Ip_profile sendervalidation, Syntax, History – Fortinet FortiMail 3.0 MR4 User Manual

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

186

06-30004-0420-20080814

ip_profile sendervalidation

set

ip_profile sendervalidation

The sender validation options allow confirmation of sender and message validity.

Syntax

set ip_profile sendervalidation authenticated {enable |

disable}

set ip_profile sendervalidation bypassbounceverify {enable |

disable}

set ip_profile sendervalidation dkim {enable | disable}

set ip_profile sendervalidation domainkey {enable | disable}

set ip_profile sendervalidation signing {enable | disable}

set ip_profile sendervalidation spf {enable | disable}

History

Keywords and Variables

Description

Default

Enter the name of the session profile.

authenticated {enable

| disable}

Only available when DKIM signing is enabled, this setting will limit
DKIM message signing to senders who authenticate with the FortiMail
unit.

disable

bypassbounceverify

{enable | disable}

If bounce verification is enabled, select bypass bounce verification for
connections matching this policy. This bypass does not prevent the
tagging of outgoing messages. For information on enabling
verification of delivery status notification (DSN) email, see

“as

bounceverify” on page 99

.

disable

dkim {enable |

disable}

Check the validity of DKIM signatures, if present. An invalid signature
will increase the client sender reputation score and affect the deep
header scan. A valid signature decreases the client sender reputation
score.
If the sender domain DNS record does not include DKIM information
or the message is not signed, the validation is skipped.

disable

domainkey {enable |

disable}

If the sender domain DNS record lists DomainKeys authorized IP
addresses, the DomainKeys check will compare the client IP address
to the authorized senders.
A DomainKeys failure increases the client sender reputation score. A
DomainKeys validation decreases the client sender reputation score.
If the sender domain DNS record does not publish DomainKeys
information, the check is skipped.

disable

signing {enable |

disable}

Sign outgoing messages with DKIM signatures. Signed messages
can be validated at their destination. Signing requires that a domain
key selector be generated by the FortiMail unit and added to the DNS
zone file.
The domain key selector can be generated in the domain
configuration. Go to Mail Settings > Domains > Domains.

disable

spf {enable | disable}

If the sender domain DNS record lists SPF authorized IP addresses,
the SPF check will compare the client IP address to the authorized
senders.
An SPF failure increases the client sender reputation score. An SPF
validation decreases the client sender reputation score.
If the sender domain DNS record does not publish SPF information,
the check is skipped.

disable

FortiMail v3.0

New.

FortiMail v3.0 MR4 Added keyword bypassbounceverify.