Smtp; Ips" Tab - Stormshield SN series Configuration Manual

Max size of scanned
files (KB)
Actions on files
When known malware
has been identified
When sandboxing fails This option defines the behavior of the sandboxing option if the file scan fails.

SMTP

The aim of the SMTP protocol is to detect connection between a client and an e-mail server or
between two e-mail servers using SMTP. It allows sending e-mails and is used by SEISMO to
detect the version of the client and/or e-mail server in order to report possible vulnerabilities.

"IPS" tab

Automatically detect
and inspect the
protocol
SMTP protocol extensions
Filter the CHUNKING
extension
Filter Microsoft
Exchange Server
extensions
Filter request to
change connection
direction (ATRN, ETRN)
Maximum size of elements (bytes)
Imposing a maximum size for elements (in bytes) allows countering buffer overflow attacks.
Message header [64 –
4096]
Server response line
[64 – 4096]
Exchange data
(XEXCH50)[102400 –
1073741824]
BDAT extension header
[102400 – 10485760]
Command line [64 –
4096]
Page 260/448
This field allows defining the maximum size of files that need to be sandboxed. By
default, this value is equal to the one in the Maximum size for antivirus and
sandboxing scan (KB) field in the File analysis tab. This value cannot be exceeded.
This field contains 2 options. By selecting "Block", the analyzed file will not be sent. By
selecting "Pass", the file will be sent in its original form.
If Block has been specified, the file being scanned will not be sent.
If Pass without scanning has been specified, the file being scanned will be sent.
If this protocol has been enabled, it will automatically be used for discovering
corresponding packets in filter rules.
Allows filtering data transferred from one e-mail address to another.
Example:
Attachments in e-mails.
Allows filtering additional commands from the Microsoft Exchange Server.
Allows filtering data contained in the request to change connection direction, from the
client to the server, or from the server to the client.
During an SMTP communication, the use of ATRN and ETRN commands allows
exchanging the client/server roles.
Maximum number of characters that an e-mail header can contain (e-mail address of
the sender, date, type of encoding used, etc.)
Maximum number of characters that the response line from the SMTP server can
contain.
Maximum volume of data when transferring files in MBDEF format (Message Database
Encoding Format).
Maximum volume of data sent using the BDAT command.
Maximum volume of data that a command line can contain (excluding the DATA
command).
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
PROTOCOLS