FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Article Id 190444

This article provides steps how to modify FortiMail's IP,URI and Hash score thresholds.


FortiMail 4.0 MR3
FortiMail 5.0

Based on FortiGuard query protocol, scores 1, 2 and 3 are classified as bad.
Default threshold values depends on query type and are as follows - 
IP: 3
URI: 2
Hash: 2

(actual score of specific IP/URI/Hash can be checked in Maintenance > FortiGuard > AntiSpam)

Following commands can be used to adjust the thresholds if needed (to either set them more restrictive or loose for URI and Hash or to loosen them for IP):

config system fortiguard antispam 
set threshold-ip <1-3> 
set threshold-uri <1-3> 
set threshold-shash <1-3> 

Note: To rollback to default value, use 'unset {threshold-ip|threshold-uri|threshold-shash}'
Note 2: score above configured threshold is not mentioned anywhere in the logs or in the email header, should you have increased spam messages coming through in the future (if you modify the threshold setting to be more loose) it will most probably be caused by the decreased threshold.