Category Archives: Administration Guides

Configuring Centralized Administration

Configuring centralized administration

Maintenance > System > Central Management lets you use a FortiManager unit to manage your FortiMail unit’s configuration and firmware.

The latest FortiManager releases support centralized management of FortiMail v3.0 MR4 and

MR5 releases. For FortiMail v4.0 releases, centralized management will be supported in FortiManager v4.2 and later releases. Refer to FortiManager release notes for details about supported FortiMail versions. For information on configuring a FortiManager unit to manage or provide services to your other Fortinet brand devices, see the FortiManager Administration Guide.

To access this part of the web UI, your administrator account’s:

Domain must be System
access profile must have Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To configure centralized administration

Go to Maintenance > System > Central Management.

Figure 94:Central Management tab

Configure the following:

GUI item	Description
Enable central management	Enable to use a FortiManager unit to manage FortiMail configuration revisions and firmware. For details, see “Backing up your configuration using a FortiManager unit” on page 221 and “Restoring the firmware” on page 222. If the FortiManager unit is not configured to automatically register new devices, you must also add the FortiMail unit to the FortiManager unit’s device list. For details, see the FortiManager Administration Guide.
IP	Enter the IP address of the FortiManager unit.
Allow automatic backup of configuration on logout	If enabled, and if the FortiMail unit’s configuration has changed, the FortiMail unit will send a configuration backup to the FortiManager unit when the FortiMail administrator logs out of the web UI. Alternatively or in addition to this option, configuration backups can also be performed manually. For details, see “Backup and restore” on page 218.
Allow configuration updates initiated by the management server	If enabled, the FortiMail unit accepts configuration connections from the FortiManager unit.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Maintaining The System

Leave a reply

Maintaining the system

The Maintenance menu contains features for use during scheduled maintenance: updates, backups, restoration, and centralized administration.

Also use it to configure FortiGuard Antispam query connectivity.

Backup and restore
Configuring centralized administration
Configuring FortiGuard updates and antispam queries

Backup and restore

Before installing FortiMail firmware or making significant configuration changes, back up your FortiMail configuration. Backups let you revert to your previous configuration if the new configuration does not function correctly. Backups let you compare changes in configuration.

A complete configuration backup consists of several parts:

core configuration file (fml.cfg), including the local certificates
Bayesian databases
mail queues
system, per-domain, and per-user black/white list databases
email users’ address books
images and language files for customized appearance of the web UI and webmail To access those parts of the web UI, your administrator account’s:
Domain must be System
access profile must have Read-Write permission to all categories

For details, see “About administrator account permissions and domains” on page 290.

Page 218

In addition, although they are not part of the configuration, you may want to back up the following data:

email archives
log files
generated report files
mailboxes

Alternatively, if you only want to back up your core configuration file, you can back up the FortiMail unit’s configuration to a FortiManager unit. For details, see “Backing up your configuration using a FortiManager unit” on page 221.

To back up the configuration file

Although mailboxes and quarantines cannot be downloaded to your management computer, you can configure the FortiMail unit to back up mail data by storing it externally, on a NAS server. For details, see “Selecting the mail data storage location” on page 376.

Go to Maintenance > System > Configuration.
In the Backup Configuration area:
- Select Local PC
- Enable System configuration.
- Click Backup.

Your management computer downloads the configuration file. Time required varies by the size of the file and the speed of your network connection. You can restore the backup configuration later when required. For details, see “Restoring the configuration” on page 692.

FortiMail v4.0 configuration backing up to a FortiManager unit is supported in FortiManager v4.2 and newer releases. See “Backing up your configuration using a FortiManager unit” on page 221. Also see “Configuring centralized administration” on page 232.

To back up the Bayesian databases

Go to Maintenance > AntiSpam > Database Maintenance.
Click Backup Bayesian database.

Your management computer downloads the database file. Time required varies by the size of the file and the speed of your network connection.

To back up the mail queues

Go to Maintenance > System > Mail Queue.
Click Backup Queue.

Your management computer downloads the database file. Time required varies by the size of the file and the speed of your network connection.

To back up the black/white list database

Go to Maintenance > AntiSpam > Black/White List Maintenance.
Click Export Black/White List.

Your management computer downloads the database file. The time required varies by the size of the file and the speed of your network connection.

To back up email users’ accounts (server mode only)

Go to User > User > User.
Click Export .CSV.

Your management computer downloads the user account spreadsheet file. Time required varies by the size of the file and the speed of your network connection.

To back up the global address book (server mode only)

Go to Mail Settings > Address Book > Contacts.
Click
On the pop-up menu, select CSV.

You are prompted for a location to save the file. Follow the prompts and click Save.

Your management computer downloads the address book spreadsheet file. Time required varies by the size of the file and the speed of your network connection.

To back up customized appearances of the web UI and webmail UI

Go to System > Configuration > Appearance.
In Administration interface, for each image file, save the image to your management computer.

Methods vary by web browser. For example, you might need to click and drag the images into a folder on your management computer in order to save them to that folder. For instructions, see your browser’s documentation.

Click the arrow to expand Webmail interface.
For each webmail language, click the name of the language to select it, then click Download.

Your management computer downloads the language file. Time required varies by the size of the file and the speed of your network connection.

To back up email archivesGo to Maintenance > System > Mail Data.

In addition to downloading email archives to your management computer, you can configure the FortiMail unit to store email archives on an SFTP or FTP server. For details, see “Managing archived email” on page 203 and “Configuring email archiving accounts” on page 656.

Continue using the instructions in “Configuring mailbox backups” on page 227.

Pages: 1 2 3 4

Viewing Generated Reports

Leave a reply

Viewing generated reports

The Report tab displays the list of reports generated from the report profiles. You can delete, view, and/or download generated reports.

FortiMail units can generate reports automatically, according to the schedule that you configure in the report profile, or manually, when you select a report profile and click Generate. For more information, see “Configuring report profiles and generating reports” on page 676.

To access this part of the web UI, your administrator account’s:

Domain must be System
access profile must have Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To view and generate reports

Go to Monitor > Report > Report.

Figure 87:Report tab

GUI item	Description
Delete (button)	Click to delete the selected item.
Download (button)	Click to create a PDF version of the report.
Report File Name	Lists the name of the generated report, and the date and time at which it was generated. For example, Report 1-2008-03-31-2112 is a report named Report 1, generated on March 31, 2008 at 9:12 PM. To view an individual section of the report in HTML format, click + next to the report name to expand the list of HTML files that comprise the report, then double-click one of the file names.
Last Access Time	Lists the date and time when the FortiMail unit completed the generated report.
Size	Lists the file size of the report in HTML format, in bytes.

To view the report in PDF file format, mark the check box in the corresponding row and click On the pop-up menu, select Download PDF.
To view the report in HTML file format, you can view all sections of the report together, or you can view report sections individually.

To view all report sections together, mark the check box in the row corresponding to the report, such as treportprofile-2011-06-27-1039, then click Download and select Download HTML. Your browser downloads a file with an archive (.tgz.gz) file extension to your management computer. To view the report, first extract the report files from the archive, then open the HTML files in your web browser.
Each Query Selection in the report becomes a separate HTML file. You can view the report as individual HTML files. In the row corresponding to the report that you want to view, click + next to the report name to expand the list of sections, then double-click the file name of the section that you want to view, such as html. The report appears in a new browser window.

Figure 88:Viewing a generated report (HTML file format, Mail by Sender)

Viewing Log Messages

1 Reply

Viewing log messages

The Log submenu displays locally stored log files. If you configured the FortiMail unit to store log messages locally (that is, to the hard disk), you can view the log messages currently stored in each log file.

Logs stored remotely cannot be viewed from the web UI of the FortiMail unit. If you require the ability to view logs from the web UI, also enable local storage. For details, see “Configuring logging to the hard disk” on page 672.

The Log submenu includes the following tabs, one for each log type:

History: Where you can view the log of sent and undelivered SMTP email messages.
Event: Where you can view the log of administrator activities and system events.
AntiSpam: Where you can view the log of email detected as spam.
AntiVirus: Where you can view the log of email detected as infected by a virus.
Encryption: Where you can view the log of IBE encryption. For more information about using IBE, see “Configuring IBE encryption” on page 357.

For more information on log types, see “FortiMail log types” on page 667.

Each tab contains a similar display.

The lists are sorted by the time range of the log messages contained in the log file, with the most recent log files appearing near the top of the list.

For example, the current log file would appear at the top of the list, above a rolled log file whose time might range from 2008-05-08 11:59:36 Thu to 2008-05-29 10:44:02 Thu.

To access this part of the web UI, your administrator account’s:

Domain must be System
access profile must have Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To view the list of log files and their contents

Go to Monitor > Log.
Click the tab corresponding to the type of log file that you want to view (History, Event, AntiVirus, AntiSpam, or Encryption).

Figure 81:Antispam log tab

GUI item	Description
Download (button)	Click to download the report in one of several formats: • Normal Format for a log file that can be viewed with a plain text editor such as Microsoft Notepad. • CSV Format for a comma-separated value (.csv) file that can be viewed in a spreadsheet application such as Microsoft Excel or OpenOffice Calc. • Compressed Format for a plain text log file like Normal Format, except that it is compressed and stored within a .gz archive.
Search (button)	Click to search all log files of this type. Unlike the search when viewing the contents of an individual log file, this search displays results regardless of which log file contains them. For more information, see “Searching log messages” on page 212.
Start Time	Lists the beginning of the log file’s time range.
End Time	Lists the end of the log file’s time range.
Size	Lists the size of the log file in bytes.

To view messages contained in logs:
- double-click a log file to display the file’s log messages

To view the current page’s worth of the log messages as an HTML table, right-click and select Export to Table. The table appears in a new tab. To download the table, click and drag to select the whole table, then copy and paste it into a rich text editor such as Microsoft Word or OpenOffice Writer.

click a row to select its log file, click Download, then select a format option

Alternatively, to display a set of log messages that may reside in multiple, separate log files:

If the log files are of the same type (for example, all antispam logs), click Search. For details, see “Searching log messages” on page 212.
If the log messages are of different types but all caused by the same email session ID, you can do a cross-search to find and display all correlating log messages. For details, see “Cross-searching log messages” on page 214.

For descriptions of individual log messages, see the FortiMail Log Message Reference.

Log messages can appear in either raw or formatted views.

Raw view displays log messages exactly as they appear in the plain text log file.
Formatted view displays log messages in a columnar format. Each log field in a log message appears in its own column, aligned with the same field in other log messages, for rapid visual comparison. When displaying log messages in formatted view, you can customize the log view by hiding, displaying and arranging columns and/or by filtering columns, refining your view to include only those log messages and fields that you want to see.

By default, log messages always appear in columnar format, with one log field per column. However, when viewing this columnar display, you can also view the log message in raw format by hovering your mouse over the index number of the log message, in the # column, as shown in Table .

Figure 82:Log messages

Table 19:Viewing log messages at Monitor > Log

GUI item	Description
Level	Select the severity level that a log message must equal or exceed in order to appear. For more information, see “Log message severity levels” on page 668.
Save View (button)	Click to save the customized view. Future log message reports appear in this view.
Search (button)	Click to search the currently displayed log file. For more information, see “Searching log messages” on page 212. Alternatively, if you want to search all log files of that type. For details, see “Viewing log messages” on page 206.
Back (button)	Click to return the view before a search.
Subtype (event log only)	Select one of the following subtypes that a log message must match in order to appear: • ALL: Display all log messages, and do not filter out any subtype. • Configuration: Display only log messages containing subtype=config. • Admin User: Display only log messages containing subtype=admin. • Web Mail: Display only log messages containing subtype=webmail. • System: Display only log messages containing subtype=system. • HA: Display only log messages containing subtype=ha. • Update: Display only log messages containing subtype=update. • POP3: Display only log messages containing subtype=pop3. • IMAP: Display only log messages containing subtype=imap. • SMTP: Display only log messages containing subtype=smtp. • OTHERS: Display all lines that have a subtype value that is not any of the above subtypes, from Configuration to SMTP. This option appears only when displaying the event log. Log subtypes reflect types selected when enabling logging. For details, see “FortiMail log types” on page 667.

When hovering your mouse cursor over a log message, that row is temporarily highlighted; however, this temporary highlight automatically follows the cursor, and will move to a different row if you move your mouse. To create a row highlight that does not move when you move your mouse, click anywhere in the row of the log message.

For information on individual log messages, see the FortiMail Log Message Reference.

Pages: 1 2 3 4

Managing Archived Email

Leave a reply

Managing archived email

You can archive email according to criteria you specify. For details, see “Email archiving workflow” on page 656.

You can view and search archived email through the web UI. You can also download them, forward them to an email address, and use them to train the Bayesian databases.

For more information on Bayesian database training, see “Training the Bayesian databases” on page 645.

To access this part of the web UI, your administrator account’s:

Domain must be System
access profile must have Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To view archived email

Go to Monitor > Archive > Archive Accounts.
Select the email archive account you want to view and click View. For details about email archive accounts, see “Configuring email archiving accounts” on page 656.
From the Archive Folder drop-down list, select Inbox to view the good mail mailboxes, or select Bulk to view the spam mailboxes.
Double-click the name of the email archive mailbox that you want to view.

A list of archived email appears.

Figure 79:Contents an archive mailbox

GUI item	Description
View (button)	To view the message, click its check box and click View. You can also view the message by double-clicking the message.
Send (button)	Select the check box of each email that you want to send to an email address as a mailbox (.mbox) file, then click this button.
Export (button)	Select the check box of email that you want to download and click Export to download a mailbox (.mbox) file or an archive (.tar.gz) file containing individual email (.eml) files.
Train Bayesian Database (button)	Mark the check box of each email message to use to train Bayesian databases then click this button. For more information, see “To train Bayesian databases with archived mail” on page 204.
Back (button)	Click to return to the list of archive mailboxes.

To train Bayesian databases with archived mail

Go to Monitor > Archive > Archive Accounts.
Select the email archive account you want to view and click View. For details about email archive accounts, see “Configuring email archiving accounts” on page 656.
From the Archive Folder drop-down list, select Inbox to view the good mail mailboxes, or select Bulk to view the spam mailboxes.
Double-click the name of the email archive mailbox that you want to use to train the Bayesian databases.
In the check box column, mark the check box of each email that you want to use to train the Bayesian databases. To use all messages for training, select the check box above the first message to mark the check boxes of all email on the current page.
Click Train Bayesian Database.

Figure 80: Training a Bayesian database using archived email

Select whether to use the messages as spam or non-spam (known as innocent messages) email.
Select the database you want to train: global, per-domain (group), or personal.
- Global requires no further information.
- For per-domain database training, select the domain.
- For personal database training, select the domain in Group database, then select the name of the user.
Click Apply.

Viewing the Endpoint Reputation Statuses

Leave a reply

Viewing the endpoint reputation statuses

Go to Monitor > Endpoint Reputation > Auto Blacklist to view the current list of carrier end points (by their MSISDN, subscriber ID, or other identifier) that were caught by FortiMail for sending spam. For general procedures about how to configure endpoint reputation, see “Configuring endpoint reputation” on page 639.

If a carrier end point has attempted to deliver during the automatic blacklisting window a number of spam text messages that is greater than the automatic endpoint blacklisting threshold, FortiMail unit adds the carrier end point to the automatic endpoint black list for the duration configured in the session profile. While the carrier end point is on the automatic black list and it does not expire, all text messages or email messages from it will be rejected. For information on configuring the automatic black list window, see “Configuring the endpoint reputation score window” on page 643. For information on enabling the endpoint reputation scan and configuring the automatic black list threshold in a session profile, see “Configuring session profiles” on page 482.

To access this part of the web UI, your administrator account’s:

Domain must be System
access profile must have Read or Read-Write permission to the Black/White List category For details, see “About administrator account permissions and domains” on page 290.

To view the automatic endpoint reputation black list, go to Monitor > Endpoint Reputation > Auto Blacklist.

Figure 77:Viewing endpoint reputation scores

Table 18:Auto Blacklist tab

GUI item	Description
Move (button)	To move entries to the manual endpoint black list or white list, in the check box column, mark the check boxes of entries that you want to move, then click Move.
Search (button)	Click to filter the displayed entries. For more information, see “Filtering automatic endpoint black list entries” on page 202.
Endpoint ID	Lists the mobile subscriber IDSN (MSISDN), subscriber ID, login ID, or other unique identifier for the carrier end point.
Score	Lists the number of text messages or email messages that the FortiMail has detected as spam or infected from the MSISDN/subscriber ID during the automatic endpoint black list window.
Expire	Lists the time at which the automatic endpoint blacklisting entry expires and is removed from the list. N/A appears if the endpoint ID has not reached the threshold yet.

Filtering automatic endpoint black list entries

You can filter automatic endpoint black list entries that appear on the Auto Blacklist tab based on the MSISDN, subscriber ID, or other sender identifier.

To filter the endpoint black list entries

Go to Monitor > Endpoint Reputation > Auto Blacklist.
Click Search.

Figure 78:A dialog appears.Search Dialog

GUI item	Description
Field	Displays one option: Endpoint ID.
Operation	Select how to match the field’s contents, such as whether the row must contain the contents of Value.
Case Sensitive	Enable for case-sensitive filtering.
Value	Enter the identifier of the carrier end point, such as the subscriber ID or MSISDN, for the entry that you want to display. A blank field matches any value. Use an asterisk () to match multiple patterns, such as typing 46 to match 46701123456, 46701123457, and so forth. Regular expressions are not supported.

Click Search.

The Auto Blacklist tab appears again, but its contents are restricted to entries that match your filter criteria. To remove the filter criteria and display all entries, click the Auto Blacklist tab to refresh its view.

Viewing The Sender Reputation Statuses

Leave a reply

Viewing the sender reputation statuses

The FortiMail unit tracks SMTP client behavior to limit deliveries of those clients sending excessive spam messages, infected email, or messages to invalid recipients. Should clients continue delivering these types of messages, their connection attempts are temporarily or permanently rejected. Sender reputation is managed by the FortiMail unit and requires no administration.

Monitor > Sender Reputation > Display displays the sender reputation score for each SMTP client.

To access this part of the web UI, your administrator account’s:

Domain must be System
access profile must have Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

For more information on enabling sender reputation and configuring the score thresholds, see “Configuring sender reputation options” on page 485.

To view the sender reputation scores, go to Monitor > Sender Reputation > Display.

Figure 75:Display tab

Table 17:Viewing the sender reputation statuses

GUI item	Description
Search (button)	Click to filter the displayed entries. For more information, see “Filtering sender reputation score entries” on page 199.
IP	The IP address of the SMTP client.
Score	The SMTP client’s current sender reputation score.
State	Lists the action that the sender reputation feature is currently performing for delivery attempts from the SMTP client. • Score controlled: The action is determined by comparing the current Score value to the thresholds in the session profile.
Last Modified	Lists the time and date the sender reputation score was most recently modified.

Sender reputation is a predominantly automatic antispam feature, requiring little or no maintenance. For each connecting SMTP client (sometimes called a sender), the sender reputation feature records the sender IP address and the number of good email and bad email from the sender.

In this case, bad email is defined as:

Spam
Virus-infected
Unknown recipients
Invalid DKIM
Failed SPF check

The sender reputation feature calculates the sender’s current reputation score using the ratio of good email to bad email. and performs an action based on that score.

The FortiMail unit calculates the sender reputation score using statistics up to 12 hours old, with more recent statistics influencing the score more than older statistics. The sender reputation score decreases (improves) as time passes where the sender has not sent spam. The score itself ranges from 0 to 100, with 0 representing a completely acceptable sender, and 100 being a totally unacceptable sender.

To determine which action the FortiMail unit will perform after it calculates the sender reputation score, the FortiMail unit compares the score to three score thresholds which you can configure in the session profile:

Throttle client at: For scores less than this threshold, senders are allowed to deliver email without restrictions. For scores greater than this threshold but less than the temporary fail threshold, senders are rate-limited in the number of email messages that they can deliver per hour, expressed as either an absolute number or as a percentage of the number sent during the previous hour. If a sender exceeds the limit and keeps sending email, the FortiMail unit will send temporary failure codes to the sender. See descriptions for Temporary fail in “Configuring sender reputation options” on page 485.
Temporarily fail: For scores greater than this threshold but less than the reject threshold, the FortiMail unit replies to senders with a temporary failure code, delaying delivery and requiring senders to retry later when their score is reduced.
Reject: For scores greater than this threshold, the FortiMail unit replies to senders with a rejection code.

If the SMTP client does not attempt any email deliveries for more than 12 hours, the SMTP client’s sender reputation entry is deleted, and a subsequent delivery attempt is regarded as a new SMTP client by the sender reputation feature.

Filtering sender reputation score entries

You can filter sender reputation score entries that appear on the Display tab based on the IP address of the SMTP client, the score, state, and date/time of the last score modification.

To filter the sender reputation score entries 1. Go to Monitor > Sender Reputation > Display.

Click Search.

A dialog appears.

Figure 76:Search dialog

Configure one or more of the following:

GUI item	Description
Field	Select one of the following in the entries that you want to use to filter the display. • IP • Score • State • Last Modified
Operation	Select how to match the field’s contents, such as whether the row must contain the contents of Value.
Case Sensitive	Enable for case-sensitive filtering.
Value	Enter a pattern or exact value, based on your selection in Field and Operation. • IP: Enter the IP address of the SMTP client, such as 172.16.1.10, for the entry that you want to display. • Score: Enter the minimum and maximum of the range of scores of entries that you want to display. • State: Select the State of entries that you want to display. • Last modified: Select the year, month, day, and/or hour before or after the Last Modified value of entries that you want to display.

Blank fields match any value. Regular expressions and wild cards are not supported.

Click Search.

The Display tab appears again, but its contents are restricted to entries that match your filter criteria. To remove the filter criteria and display all entries, click the Display tab to refresh its view.

Viewing The Greylist Statuses

Leave a reply

Viewing the greylist statuses

The Greylist submenu lets you monitor automatic greylisting exemptions, and email currently experiencing temporary failure of delivery due to greylisting.

Greylisting exploits the tendency of legitimate email servers to retry email delivery after an initial temporary failure, while spammers will typically abandon further delivery attempts to maximize spam throughput. The greylist scanner replies with a temporary failure for all email messages whose combination of sender email address, recipient email address, and SMTP client IP address is unknown. If an SMTP server retries to send the email message after the required greylist delay but before expiry, the FortiMail unit accepts the email and adds the combination of sender email address, recipient email address, and SMTP client IP address to the list of those known by the greylist scanner. Subsequent known email messages are accepted. For details on the greylisting mechanism, see “About greylisting” on page 624.

To use greylisting, you must enable the greylist scan in the antispam profile. For more information, see “Managing antispam profiles” on page 503.

Greylisting is bypassed if the SMTP client establishes an authenticated session (see “Bypass scan on SMTP authentication” on page 533, “Controlling email based on recipient addresses” on page 468, and “Controlling email based on IP addresses” on page 475), or if the matching access control rule’s Action is RELAY (see “Order of execution” on page 16).

You can configure the initial delay associated with greylisting, and manually exempt senders. For details, see “Configuring the grey list TTL and initial delay” on page 628 and “Manually exempting senders from greylisting” on page 630.

Viewing the pending and individual automatic greylist entries

The Display tab lets you view pending and individual automatic greylist entries.

Pending greylist entries are those whose Status is not PASSTHROUGH. For email messages matching pending greylist entries, the FortiMail unit will reply to delivery attempts with a temporary failure code until the greylist delay period, indicated by Time to passthrough, has elapsed.
Individual greylist entries are those whose Status is PASSTHROUGH. For email messages matching pending greylist entries, the greylist scanner will allow the delivery attempt, and may create a consolidated automatic greylist entry. For information on consolidated entries, see “Viewing the consolidated automatic greylist exemptions” on page 196.

To access this part of the web UI, your administrator account’s:

Domain must be System
access profile must have Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

To view the greylist, go to Monitor > Greylist > Display.

Figure 73:Display tab

Table 15:Viewing the list of pending and individual greylist entries

GUI item	Description
Search (button)	Click to filter the displayed entries. For details, see “Filtering pending and individual automatic greylist entries” on page 195.
IP	Lists the IP address of the SMTP client that delivered or attempted to deliver the email message. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display.
Sender	Lists the sender email address in the message envelope (MAIL FROM:), such as user1@example.com. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display.
Recipient	Lists the recipient email address in the message envelope (RCPT TO:), such as user1@example.com. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display.
Status	Lists the current action of the greylist scanner when the FortiMail unit receives a delivery attempt for an email message matching the entry. • TEMPFAIL: The greylisting delay period has not yet elapsed, and the FortiMail unit currently replies to delivery attempts with a temporary failure code. For information on configuring the greylist delay period, see “Configuring the grey list TTL and initial delay” on page 628. • PASSTHROUGH: The greylisting delay period has elapsed, and the greylist scanner will allow delivery attempts.

Table 15:Viewing the list of pending and individual greylist entries

Time to passthrough

Lists the time and date when the greylisting delay period for a pending entry is scheduled to elapse. Delivery attempts after this date and time confirm the pending greylist entry, and the greylist scanner converts it to an individual automatic greylist entry. The greylist scanner may also consolidate individual greylist entries. For information on consolidated entries, see “Viewing the consolidated automatic greylist exemptions” on page 196.

N/A appears if the greylisting period has already elapsed.

Expire

Lists the time and date when the entry will expire. The greylist entry’s expiry time is determined by the following two factors:

• Initial expiry period: After a greylist entry passes the greylist delay period and its status is changed to PASSTHROUGH, the entry’s initial expiry time is determined by the time you set with the CLI command

set greylist-init-expiry-period under config antispam

settings (for details, see the FortiMail CLI Reference). The default initial expiry time is 4 hours. If the initial expiry time elapses without an email message matching the automatic greylist entry, the entry expires and the greylist scanner removes the entry.

• TTL: Between the entry’s PASSTHROUGH time and initial expiry time, if the entry is hit again (the sender retries to send the message again), the entry’s expiry time will be reset by adding the TTL value (time to live) to the message’s “Received” time. Each time an email message matches the entry, the life of the entry is prolonged; in this way, entries that are in active use do not expire. If the TTL elapses without an email message matching the automatic greylist entry, the entry expires and the greylist scanner removes the entry. For information on configuring the TTL, see “Configuring the grey list TTL and initial delay” on page 628.

Filtering pending and individual automatic greylist entries

You can filter the greylist entries on the Display tab based on sender email address, recipient email address, and/or the IP address of the SMTP client.

To filter the greylist entries 1. Go to Monitor > Greylist > Display.

Click Search.

A dialog appears.

Figure 74:Search dialog

Configure one or more of the following:

GUI item	Description
Field	Select one of the following columns in the greylist entries that you want to use to filter the display. • IP • Sender • Recipient
Operation	Select how the column’s contents will be matched, such as whether the row must contain the Value.
Case Sensitive	Enable for case-sensitive filtering.
Value	Enter a pattern or exact value based on your selection in Field and Operation. • IP: Enter the IP address of the SMTP client, such as 172.16.1.10. • Sender: Enter the complete sender email address in the message envelope (MAIL FROM:), such as user1@example.com. • Recipient: Enter the complete recipient email address in the message envelope (RCPT TO:), such as user1@example.com.

Use an asterisk (*) to match multiple patterns, such as typing user* to match user1@example.com, user2@example.net, and so forth. Blank fields match any value.

Regular expressions are not supported.

Click Search.

Viewing the consolidated automatic greylist exemptions

The Auto Exempt tab displays consolidated automatic greylist entries.

The FortiMail unit creates consolidated greylist entries from individual automatic greylist entries that meet consolidation requirements. For more information on individual automatic greylist entries, see “Viewing the pending and individual automatic greylist entries” on page 193. For more information on consolidation requirements, see “Automatic greylist entries” on page 627.

To access this part of the web UI, your administrator account’s:

Domain must be System
access profile must have Read or Read-Write permission to the Policy category For details, see “About administrator account permissions and domains” on page 290.

To view the list of consolidated entries, go to Monitor > Greylist > Auto Exempt.

Table 16:Auto Exempt tab options

GUI item	Description
Search (button)	Click to filter the displayed entries.
IP	Lists the /24 subnet of the IP address of the SMTP client that delivered or attempted to deliver the email message. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display.
Sender	Lists the domain name portion of the sender email address in the message envelope (MAIL FROM:), such as example.com. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display.
Expire	Lists the time and date when the entry will expire, determined by adding the TTL value to the time the last matching message was received. For information on configuring the TTL, see “Configuring the grey list TTL and initial delay” on page 628.