Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Forcepoint Appliances Command Line Interface > Forcepoint Email Security module commands > Configure Forcepoint Email Security system functions
Configure Forcepoint Email Security system functions
set email-x-header
Enable or disable the Email Security x-header creation function.
set email-x-header --status <on|off>
 
Parameter
Description
status
State of the x-header function.
Command modes
Forcepoint Email Security.
Usage guidelines
The Email Security x-header contains email analysis information. This information can be passed to various processing components like filters.
Examples
(config)(Email)# set email-x-header --status off
Command history
 
Release
Modification
8.5
This command was introduced for Forcepoint Email Security.
Related commands
 
Command
Description
set domain-group
Define a new domain group or add a domain to an existing domain group.
set service
Stop, start, or restart Forcepoint Email Security services.
login email
Log on to the Email module.
set domain-group
Define a new domain group or add a domain to an existing domain group.
set domain-group --name <group name> [--description <description>] [--domain <domain address>]
 
Parameter
Description
name
New or existing domain group name.
description
(Optional) Domain group description. Enclose multiple-word descriptions in quotation marks ("").
domain
(Optional) Comma-separated list of domain addresses. Use "protected" for Protected Domain.
Command modes
Forcepoint Email Security.
Usage guidelines
The following characters are not supported in the --name and --description parameters: < > &
Examples
(config)(Email)# set domain-group --name protected --domain mydomain.com --description "My Protected Domain addresses"
Command history
 
Release
Modification
8.5
This command was introduced for Forcepoint Email Security.
Related commands
 
Command
Description
set email-x-header
Enable or disable the Email Security x-header creation function.
set service
Stop, start, or restart Forcepoint Email Security services.
login email
Log on to the Email module.
set service
Stop, start, or restart Forcepoint Email Security services.
set service --action <stop|start|restart> --name <service_name>
 
Parameter
Description
action
Service action to perform.
name
Service name. Use the following command to view a list of all service names:
help set service --name
Usage guidelines
Forcepoint Email Security only
Examples
(config)(Email)# set service --action stop --name log
Related commands
 
Command
Description
set email-x-header
Enable or disable the Email Security x-header creation function.
set domain-group
Define a new domain group or add a domain to an existing domain group.
login email
Log on to the Email module.
set logging
Configure the specified log file maximum archive size.
set logging --log <threatcat|scanEngine> --rotate <number of files> --size <file size>
 
Parameter
Description
log
Log file to archive.
rotate
Maximum number of log files ro archive.
size
Maximum size of the log file to archive, in MB.
Command modes
Forcepoint Email Security.
Usage guidelines
Enter zero for both the --rotate and --size parameters to disable logging for the specified log.
Command history
 
Release
Modification
8.5
This command was introduced for Forcepoint Email Security.
Related commands
 
Command
Description
login email
Log on to the Email module.
set email-x-header
Enable or disable the Email Security x-header creation function.
set service
Stop, start, or restart Email Security services.
set mta accept-email-traffic-as
Configure Email Security to handle email traffic as if it is received from the specified direction for policy application purposes.
set mta accept-email-traffic-as --direction <default|inbound|internal|outbound>
 
Parameter
Description
direction
Direction of email traffic, which determines the email policy used. If default is entered, direction is determined by protected domain.
Usage guidelines
Forcepoint Email Security only.
Examples
(config)(Email)# set mta accept-email-traffic-as --direction default
Command history
 
Release
Modification
8.5
This command was introduced for Forcepoint Email Security.
Related commands
 
Command
Description
login email
Log on to the Email module.
set mta tls-received-header
Configure whether Email Security logs the TLS version and cipher information into the Received header.
set mta tls-received-header
Configure whether to log the TLS version and cipher information in the Received header.
set mta tls-received-header --status <enable|disable>
 
Parameter
Description
status
Status of the command; enable or disable.
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, Email Security logs the TLS version and cipher information in the Received header.
Related commands
 
Command
Description
login email
Log on to the Email module.
set mta accept-email-traffic-as
Configure Email Security to handle email traffic as if it is received from the specified direction for policy application purposes.
set mta open-relay-trusted-ip
Configure whether to allow or reject all open relay messages, even for IP addresses that are included in the Trusted group.
set mta open-relay-trusted-ip --status <enable|disable>
 
Parameter
Description
status
Status of the command; enable or disable.
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, Email Security allows all open relay messages, even for IP addresses that are included in the Trusted group.
Command history
 
Release
Modification
8.5
This command was introduced for Forcepoint Email Security.
Related commands
 
Command
Description
login email
Log on to the Email module.
set mta accept-email-traffic-as
Configure Email Security to handle email traffic as if it is received from the specified direction for policy application purposes.
set mta reject-empty-pass-auth
Configure whether to reject login requests as authentication failure if an empty password is provided.
set mta reject-empty-pass-auth --status <enable|disable>
 
Parameter
Description
status
Status of the command; enable or disable.
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, Email Security rejects login requests as authentication failure if an empty password is provided.
Related commands
 
Command
Description
login email
Log on to the Email module.
set mta open-relay-trusted-ip
Configure whether Email Security rejects all open relay messages, even for IP addresses that are included in the Trusted IP group.
set mta sender-domain-validation
Configure whether to reject messages if the sender domain has no MX/A/AAAA record in DNS.
set mta sender-domain-validation --status <enable|disable>
 
Parameter
Description
status
Status of the command; enable or disable.
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, Email Security rejects messages if the sender domain has no MX/A/AAAA record in DNS.
Related commands
 
Command
Description
login email
Log on to the Email module.
set mta accept-email-traffic-as
Configure Email Security to handle email traffic as if it is received from the specified direction for policy application purposes.
set mta tls-auth-only
Enable or disable 250-AUTH from the Forcepoint Email Security response to the EHLO command and accept AUTH only for TLS connections.
set mta tls-auth-only --status <enable|disable>
 
Parameter
Description
status
Status of the command; enable or disable.
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, AUTH is used in the Email Security response to the EHLO command for TLS connections. When disabled, 250-AUTH is accepted.
Related commands
 
Command
Description
login email
Log on to the Email module.
set mta accept-email-traffic-as
Configure Email Security to handle email traffic as if it is received from the specified direction for policy purposes.
set mta treat-blank-sender-as-outbound
Enable or disable scanning messages using the Outbound policy if the envelope sender is blank and the recipient is not in the Protected domain.
set mta treat-blank-sender-as-outbound --status <enable|disable>
 
Parameter
Description
status
Status of the command; enable or disable.
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, messages are scanned using the Outbound policy if the envelope sender is blank and the recipient is not in the Protected domain.
Related commands
 
Command
Description
login email
Log on to the Email module.
set mta accept-email-traffic-as
Configure Email Security to handle email traffic as if it is received from the specified direction for policy application purposes.
set mta trusted-ip-bypass-blocklist
Configure whether to drop messages from Trusted IP groups if the sender is on a global Personal Email Manager Always Block list.
set mta trusted-ip-bypass-blocklist --status <enable|disable>
 
Parameter
Description
status
Status of the command; enable or disable.
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, messages from Trusted IP groups are dropped if the sender is on a global Personal Email Manager Always Block list.
Related commands
 
Command
Description
login email
Log on to the Email module.
set mta open-relay-trusted-ip
Configure whether Email Security rejects all open relay messages, even for IP addresses that are included in the Trusted IP Group.
set mta tls-incoming
Configure the incoming TLS.
set mta tls-incoming --cipher <RC4|medium> --protocol <sslv2|sslv3|tls1_0|tls1_1|tls1_2> --status <enable|disable>
 
Parameter
Description
cipher
Incoming TLS cipher; RC4 or medium.
Medium is the recommended cipher, as RC4 is less secure.
protocol
Incoming TLS protocol; SSLv2, SSLv3, TLS 1_0, TLS 1_1, or TLS 1_2.
status
Status of incoming TLS configuration; enable or disable.
Command modes
Forcepoint Email Security.
Usage guidelines
Either --cipher or --protocol must be used, or both. At least one action is required. After changes are made, the configuration restarts by default.
Disabling TLS 1_0 will also disable TLS 1_1 and TLS 1_2. To disable only tls1_0, you must first disable TLS 1_0, and then run enable commands for TLS 1_1 and TLS 1_2. The sequence would be as follows:
1.
set mta tls-incoming --protocol tls1_0 --status disable
2.
set mta tls-incoming --protocol tls1_1 --status enable
3.
set mta tls-incoming --protocol tls1_2 --status enable
Examples
The following examples display valid commands that use either the --cipher or --protocol parameters, or both.
(config)(Email)# set mta tls-incoming --cipher rc4 --status enable
(config)(Email)# set mta tls-incoming --protocol sslv2 --status enable
(config)(Email)# set mta tls-incoming --cipher medium --protocol sslv3 --status enable
Related commands
 
Command
Description
login email
Log on to the Email module.
set mta tls-outgoing
Configure the outgoing TLS.
set mta tls-outgoing
Configure the outgoing TLS.
set mta tls-outgoing --cipher <RC4|medium> --protocol <sslv2|sslv3|tls1_0|tls1_1|tls1_2> --status <enable|disable>
 
Parameter
Description
cipher
Outgoing TLS cipher; RC4 or medium.
Medium is the recommended cipher, as RC4 is less secure.
protocol
Outgoing TLS protocol; SSLv2, SSLv3, TLS 1_0, TLS 1_1, or TLS 1_2.
status
Status of the outgoing TLS configuration; enable or disable.
Command modes
Forcepoint Email Security.
Usage guidelines
Either --cipher or --protocol must be used, or both. At least one action is required. After changes are made, the configuration restarts by default.
Disabling tls1_0 will also disable tls1_1 and tls1_2. To disable only tls1_0, you must first disable tls1_0, and then run enable commands for tls1_1 and tls1_2. The sequence would be as follows:
1.
set mta tls-outgoing --protocol tls1_0 --status disable
2.
set mta tls-outgoing --protocol tls1_1 --status enable
3.
set mta tls-outgoing --protocol tls1_2 --status enable
Examples
The following examples display valid commands that use the --cipher or --protocol parameters, or both.
(config)(Email)# set mta tls-outgoing --cipher rc4 --status enable
(config)(Email)# set mta tls-outgoing --protocol sslv2 --status enable
(config)(Email)# set mta tls-outgoing --cipher medium --protocol sslv3 --status enable
Related commands
 
Command
Description
login email
Log on to the Email module.
set mta tls-incoming
Configure the incoming TLS.
set openssl-fips
Enable or disable FIPS mode.
set openssl-fips --status <enable|disable>
 
Parameter
Description
status
Status of FIPS mode; enable or disable.
Usage guidelines
Forcepoint Email Security only
Related commands
 
Command
Description
login email
Log on to the Email module.
set service
Stop, start, or restart Forcepoint Email Security services.
set pem-load-balancer
Turn off native load balancing.
set pem-load-balancer --status off
Parameter
Description
status
Status of load balancing.
Command modes
Forcepoint Email Security.
Usage guidelines
Load balancing is ON by default.
Examples
(config)(Email)# set pem-load-balancer --status off
Command history
 
Release
Modification
8.5.4
This command was introduced for Forcepoint Email Security.
Related commands
Command
Description
set service
Stop, start, or restart Forcepoint Email Security services.
login email
Log on to the Email module.
set header-variables
Turn on the ability to use the True Source IP in header modification.
set header-variables --status on
 
Parameter
Description
status
State of the header variables.
Command modes
Forcepoint Email Security.
Usage guidelines
True Source IP in header variables is OFF by default.
Examples
(config)(Email)# set header-variables --status on
Command history
 
Release
Modification
8.5.4
This command was introduced for Forcepoint Email Security.
Related commands
Command
Description
set service
Stop, start, or restart Forcepoint Email Security services.
login email
Log on to the Email module.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Forcepoint Appliances Command Line Interface > Forcepoint Email Security module commands > Configure Forcepoint Email Security system functions
Copyright 2020 Forcepoint. All rights reserved.