Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Forcepoint Appliances Command Line Interface > Forcepoint Email Security module commands > Configure Forcepoint Email Security system functions
Configure Forcepoint Email Security system functions
set email-x-header
Enable or disable the Email Security x-header creation function.
set email-x-header --status <on|off>
 
Command modes
Forcepoint Email Security.
Usage guidelines
The Email Security x-header contains email analysis information. This information can be passed to various processing components like filters.
Examples
(config)(Email)# set email-x-header --status off
Command history
 
Related commands
 
set domain-group
Define a new domain group or add a domain to an existing domain group.
set domain-group --name <group name> [--description <description>] [--domain <domain address>]
 
Command modes
Forcepoint Email Security.
Usage guidelines
The following characters are not supported in the --name and --description parameters: < > &
Examples
(config)(Email)# set domain-group --name protected --domain mydomain.com --description "My Protected Domain addresses"
Command history
 
Related commands
 
set service
Stop, start, or restart Forcepoint Email Security services.
set service --action <stop|start|restart> --name <service_name>
 
Usage guidelines
Forcepoint Email Security only
Examples
(config)(Email)# set service --action stop --name log
Related commands
 
set logging
Configure the specified log file maximum archive size.
set logging --log <threatcat|scanEngine> --rotate <number of files> --size <file size>
 
Command modes
Forcepoint Email Security.
Usage guidelines
Enter zero for both the --rotate and --size parameters to disable logging for the specified log.
Command history
 
Related commands
 
set mta accept-email-traffic-as
Configure Email Security to handle email traffic as if it is received from the specified direction for policy application purposes.
set mta accept-email-traffic-as --direction <default|inbound|internal|outbound>
 
Direction of email traffic, which determines the email policy used. If default is entered, direction is determined by protected domain.
Usage guidelines
Forcepoint Email Security only.
Examples
(config)(Email)# set mta accept-email-traffic-as --direction default
Command history
 
Related commands
 
set mta tls-received-header
Configure whether to log the TLS version and cipher information in the Received header.
set mta tls-received-header --status <enable|disable>
 
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, Email Security logs the TLS version and cipher information in the Received header.
Related commands
 
set mta open-relay-trusted-ip
Configure whether to allow or reject all open relay messages, even for IP addresses that are included in the Trusted group.
set mta open-relay-trusted-ip --status <enable|disable>
 
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, Email Security allows all open relay messages, even for IP addresses that are included in the Trusted group.
Command history
 
Related commands
 
set mta reject-empty-pass-auth
Configure whether to reject login requests as authentication failure if an empty password is provided.
set mta reject-empty-pass-auth --status <enable|disable>
 
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, Email Security rejects login requests as authentication failure if an empty password is provided.
Related commands
 
set mta sender-domain-validation
Configure whether to reject messages if the sender domain has no MX/A/AAAA record in DNS.
set mta sender-domain-validation --status <enable|disable>
 
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, Email Security rejects messages if the sender domain has no MX/A/AAAA record in DNS.
Related commands
 
set mta tls-auth-only
Enable or disable 250-AUTH from the Forcepoint Email Security response to the EHLO command and accept AUTH only for TLS connections.
set mta tls-auth-only --status <enable|disable>
 
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, AUTH is used in the Email Security response to the EHLO command for TLS connections. When disabled, 250-AUTH is accepted.
Related commands
 
set mta treat-blank-sender-as-outbound
Enable or disable scanning messages using the Outbound policy if the envelope sender is blank and the recipient is not in the Protected domain.
set mta treat-blank-sender-as-outbound --status <enable|disable>
 
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, messages are scanned using the Outbound policy if the envelope sender is blank and the recipient is not in the Protected domain.
Related commands
 
set mta trusted-ip-bypass-blocklist
Configure whether to drop messages from Trusted IP groups if the sender is on a global Personal Email Manager Always Block list.
set mta trusted-ip-bypass-blocklist --status <enable|disable>
 
Command modes
Forcepoint Email Security.
Usage guidelines
When enabled, messages from Trusted IP groups are dropped if the sender is on a global Personal Email Manager Always Block list.
Related commands
 
set mta tls-incoming
Configure the incoming TLS.
set mta tls-incoming --cipher <RC4|medium> --protocol <sslv2|sslv3|tls1_0|tls1_1|tls1_2> --status <enable|disable>
 
Command modes
Forcepoint Email Security.
Usage guidelines
Either --cipher or --protocol must be used, or both. At least one action is required. After changes are made, the configuration restarts by default.
Disabling TLS 1_0 will also disable TLS 1_1 and TLS 1_2. To disable only tls1_0, you must first disable TLS 1_0, and then run enable commands for TLS 1_1 and TLS 1_2. The sequence would be as follows:
1.
2.
3.
Examples
The following examples display valid commands that use either the --cipher or --protocol parameters, or both.
(config)(Email)# set mta tls-incoming --cipher rc4 --status enable
(config)(Email)# set mta tls-incoming --protocol sslv2 --status enable
(config)(Email)# set mta tls-incoming --cipher medium --protocol sslv3 --status enable
Related commands
 
set mta tls-outgoing
Configure the outgoing TLS.
set mta tls-outgoing --cipher <RC4|medium> --protocol <sslv2|sslv3|tls1_0|tls1_1|tls1_2> --status <enable|disable>
 
Command modes
Forcepoint Email Security.
Usage guidelines
Either --cipher or --protocol must be used, or both. At least one action is required. After changes are made, the configuration restarts by default.
Disabling tls1_0 will also disable tls1_1 and tls1_2. To disable only tls1_0, you must first disable tls1_0, and then run enable commands for tls1_1 and tls1_2. The sequence would be as follows:
1.
2.
3.
Examples
The following examples display valid commands that use the --cipher or --protocol parameters, or both.
(config)(Email)# set mta tls-outgoing --cipher rc4 --status enable
(config)(Email)# set mta tls-outgoing --protocol sslv2 --status enable
(config)(Email)# set mta tls-outgoing --cipher medium --protocol sslv3 --status enable
Related commands
 
set openssl-fips
Enable or disable FIPS mode.
set openssl-fips --status <enable|disable>
 
Usage guidelines
Forcepoint Email Security only
Related commands
 
set pem-load-balancer
Turn off native load balancing.
set pem-load-balancer --status off
Command modes
Forcepoint Email Security.
Usage guidelines
Load balancing is ON by default.
Examples
(config)(Email)# set pem-load-balancer --status off
Command history
 
Related commands
set header-variables
Turn on the ability to use the True Source IP in header modification.
set header-variables --status on
 
Command modes
Forcepoint Email Security.
Usage guidelines
True Source IP in header variables is OFF by default.
Examples
(config)(Email)# set header-variables --status on
Command history
 
Related commands

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Forcepoint Appliances Command Line Interface > Forcepoint Email Security module commands > Configure Forcepoint Email Security system functions
Copyright 2020 Forcepoint. All rights reserved.