Fortinet 3.0 MR4 ip_profile sendervalidation

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

186 06-30004-0420-20080814

ip_profile sendervalidation set

ip_profile sendervalidation

The sender validation options allow confirmation of sender and message validity.

Syntax

set ip_profile <name_str> sendervalidation authenticated {enable |

disable}

set ip_profile <name_str> sendervalidation bypassbounceverify {enable |

disable}

set ip_profile <name_str> sendervalidation dkim {enable | disable}

set ip_profile <name_str> sendervalidation domainkey {enable | disable}

set ip_profile <name_str> sendervalidation signing {enable | disable}

set ip_profile <name_str> sendervalidation spf {enable | disable}

History

Keywords and Variables Description Default

<name_str> Enter the name of the session profile.

authenticated {enable

| disable} Only available when DKIM signing is enabled, this setting will limit

DKIM message signing to senders who authenticate with the FortiMail

unit.

disable

bypassbounceverify

{enable | disable} If bounce verification is enabled, select bypass bounce verification for

connections matching this policy. This bypass does not prevent the

tagging of outgoing messages. For information on enabling

verification of delivery status notification (DSN) email, see “as

bounceverify” on page 99.

disable

dkim {enable |

disable} Check the validity of DKIM signatures, if present. An invalid signature

will increase the client sender reputation score and affect the deep

header scan. A valid signature decreases the client sender reputation

score.

If the sender domain DNS record does not include DKIM information

or the message is not signed, the validation is skipped.

disable

domainkey {enable |

disable} If the sender domain DNS record lists DomainKeys authorized IP

addresses, the DomainKeys check will compare the client IP address

to the authorized senders.

A DomainKeys failure increases the client sender reputation score. A

DomainKeys validation decreases the client sender reputation score.

If the sender domain DNS record does not publish DomainKeys

information, the check is skipped.

disable

signing {enable |

disable} Sign outgoing messages with DKIM signatures. Signed messages

can be validated at their destination. Signing requires that a domain

key selector be generated by the FortiMail unit and added to the DNS

zone file.

The domain key selector can be generated in the domain

configuration. Go to Mail Settings > Domains > Domains.

disable

spf {enable | disable} If the sender domain DNS record lists SPF authorized IP addresses,

the SPF check will compare the client IP address to the authorized

senders.

An SPF failure increases the client sender reputation score. An SPF

validation decreases the client sender reputation score.

If the sender domain DNS record does not publish SPF information,

the check is skipped.

disable

FortiMail v3.0 New.

FortiMail v3.0 MR4 Added keyword bypassbounceverify.