Description
This article provides steps how to modify FortiMail's IP,URI and Hash score thresholds.
Scope
FortiMail 4.0 MR3
FortiMail 5.0
Solution
Based on FortiGuard query protocol, scores 1, 2 and 3 are classified as bad.
Default threshold values depends on query type and are as follows -
IP: 3
URI: 2
Hash: 2
(actual score of specific IP/URI/Hash can be checked in Maintenance > FortiGuard > AntiSpam)
Following commands can be used to adjust the thresholds if needed (to either set them more restrictive or loose for URI and Hash or to loosen them for IP):
config system fortiguard antispam
set threshold-ip <1-3>
set threshold-uri <1-3>
set threshold-shash <1-3>
end
Note: To rollback to default value, use 'unset {threshold-ip|threshold-uri|threshold-shash}'
Note 2: score above configured threshold is not mentioned anywhere in the logs or in the email header, should you have increased spam messages coming through in the future (if you modify the threshold setting to be more loose) it will most probably be caused by the decreased threshold.
