13-41
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 13 Inspection of Basic Internet Protocols
SMTP and Extended SMTP Inspection
• Command pipelining.
Defaults for ESMTP Inspection
ESMTP inspection is enabled by default, using the _default_esmtp_map inspection policy map.
• The server banner is masked.
• Encrypted connections are not allowed. The STARTTLS indication is removed from the session
connection attempt, forcing the client and server to negotiate a plain text session, which can be
inspected.
• Special characters in sender and receiver address are not noticed, no action is taken.
• Connections with command line length greater than 512 are dropped and logged.
• Connections with more than 100 recipients are dropped and logged.
• Messages with body length greater than 998 bytes are logged.
• Connections with header line length greater than 998 are dropped and logged.
• Messages with MIME filenames greater than 255 characters are dropped and logged.
• EHLO reply parameters matching “others” are masked.
Following is the policy map configuration:
policy-map type inspect esmtp _default_esmtp_map
description Default ESMTP policy-map
parameters
mask-banner
no mail-relay
no special-character
no allow-tls
match cmd line length gt 512
drop-connection log
match cmd RCPT count gt 100
drop-connection log
match body line length gt 998
log
match header line length gt 998
drop-connection log
match sender-address length gt 320
drop-connection log
match MIME filename length gt 255
drop-connection log
match ehlo-reply-parameter others
mask
To Next Page
Loading...
Need help?
General