................63

ldap_profile.......................................................................................................65

limits.................................................................................................................. 66

log elog .. ... ... .... ... ... ... .........................................................................................67

log logsetting............................................ ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .. 68

log msisdn............................. ... .... ... ... ... .... ... ... ... ... ............................................ 69

log policy...................................................................... ... ... .... ... ... .....................70

log query ............................... ............................................................................ 71

log reportconfig........................................ ... ... ... ... .... ... ... ... ............................... 72

log view ........................... ... ... ... .... ... .................................................................. 73

mailserver.......................................................................................................... 74

mailserver access............................................................................................. 75

mailserver archive............................................................................................ 76

mailserver localdomains.................................................................................. 77

mailserver smtp................................................................................................ 78

mailserver systemquarantine..........................................................................79

misc profile .......................................................................................................80

out_content....................................................................................................... 81

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

4 06-30004-0420-20080814

Contents

out_policy..........................................................................................................82

out_profile.........................................................................................................83

policy .................................................................................................................84

spam deepheader.............................................................................................85

spam heuristic rules.........................................................................................86

spam retrieval policy........................................................................................87

system ...............................................................................................................88

user....................................................................................................................90

userpolicy..........................................................................................................91

set.......................................................................................................93

alertemail configuration mailto ....................................................................... 94

alertemail deferq............................................................................................... 95

alertemail setting option ..................................................................................96

antivirus.............................................................................................................97

as blacklistaction..............................................................................................98

as bounceverify ................................................................................................ 99

as control autorelease....................................................................................100

as control bayesian........................................................................................ 101

as greylist........................................................................................................ 103

as mms_reputation.........................................................................................105

as profile delete .............................................................................................. 106

as profile modify actions ...............................................................................107

as profile modify auto-release.......................................................................108

as profile modify bannedword.......................................................................109

as profile modify bannedwordlist .................................................................110

as profile modify bayesian............................................................................. 111

as profile modify deepheader........................................................................112

as profile modify dictionary...........................................................................113

as profile modify dnsbl .................................................................................. 114

as profile modify dnsblserver........................................................................115

as profile modify forgedip..............................................................................116

as profile modify fortishield........................................................................... 117

as profile modify greylist ...............................................................................118

as profile modify heuristic.............................................................................119

as profile modify imagespam ........................................................................120

as profile modify individualaction scanner.................................................. 121

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 5

Contents

as profile modify quarantine ......................................................................... 122

as profile modify rewrite_rcpt....................................................................... 123

as profile modify scanoptions....................................................................... 124

as profile modify surbl................................................................................... 125

as profile modify surblserver........................................................................ 126

as profile modify tags .................................................................................... 127

as profile modify virus................................................................................... 128

as profile modify whitelistword.....................................................................129

as profile modify whitelistwordlist................................................................ 130

as spamreport.................................................................................................131

as trusted ........................................................................................................ 132

auth imap rename-to......................................................................................133

auth imap server.............................................................................................134

auth pop3 rename-to...................................................................................... 135

auth pop3 server............................................................................................. 136

auth radius rename-to....................................................................................137

auth radius server .......................................................................................... 138

auth smtp rename-to...................................................................................... 139

auth smtp server............................................................................................. 140

av delete..........................................................................................................141

av modify actions........................................................................................... 142

av modify heuristic.........................................................................................143

av modify heuristic heuristic_action............................................................ 144

av modify scanner.......................................................................................... 145

av rename-to...................................................................................................146

console............................................................................................................ 147

content delete.................................................................................................148

content modify action....................................................................................149

content modify bypass_on_auth .................................................................. 150

content modify defersize............................................................................... 151

content modify filetype.................................................................................. 152

content modify monitor ................................................................................. 153

content modify monitor action...................................................................... 154

fshd.................................................................................................................. 156

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

6 06-30004-0420-20080814

Contents

ip_policy..........................................................................................................157

Syntax........................................................................................................157

History........................................................................................................157

Related topics ............................................................................................157

ip_policy action............................................................................................... 158

Syntax........................................................................................................158

History........................................................................................................158

Related topics ............................................................................................158

ip_policy as.....................................................................................................159

Syntax........................................................................................................159

History........................................................................................................159

Related topics ............................................................................................159

ip_policy auth.................................................................................................. 160

Syntax........................................................................................................160

History........................................................................................................160

Related topics ............................................................................................160

ip_policy av.....................................................................................................161

Syntax........................................................................................................161

History........................................................................................................161

Related topics ............................................................................................161

ip_policy content............................................................................................162

Syntax........................................................................................................162

History........................................................................................................162

Related topics ............................................................................................162

ip_policy delete...............................................................................................163

Syntax........................................................................................................163

History........................................................................................................163

Related topics ............................................................................................163

ip_policy exclusive.........................................................................................164

Syntax........................................................................................................164

History........................................................................................................164

Related topics ............................................................................................164

ip_policy ip...................................................................................................... 165

Syntax........................................................................................................165

History........................................................................................................165

Related topics ............................................................................................165

ip_policy match (gateway and server modes).............................................166

Syntax........................................................................................................166

History........................................................................................................166

Related topics ............................................................................................166

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 7

Contents

ip_policy match (transparent mode)............................................................. 167

Syntax........................................................................................................167

History........................................................................................................ 167

Related topics ...................................... ... ................................................... 167

ip_policy move................................................................................................ 168

Syntax........................................................................................................168

History........................................................................................................ 168

Related topics ...................................... ... ................................................... 168

ip_policy smtp ................................................................................................ 169

Syntax........................................................................................................169

History........................................................................................................ 169

Related topics ...................................... ... ................................................... 169

ip_pool............................................................................................................. 170

ip_pool add_entry........................................................................................... 171

ip_pool del_entry............................................................................................172

ip_pool delete .................................................................................................173

..........................................................................................................................174

ip_profile check..............................................................................................175

ip_profile connection..................................................................................... 177

ip_profile delete.............................................................................................. 178

ip_profile error................................................................................................ 179

ip_profile headermanipulation...................................................................... 180

ip_profile limit................................................................................................. 181

ip_profile list...................................................................................................182

ip_profile mms_reputation ............................................................................ 183

ip_profile rename............................................................................................ 184

ip_profile senderreputation........................................................................... 185

ip_profile sendervalidation............................................................................186

ip_profile_setting rate_control...................................................................... 188

ldap_profile profile asav................................................................................ 189

ldap_profile clearallcache.............................................................................. 190

ldap_profile profile auth................................................................................. 191

ldap_profile profile clearcache...................................................................... 192

ldap_profile profile fallback_server..............................................................193

ldap_profile profile group.............................................................................. 194

ldap_profile profile option............................................................................. 195

ldap_profile profile pwd................................................................................. 196

ldap_profile profile routing............................................................................197

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

8 06-30004-0420-20080814

Contents

ldap_profile profile server..............................................................................198

ldap_profile profile user.................................................................................199

limits domain-level ......................................................................................... 201

limits system-level general............................................................................202

limits system-level groups............................................................................. 203

limits system-level mail-users.......................................................................204

limits system-level other-profiles..................................................................205

limits system-level policies ........................................................................... 206

..........................................................................................................................207

log msisdn.......................................................................................................208

log policy destination event ...................... .... ... ... ... ... .... ... .............................209

log policy destination history................................................................. .... ... 210

log policy destination spam .......................... ................................................211

log policy destination virus.... ... ... .... ... ..........................................................212

log reportconfig direction..............................................................................213

log reportconfig domain ................................................................................214

log reportconfig mailto...................................................................................215

log reportconfig period.................................................................................. 216

log reportconfig qry........................................................................................217

log reportconfig schedule hour.....................................................................218

log setting console.........................................................................................219

log setting local .............................................................................................. 220

log setting syslog...........................................................................................221

log view fields.................................................................................................223

log view loglevel.............................................................................................224

mailserver access. ... ... ... ... .............................................................................. 225

mailserver archive account .............................. ... ... ... .... ... ... ... .... ... ... ... ... .... ... 227

mailserver archive exemptlist .......................................................................228

mailserver archive local quota...................................................................... 229

mailserver archive policy..... ... ... ... .... ... ..........................................................230

mailserver archive remote................... ... .......................................................231

mailserver deadmail............. ... ... ... .... ... ... ... .... ... .............................................232

mailserver portnumber............................... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... 233

mailserver proxy smtp interface ...................................................................234

mailserver proxy smtp unknown...................................................................235

mailserver relayserver....................................................................................236

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 9

Contents

mailserver smtp deferbigmsg ....................................................................... 237

mailserver smtp delivery ............................................................................... 238

mailserver smtp dsn_..................................................................................... 239

mailserver smtp ldap_domain_check........................................................... 240

mailserver smtp queue .................................................................................. 241

mailserver smtpauth ...................................................................................... 242

mailserver smtpssl......................................................................................... 243

mailserver smtp storage................................................................................ 244

mailserver smtp storage cquar..................................................................... 245

mailserver systemquarantine........................................................................ 247

misc profile delete.......................................................................................... 248

misc profile modify quota..............................................................................249

misc profile modify userstatus ..................................................................... 250

misc profile modify webmailaccess ............................................................. 251

misc profile rename-to................................................................................... 252

out_content delete.......................................................................................... 253

out_content modify action............................................................................. 254

out_content modify bypass_on_auth........................................................... 255

out_content modify filetype........................................................................... 256

out_content modify monitor action.............................................................. 257

out_content modify monitor.......................................................................... 258

out_policy profile delete................................................................................ 260

out_policy modify . ... ... .... ... ... ... .... ... ... ... .......................................................... 261

out_policy move-to......................................................................................... 262

out_policy rename-to.............. .... ... ... ... .......................................................... 263

out_profile profile delete................................................................................ 264

out_profile profile modify actions................................................................. 265

out_profile profile modify bannedword........................................................ 266

out_profile profile modify bannedwordlist................................................... 267

out_profile profile modify bayesian..............................................................268

out_profile profile modify deepheader......................................................... 269

out_profile profile modify dictionary............................................................ 270

out_profile profile modify dnsbl.................................................................... 271

out_profile profile modify dnsblserver......................................................... 272

out_profile profile modify fortishield............................................................273

out_profile profile modify greylist ................................................................ 274

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

10 06-30004-0420-20080814

Contents

out_profile profile modify heuristic ..............................................................275

out_profile profile modify imagespam..........................................................276

out_profile profile modify individualaction scanner............ .... ... ... ... ... ....... 277

out_profile profile modify scanoptions........................................................278

out_profile profile modify surbl.....................................................................279

out_profile profile modify surblserver.......................................................... 280

out_profile profile modify tags......................................................................281

out_profile profile modify virus.....................................................................282

out_profile profile modify whitelistword ......................................................283

out_profile profile modify whitelistwordlist .................................................284

out_profile profile rename-to.........................................................................285

policy delete....................................... ... ... ... .... ... .............................................287

policy modify add_association ..................... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... 288

policy modify bverify_addr............................................ ... ... ... .... ...................289

policy modify fallback...... .... ... ... ... .... ... ... ... .... ... ... ..........................................290

policy modify ip ....................... ... ... .... ... ... .......................................................291

policy modify is_subdomain ......................... ... ... ... ... .... ... .............................292

policy modify ldap......... ... .... ... ... ... .... ... ... ... .... ... ... ..........................................293

policy modify mxflag......................................... ... ... ... .... ... ... ... .... ...................294

policy modify tp....... ... ... ... .... ... ... ... ................................................................. 295

policy modify user.......................................... ... ... ... ... .... ... ... ... .... ... ................296

policy modify verify_addr.......... ... .... ... ... ... ....................................................297

policy modify rename-to...... ... ... ... .... ... ... ... .... ... ... ... .......................................298

spam deepheader........................................................................................... 299

spam retrieval policy......................................................................................300

system admin..................................................................................................301

system appearance ........................................................................................302

system autoupdate pushaddressoverride ...................................................303

system autoupdate pushupdate....................................................................304

system autoupdate schedule ........................................................................305

system autoupdate tunneling........................................................................ 306

system ddns....................................................................................................307

system disclaimer allowdomain.................................................................... 308

system disclaimer incoming..........................................................................309

system disclaimer outgoing ..........................................................................310

system dns......................................................................................................311

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 11

Contents

system fortimanager......... ... ... .... ... ... ... .... ... ... ................................................ 312

system ha config............... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ................................ 313

system ha {cpeer | interface | peer | secondary-interface | secondary-peer}. 314

system ha data................................... ... .... ... ... ... ... .... ... ... ... .... ... ......................318

system ha datadir................................................. .... ... ... ... .... ... ... ... ... .... ... ......319

system ha lservice................................ .... ... ................................................... 320

system ha mode ............................. ... ... .... ... ... ... ............................................. 321

system ha monitor.................................... ... ... ... ............................................. 322

system ha on-failure....................................... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... 324

system ha passwd... ... .... ... ... ... .... ... ... ... .......................................................... 325

system ha remote-as-heartbeat .................................................................... 326

system ha {restart | restore | resync}........................................................... 327

system ha rservice......................................................................................... 328

system ha takeover..................... ... ... ... .... ... ... ... ... .......................................... 330

system hostname.............. ... ... .... ... ... ... .... ... ... ... ............................................. 333

system interface config ................................. ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... 334

system interface mode dhcp......................................................................... 335

system interface mode static........................................................................ 336

system opmode.............. ... ... ... .... ... ... ... .... ... ... ... ... .... ... ................................... 337

system option.......... ... .... ... ... ... .... ... ... ... .... ... ... ... ............................................. 338

system route number.................................................. ... ................................ 339

system snmp community .............................. ... ............................................. 340

system snmp {sysinfo | threshold}............................................................... 342

system time manual.......... ... ... .... ... ... ............................................................. 343

system time ntp.......... .... ... ... ... .... ................................................................... 344

system usrgrp. ... ... ... ... .... ............................................................................. ... 345

user.................................................................................................................. 346

user pki..... ... ....................................................................................................347

userpolicy delete............................................................................................ 348

userpolicy modify...........................................................................................349

userpolicy move-to......................................................................................... 350

userpolicy rename-to..................................................................................... 351

unset ................................................................................................353

alertemail configuration.................................................................................354

ldap_profile.....................................................................................................355

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

12 06-30004-0420-20080814

Contents

log reportconfig..............................................................................................356

mailserver........................................................................................................357

system .............................................................................................................358

user (transparent and gateway) ....................................................................359

user (server)....................................................................................................360

Index.................................................................................................361

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 13

Contents

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

14 06-30004-0420-20080814

Introduction About the FortiMail Secure Messaging Platform

Introduction

This chapter introduces you to the FortiMail™ Secure Messaging Platform and the following topics:

• About the FortiMail Secure Messaging Platform

• About this document

• FortiMail documentation

• Customer service and technical support

About the FortiMail Secure Messaging Platform

Each FortiMail unit is an integrated hardware and software solution that provides powerful and flexible logging and reporting, antispam, antivirus, and email archiving capabilities to incoming and outgoing email traffic. The FortiMail unit has reliable and high performance features for detecting and blocking spam messages and malicious attachments. Built on Fortinet’s FortiOS™, the FortiMail antivirus technology extends full content inspection capabilities to detect the most advanced email threats.

About this document

This document describes how to use the Fort ine t Com m a nd Line Inter f a ce (CL I) . The following chapters appear in this document:

• Using the CLI describes how to connect to and use the Fortinet command-line interface (CLI).

• execute is an alphabetically-ordered reference to the execute commands. These commands perform immediate actions on the FortiMail unit, such as configuration backup or unit reset.

• get is an alphabetically-ordered reference to the get commands. These commands display information about FortiMail unit co nfiguration and status.

• set is an alphabetically-ordered reference to the set commands. These commands configure all aspects of FortiMail unit operation.

• unset is an alphabetically-ordered reference to the unset commands. These commands remove configurations such as alert email settings, LDAP profiles, logging and email server settings.

Note: Diagnose commands are also available from the FortiMail CLI. These commands are used to display system information and for debugging. Diagnose commands are intended for advanced users only, and they are not covered in this document. Contact Fortinet technical support before using these commands.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 15

About this document Introduction

Document conventions

The following document conventions are used in this guide:

• In the examples, private IP addresses are used for both private and public IP addresses.

• Notes and Cautions are used to provide important information:

Note: Highlights useful additional information.

Caution: Warns you about commands or procedures that could have unexpected or

undesirable results including loss of data or damage to equipment.

Typographic conventions

Fortinet documentation uses the following typographical conventions:

Convention Example Keyboard input In the Gateway Name field, type a name for the remote VPN

CLI command synt ax execute restore config <filename_str> Document names FortiMail Administration Guide File content <HTML><HEAD><TITLE>Firewall

Menu commands Go to Anti-Spam > Greylist > Exempt and select Create

Program output Welcome! Variables

peer or client (for example, Central_Office_1).

Authentication</TITLE></HEAD> <BODY><H4>You must authenticate to use this service.</H4>

New.

• <xxx_str> indicates an ASCII string variable keyword.

• <xxx_integer> indicates an integer variable

keyword.

• <xxx_ipv4> indicates an IP address variable keyword.

• vertical bar and braces {|} separate mutually exclusive

required keywords

For example: set system opmode {gateway | transparent

| server} This example indicates you can enter set system

opmode gateway or set system opmode transparent or set system opmode server

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

16 06-30004-0420-20080814

Introduction FortiMail documentation

FortiMail documentation

Information about the FortiMail unit is available from the following guides:

• FortiMail QuickStart Guides Provides basic information about connecting and installing a FortiMail unit. A

separate guide is available for each FortiMail model.

• FortiMail Administration Guide

Introduces the product and describes how to configure and ma nage a FortiMail unit, including how to create profiles and policies, configure antispam and antivirus filters, create user accounts, configure email archiving, and set up logging and reporting.

• FortiMail CLI Reference

Describes how to use the FortiMail CLI and contains a reference of all FortiMail CLI commands.

• FortiMail Log Message Reference

Available exclusively from the Fortinet Knowledge Center, the FortiMail Log Message Reference describes the structure of FortiMail log messages and provides information about the log messages that are generated by FortiMail units.

• FortiMail Installation Guide

Describes how to set up the FortiMail unit in transparent, gateway, or server mode.

• FortiMail online help

Provides a searchable version of the Administration Guide in HTML format. You can access online help from the web-based manager as you work.

• FortiMail Webmail online help

Describes how to use the FortiMail web-based email client, including how to send and receive email, how to add, import, and export addresses, how to configure message display preferences, and how to manage quarantined email.

• FortiMail User Guides

Provides information that the FortiMail end users need to know in orde r to ta ke advantage of the services provided by the FortiMail unit. These guides are included as chapters in the FortiMail Administration Guide, allowing the administrator to provide information on only the enabled features.

Fortinet Tools and Documentation CD

All Fortinet documentation is available on the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For up-to-date versions of Fortinet documentation visit the Fortinet Technic al Doc um e ntation web site at http://docs.forticare.com.

Fortinet Knowledge Center

Additional Fortinet technical documentation is available from the Fortinet Knowledge Center. The knowledge center contains troubleshooting and how-to articles, FAQs, technical notes, a glossary , and more. Visit the Fortinet Knowledge Center at http://kc.forticare.com.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 17

Customer service and technical support Introduction

Comments on Fortinet technical documentation

Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com.

Customer service and technical support

Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network.

Please visit the Fortinet Technical Support web site at http://support.fortinet.com to learn about the technical support services that Fortinet provides.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

18 06-30004-0420-20080814

What’s new

The table below lists commands which have changed since the previous release, 3.0 MR3.

Command Change

execute partitionlogdisk New command. Sets the size of the hard disk

set as bounceverify New command. Configures verification of

set as mms_reputation New command. Sets the window of time during

set as profile modify rewrite_rcpt New command. Configure rewriting of the

set ip_profile headermanipulation New command. Removes specified message

set ip_profile mms_reputation New command. Enables or disables detection

set ip_profile sendervalidation

bypassbounceverify

set ip_profile_setting rate_control New command. Selects whether to rate control

set mailserver access ... authenticated New keyword. Selects whether to apply the

set mailserver access ... tlsprofile New keyword. Selects the name of a transport

set mailserver smtp ldap_domain_check New command. Enables or disables use of an

set mailserver smtpauth smtp New keyword. Enables or disables SMTP

set mailserver smtpauth smtpovertls New keyword. Enables or disables transport

set mailserver smtpauth smtps New keyword. Enables or disables SMTPS

set policy modify add_association New command. Configures domain

partition to use as the log disk. Remaining hard disk space is used as the mail disk.

delivery status notification (DSN) email.

which detection of multimedia message service (MMS) spam will affect the sender reputation of the end user ID (MSISDN).

recipient email address located in the envelope if the email message is detected as spam.

headers.

of spam based upon the sender reputation of the end user ID (MSISDN) for multimedia message service (MMS) email messages, and configures its detection threshold and duration.

New keyword. Enables or disables bypass of verification of delivery status notification (DSN) email.

email messages by either the number of email messages or the number of SMTP connections.

access control rule to only authenticated SMTP sessions, or regardless of authentication status.

layer security (TLS) profile to apply to SMTP sessions governed by this access control rule.

LDAP query to verify the existence of a domain and to automatically associate it with a protected domain.

authentication.

layer security (TLS) authentication for SMTP.

authentication.

associations, which associate a domain name with the settings for an existing protected domain.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 19

Command Change

set system fortimanager New command. Configures remote

administration by and automatic configuration backups to a FortiManager system.

set user pki New command. Configures public key

infrastructure (PKI) authentication for email users and FortiMail administrators.

What’s new

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

20 06-30004-0420-20080814

Using the CLI CLI command syntax

Using the CLI

This section describes how to connect to and use the FortiMail command line interface (CLI). You can use CLI commands to view all FortiMail system information and to change all system configuration settings.

This section contains the following topics:

• CLI command syntax

• Connecting to the CLI

• CLI command branches

CLI command syntax

This guide uses the following conventions to describe command syntax.

• Angle brackets < > to indicate variables. For example:

set console page <length_int>

You enter:

set console page 40

The various types of variables include:

<xxx_str> indicates an ASCII string. <xxx_int> indicates an integer string that is a decimal number. <xxx_ipv4> indicates a dotted decimal IPv4 address. <xxx_v4mask> indicates a dotted decimal IPv4 netmask. <xxx_ipv4mask> indicates a dotted decimal IPv4 address followed by a

dotted decimal IPv4 netmask (e.g. 192.168.1.99 255.255.255.0) <xxx_ipv4/mask> indicates a dotted decimal IPv4 address followed by a

CIDR notation IPv4 netmask (e.g. 192.168.1.99/24)

<xxx_ipv6> indicates an IPv6 address. <xxx_v6mask> indicates an IPv6 netmask. <xxx_ipv6mask> indicates an IPv6 address followed by an IPv6 netmask.

• Vertical bar and braces {|} separate alternative, mutually exclusive required keywords.

For example:

set system opmode {gateway | server | transparent} You can enter set system opmode gateway or set system opmode

server or set system opmode transparent.

• Square brackets [ ] to indicate th at a keyword or variable is optional. For example:

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 21

Connecting to the CLI Using the CLI

set policy <fqdn> modify fallbackhost <host_ipv4>

[fallbackport <port>]

The fallback host address is required, and a fallback port is optional

• A space to separate options that can be entered in any combination and must be separated by spaces.

For example:

set allowaccess {ping https ssh snmp http telnet}

You can enter any of the following:

set allowaccess ping set allowaccess ping https ssh set allowaccess https ping ssh set allowaccess snmp

In most cases to make changes to lists that contain options separated by spaces, you need to retype the whole list including all the optio ns you want to apply and excluding all the options you want to remove.

Connecting to the CLI

You can use a direct console connection, SSH, or Telnet to connect to the FortiMail unit CLI.

Connecting to the FortiMail unit console

To connect to the FortiMail console, you require:

• A computer with an available com port.

• A null modem cable to connect the FortiMail console port.

• Terminal emulation software such as HyperTerminal for Windows.

Note: The following procedure describes how to connect to the FortiMail CLI using Windows HyperTerminal software. You can use any terminal emulation program.

To connect to the FortiMail unit console

1 Connect the FortiMail console port to the available communications port on your

computer.

2 Make sure the FortiMail unit is powered on. 3 Start HyperTerminal, enter a name for the connection, and select OK. 4 Configure HyperTerminal to connect directly to the communications port on the

computer to which you have connected the FortiMail console port.

5 Select OK. 6 Select the following port settings and select OK.

Bits per second 9600 Data bit s 8 Parity None

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

22 06-30004-0420-20080814

Using the CLI Connecting to the CLI

Stop b its 1 Flow control None

7 Press Enter to connect to the FortiMail CLI. 8 A prompt appears:

FortiMail-400 login:

9 Type a valid administrator name and press Enter .

10 Type the password for this administrator and press Enter.

The following prompt appears:

Welcome!

You have connected to the FortiLog CLI, and you can enter CLI commands.

Setting administrative access for SSH or Telnet

To configure the FortiMail unit to accept SSH or Te lnet connections, you must set administrative access to SSH or Telnet for the FortiMail interface to which your management computer connects. To use the web-based manager to configure FortiMail interfaces for SSH or Telnet access, see “Interface settings” in the “Configuring FortiMail system settings” chapter of the FortiMail Administration

Guide.

To use the CLI to configure SSH or Telnet access

1 Connect and log into the CLI using the FortiMail console port and your terminal

emulation software.

2 Use the following command to configure an interface to accept SSH connections:

set system interface <interface_name> config allowaccess ssh end

3 Use the following command to configure an interface to accept Telnet

connections:

set system interface <interface_name> config allowaccess telnet

4 To confirm that you have configured SSH or Telnet access correctly, enter the

following command to view the access settings for the interface:

get system interface

The CLI displays the settings, including the management access settings, for the configured interfaces.

Connecting to the FortiMail CLI using SSH

Secure Shell (SSH) provides strong secure authentication and secure communications to the FortiMail CLI from your internal network or the internet. Once the FortiMail unit is configured to accept SSH connections, you can run an SSH client on your management computer and use this client to connect to the FortiMail CLI.

Note: The FortiMail unit supports the following encryption algorithms for SSH access: 3DES and Blowfish.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 23

CLI command branches Using the CLI

To connect to the CLI using SSH

1 Install and start an SSH client. 2 Connect to the FortiMail interface that is configured for SSH connections. 3 Type a valid administrator name and press Enter. 4 Type the password for this administrator and press Enter.

The FortiMail model name followed by a # is Displayed. You have connected to the FortiMail CLI, and you can enter CLI commands.

Connecting to the FortiMail CLI using Telnet

You can use Telnet to connect to the FortiMail CLI from your internal network or the Internet. Once the FortiMail unit is configured to accept Telnet connections, you can run a Telnet client on your management computer and use this client to connect to the FortiLog CLI.

Caution: Telnet is not a secure access method. SSH should be used to access the FortiLog

CLI from the internet or any other unprotected network.

To connect to the CLI using Telnet

1 Install and start a Telnet client. 2 Connect to the FortiMail interface that is configured for Telnet connections. 3 Type a valid administrator name and press Enter. 4 Type the password for this administrator and press Enter.

You have connected to the FortiMail CLI, and you can enter CLI commands.

CLI command branches

The FortiGate command-line interfa c e consists of four command branches:

• Use execute to run static commands on the FortiMail unit. Examples include resetting the device, formatting the hard drive, and pinging other devices from the FortiMail unit’s network interfaces.

For a complete execute command list, see “execute” on page 25.

•Use get to display system status information. The get command can be used to display the current value of items configured with the set command.

For a complete get command list, see “get” on page 49.

• Use set to configure the FortiMail unit. All of the configuration allowed in the GUI can also be accomplished using the set command. Some extra options not available in the GUI are also available with the set command.

For a complete set command list, see “set” on page 93.

• Use unset to return settings to their default values. For a complete unset command list, see “unset” on page 353.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

24 06-30004-0420-20080814

execute

Use execute commands to perform maintenance operations on your FortiMail unit or to perform network test operations such as ping or traceroute.

This chapter describes the following execute co mm a nd s:

backup config checklogdisk checkmaildisk clearqueue factoryreset formatlogdisk formatmaildisk formatmaildisk_backup maintain nslookup partitionlogdisk ping

ping-option reboot reload restore shutdown smtptest telnettest traceroute update config updatecenter updatenow

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 25

backup config execute

backup config

Use this command to back up system settings to a TFTP server.

Syntax

execute backup config <name_str> <server_ipv4>

<name_str> is the filename for the backup on the TFTP server <server_ipv4> is the IP address of the TFTP server

History

FortiMail v3.0 New.

checklogdisk

When recommended by Customer Support, use this command to find and correct errors on the log disk. Logging is suspended while this command is running.

Syntax

execute checklogdisk

History

FortiMail v3.0 New.

checkmaildisk

When recommended by Customer Support, use this command to find and correct errors on the mail disk. Actions are reported at the command prompt. If the check can’t fix something automatically, it presents a list of options for the admin to select from.

Mail functions are suspended while this command is running.

Syntax

execute checkmaildisk

History

FortiMail v3.0 New. FortiMail v3.0 MR3 Renamed from checkspooldisk.

clearqueue

Select to remove all messages from the deferred queue.

Syntax

execute clearqueue

History

FortiMail v3.0 MR3 New.

factoryreset

Use this command to restore the factory default settings.

This will delete your configuration.

Syntax

execute factoryreset

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

30 06-30004-0420-20080814

execute formatlogdisk

formatlogdisk

Use this command to reformat the local log hard disk to enhance performance.

This will delete the logs on the log disk.

Syntax

execute formatlogdisk

History

FortiMail v3.0 New.

formatmaildisk

Use this command to reformat the local email disk to enhance performance after you have backed up the mail database to the log disk with execute formatmaildisk_backup.

This will delete your mail database.

Syntax

execute formatmaildisk

History

FortiMail v3.0 New.

formatmaildisk_backup

Use this command to back up the mail database to the log disk, and then format the local mail disk.

This will enhance performance on the mail disk.

Syntax

execute formatmaildisk_backup

History

FortiMail v3.0 New.

maintain

Use this command to perform maintenance on mail queues by deleting out-of-date messages.

Syntax

execute maintain mailqueue clear age <age>[<unit>]

<age> messages this age or older will be cleared, and can be from 1 hour to 10 years. <unit> can be one of h, d, m, or y for hours, days, months, or years respectively.

The default is 24h.

Example

This example will clear messages that are 23 days old and older.

execute maintain mailqueue clear age 23d

History

FortiMail v3.0 MR3 New.

nslookup

Use this command to perform a name server lookup on the specified host or MX record.

Syntax

execute nslookup {host | mx} <name_server>

<name_server> can be an IP address or a fully qualified domain name.

History

FortiMail v3.0 New.

partitionlogdisk

Use this command to adjust the ratio of disk space allocated to the logs and mail. By default, 75% of

the disk space is allocated to mail and 25% to logs.

Syntax

execute partitionlogdisk <log_int>

<log_int> is the percentage of the total disk space allocated to log files. Specify any value between

10 and 90. The remainder is allocated to mail.

Caution: Executing this command formats the FortiMail disks. This operation deletes all mail and log

History

FortiMail v3.0 MR4 New.

ping

Use this command to ping the specified host name or host IP address.

Syntax

execute ping {<host_name> | <host_ipv4>}

History

FortiMail v3.0 New.

ping-option

Use this command to configure the ping function behavior settings.

Syntax

execute ping-option <option>

Option Description Default

data-size <bytes> Enter datagram size in bytes. 56 df-bit {yes | no} Enter yes to set the DF bit in the IP header to prevent the ICMP

packet from being fragmented. Setting df-bit to no allows the ICMP packet to be fragmented.

pattern <hex_pattern> Enter a pattern to fill the optional data buffer at the end of the

ICMP packet, for example 00ffaabb. The size of the buffer is specified using the data_size parameter. This allows you to send out packets of different sizes for testing the effect of packet size on the connection.

repeat-count <integer> Enter the number of times to repeat the ping. The value must be

greater than 0.

source {auto | <ipv4>} Select the interface from which the ping is sent. Enter either

auto or the interface IP address. timeout <seconds> Enter the ping response timeout in seconds. 2 tos <tos_value> Enter the IP type-of-service option value, one of:

• default 0

• lowcost minimize cost

• lowdelay minimize delay

• reliability maximize reliability

• throughput maximize throughput

ttl <TTL_integer> Enter the time-to-live (TTL) value. 64 validate-reply {yes | no} Enter yes to validate ping replies. no view-settings View the current ping option settings. N/A

None

auto

default

History

FortiMail v3.0 New.

reboot

Use this command to restart the FortiMail unit.

Syntax

execute reboot

History

FortiMail v3.0 New.

reload

If you set your console to batch mode, use this command to flush the current configuration from system memory and reload the configuration from a saved configuration file.

Syntax

execute reload

History

FortiMail v3.0 New.

restore

Use this command to restore system configuration or firmware from a TFTP server.

Syntax

execute restore {config | image} <name_str> <server_ipv4>

Enter config to restore system settings or image to restore system firmware image. <name_str> is the name of the configuration file on the TFTP server.

<server_ipv4> is the IP address of the TFTP server.

History

FortiMail v3.0 New.

shutdown

Use this command to prepare the FortiMail unit to be powered down. This command clears all buffers

and writes all cached data to disk. Power off the FortiMail unit only after issuing this command to prevent possible data loss.

Syntax

execute shutdown

History

FortiMail v3.0 New.

smtptest

Use this command to test connectivity to an SMTP server.

Syntax

execute smtptest <ipv4_addr[:port]> domain <domain_str>

<ipv4_addr> is the IP address of the SMTP server [:port] is the optional port number to connect to the SMTP server. <domain_str> is the name of the domain on the SMTP server to connect to.

Example

This example tests the connection to an SMTP server at 192.168 .100.2 on port 25 to the example.com domain.

execute smtptest 192.168.100.2:25 domain example.com

History

FortiMail v3.0 MR3 New.

telnettest

Use this command to attempt a telnet connection to the specified host IP address.

Syntax

execute telnettest <host_ipv4[:port]>

If you do not specify a port number, port 23 is used.

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

44 06-30004-0420-20080814

execute traceroute

traceroute

Use this command to trace the route to the specified host IP address.

Syntax

execute traceroute <host_ipv4>

History

FortiMail v3.0 New.

update config

Use this command to request a configuration update from the FortiManager server.

Syntax

execute update config

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

46 06-30004-0420-20080814

execute updatecenter updatenow

updatecenter updatenow

Use this command to manually initiate a virus definition update.

Syntax

execute updatecenter updatenow

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 47

updatecenter updatenow execute

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

48 06-30004-0420-20080814

get

alertemail configuration alertemail setting antivirus as auth av config console fshd status ip_policy ip_pool ip_profile ldap_profile limits log elog log logsetting log msisdn log policy log query

mailserver mailserver access mailserver archive mailserver localdomains mailserver smtp mailserver systemquarantine misc profile out_content out_policy out_profile policy spam deepheader spam heuristic rules spam retrieval policy system user userpolicy

log reportconfig log view

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 49

alertemail configuration get

alertemail configuration

Use this command to view the alert email recipients. The command displays the SMTP server addr ess, SMTP user name, SMTP authentication status, encrypted SMTP password, and the email addresses used to send the alert.

Syntax

get alertemail configuration

History

FortiMail v3.0 New.

alertemail setting

Use this command to view the alert email configuration. This command displays what is enabled or disabled for:

• virus incidents

• critical events

• disk full

• archiving failure

• HA events

• dictionary corruption

• system quarantine quota full

Syntax

get alertemail configuration

Example

FortiMail-400 # get alertemail setting Alert email setting: alert email for antivirus: disabled alert email for critical events: disabled alert email for disk full: enabled alert email for archiving failure: enabled alert email for HA events: disabled alert email for Dictionary corruption: disabled alert email for system quarantine quota is full: disabled alert email for Defer queue: enabled

History

FortiMail v3.0 New.

antivirus

Use this command to display whether antivirus scanning is enabled. This is available only in server mode.

Syntax

get antivirus

Example

FEServer # get antivirus global antivirus scanning is enabled

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

52 06-30004-0420-20080814

get as

Use this command to display information about your antispam configuration.

Syntax

get as <option>

Option Description

blacklistaction Display the action set for blacklisted items. control autorelease Display the spam auto release and auto delete account names. control bayesian Display the Bayesian tra ining account names. greylist Display the greylist settings, including the TTL, greylist period, initial expiry

profile <profile_name> Display the settings of an antispam profile. spamreport Display the quarantine spam report settings. trusted antispam-mta Display the IP addresses on the antispam-MTA list. trusted mta Display the IP addresses on the MTA list.

period, capacity, and exempt address list.

Examples

FortiMail-400 # get as blacklistaction blacklist action: reject

FortiMail-400 # get as control autorelease autorelease account is release-ctrl autodelete account is delete

FortiMail-400 # get as control bayesian "is spam" account is is-spam "is not spam" account is is-not-spam "learn is spam" account is learn-is-spam "learn is not spam" account is learn-is-not-spam "training group" account is default-grp

FortiMail-400 # get as greylist

TTL: 10 (day) Greylist period: 20 (minute) Initial expiry period: 4 (hour) Capacity: 40000

Greylist exempt:

FortiMail-400 # get as profile profile2 Antispam profiles id=3, name=profile2 Heuristic filtering: enabled action: default lower level: -15.000000 upper level: 5.000000 Bayesian filtering: enabled

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 53

as get

action: default use personal database: disabled Accept training from users: disabled Use other techniques for auto training: disabled Deepheader filtering: disabled action: default check black ip: enabled headers analysis: enabled Dictionary filtering: disabled action: default dictionary profile: unknown(-1) FortiGuard-Antispam filtering: disabled action: default FortiGuard-Antispam checkip: disabled Dnsbl server lookup: disabled action: default Surbl server lookup: disabled action: default Banned word scanning: disabled action: default

Whitelist word scanning: disabled Greylist message senders: disabled Treat message with virus as spam: disabled action: default Check forged IP in incoming emails: disabled action: default Check image spam in incoming emails: disabled action: default Check image spam aggressively: disabled Scan conditions: maxsize: 0 bypass_on_auth: disabled attachment types: pdf: disabled Actions: discard reject subject tagging: disabled, tag="" header tagging: disabled, tag="" quarantine is: enabled auto delete: enabled, number of days=7 auto release of quarantined emails by email: disabled auto release of quarantined emails by web: disabled add the sender of a released message to personal white list:

disabled allow users to automatically update personal White list from sent

emails: disabled

FortiMail-400 # get as spamreport time of day: 00:00 interval: these hours: Web Release Hostname is empty Web Release through HTTPS is enabled

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

54 06-30004-0420-20080814

get as

History

FortiMail v3.0 New. FortiMail v3.0 MR3 Added trusted antispam-mta and trusted mta commands.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 55

auth get

auth

Use this command to display authentication settings by protocol: IMAP, POP3, RADIUS, SMTP . This is available in transparent and gateway modes only.

Syntax

get auth {imap | pop3 | radius | smtp}

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

56 06-30004-0420-20080814

get av

Use this command to display the settings of an antivirus profile.

Syntax

get av <profile_name>

Example

FortiMail-400 # get av avprofile1 Antivirus profiles id=2, name=avprofile1 AV Scanner: enabled AV actions: Heuristic scanning: disabled Heuristic actions:

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 57

config get

config

Use this command to display the current FortiMail unit configuration.

Syntax

get config [<search_string>]

<search_string> is an optional search string. If the string contains spaces, enclose it in single

quotation marks (' '). If you specify a search string, the command displays only the lines in the configuration file that contain

that string. Otherwise, the command lists the entire configuration.

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

58 06-30004-0420-20080814

get console

console

Use this command to display console settings: the number of lines per page, the mode of operation, and the baud rate of the command line console.

Syntax

get console

Example

FortiMail-400 # get console Page number: 24 Console mode: Line Console baudrate: default

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 59

fshd status get

fshd status

Use this command to display the FortiGuard settings on the FortiMail unit.

Syntax

get fshd status

Example

FortiMail-400 # get fshd status Fortishield service status: enabled Fortishield service cache status: enabled Fortishield service cache ttl: 600 Fortishield service hostname antispam.fortigate.com

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

60 06-30004-0420-20080814

get ip_policy

ip_policy

Use this command to list information about IP policies.

Syntax

get ip_policy [<policy_number>]

If you do not specify a policy number, the command provides a list of the IP policies, by name and number. If you specify a policy number, the command lists detailed information about that policy.

Example

FortiMail-400 # get ip_policy 0 smtpin configuration 0 matches: from 0.0.0.0/0, to 0.0.0.0/0 action: SCAN ip profile: 'session_strict' exclusive: this profile can be overriden by a recipient profile SMTP: is disabled, and difference are NOT allowed

History

FortiMail v3.0 New.

ip_pool

Use this command to list information about IP pool policies.

Syntax

get ip_pool {<name_str>}

If you do not specify a policy name, the command returns a list of the IP pool policies, by name and ID number. If you specify a policy name, the command lists the IP ranges defined in the policy.

History

FortiMail v3.0 MR3 New.

ip_profile

Use this command to list information about IP profiles.

Syntax

get ip_profile [<profile_name>]

If you do not specify a profile name, the command provides a list of the IP profiles. If you specify a profile name, the command lists detailed information about that IP profile.

Example

FortiMail-400 # get ip_profile session_loose smtpin configuration for "session_loose" connection: rate limiting per IP is disabled this box will NOT be hidden from the server connection limiting per IP is disabled total connection limiting is disabled preventing connections to blacklisted SMTP is disabled idle timeout is disabled session: checking HELO/EHLO chars is disabled HELO/EHLO rewrite is disabled disallowing encrypted links is disabled allow pipelining NO strict synax checking is disabled splice is disabled ACK EOM before anti-spam is disabled Send DSN to sender when spam detected is disabled (for unauthorised links) checking sender domain is disabled checking recipient domain is disabled reject empty domains is disabled open relay checking is disabled RCPT/HELO/MAIL domain check is disabled limits: max number of recipients per email is 500 no helo/ehlo per session no email per session max supported message size is 10485760 max supported header size is 32768 no NOOP restrictions no RSET restrictions errors: no "free" errors there is no initial error delay subsequent errors use the initial delay the link will not disconnect because of errors lists: sender white list checking is disabled sender black list checking is disabled recipient white list checking is disabled recipient black list checking is disabled sender reputation: sender reputation list checking is disabled

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 63

ip_profile get

History

FortiMail v3.0 New.

ldap_profile

Use this command to display all the settings of the specified LDAP profile.

Syntax

get ldap_profile profile <name_str>

<name_str> is the LDAP profile name. To see a list of LDAP profiles, enter get ldap_profile profile ?.

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 65

limits get

limits

Use this command to display all the settings of the limits command.

Syntax

get limits

<name_str> is the LDAP profile name. To see a list of LDAP profiles, enter get ldap_profile profile ?.

Example

If you enter the gets limits command on a FortiMail-400 unit, the output will be similar to this: FortiMail-400 # get limits

domain level limits

domains with 2 tier admin 25 (25 ) [500]

admins per domain 5 (5 ) [5]

policies per domain 40 (40 ) [40]

profiles per domain 5 (5 ) [5] system level limits

admin count 20 (20 ) [20] total domains 500 (500 ) [500] total user groups 100 (100 ) [100] members per user group 50 (50 ) [50] profile count 50 (50 ) [50] ip policy count 40 (40 ) [40] outgoing policy count 500 (500 ) [500] as profile count *175 (*175 ) [175] av profile count *175 (*175 ) [175] content profile count *175 (*175 ) [175] ip profile count *175 (*175 ) [175] all shared memory size 13954552 (13954552) [268435456] bytes

dynamic shared memory size 10273300 (10273300) [268435456] bytes (numbers in brackets indicates value to use on next reboot) [numbers in square brackets indicates maximum allowable values] (numbers preceeded by * are automatically calculated)

History

FortiMail v3.0 MR3 New.

log elog

FortiMail v3.0 New.

Use this command to display the event log messages that have been saved to local hard disk or remote syslog server.

Syntax

get log elog

History

FortiMail v3.0 New.

log logsetting

Use this command to display:

• the log to locations and whether logging to that location is turned on or off.

• the log severity level for each log location

• log file size

• log time

• log option setting when disk is full

Syntax

get log logsetting

Example

FortiMail-400 # get log logsetting Log to remote syslog server 1: OFF :514 level: emergency facility: kern

CSV:OFF

Log to remote syslog server 2: OFF :514 level: emergency facility: kern

CSV:OFF Log to Console: OFF level: emergency Log to Local Host: ON level: information Log file size: 10 Megabytes Log time: 10 days When reaching log file size or log time: Overwrite

History

FortiMail v3.0 New.

log msisdn

Use this command to find out if the MSISDN column is enabled. Use the set log msisdn command to enable the MSISDN column to display in Log & Report >

Logging.

Syntax

get log msisdn

History

FortiMail v3.0 MR3 New.

log policy

Use this command to display information about log policies by destination and log type.

Syntax

To view which types of logging are enabled for each destination:

get log policy

To view detailed information about which types of logging are enabled for a destination:

get log policy [destination {syslog [number

<integer>] | local | console}]

To view detailed information about a particular type of logging enabled for a destination:

get log policy [destination {syslog number <integer> | local | console}

{event | history | spam | virus}]

Example

FortiMail-400 # get log policy destination syslog number 1 event syslog 1 event: status: enable configuration: ON ha: OFF login: ON pop3: ON smtp: ON system: ON updatefailed: ON updatesucceeded: OFF webmail: ON

History

FortiMail v3.0 New.

log query

Use this command to display all available log query reports , for example, Top_Remote_Virus_Domain_by_Hour_of_Day. The total number of query reports displays at the bottom of the list.

Syntax

get log query

History

FortiMail v3.0 New.

log reportconfig

Use this command to display the settings in a saved log report configuration. The two default reports that become available after setting up you r FortiGate unit with the quick st art wizard, are also availa ble for this command.

Syntax

get log reportconfig <config_name_str> <predefined_report_yesterday>

<config_name_str> is the log report configuration name. For a list of all saved log report

configurations, enter “?” as the name.

History

FortiMail v3.0 New. FortiMail v3.0 MR3 The keywords, predefined_report_yesterday and

log view

Use this command to display what columns display in Log & Report > Logging for event, history, spam, and virus logs.

Use the set log view command to set the fields to display and the log severity level.

Syntax

get log view {event | history | spam | virus}

History

FortiMail v3.0 New.

mailserver

Use this command to display the FortiMail email system settings.

Syntax

get mailserver

Example

FortiMail-400 # get mailserver

dead mail kept: 1 days mail storage: local disk Centralized Quarantine: Disabled maximum message size: 10 MB POP3 server port: 110 SMTP authentication: enabled SMTP over SSL: disabled SMTP server port: 25 SMTPS server port: 465

Relay server disabled

History

FortiMail v3.0 New. FortiMail v3.0 MR3 Updated output.

mailserver access

Use this command to display the permissions for sending and receiving email for each domain.

Syntax

get mailserver access

History

FortiMail v3.0 New.

mailserver archive

Use this command to display information about email archiving.

Syntax

To view email archiving account settings:

get mailserver archive

For other information:

get mailserver archive {exemptlist | local | policy | remote}

Option Description

exemptlist Display the archiving policy exceptions th at exempt certain email from being archived. local Display the disk quota for archiving to the local hard disk. policy Display the email archiving policies. remote Display the settings for remote archiving via FTP or SFTP.

Example

This example shows the output without options.

FortiMail-400 # get mailserver archive email archiving destination: local email archiving account: archive email archiving forward: email archiving status: disabled Mailbox rotate size: 100 Megabytes Mailbox rotate time: 7 Days When reaching disk quota: Overwrite

History

FortiMail v3.0 New.

mailserver localdomains

Use this command to display information about the domains adde d to the FortiMail unit. This is available in server mode only.

Syntax

get mailserver localdomain

History

FortiMail v3.0 New.

mailserver smtp

Use this command to display settings for SMTP email.

Syntax

get mailserver smtp <setting>

Variables Description

<setting> Enter the setting, one of:

deferbigmsg Display the times to start and stop delivering messages

dsn_displayname Display the sender name used in DSN messages. dsn_sender Display the sender address used in DSN messages. queue Display the parameter settings for time outs and retries for

History

FortiMail v3.0 New. FortiMail v3.0 MR2 Added queue keyword.

deferred because of their size.

undelivered mail in queues.

mailserver systemquarantine

Use this command to display the system quarantine settings. The system quarantine is used for mail matching content profiles.

Syntax

get mailserver systemquarantine

Example

FortiMail-400 # get mailserver systemquarantine system(content) quarantine account: systemquarantine system(content) quarantine forward: system(content) quarantine disk quota: 1 GB system(content) quarantine rotate size: 100 Megabytes system(content) quarantine rotate time: 7 Days When reaching disk quota: Overwrite

History

FortiMail v3.0 New.

misc profile

Use this command to display the misc profile settings. Available in server mode only.

Syntax

get misc [<profile_name>]

If you do not specify a profile name, the command displays information for all misc profiles.

Example

FEServer # get misc profile misc_def Misc profiles id=0, name=misc_def User Account Status: enabled Webmail Access: enabled disk quota: 100

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

80 06-30004-0420-20080814

get out_content

out_content

Use this command to display outgoing content profile settings.

Syntax

get out_content [<name_str>]

<name_str> is the name of an outgoing content profile.

If you do not specify a profile, the command shows the settings of all outgoing content profiles.

History

FortiMail v3.0 New.

out_policy

Use this command to display outgoing recipient-based pol icy settings.

Syntax

get out_policy [<name_str>]

<name_str> is the name of an outgoing policy.

If you do not specify a policy, the command shows the settings of all outgoing policies.

History

FortiMail v3.0 New.

out_profile

Use this command to display outgoing antispam profile settings.

Syntax

get out_profile [<name_str>]

<name_str> is the name of an outgoing antispam profile.

If you do not specify a profile, the command shows the settings of all outgoing profiles.

History

FortiMail v3.0 New.

policy

Use this command to display incoming recipient-based policies for domains. This is available only in transparent and gateway modes.

Syntax

get policy [<fqdn>]

<fqdn> is the domain’s fully-qualified domain name.

If you do not specify a domain, the command shows the policies of all domains.

History

FortiMail v3.0 New.

spam deepheader

Use this command to display the deep header scan settings.

Syntax

get spam deepheader

Example

FortiMail-400 # get spam deepheader

Deep header scanner setting: Confidence degree : 95.000000 IP list of trusted server: Trusted IP list :

History

FortiMail v3.0 MR1 New.

spam heuristic rules

Use this command to display the total number of heuristic antispam rules. The number of rules can change as the FortiGuard service updates the heuristic rule set.

Syntax

get spam heuristic rules

Example

FortiMail-400 # get spam heuristic rules

The total amount of rules is: 88

History

FortiMail v3.0 New. FortiMail v3.0 MR1 Removed keywords desc, disabled, index, modified, name, status,

because the heuristic rules are now maintained by the FortiGuard service.

spam retrieval policy

Use this command to display spam retrieval policy information for a domain. This is available in transparent and gateway modes only.

Syntax

get spam retrieval policy <fqdn_str>

<fqdn_str> is the fully qualified domain name.

History

FortiMail v3.0 New.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 87

system get

system

Use this command to display system information.

Syntax

get system <item>

<item> Description

admin Display the current list of FortiMail administrator accounts including the

appearance Display the product name and bottom logo URL for the system logon

autoupdate Display the antivirus engine version, antivirus definition version, update

ddns Display the dynamic DNS information. disclaimer Display settings for header and body disclaimers for both incoming and

dns Display the IP addresses of the primary and secondary DNS servers that

ha Display HA status and configuration information for a FortiMail unit

hwraid Display the RAID settings. interface Display the configuration and status of all FortiMail unit network

kernel Display the kernel parameter configuration. localdomainname Display the name of the local domain. monitor Display the network interface monitoring configuration and status. objver Display the antivirus engine and virus definition versions, contract expiry

option Display system options, including system idle timeout, authenticat ion

performance Display the FortiMail unit system performance, including CPU usage,

route table Display the FortiMail unit static routing table. For each route in the routing

serialno Display the FortiMail unit serial number. snmp community Display the configuration and status of each defined SNMP community

snmp sysinfo Display the SNMP system information including the location, description

user name, the IP address and netmask from which this account can manage the FortiMail unit, and the account read and write permissions.

page.

configuration, and update status.

outgoing email.

the FortiMail unit uses for DNS lookups.

operating in active-passive or config only HA mode. If the FortiMail unit is operating in active-passive HA mode, the command displays the HA original and effective mode (also known as the HA configured and effective operating mode s resp e ctively), HA main and daemon configuration settings, and also lists peers in the HA group. If the FortiMail unit is operating in config only HA mode this command displays the HA mode (cmaster or cslave) and HA main and daemon configuration settings. If the FortiMail unit is operating in config only HA mode this command also displays the master configuration.

interfaces.

date, and last update attempt result information.

timeout, and language for the web-based manager.

memory usage, and uptime.

table, the command displays the route number, the destination IP address and netmask, and the gateways and interface for each static route.

including community name, status, hosts, queries, traps, and events configured.

and contact information for this FortiMail unit. This information is associated with the FortiMail unit’s SNMP information when it is being managed.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

88 06-30004-0420-20080814

get system

<item> Description

snmp threshold Displays the SNMP threshold settings for available traps such as CPU

status Display system status information. time ntp Display the NTP configuration, including whether NTP is enabled, the

time time Display the system date, time, time zone, and whether daylight saving

usrgrp domain Display a list of the configured domain names. usrgrp domain [<name_str>] Display the user groups, includi n g me mbers of each user group, for the

usage, and memory usage.

NTP server IP address, and the NTP synchronization interval.

time is enabled.

specified domain.

History

FortiMail v3.0 New. FortiMail v3.0 MR3 Added ddns, and localdomainname keywords.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference 06-30004-0420-20080814 89

user get

user

Use this command to display information about users.

Syntax

get user <item>

<item> Description

alias Display each user alias name and the included member s. group Display each user group name and the included members.

This is available only in server mode.

ldap map This is available only in server mode. mail Display email accounts information, including user names and display

map Display a list of user mappings.

History

names. This is available in server mode only.

This is available only in gateway and transparent modes.

FortiMail v3.0 New.

userpolicy

Use this command to display the policy for a specified user. This is available in server mode only.

Syntax

get userpolicy <name_str>

<name_str> is the user name.

History

FortiMail v3.0 New.

alertemail configuration mailto

Use this command to set the email addresses of up to three alert email recipients.

Syntax

To set email recipients:

set alertemail configuration mailto <recipient1> [<recipient2>]

[<recipient3>]

To remove all email recipients:

set alertemail configuration mailto none

Variables Description Default

History

Enter an email address in the form, name@emaildomain. You can add only three email addresses.

No default.

FortiMail v2.8 New.

alertemail deferq

Use this command to configure the deferred email queue alert email conditions. You can set the number of deferred messages that trigger an alert email message, and how frequently the size of the deferred queue is monitored. This is effective only if alertemail setting option deferq is set.

Syntax

set alertemail deferq trigger <trigger_value> interval <interval_minutes>

Variables Description Default

<trigger_value> Set the size that the deferred email queue must reach to cause an alert

email to be sent. The range is 1 to 99999.

<interval_minutes> Set the interval in minutes between checks of deferred queue size. This

can be any number greater than zero.

History

FortiMail v2.8 New.

10 000

alertemail setting option

Use this command to set which alert email events are enabled. To disable all alert email events, use the none option.

Syntax

set alertemail setting option {<option_list> | none}

Variables Description Default

<option_list> A space-delimited list of events that trigger alert email.

Valid options are:

virusincidents Viruses detected. critical FortiMail unit detects a system error. diskfull The FortiMail unit hard disk is full. archivefailure Archiving to the remote host has failed. ha There is High Availability (HA) activity on the

FortiMail unit.

quotafull An account reached its disk quota. dictionary A dictionary is corrupt. systemquarantine System quarantine reached its quota. deferq The deferred mail queue exceeds the

number of messages specified in set alertemail deferq trigger.

none No events.

No default.

Example

To enable alert email for full hard disk and account quota reached

set alertemail setting option diskfull quotafull

History

FortiMail v2.8 New.

antivirus

Use this command to enable or disable antivirus scanning. This command is available in server mode only .

Syntax

set antivirus {enable | disable}

History

FortiMail v3.0 New.

as blacklistaction

Use these commands to set the action to take when an email message arrives from a blacklisted email address, domain, or IP address. This setting affects mail matching all three levels of black lists: system, session, and user.

Syntax

set as blacklistaction {reject | discard | profile}

Keywords and Variables Description Default

reject Reject the message and return an error to the computer attempting to

deliver it.

discard Accept the message but discard it without notifying the sending system. profile Use the setting in the anti-spam profile active for the blacklisted message.

History

FortiMail v3.0 New.

reject

as bounceverify

Use these commands to configure the bounce verification feature. Spammers sometimes use the email addresses of others as the from address in their spam email

messages. When the spam cannot be delivered, a delivery status notification message, or a bounce message, is returned to the sender, which in this case isn’t the real sender. Because the invalid bounce message is from a valid mail server, it can be very difficult to detect as invalid.

You can combat this problem with bounce verification.

Syntax

set as bounceverify action {discard | reject | profile} set as bounceverify autodeletepolicy {0 | 1 | 2 | 3 | 4} set as bounceverify keys {activate | add | delete} set as bounceverify status {enable | disable} set as bounceverify tagexpiry <expiry_int>

Keywords and V a ri a ble s Description Default

action {discard | reject | profile}

autodeletepolicy {0 | 1 | 2 | 3 | 4}

keys {activate | add | delete}

status {enable | disable}

tagexpiry <expiry_int>

If a bounce message is invalid, this setting determines what the FortiMail unit will do with it.

• discard will have the FortiMail unit accept the message and silently delete it. Neither the sender nor the recipient will be informed.

• reject will have FortiMail unit reject the message. The system attempting delivery will receive an error.

• profile will have the FortiMail unit use the action set in the applicable antispam profile.

Inactive keys will be removed after being unused for the selected time period.

• 0. Never automatically delete an unused key.

• 1. Delete a key when it hasn’t been used for 1 month.

• 2. Delete a key when it hasn’t been used for 3 months.

• 3. Delete a key when it hasn’t been used for 6 months.

• 4. Delete a key when it hasn’t been us ed for 12 months.

The active key will not be automatically removed. Bounce verification keys can be activated, added, and deleted.

• activate allows you to specify which key will be used to generate email message tags. Only one key can be active.

• add allows you to create a new key by entering the key string.

• delete allows you to delete an existing key by entering the key string.

Enable or disable bounce verification. Tag checking can be bypassed in each ip profile.

Enter the number of days an email tag is valid. When this time elapses, the FortiMail unit will treated the tag as invalid.

History

FortiMail v3.0 MR4 New.

as control autorelease

Use these commands to set the control account names used to delete or rele ase email messages from quarantine.

Syntax

set as control autorelease {delete | release} <control_account>

Keywords and Variables Description Default

delete This keyword sets the email address ID used to delete quarantined

messages.

release This keyword sets the email address ID used to release

quarantined messages.

<control_account> This is an email address ID. It is not a full email address, but only

the portion before the @ symbol.

The autorelease address IDs do not include a domain. The sender must use the domain appearing in their email address. This allows the autorelease address IDs to be valid for any domain configured on the FortiMail unit.

delete-ctrl

release-ctrl

Example

To make the addresses more descriptive by setting the delete account ID to quarantine_delete and the release account to quarantine_release, enter these two commands:

set as control autorelease delete quarantine_delete set as control autorelease release quarantine_release

A user with the email address user1@example.com would delete message from their quarantine by sending deletion requests to quarantine_delete@example.com. Similarly, this user would release quarantined email by sending release request messages to quarantine_release@example.com.

History

FortiMail v3.0 New.

Fortinet FortiMail 3.0 MR4 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Introduction

About the FortiMail Secure Messaging Platform

About this document

Document conventions

Typographic conventions

FortiMail documentation

Fortinet Tools and Documentation CD

Fortinet Knowledge Center

Comments on Fortinet technical documentation

Customer service and technical support

What’s new

Using the CLI

CLI command syntax

Connecting to the CLI

Connecting to the FortiMail unit console

Setting administrative access for SSH or Telnet

Connecting to the FortiMail CLI using SSH

Connecting to the FortiMail CLI using Telnet

CLI command branches

execute

backup config

Syntax

History

Related topics

checklogdisk

Syntax

History

Related topics

checkmaildisk

Syntax

History

Related topics

clearqueue

Syntax

History

Related topics

factoryreset

Syntax

History

formatlogdisk

Syntax

History

Related topics

formatmaildisk

Syntax

History

Related topics

formatmaildisk_backup

Syntax

History

Related topics

maintain

Syntax

History

Related topics

nslookup

Syntax

History

Related topics

partitionlogdisk

Syntax

History

Related topics

ping

Syntax

History

Related topics

ping-option

Syntax

History

Related topics

reboot

Syntax

History

Related topics