Technical Tip: How to change safe/block lists precedence
Description
This article describes how to change the safe/block lists' precedence.
By default, system safelists and blocklists have precedence over other safelists and blocklists. The default order is displayed in Order of execution for antispam scans.
In some cases, the use can want to change the precedence order.
For example, allow a user to use his/her own lists (Personal safe/block lists) to override the system list.
Scope
FortiMail.
Solution
- Run the following command to check the current precedence order.
get antispam settings
-
By default, the precedence order is System -> Session -> Domain -> Personal, which means the system safelists and blocklists have precedence over Personal safelists and blocklists.
-
Run the following command to move the 'personal’ ahead of 'system' to allow a user to use his/her own lists (Personal safe/block lists) to overwrite the system safelists and blocklists.
config antispam settings
set safe-block-list-precedence personal system session domain
end
-
For this case, add an external sender address 'external@test.com' to the Personal Block List and System Safe list.
Now the Personal safelists and blocklists have precedence over the System safelists and blocklists, so the email has been blocked by FortiMail due to the sender matching the user’s personal block list.
For more details, refer to this document: Configuring the block lists and safe lists.