Fortinet 3.0 MR4 ip_profile check

set ip_profile check

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

06-30004-0420-20080814 175

ip_profile check

Use these commands to configure various session checks.

Syntax

set ip_profile <name_str> check 3_way {enable | disable}

set ip_profile <name_str> check allow_pipelining {no | loose | strict}

set ip_profile <name_str> check domain {enable | disable}

set ip_profile <name_str> check eom_ack {enable | disable}

set ip_profile <name_str> check helo {enable | disable}

set ip_profile <name_str> check open_relay {enable | disable}

set ip_profile <name_str> check recipient {enable | disable}

set ip_profile <name_str> check rewrite_helo {enable | disable}

set ip_profile <name_str> check rewrite_helo_custom {enable | disable}

<helo_str>

set ip_profile <name_str> check send_dsn {enable | disable}

set ip_profile <name_str> check sender {enable | disable}

set ip_profile <name_str> check splice {enable | disable} <integer>

{seconds | kilobytes}

set ip_profile <name_str> check stop_empty_domains {enable | disable}

set ip_profile <name_str> check stop_encrypted {enable | disable}

set ip_profile <name_str> check syntax {enable | disable}

Keywords and Variables Description Default

<name_str> Enter the name of the session profile.

3_way

{enable | disable} Enable or disable message rejection if recipient and HELO domain match

but sender domain is different.

This check only affects unauthenticated sessions.

disable

allow_pipelining

{no | loose |

strict}

Disable, enable, or enable strict command pipelining.

•{no} The FortiMail unit accepts only a single command at a time during

an SMTP session.

•{loose} Some SMTP command sequences are accepted and

processed as a group, increasing performance over high-latency

connections.

•{strict} Pipelining is enabled, but limited to strict compliance with

RFC-2920.

domain

{enable | disable} Enable or disable rejection of EHLO/HELO commands with invalid

characters in the domain. disable

eom_ack

{enable | disable} Enable or disable immediately acknowledging end of message (EOM)

signal. If disabled, the antispam check is run on the message before

acknowledgement is sent. The sending server could time-out while

waiting for EOM acknowledgement.

disable

helo {enable |

disable} Enable to disable checking of the existence of the domain reported in the

client’s HELO command by looking up both the MX record and A record. disable

open_relay

{enable | disable} Enable or disable open relay check. This check only affects

unauthenticated sessions. disable

recipient

{enable | disable} Enable or disable checking the recipient address for a valid domain. disable

rewrite_helo

{enable | disable} Enable or disable rewriting the EHLO/HELO domain to the IP string of the

client address. The rewritten EHLO/HELO will be in the format x.x.x.x disable

rewrite_helo_custom

{enable | disable}

<helo_str>

Select to rewrite the HELO domain to the specified value for any session

this profile applies to. disable