Configuring antispam settings : Configuring greylisting : Manually exempting senders from greylisting
Manually exempting senders from greylisting
The Exempt tab displays manual greylist entries, which exempt email messages from the automatic greylisting process and its associated greylist delay period.
 
Greylisting is omitted if the matching access control rule’s Action is RELAY. For more information on antispam features’ order of execution, see “Order of execution”.
For more information on the automatic greylisting process, see “About greylisting”. For more information on manual greylist entries, see “Manual greylist entries”.
To access this part of the web UI, your administrator account’s:
Domain must be System
access profile must have Read or Read-Write permission to the Policy category
For details, see “About administrator account permissions and domains”.
To view and configure manual greylist entries
1. Go to AntiSpam > Greylist > Exempt.
 
GUI item
Description
Sender Pattern
Displays the pattern that defines a matching sender address in the message envelope (MAIL FROM:).
The prefix to the pattern indicates whether or not the Regular expression option is enabled for the entry.
R/: Regular expressions are enabled.
-/: Regular expressions are not enabled, but the pattern may use wild cards (* or ?).
Recipient Pattern
Displays the pattern that defines a matching recipient address in the message envelope (RCPT TO:).
The prefix to the pattern indicates whether or not the Regular expression option is enabled for the entry.
R/: Regular expressions are enabled.
-/: Regular expressions are not enabled, but the pattern may use wild cards (* or ?).
Sender IP/Netmask
Displays the IP address and netmask that defines SMTP clients (the last hop address) that match this entry.
0.0.0.0/0 matches all SMTP client IP addresses.
Reverse DNS Pattern
Displays the pattern that defines a matching result when the FortiMail unit performs the reverse DNS lookup of the IP address of the SMTP client.
The prefix to the pattern indicates whether or not the Regular expression option is enabled for the entry.
R/: Regular expressions are enabled.
-/: Regular expressions are not enabled, but the pattern may use wild cards (* or ?).
2. Click New to add an entry or double-click an entry to modify it.
A dialog appears.
3. Configure the following:
 
GUI item
 
Description
Sender pattern
Enter the pattern that defines a matching sender email address in the message envelope (MAIL FROM:). To match any sender email address, enter either  *, or, if Regular expression is enabled, .*.
You can create a pattern that matches multiple addresses either by:
including wild card characters (* or ?). An asterisk (*) matches one or more characters; a question mark (?) matches any single character.
using regular expressions. You must also enable the Regular expression option.
For example, entering the pattern ??@*.com will match messages sent by any sender with a two-letter user name from any “.com” domain.
 
Regular expression
For any of the pattern options, select the accompanying Regular expression check box if you entered a pattern using regular expression syntax.
Recipient pattern
Enter the pattern that defines a matching recipient address in the message envelope (RCPT TO:). To match any recipient email address, enter either *, or, if Regular expression is enabled, .*.
You can create a pattern that matches multiple addresses either by:
including wild card characters (* or ?). An asterisk (*) matches one or more characters; a question mark (?) matches any single character.
using regular expressions. You must also enable the Regular expression option.
For example, entering the pattern *@example.??? will match email sent to any recipient at example.com, example.net, example.org, or any other “example” top level domain.
Sender IP/Netmask
Enter the IP address and netmask that defines SMTP clients that match this entry.
To match any SMTP client IP address, enter 0.0.0.0/0.
You can create a pattern that matches multiple addresses by entering any bit mask other than /32.
For example, entering 10.10.10.10/24 would match the 24-bit subnet of IP addresses starting with 10.10.10, and would appear in the list of manual greylist entries as 10.10.10.0/24.
Reverse DNS pattern
Enter the pattern that defines valid host names for the IP address of the SMTP client (the last hop address).
Since the SMTP client can use a fake self-reported host name in its SMTP greeting (EHLO/HELO), you can use a reverse DNS lookup of the SMTP client’s IP address to get the real host name of the SMTP client. Then the FortiMail greylist scanner can compare the host name resulting from the reverse DNS query with the pattern that you specify. If the query result matches the specified pattern, the greylist exempt rule will apply, Otherwise, the rule will not apply.
You can create a pattern that matches multiple addresses either by:
including wild card characters (* or ?). An asterisk (*) matches one or more characters; a question mark (?) matches any single character.
using regular expressions. You must also enable the Regular expression option.
For example, entering the pattern mail*.com will match messages delivered by an SMTP client whose host name starts with “mail” and ending with “.com”.
No pattern can be left blank in a greylist exempt rule. To have the FortiMail unit ignore a pattern, enter an asterisk (*) in the pattern field. For example, if you enter an asterisk in the Recipient Pattern field and do not enable Regular Expression, the asterisk matches all recipient addresses. This eliminates the recipient pattern as an item used to determine if the rule matches an email message.