Cisco ASA 5505 Configuration Manual page 1582

Default Servers
Fields
POP3S/IMAP4S/SMTPS Default Server—Let you configure a default server, port and
•
non-authenticated session limit for e-mail proxies.
Name or IP Address—Type the DNS name or IP address for the default e-mail proxy server.
•
Port—Type the port number on which the adaptive security appliance listens for e-mail proxy traffic.
•
Connections are automatically allowed to the configured port. The e-mail proxy allows only SSL
connections on this port. After the SSL tunnel establishes, the e-mail proxy starts, and then
authentication occurs.
For POP3s the default port is 995, for IMAP4S it is 993, and for SMTPS it is 988.
Enable non-authenticated session limit—Select to restrict the number of non-authenticated e-mail
•
proxy sessions.
E-mail proxy connections have three states:
1.
2.
3.
This feature lets you set a limit for sessions in the process of authenticating, thereby preventing DOS
attacks. When a new session exceeds the set limit, the adaptive security appliance terminates the
oldest non-authenticating connection. If there are no non-authenticating connections, the oldest
authenticating connection is terminated. The does not terminate authenticated sessions.
Cisco ASA 5500 Series Configuration Guide using ASDM
68-12
A new e-mail connection enters the "unauthenticated" state.
When the connection presents a username, it enters the "authenticating" state.
When the adaptive security appliance authenticates the connection, it enters the "authenticated"
state.
Chapter 68 E-Mail Proxy
OL-20339-01