Smtp Alg Processing Order - D-Link DFL-260E User Manual

6.2.5. The SMTP ALG
Using Wildcards in White and Blacklists
Entries made in the white and blacklists can make use of wildcarding to have a single entry cover a
large number of potential email addresses. The wildcard character "*" can be used to represent any
sequence of characters.
For instance, the address entry *@some_domain.com can be used to specify all possible email
addresses for some_domain.com.
If, for example, wildcarding is used in the blacklist to block all addresses for a certain company
called my_company then the blacklist address entry required could be *@my_company.com.
If we want to now explicitly allow mails for just one department called my_department in
my_company then this could be done with an entry in the whitelist of the form
my_department@my_company.com.
Enhanced SMTP and Extensions
Enhanced SMTP (ESMTP) is defined in RFC 1869 and allows a number extensions to the standard
SMTP protocol.
When an SMTP client opens a session with an SMTP server using ESMTP, the client first sends an
EHLO command. If the server supports ESMTP it will respond with a list of the extensions that it
supports. These extensions are defined by various separate RFCs. For example, RFC 2920 defines
the SMTP Pipelining extension. Another common extension is Chunking which is defined in RFC
3030.
The NetDefendOS SMTP ALG does not support all ESMTP extensions including Pipelining and
Chunking. The ALG therefore removes any unsupported extensions from the supported extension
list that is returned to the client by an SMTP server behind the NetDefend Firewall. When an
extension is removed, a log message is generated with the text:
The parameter "capa=" in the log message indicates which extension the ALG removed from the
server response. For example, this parameter may appear in the log message as:
Figure 6.4. SMTP ALG Processing Order
unsupported_extension
capability_removed
261
Chapter 6. Security Mechanisms