FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
GabrielAuYong_FTNT
Description

This article provides steps how to modify FortiMail's IP,URI and Hash score thresholds.


Scope

FortiMail 4.0 MR3
FortiMail 5.0


Solution
Based on FortiGuard query protocol, scores 1, 2 and 3 are classified as bad.
Default threshold values depends on query type and are as follows - 
IP: 3
URI: 2
Hash: 2

(actual score of specific IP/URI/Hash can be checked in Maintenance > FortiGuard > AntiSpam)

Following commands can be used to adjust the thresholds if needed (to either set them more restrictive or loose for URI and Hash or to loosen them for IP):

config system fortiguard antispam 
set threshold-ip <1-3> 
set threshold-uri <1-3> 
set threshold-shash <1-3> 
end 

Note: To rollback to default value, use 'unset {threshold-ip|threshold-uri|threshold-shash}'
Note 2: score above configured threshold is not mentioned anywhere in the logs or in the email header, should you have increased spam messages coming through in the future (if you modify the threshold setting to be more loose) it will most probably be caused by the decreased threshold.

Contributors